Case Study

Web Hosting Platform

Deployment automation platform enabling GitHub repository deployments through a simple API — GitHub App authentication, workflow injection, and versioned zero-downtime rollbacks.

Web Hosting Platform architecture overview

Problem

Deploying GitHub repositories to hosting environments requires manual CI/CD configuration per repository, separate hosting infrastructure management, and custom domain setup. Developers wanted a way to programmatically trigger deployments via an API without configuring each repo individually — and needed zero-downtime 保证 during deployments.

Solution

A deployment automation platform that connects to GitHub repositories via a GitHub App and provides a simple API to trigger builds, inject CI/CD workflows, and serve deployed sites — all without manual per-repo configuration.

The platform handles artifact uploads, GitHub Pages publishing, versioned releases with atomic symlink swaps for zero-downtime rollbacks, and path traversal protection to isolate deployments within a controlled directory structure.

Architecture

Web Hosting Platform system architecture

User → Express.js API → GitHub API + Workflow Inject → Artifact Store → Versioned Deploys

API Routes
3 route modules
auth · deploy · github
Services
10 service modules
GitHub App · deploy · build

Technical Decisions

GitHub App authentication

Instead of personal access tokens that expire and grant full user permissions, the platform uses GitHub App JWT auth with installation tokens. Scoped permissions per repository — not full account access. Installation tokens expire and are regenerated as needed.

Workflow injection for CI/CD

Managed workflow files are injected into connected repositories via the GitHub API with a marker comment (# Managed by Web Hosting Platform). The system refuses to overwrite unmanaged workflow files, preventing accidental clobbering of existing CI/CD configuration.

Path traversal protection

All user-provided project names are validated against an explicit allowlist regex: /^[A-Za-z0-9._-]+$/. Paths are normalized and checked for '..' before use. Traversal attempts return 404 — deployments are isolated to a controlled deployments/ directory.

Versioned deployments with zero-downtime

Each deployment creates a timestamped release directory. A symlink points to the current active release. Atomic symlink swap on deployment completion ensures requests always serve from the previous version until the new one is ready — instant rollback via symlink update.

Webhook signature verification

GitHub webhook payloads are verified using HMAC SHA256 with timing-safe comparison. Invalid signatures are rejected with 401 before any processing occurs.

Results

3
API route modules
10
Service modules
10
Test files

Stack

Express.jsReactNode.jsGitHub APIGitHub ActionsDockerTypeScript
← All ProjectsPaystreamer →