> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sertifikasitrainer.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Deploy Cloudflare

> Deploy production ke app.sertifikasitrainer.com via Workers.

Production di-host di **Cloudflare Workers** — bukan VPS Hono/Beta.

## Target

| Komponen         | Domain / worker                                   |
| ---------------- | ------------------------------------------------- |
| Web + API        | `https://app.sertifikasitrainer.com`              |
| API path         | `/api/*`                                          |
| Renderer browser | Worker terpisah (`render.sertifikasitrainer.com`) |

## Alur deploy

<Steps>
  <Step title="Pastikan secret shared terisi">
    ```bash theme={null}
    ./thub secrets check
    ```

    Key wajib: `BETTER_AUTH_SECRET`, `DEEPSEEK_API_KEY`, `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`
  </Step>

  <Step title="Push secrets ke Worker">
    ```bash theme={null}
    ./thub secrets push
    ```

    Membaca `.env` (+ `.env.production.local` jika ada) → `.cloudflare/worker-secrets.json` → `wrangler secret bulk`
  </Step>

  <Step title="Deploy">
    ```bash theme={null}
    ./thub deploy
    ```

    Ketik `yes` untuk konfirmasi.
  </Step>

  <Step title="Smoke test">
    ```bash theme={null}
    ./thub smoke prod
    ```
  </Step>
</Steps>

## Apa yang dilakukan `deploy-prod.sh`

1. Migrate database (dari `DATABASE_URL` di `.env.production.local` atau legacy `.env.production`)
2. Build frontend (`apps/web`)
3. Deploy renderer browser worker
4. Deploy API worker
5. Deploy web worker

Script: `scripts/deploy-prod.sh`\
Wrangler config: `apps/api/wrangler.jsonc`, `apps/web/wrangler.jsonc`

## DATABASE\_URL production

Buat `.env.production.local`:

```bash theme={null}
DATABASE_URL=postgresql://...@ep-xxx.neon.tech/neondb?sslmode=require
```

Deploy script membaca file ini **sebelum** legacy `.env.production` (format catatan `psql=...`).

## Hyperdrive

Kalau `SYNC_HYPERDRIVE=1` (default), deploy mencoba sync connection string dari `apps/api/.env` ke Hyperdrive binding di wrangler.

## Opsi manual

```bash theme={null}
bun run deploy:prod
bun run smoke:prod
```

Dengan flag:

```bash theme={null}
./scripts/deploy-prod.sh --allow-dirty   # deploy dari worktree kotor
./scripts/deploy-prod.sh --skip-build    # skip build web
SKIP_DB_MIGRATE=1 ./scripts/deploy-prod.sh
```

<Warning>
  Jangan commit `.cloudflare/worker-secrets.json` — file ini berisi secret dan sudah di-gitignore.
</Warning>
