feat: add SaaS deployment for cowork.mindshub.ai#139
Draft
pnewsam wants to merge 2 commits into
Draft
Conversation
Add Kubernetes deployment infrastructure for serving Cowork as a SaaS
app at cowork.{dev,staging,prod}.mindshub.ai, mirroring the
mindshub_frontend (console) deployment pattern.
- Fix web-main.tsx auth detection: *.mindshub.ai hosts now use Keycloak
instead of skipping auth (which was only appropriate for Cloudflare
Worker-gated Lightsail instances)
- Add per-environment .env files for Vite builds (dev/staging/production)
- Add APP_ENV build arg to Dockerfile for env-aware SPA builds
- Add Helm chart (deployment/cowork/) with per-env values
- Add GitHub workflows for dev/staging/prod K8s deployments
Prerequisite infra work before first deploy:
- Create ECR repository "cowork"
- Update Keycloak redirect URIs for cowork.*.mindshub.ai
- Ensure DNS records exist (likely covered by *.mindshub.ai wildcard)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Address CodeQL findings — restrict GITHUB_TOKEN to contents:read in all three K8s deployment workflows. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
web-main.tsxauth detection so*.mindshub.aihosts use Keycloak auth (instead of skipping it, which is only appropriate for Cloudflare Worker-gated Lightsail instances).envfiles for Vite builds (dev/staging/production) with correct Keycloak and API URLsAPP_ENVbuild arg to Dockerfile for env-aware SPA buildsdeployment/cowork/) with per-env ingress values forcowork.{dev,staging,prod}.mindshub.aiPrerequisite infra work before first deploy
coworkin168681354662.dkr.ecr.us-east-1.amazonaws.comcowork.*.mindshub.aiinauth/deployment/keycloak-config-cli/values-<env>.yaml*.mindshub.aiwildcard)Test plan
deploy-to-devand verifycowork.dev.mindshub.ailoadsnpm run dev:weblocalhost still works with Keycloak🤖 Generated with Claude Code