Polyglot Monorepo — TypeScript + Go + Terraform

From git push to
production in _

An end-to-end cloud deployment platform. A Go worker picks up your build from Redis, clones your repo, builds a container with BuildKit, deploys to Kubernetes, provisions TLS, and streams logs — all automatically.

Start DeployingWatch the Pipeline
0+

Pipeline steps automated

0+

Frameworks supported

0

Background goroutines

0

Downtime deploys

Live Pipeline

Watch a Deployment Unfold

Every git push triggers this exact sequence — orchestrated end-to-end by the Go worker.

deployment-pipeline
Platform

Everything to Ship, Monitor & Scale

One platform replaces your entire CI/CD pipeline, domain config, secret management, and deployment monitoring.

One-Click Deployments

Push code or hit deploy. Go worker clones, builds, containerizes, and rolls out to Kubernetes — fully automated, every time.

GitHub App Integration

OAuth + GitHub Installation tokens. Webhooks for auto-deploy on push. Branch selection, shallow cloning, and commit tracking.

Custom Domains & TLS

Add domains with auto DNS verification (CNAME/A via Google DNS). Let's Encrypt TLS via cert-manager. Zero manual config.

Real-Time Log Streaming

Build logs stream live during clone, build and deploy. Runtime pod logs with auto-reconnect. Batched at 20 lines, flushed every 2s.

Cancel & Rollback

Cancel mid-flight builds via Redis signals checked at every pipeline stage. Roll back to any previous deployment with history tracking.

TTL Auto-Cleanup

Set per-deployment TTL. Background goroutine tears down expired K8s resources every 60s — Ingress, Service, Deployment gone.

Env Vars & Secrets

Per-environment secrets (prod/preview/dev). Sensitive keys auto-masked in logs. Framework-aware PORT/HOST injection.

Health Probes

TCP liveness + readiness probes on every container. Rolling updates: maxUnavailable=0, maxSurge=1. True zero-downtime deploys.

Project Dashboard

Multi-project management with per-project build config, deployment history, domain settings, and system health charts.

Go Worker

The Heart of the Platform.
Written in Go.

A standalone Go service that blocks on Redis BRPop, executes a multi-stage deployment pipeline, and runs 3 concurrent background goroutines — all with minimal memory overhead and graceful shutdown handling.

Redis BRPop Queue

Blocking pop — zero polling, instant pickup

BuildKit + Railpack

Framework auto-detection, OCI image builds

Kubernetes client-go

In-cluster RBAC, Deployment/Service/Ingress CRUD

Graceful Shutdown

SIGINT/SIGTERM with in-flight job completion

Step 1

Job Dequeued from Redis

BRPop blocks until a build job arrives. Receives deployment ID, git URL, env vars, build commands, and domain list.

Step 2

Shallow Clone

git clone --depth 1 with GitHub Installation Token. Live progress via StreamLogger (batched writes, 2s flush).

Step 3

Railpack Prepare

Auto-detects framework (Next.js, Go, Python, etc). Generates optimized build plan — no Dockerfile needed.

Step 4

BuildKit Build & Push

Builds OCI image via BuildKit gateway protocol. Pushes to internal registry with inline caching.

Step 5

K8s Deploy

Creates/updates Deployment + ClusterIP Service + Traefik Ingress. Rolling update: maxUnavailable=0.

Step 6

TLS & Domains

cert-manager provisions Let's Encrypt certs. Custom domains verified via DNS lookups against 8.8.8.8.

Step 7

Ready

Waits up to 5 min for TCP readiness probe. Sets deployment URL, sends notification, starts log streaming.

Background

Three Goroutines. Always Running.

Autonomous background workers handle domain verification, resource cleanup, and log rotation.

every 30s

Domain Worker

Polls pending domains → verifies DNS (CNAME/A via Google DNS) → adds to Traefik Ingress → marks ACTIVE.

every 60s

Cleanup Worker

Checks TTL-expired deployments → stops log streams → deletes K8s resources (Ingress → Service → Deployment) → marks EXPIRED.

every 1h

Log Cleanup

Purges old log entries based on configurable retention days. Keeps storage lean and database queries fast.

Architecture

System Architecture — End to End

Trace every request from git push to a live HTTPS URL. Six layers, three languages, one platform.

External

Developer

git push origin main

push

GitHub

OAuth · Webhooks · Tokens

webhook POST
auto-deploy triggered
HTTP webhook
Application

Web Frontend

Next.js 16 · React 19 · Tailwind

Dashboard · Deploy UI · Log Viewer
Domain Config · Env Editor

API Server

NestJS 11 · Prisma · BullMQ

Auth · Projects · Deployments · Domains
Webhook Handler · Build Queue
Email (Nodemailer) · Health Checks
enqueue job
CRUD
Data Layer

Redis 7

BRPop Queue · Cancel Signals · Pub/Sub

BRPop blocking dequeue — zero polling
SET cancel signal checked at every pipeline step
Job status: pending → processing → complete/failed

PostgreSQL

Primary Database · Prisma ORM

User · GitAccount · Project
Deployment · Domain · EnvVariable
LogEntry · SystemConfig
BRPop (blocking)
Worker Engine

Go Worker

Standalone binary · Goroutines · Graceful shutdown (SIGINT/SIGTERM)

Deployment Pipeline

Clonegit --depth 1
Railpackdetect framework
BuildKitbuild OCI image
Push→ internal registry
DeployK8s rollout
TLScert-manager
Streampod logs
Cancel signal checked via Redis at every stage transition
Domain Verify
30s

DNS check (CNAME/A via 8.8.8.8) → Traefik Ingress update

TTL Cleanup
60s

Expired deploys → stop logs → delete K8s resources

Log Cleanup
1h

Purge old LogEntry rows by retention config

K8s client-go
Kubernetes (K3s)

Deployment

Rolling update

Service

ClusterIP

Ingress

Traefik rules

Traefik

Reverse proxy + routing

cert-manager

Let's Encrypt TLS

Registry

OCI image store

Health Probes

TCP liveness + readiness

Rolling Update

maxUnavailable=0, surge=1

Port: auto-detectedCPU: 100m–500mMemory: 128Mi–512MiReplicas: 1Namespace: isolated
HTTPS

Live Application

https://myapp.deploy.code2cloud.dev

running
Infrastructure

Terraform

Infrastructure as Code

compute.tf — ARM64 instance
network.tf — VCN + subnets
security.tf — firewall rules
budget.tf — cost alerts

OCI ARM64

Single node — everything runs here

4

OCPUs

24

GB RAM

190

GB Disk

Ansible

Configuration Management

K3s cluster bootstrap
BuildKit + Registry setup
Traefik + cert-manager
Redis + secrets injection
TypeScript (Web + API)
Go (Worker + K8s)
IaC (Terraform + Ansible)
Data (Redis + PostgreSQL)

Repository Structure — Turborepo

Code2Cloud/
├─apps/
├─web/Next.js 16 · React 19 · Tailwind
├─api/NestJS · Prisma · GraphQL · BullMQ
├─worker/Go · K8s client-go · BuildKit · Redis
├─proxy/Go · Reverse Proxy
└─infra/Terraform · Ansible · K8s YAML
├─packages/
├─ui/Shared Components
├─typescript-config/Shared TSConfig
└─eslint-config/Shared Lint Rules
Stack

Built With the Best

Every tool chosen deliberately. TypeScript for safety, Go for speed, Terraform for reproducibility.

Next.js 16

Frontend

React 19

UI

Tailwind CSS

Styling

TypeScript 5.9

Language

NestJS 11

Backend

GraphQL

API Layer

Prisma 6

ORM

PostgreSQL

Database

Go 1.23

Worker

Redis 7

Queue

Kubernetes

Orchestration

BuildKit

Builder

Terraform

IaC

Ansible

Config

GitHub App

Git

Let's Encrypt

TLS

TypeScript

Type-safe APIs with NestJS decorators & DI. Prisma for type-safe DB. Shared monorepo configs via Turborepo.

Next.jsNestJSPrismaReactGraphQL

Go

Goroutines for concurrent pipelines. Native K8s client-go for in-cluster orchestration. Minimal memory footprint.

Goroutinesclient-goRedisBuildKitZap

Infrastructure as Code

Terraform provisions OCI ARM64 compute + networking. Ansible bootstraps K3s + BuildKit. K8s YAML defines the stack.

TerraformAnsibleK8s YAMLOCI ARM64Traefik
Infrastructure

Single ARM64 Node

Everything runs on one OCI instance — API, frontend, worker, K3s, BuildKit, registry, Redis.

4

OCPUs

24

GB RAM

190

GB Disk

K3sTraefikBuildKitRegistryRedis 7cert-manager
Data

Prisma Schema

Type-safe PostgreSQL access. 8 models covering users, projects, deployments, domains, and logs.

👤

User

Auth · Git Accounts

📁

Project

Git · Build Config

🚀

Deployment

Status · Logs · Specs

🌐

Domain

DNS · TLS · Verify

🔗

GitAccount

Tokens · Install ID

🔑

EnvVariable

Per-Environment

📋

LogEntry

Build · Runtime

⚙️

SystemConfig

TTL · Retention

Lifecycle

Every State, Tracked

QUEUED
BUILDING
DEPLOYING
READY
FAILED
CANCELED
EXPIRED

Ready to deploy?

Connect GitHub. Push code. The Go worker handles the rest.

Get Started FreeView Source
Code2Cloud
TypeScript + Go + Terraform·Polyglot Monorepo·Built with ❤️