Deploy & secrets (operator)
Apps
| App | What | Deploy |
|---|---|---|
apps/api | Cloudflare Worker (Hono) | cd apps/api && npx wrangler deploy (staging) / --env production |
apps/web | React dashboard (Pages) | npx wrangler pages deploy dist --project-name=kordox-web-staging --branch main |
apps/landing | Marketing site (Pages) | --project-name=kordox-landing-staging |
apps/docs | This docs site (Pages) | --project-name=kordox-docs |
Build before deploying Pages: pnpm build --filter=<app>.
Environments
- Staging: worker
kordox-api-staging(api-sta.kordox.com), apps atapp-sta/*-sta. - Production: worker
kordox-api(api.kordox.com), set via wrangler[env.production]; deploy with--env production. - Cloudflare account is pinned in
apps/api/wrangler.toml(account_id).
Secrets (per environment, via wrangler secret put)
| Secret | For |
|---|---|
DATABASE_URL, JWT_SECRET, RESEND_API_KEY | Core |
GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET | Google login |
GMAIL_CLIENT_ID / GMAIL_CLIENT_SECRET | Gmail connector — see Email OAuth |
OUTLOOK_CLIENT_ID / OUTLOOK_CLIENT_SECRET | Outlook connector |
STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET | Billing |
STRIPE_PRICE_{PRO,BUSINESS}_{MONTHLY,ANNUAL} | Per-seat price IDs |
TURNSTILE_SECRET_KEY | Bot protection (optional) |
Set per environment: run once for staging, then again with --env production.
Gate / verify before shipping
pnpm build (typecheck) → pnpm test (unit) → cd apps/web && pnpm test:e2e → deploy to staging.