Build Service (Elysia + Bun)

Automated build & deployment backend for Zyotra. Handles cloning, building, packaging, and delivering artifacts to S3; premium users can leverage dockerized builds and deployments to isolated VPS agents.

Features

• Elysia + Bun HTTP API (src/index.ts)
• JWT-protected routes via middlewares/checkAuth.checkAuthPlugin
• Git cloning with controllers/cloneRepoController
• Build orchestration with controllers/BuildRepoController
• Artifact upload to S3 with controllers/uploadBuildController → bucket/uploadFile
• Utility checks: repo URL validation (utils/checkUrl), size gating (utils/checkSize), repo existence (utils/checkRepoId), ID generation (utils/generateId)
• Premium-only dockerized build/deploy pipeline (see below)

Project Structure

• src/index.ts — server bootstrap and route wiring
• Controllers: clone, build, upload
• S3 client: bucket/s3
• Auth: middlewares/checkAuth, jwt/verifyTokens
• Types: types/types
• Utils: utils

Prerequisites

• Bun runtime
• Git client
• AWS S3-compatible endpoint/credentials
• JWT secret for access tokens
• Optional: Docker (for premium builds/deploys) and SSH access to VPS agents

Environment Variables

Create a .env (or export in your environment):

• PORT — HTTP port (default: 5052)
• S3_REGION
• S3_ENDPOINT (if using a custom S3-compatible store)
• ACCESS_KEY_ID
• SECRET_ACCESS_KEY
• BUCKET_NAME (used by uploader)
• ACCESS_TOKEN_SECRET (JWT verification in jwt/verifyTokens)

Install & Run

bun install
bun run dev

Server listens on PORT and logs host/port at startup.

API

All routes are protected by Authorization: Bearer <token> via checkAuthPlugin.

POST /clone-repo

• Body: { repoUrl, packageInstallerCommand?, buildCommand?, startCommand?, outputDir?, projectType? }
• Validates URL (checkUrl) and size (checkSize); clones into ./cloned-repo/<id>.
• Returns repo metadata and defaults (build/start commands, outputDir).

POST /build-repo

• Body: { repoId, buildCommand, startCommand, outputDir, projectType, packageInstallerCommand }
• Runs install + build (via Bun spawn) in ./cloned-repo/<repoId>.
• Ensures outputDir exists before returning build metadata.

POST /upload-build

• Body: { repoId, outputDir, startCommand }
• Streams ./cloned-repo/<repoId>/<outputDir> to S3 using uploadFile; keys are prefixed with <repoId>/.

Premium: Dockerized Builds

For isolation and reproducibility:

1. Build Image: Use a base image (e.g., node:lts or language-specific). Embed common tooling and cacheable layers for faster installs.
2. Mount Repo: docker run --rm -v $(pwd)/cloned-repo/<id>:/workspace -w /workspace <build-image> <packageInstallerCommand> then <buildCommand>.
3. Output Handling: Ensure outputDir is within the mounted workspace; hand off to /upload-build to push to S3.
4. Security: Run containers with non-root users where possible; limit network if needed; apply per-tenant images for strict isolation.

Premium: Dockerized Deployment on VPS

VPS agents pull artifacts from S3 and run them inside containers:

1. Download: Agent fetches s3://<BUCKET_NAME>/<repoId>/<artifact> to a temp dir.
2. Runtime Image: Choose runtime (e.g., nginx for static, node:lts for SSR). Copy or volume-mount artifact into the container.
3. Start: Use startCommand returned by /build-repo to launch the app inside the container.
4. Health & Rollback: Add health checks; keep previous artifact to enable rollback on failure.
5. Security: Use distinct IAM credentials per agent; restrict S3 access by prefix (<repoId>/).

Operational Notes

• Repo size limit: 100 MB (via GitHub API in checkSize).
• Error handling: Build/install errors captured from stderr; status codes via types/StatusCode.
• Auth: Tokens verified with verifyAccessToken; ensure ACCESS_TOKEN_SECRET is configured.
• S3 keys: Stored under repoId prefix to avoid collisions.

Next Steps

• Add containerized build runner abstraction (per premium policy).
• Add artifact integrity checks (hashing) before deploy.
• Add tests and CI.