5.0 (#2)

* skills

* agents.md

* Update site

* SwiftWASM app BytesizedCafe

* hummingbird backend impl

* fix wasm app

* bytesized cafe

Author: pvzig

.ENV.example

@@ -0,0 +1,17 @@
+# Copy this file to `.ENV` and fill in your real values before running repo commands.
+#
+# `just backend` and `just local` use all values below except `AWS_S3_BUCKET`.
+# `AWS_S3_BUCKET` is only used by `just site-deploy`.
+AWS_REGION=us-east-1
+AWS_S3_BUCKET=your-site-bucket
+GENERATED_IMAGES_BUCKET=your-generated-images-bucket
+OPENAI_API_KEY=your-openai-api-key
+AWS_ACCESS_KEY_ID=your-aws-access-key-id
+AWS_SECRET_ACCESS_KEY=your-aws-secret-access-key
+OPENAI_IMAGE_MODEL=gpt-image-1.5
+IMAGE_GEN_PREFIX=generated/v2
+
+BACKEND_HOST=127.0.0.1
+BACKEND_PORT=8080
+SITE_HOST=127.0.0.1
+SITE_PORT=8000

.github/workflows/deploy.yml

@@ -2,51 +2,112 @@ name: Build and Deploy
 
 on:
   push:
-    branches: [ master ]
-    
+    branches:
+      - main
+
+concurrency:
+  group: deploy-production
+  cancel-in-progress: true
+
 jobs:
-  build:
-    runs-on: macos-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: Build
-      run: swift run -c release bytesized
-    - uses: actions/upload-artifact@v4
-      with:
-        name: bytesized
-        path: Output/
-  deploy:
-    needs: build
+  deploy_backend:
+    name: Deploy Backend
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    env:
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_REGION: ${{ vars.AWS_REGION }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      GENERATED_IMAGES_BUCKET: ${{ vars.GENERATED_IMAGES_BUCKET }}
+      IMAGE_GEN_PREFIX: ${{ vars.IMAGE_GEN_PREFIX }}
+      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+      OPENAI_IMAGE_MODEL: ${{ vars.OPENAI_IMAGE_MODEL }}
+      RAILWAY_PROJECT_ID: ${{ vars.RAILWAY_PROJECT_ID }}
+      RAILWAY_ENVIRONMENT_NAME: ${{ vars.RAILWAY_ENVIRONMENT_NAME }}
+      RAILWAY_RUNTIME_HOST: "0.0.0.0"
+      RAILWAY_RUNTIME_PORT: "8080"
+      RAILWAY_SERVICE_NAME: ${{ vars.RAILWAY_SERVICE_NAME }}
+      RAILWAY_TOKEN: ${{ secrets.RAILWAY_TOKEN }}
     steps:
-      - uses: actions/download-artifact@v4
-        with:
-          name: bytesized
-          path: Output/
-      # Sync HTML content
-      - uses: jakejarvis/s3-sync-action@master
+      - uses: actions/checkout@v4
+
+      - name: Set up Node
+        uses: actions/setup-node@v4
         with:
-          args: --acl public-read --follow-symlinks --exclude '*' --include 'posts/*' --include 'page/*' --include 'index.html' --content-type 'text/html'
-        env:
-          AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          SOURCE_DIR: 'Output/'
-      # Sync resources
-      - uses: jakejarvis/s3-sync-action@master
+          node-version: "22"
+
+      - name: Validate Railway configuration
+        run: |
+          set -euo pipefail
+
+          : "${AWS_ACCESS_KEY_ID:?AWS_ACCESS_KEY_ID is required}"
+          : "${AWS_REGION:?AWS_REGION is required}"
+          : "${AWS_SECRET_ACCESS_KEY:?AWS_SECRET_ACCESS_KEY is required}"
+          : "${GENERATED_IMAGES_BUCKET:?GENERATED_IMAGES_BUCKET is required}"
+          : "${IMAGE_GEN_PREFIX:?IMAGE_GEN_PREFIX is required}"
+          : "${OPENAI_API_KEY:?OPENAI_API_KEY is required}"
+          : "${OPENAI_IMAGE_MODEL:?OPENAI_IMAGE_MODEL is required}"
+          : "${RAILWAY_PROJECT_ID:?RAILWAY_PROJECT_ID is required}"
+          : "${RAILWAY_ENVIRONMENT_NAME:?RAILWAY_ENVIRONMENT_NAME is required}"
+          : "${RAILWAY_SERVICE_NAME:?RAILWAY_SERVICE_NAME is required}"
+          : "${RAILWAY_TOKEN:?RAILWAY_TOKEN is required}"
+
+      - name: Sync Railway backend variables
+        run: ./Scripts/sync-railway-backend-variables.sh
+
+      - name: Deploy backend to Railway
+        run: |
+          set -euo pipefail
+
+          npx -y @railway/cli up Backend \
+            --ci \
+            --path-as-root \
+            --project "${RAILWAY_PROJECT_ID}" \
+            --environment "${RAILWAY_ENVIRONMENT_NAME}" \
+            --service "${RAILWAY_SERVICE_NAME}" \
+            --message "GitHub Actions ${GITHUB_SHA}"
+
+  deploy_site:
+    name: Deploy Site
+    runs-on: macos-latest
+    needs: deploy_backend
+    env:
+      AWS_REGION: ${{ vars.AWS_REGION }}
+      BYTESIZED_CAFE_API_URL: ${{ vars.BYTESIZED_CAFE_API_URL }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up just
+        uses: extractions/setup-just@v3
+
+      - name: Validate site API URL
+        run: |
+          set -euo pipefail
+
+          : "${AWS_REGION:?AWS_REGION is required}"
+          : "${BYTESIZED_CAFE_API_URL:?BYTESIZED_CAFE_API_URL is required}"
+
+      - name: Set up SwiftWasm
+        uses: swiftwasm/setup-swiftwasm@v2
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
         with:
-          args: --acl public-read --follow-symlinks --include '*' --exclude 'posts/*' --exclude 'page/*' --exclude 'index.html'
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ vars.AWS_REGION }}
+
+      - name: Install Binaryen
+        run: brew install binaryen
+
+      - name: Build SwiftWASM app
+        run: just wasm
+
+      - name: Build site
+        run: just site-release
+
+      - name: Deploy site
         env:
           AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          SOURCE_DIR: 'Output/'
-      # Invalidate CloudFront cache
-      - name: Invalidate CloudFront cache
-        uses: chetan/invalidate-cloudfront-action@v2
-        env:
-          DISTRIBUTION: ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }}
-          PATHS: '/index.html /page/* /feed.rss /css/styles.css'
-          AWS_REGION: 'us-east-1'
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: just site-deploy

.github/workflows/validate.yml

@@ -0,0 +1,22 @@
+name: Validate
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  validate_deployment_config:
+    name: Validate Deployment Config
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up just
+        uses: extractions/setup-just@v3
+
+      - name: Validate Docker and workflow YAML
+        run: just validate-deployment

.gitignore

@@ -1,8 +1,15 @@
 .DS_Store
+.ENV
 Output/*
+/bytesized-cafe-app/
 /fonts/*
 /.swiftpm/*
 /.publish
 /.build
+**/.build
 .vscode/settings.json
 /CLAUDE.md
+.railway/
+.swiftpm
+/Package.resolved
+/BytesizedCafe/Package.resolved

.swift-format

@@ -0,0 +1,5 @@
+{
+    "indentation": {
+        "spaces": 4
+    }
+}

AGENTS.md

@@ -0,0 +1,60 @@
+# AGENTS.md
+
+Instructions for coding agents working on this repo.
+## General
+- When adding new dependencies, check Github to make sure that you’re adding them at the latest release.
+- When naming files/targets, prefer non-project namespaced names (eg Server vs BytesizedServer)
+## Validating Changes
+- Run the swift-format skill
+- Run `./Scripts/validate-deployment-config.sh` when changing `Backend/Dockerfile`, `.github/workflows`, or deployment-related scripts
+- Keep `SPEC.md` up-to-date when making changes.
+- You don't need to run swift-format and swift-test to validate changes to markdown files.
+
+## Build & Run Commands
+- List available recipes: `just help`
+- Build the WebAssembly app: `just wasm`
+- Build site: `just site`
+- Build with release config: `just site-release`
+- Build site against a configured local cafe API: `just site-local`
+- Run local stack: `just local`
+- Run backend only: `just backend`
+- Validate deployment config: `just validate-deployment`
+- Deploy site to S3: `just site-deploy`
+
+`just` loads environment variables from `.ENV` automatically.
+
+## Project Structure
+- `Sources/bytesized/`: Swift source files
+- `Content/posts/`: Markdown blog posts
+- `Resources/`: Static assets (CSS, fonts, images)
+- `Output/`: Generated site (not checked in)
+
+## Content Writing
+- Use Markdown for all content in the Content/posts directory
+- Include proper metadata with title, date, and path
+
+## Code Style Guidelines
+- Swift 6.2+ codebase using the Publish framework
+- Use descriptive variable/function names in camelCase
+- Consistent 4-space indentation 
+- Prefer `Struct` to `Enum` for general data structures
+- Group extensions with the type they extend
+- Use Swift's strong type system
+- Organize imports alphabetically: Foundation first, then third-party
+- Keep functions small and focused on a single responsibility
+- Use Swift's error handling with do/try/catch
+- Follow CommonMark for Markdown content
+- Use the `swift-concurrency` skill for Swift concurrency guidance.
+- Always mark @Observable classes with @MainActor.
+- Assume strict Swift concurrency rules are being applied.
+- Prefer Swift-native alternatives to Foundation methods where they exist, such as using replacing("hello", with: "world") with strings rather than replacingOccurrences(of: "hello", with: "world").
+- Prefer modern Foundation API, for example URL.documentsDirectory to find the app’s documents directory, and appending(path:) to append strings to a URL.
+- Never use C-style number formatting such as Text(String(format: "%.2f", abs(myNumber))); always use Text(abs(change), format: .number.precision(.fractionLength(2))) instead.
+- Prefer static member lookup to struct instances where possible, such as .circle rather than Circle(), and .borderedProminent rather than BorderedProminentButtonStyle().
+- Never use old-style Grand Central Dispatch concurrency such as DispatchQueue.main.async(). If behavior like this is needed, always use modern Swift concurrency.
+- Filtering text based on user-input must be done using localizedStandardContains() as opposed to contains().
+- Avoid force unwraps and force try unless it is unrecoverable.
+
+## Tools
+- Prefer `ast-grep` for syntax-aware searches; only use `rg` for plain-text matching when needed.
+- Use the `gh` CLI for GitHub operations when available (e.g., creating repos and pushing).

Backend/.dockerignore

@@ -0,0 +1,3 @@
+.build
+.swiftpm
+.DS_Store

Backend/Dockerfile

@@ -0,0 +1,25 @@
+FROM swift:6.2.4-bookworm AS build
+
+WORKDIR /app
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends libssl-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY Package.swift Package.resolved ./
+COPY Sources ./Sources
+
+RUN swift build -c release --product Server
+
+FROM swift:6.2.4-bookworm-slim AS runtime
+
+WORKDIR /app
+
+COPY --from=build /app/.build/release/Server /usr/local/bin/Server
+
+ENV HOST=0.0.0.0
+ENV PORT=8080
+
+EXPOSE 8080
+
+CMD ["Server"]