Deployment & CI/CD

Overview

Cloudless uses SST v4 (Serverless Stack) for AWS infrastructure-as-code and GitHub Actions for CI/CD automation. Every push to main triggers a full pipeline: lint → type-check → unit tests → deploy.

GitHub Actions Workflows

Deploy Pipeline (deploy.yml)

1. Checkout + pnpm install
2. ESLint (zero warnings policy)
3. TypeScript type-check (tsc --noEmit)
4. Vitest unit tests
5. pnpm sst deploy --stage production

AWS credentials are supplied via OIDC (no long-lived keys). The role ARN is stored in the AWS_ROLE_ARN GitHub Actions secret.

Environment Variables & Secrets

Production secrets are stored in AWS SSM Parameter Store under /cloudless/production/. The Lambda reads them at cold start via GetParametersByPath. GitHub Actions secrets required:

Rollback

SST supports instant rollback to the previous deployment:

pnpm sst rollback --stage production

For emergency rollback, you can also re-deploy a specific git SHA:

git checkout <sha>
pnpm sst deploy --stage production

Lighthouse & Budget Thresholds

ISR Cache Invalidation

Pages with export const revalidate = 3600 are cached at the CDN layer for up to 1 hour. To force immediate revalidation after a Notion content update, trigger a new deployment or call the on-demand revalidation endpoint:

curl -X POST https://cloudless.gr/api/revalidate \
  -H "Authorization: Bearer $REVALIDATE_SECRET" \
  -d '{"path": "/en/docs"}'