Platform
Vercel only. No Docker, no Kubernetes, no docker-compose, no Terraform, no vercel.json.
Vercel’s Git integration handles deploys automatically on push to the connected branch. There is no deploy step in CI.
Build Configuration
| Setting | Value |
|---|---|
| Build command | next build |
| Start command | next start |
| Dev command | next dev --turbopack |
Turbopack is dev-only. Production uses the standard Next.js build pipeline.
Route Duration Limits
Two routes declare maxDuration = 300:
app/api/[org]/leaderboard/score/route.tsapp/api/[org]/leaderboard/recompute/route.ts
This requires Vercel Pro. The Hobby plan caps function duration at 60 seconds. Leaderboard ingest for a non-trivial org will time out on Hobby.
Environment Variables
Set all env vars in the Vercel dashboard under Settings → Environment Variables. Use separate values for Production, Preview, and Development environments.
appEnv
| Variable | Description |
|---|---|
GITHUB_APP_ID | Numeric GitHub App ID |
GITHUB_APP_NAME | GitHub App slug name |
NEXT_PUBLIC_APP_URL | Full public URL (e.g. https://yourdomain.com) |
ENABLE_DEBUG_ROUTES | true to enable debug API routes in production |
authEnv
| Variable | Description |
|---|---|
GITHUB_PRIVATE_KEY | PEM-encoded private key for the GitHub App |
GITHUB_CLIENT_ID | GitHub App OAuth client ID |
GITHUB_CLIENT_SECRET | GitHub App OAuth client secret |
AUTH_SESSION_SECRET | HS256 signing key for state JWTs — minimum 32 chars |
TOKEN_ENCRYPTION_KEY | AES-256-GCM key — minimum 64 hex chars |
GITHUB_WEBHOOK_SECRET | Webhook signature secret; omitting it accepts all requests |
supabaseEnv
| Variable | Description |
|---|---|
NEXT_PUBLIC_SUPABASE_URL | Supabase project URL |
NEXT_PUBLIC_SUPABASE_PUBLISHABLE_DEFAULT_KEY | Supabase anon key |
SUPABASE_SERVICE_ROLE_KEY | Supabase service role key (server-only) |
cacheEnv (optional)
| Variable | Description |
|---|---|
UPSTASH_REDIS_REST_URL | Upstash REST endpoint |
UPSTASH_REDIS_REST_TOKEN | Upstash REST token |
REDIS_CACHE_PREFIX | Key namespace prefix (default: gh-org-tool) |
Redis is entirely optional. If UPSTASH_REDIS_REST_URL and UPSTASH_REDIS_REST_TOKEN are not set, all Redis calls fall back to DB/memory cache silently.
Critical: Env Validation Disabled in Production
lib/env/index.ts passes skipValidation: true when NODE_ENV === 'production'. This means:
- Missing or malformed env vars do not fail the build.
- They fail at runtime, when the relevant code path is first hit.
- There is no early warning.
Double-check every required variable is set before deploying. A missing TOKEN_ENCRYPTION_KEY will not surface until a user tries to authenticate.