From b9ae3796fe42c9dc8e2710b2e734d9dc8be8c4ab Mon Sep 17 00:00:00 2001
From: amirsadraabdollahi <abdollahiamirsadra@gmail.com>
Date: Thu, 21 May 2026 17:36:22 -0400
Subject: [PATCH 1/3] Add k8s manifests

---
 .github/workflows/build-and-push.yml | 40 ++++++++++++++++++++++++++++
 .gitignore                           |  1 +
 Dockerfile                           | 14 ++++++++++
 k8s/configmap.yaml                   | 31 +++++++++++++++++++++
 k8s/deployment.yaml                  | 40 ++++++++++++++++++++++++++++
 k8s/ingress.yaml                     | 17 ++++++++++++
 k8s/nginx.conf                       | 24 +++++++++++++++++
 k8s/service.yaml                     | 12 +++++++++
 8 files changed, 179 insertions(+)
 create mode 100644 .github/workflows/build-and-push.yml
 create mode 100644 Dockerfile
 create mode 100644 k8s/configmap.yaml
 create mode 100644 k8s/deployment.yaml
 create mode 100644 k8s/ingress.yaml
 create mode 100644 k8s/nginx.conf
 create mode 100644 k8s/service.yaml

diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml
new file mode 100644
index 000000000..503634c0e
--- /dev/null
+++ b/.github/workflows/build-and-push.yml
@@ -0,0 +1,40 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Sanitize branch name
+        id: branch
+        run: echo "name=$(echo '${{ github.ref_name }}' | sed 's/[^a-zA-Z0-9._-]/-/g')" >> $GITHUB_OUTPUT
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: |
+            ghcr.io/ddmal/neon:${{ steps.branch.outputs.name }}-latest
+            ghcr.io/ddmal/neon:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/.gitignore b/.gitignore
index af78f35eb..f20adbbf0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,4 @@
 /cypress/screenshots
 /cypress/downloads
 
+.idea
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..e6051dc95
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,14 @@
+FROM node:18-alpine AS builder
+WORKDIR /app
+
+COPY package.json yarn.lock ./
+RUN yarn install --frozen-lockfile
+
+COPY . .
+RUN yarn build:prod
+
+FROM nginx:1.25-alpine
+COPY --from=builder /app/deployment/server /usr/share/nginx/html
+COPY k8s/nginx.conf /etc/nginx/conf.d/default.conf
+EXPOSE 80
+CMD ["nginx", "-g", "daemon off;"]
diff --git a/k8s/configmap.yaml b/k8s/configmap.yaml
new file mode 100644
index 000000000..0d98336c2
--- /dev/null
+++ b/k8s/configmap.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: neon-nginx-conf
+  namespace: neon
+data:
+  default.conf: |
+    server {
+        listen 80;
+        server_name _;
+        root /usr/share/nginx/html;
+        index index.html;
+
+        gzip on;
+        gzip_types text/plain text/css application/javascript application/json image/svg+xml;
+
+        # Cache compiled assets long-term; no-cache for HTML entry points
+        location /Neon-gh/ {
+            expires 1y;
+            add_header Cache-Control "public, immutable";
+        }
+
+        location ~* \.(html|htm)$ {
+            expires -1;
+            add_header Cache-Control "no-cache";
+        }
+
+        location / {
+            try_files $uri $uri/ =404;
+        }
+    }
diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml
new file mode 100644
index 000000000..6369669a6
--- /dev/null
+++ b/k8s/deployment.yaml
@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: neon
+  namespace: neon
+  labels:
+    app: neon
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: neon
+  template:
+    metadata:
+      labels:
+        app: neon
+    spec:
+      imagePullSecrets:
+        - name: ghcr-credentials
+      containers:
+        - name: neon
+          image: ghcr.io/ddmal/neon:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 80
+          volumeMounts:
+            - name: nginx-conf
+              mountPath: /etc/nginx/conf.d/default.conf
+              subPath: default.conf
+          resources:
+            requests:
+              memory: "64Mi"
+              cpu: "50m"
+            limits:
+              memory: "256Mi"
+              cpu: "200m"
+      volumes:
+        - name: nginx-conf
+          configMap:
+            name: neon-nginx-conf
diff --git a/k8s/ingress.yaml b/k8s/ingress.yaml
new file mode 100644
index 000000000..bb0895386
--- /dev/null
+++ b/k8s/ingress.yaml
@@ -0,0 +1,17 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: neon
+  namespace: neon
+spec:
+  rules:
+    - host: neon.simssa.ca
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: neon
+                port:
+                  number: 80
diff --git a/k8s/nginx.conf b/k8s/nginx.conf
new file mode 100644
index 000000000..eebbfd0cb
--- /dev/null
+++ b/k8s/nginx.conf
@@ -0,0 +1,24 @@
+server {
+    listen 80;
+    server_name _;
+    root /usr/share/nginx/html;
+    index index.html;
+
+    gzip on;
+    gzip_types text/plain text/css application/javascript application/json image/svg+xml;
+
+    # Cache compiled assets long-term; no-cache for HTML entry points
+    location /Neon-gh/ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+    }
+
+    location ~* \.(html|htm)$ {
+        expires -1;
+        add_header Cache-Control "no-cache";
+    }
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+}
diff --git a/k8s/service.yaml b/k8s/service.yaml
new file mode 100644
index 000000000..d26799f68
--- /dev/null
+++ b/k8s/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: neon
+  namespace: neon
+spec:
+  type: ClusterIP
+  selector:
+    app: neon
+  ports:
+    - port: 80
+      targetPort: 80

From 2f8c4ce25a16bd1065a99db31a8729217588597c Mon Sep 17 00:00:00 2001
From: amirsadraabdollahi <abdollahiamirsadra@gmail.com>
Date: Thu, 21 May 2026 17:42:14 -0400
Subject: [PATCH 2/3] Add git to the docker image

---
 Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index e6051dc95..455e71485 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,6 @@
 FROM node:18-alpine AS builder
+RUN apk add --no-cache git
+ENV NODE_OPTIONS=--openssl-legacy-provider
 WORKDIR /app
 
 COPY package.json yarn.lock ./

From cd2a1736041792df0435cb994f942e3350098601 Mon Sep 17 00:00:00 2001
From: amirsadraabdollahi <abdollahiamirsadra@gmail.com>
Date: Thu, 21 May 2026 18:28:29 -0400
Subject: [PATCH 3/3] Fix: change image tag name

---
 k8s/deployment.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml
index 6369669a6..02b844ee4 100644
--- a/k8s/deployment.yaml
+++ b/k8s/deployment.yaml
@@ -16,10 +16,10 @@ spec:
         app: neon
     spec:
       imagePullSecrets:
-        - name: ghcr-credentials
+        - name: ghcr-pull-secret
       containers:
         - name: neon
-          image: ghcr.io/ddmal/neon:latest
+          image: ghcr.io/ddmal/neon:develop-latest
           imagePullPolicy: Always
           ports:
             - containerPort: 80