DevOps Readme

Infrastructure

Sites & domains

Hesh Jay — Portfolio

projectfreedom.xyz

Live

Host: Firebase Hosting Project: projectfreedom-portfolio-d8253 Site ID: projectfreedom-portfolio-d8253 Local folder: C:\Users\hesha\AI Projects\ProjectFreedom Portfolio\

Musaic — Early access

musaic.projectfreedom.xyz

Live

Host: Firebase Hosting Site ID: musaic-projectfreedom Formspree: mreovqgr Local folder: C:\Users\hesha\AI Projects\Musiac\deploy-musaic\

Animals of Sri Lanka — Early access

animalsofsrilanka.projectfreedom.xyz

Live

Host: Firebase Hosting Site ID: animals-projectfreedom Formspree: xbdpeojw Local folder: C:\Users\hesha\AI Projects\Animals of Sri Lanka\deploye-animalsofsrilanka\

GYGO — App

*.gygo.projectfreedom.xyz

Deploying

Host: Google Cloud Run — australia-southeast1 DB: Supabase PostgreSQL (Singapore) DNS: Cloudflare wildcard proxy Tenants: pifiproperty · cinnamon · jake GitHub: creationisttest-git/gygo

DevOps Readme (this page)

devops-readme.projectfreedom.xyz

Live

Host: Firebase Hosting Site ID: devops-readme-projectfreedom Access: Passphrase protected

DNS — GoDaddy (projectfreedom.xyz)

Type	Name	Value
A	@	199.36.158.100
A	@	199.36.158.101
CNAME	www	projectfreedom-portfolio-d8253.web.app.
CNAME	musaic	musaic-projectfreedom.web.app.
CNAME	animalsofsrilanka	animals-projectfreedom.web.app.
CNAME	devops-readme	devops-readme-projectfreedom.web.app.
CNAME	*.gygo	gygo.projectfreedom.xyz (→ Cloudflare)

Infrastructure

Architecture

DNS registrar

GoDaddy

DNS proxy (GYGO)

Cloudflare — wildcard *.gygo

Static hosting

Firebase Hosting (GCP)

App hosting

Cloud Run — australia-southeast1

Database

Supabase PostgreSQL (Singapore)

Container registry

Artifact Registry — gygo

Secrets

GCP Secret Manager (5 secrets)

Email capture

Formspree (2 forms)

Source control

GitHub — creationisttest-git/gygo

GCP project

projectfreedom-portfolio (611103599732)

Request flow — static sites

User browser→ GoDaddy DNS→ Firebase CDN→ index.html

Request flow — GYGO tenants

pifiproperty.gygo.projectfreedom.xyz→ GoDaddy DNS→ Cloudflare proxy→ Cloud Run→ Supabase DB

GCP resources

Resource	Name/ID	Region
Cloud Run service	gygo	australia-southeast1
Artifact Registry	gygo	australia-southeast1
Secret Manager	5 secrets (GYGO_*)	global
Cloud Build	auto-created	global
Firebase project	projectfreedom-portfolio-d8253	global

Deployment

Deploy static sites

Portfolio, Musaic, Animals of Sri Lanka — all follow the same pattern.

1

Edit the HTML file

Make changes to heshan_portfolio.html — or the relevant site's index.html

2

Rename to index.html and place in public\ folder

Each site has its own public\ subfolder — make sure you're putting it in the right one

3

Open terminal in the site folder and run

firebase deploy

Live in ~10 seconds. No build step required.

Local folder map

Site	Local path
projectfreedom.xyz	C:\Users\hesha\AI Projects\ProjectFreedom Portfolio\
musaic.projectfreedom.xyz	C:\Users\hesha\AI Projects\Musiac\deploy-musaic\
animalsofsrilanka.projectfreedom.xyz	C:\Users\hesha\AI Projects\Animals of Sri Lanka\deploye-animalsofsrilanka\
devops-readme.projectfreedom.xyz	C:\Users\hesha\AI Projects\devops-readme\

Deployment

Deploy GYGO

Current flow is manual via Cloud Shell. CI/CD (GitHub Actions) is queued — see CI/CD tab.

1

Commit and push changes from your machine

git add .
git commit -m "your message"
git push

2

Open Cloud Shell and pull latest

Go to console.cloud.google.com → click the >_ button top-right

cd gygo
git pull

3

Build Docker image (~6 minutes)

gcloud builds submit \
  --tag australia-southeast1-docker.pkg.dev/projectfreedom-portfolio/gygo/app:latest \
  --project=projectfreedom-portfolio .

4

Deploy to Cloud Run (~2 minutes)

gcloud run deploy gygo \
  --image australia-southeast1-docker.pkg.dev/projectfreedom-portfolio/gygo/app:latest \
  --region australia-southeast1 \
  --project=projectfreedom-portfolio

Prisma migrations run automatically on startup via scripts/start.sh

Debugging a failed deploy

gcloud logging read \
  "resource.type=cloud_run_revision AND resource.labels.service_name=gygo" \
  --limit=30 --format="value(textPayload)" \
  --project=projectfreedom-portfolio

Configuration

Secrets & credentials

All GYGO secrets are stored in GCP Secret Manager. Never commit secrets to GitHub.

Secret name	What it is	Where to find/rotate
GYGO_DATABASE_URL	Supabase PostgreSQL connection string	Supabase dashboard → Settings → Database
GYGO_NEXTAUTH_SECRET	NextAuth signing secret	Generate: openssl rand -base64 32
GYGO_GOOGLE_CLIENT_ID	Google OAuth client ID	GCP → APIs → Credentials → OAuth client
GYGO_GOOGLE_CLIENT_SECRET	Google OAuth client secret	GCP → APIs → Credentials → OAuth client
GYGO_ANTHROPIC_API_KEY	Anthropic API key	console.anthropic.com

To update a secret

echo -n 'NEW_VALUE' | gcloud secrets versions add SECRET_NAME \
  --data-file=- --project=projectfreedom-portfolio

Then redeploy Cloud Run so the new version is picked up.

OAuth redirect URIs (must match)

Type	URI
Authorised redirect URI	https://gygo.projectfreedom.xyz/api/auth/callback/google
Authorised JS origin	https://gygo.projectfreedom.xyz

Update at: GCP → APIs & Services → Credentials → your OAuth client.

Automation

CI/CD pipeline

GitHub Actions is queued. Once set up, every push to main auto-builds and deploys — no Cloud Shell needed.

Target flow

git push → main→ GitHub Actions→ Cloud Build→ Artifact Registry→ Cloud Run deploy

Setup steps (not done yet)

1

Create GCP service account

Needs roles: Cloud Build Editor, Cloud Run Admin, Artifact Registry Writer, Service Account User

2

Add service account key to GitHub Secrets

GitHub → repo Settings → Secrets → GCP_SA_KEY (JSON key content)

3

Add .github/workflows/deploy.yml to GYGO repo

Ask Claude Code to generate this file once the above is done

Estimated deploy time once CI/CD is live

Stage	Time
GitHub Actions trigger	~10 sec
Cloud Build (Docker image)	~5–6 min
Cloud Run deploy	~1–2 min
Total	~8 min from push to live