Skip to main content

Documentation Index

Fetch the complete documentation index at: https://grantmaster.dev/llms.txt

Use this file to discover all available pages before exploring further.

Deployment and Infrastructure

This document outlines the production infrastructure, CI/CD pipelines, and SRE (Site Reliability Engineering) practices for the GrantMaster platform.

🏗️ Visual Infrastructure Map

☁️ Cloud Infrastructure (GCP & Firebase)

GrantMaster is hosted on Google Cloud Platform (GCP), leveraging the Firebase ecosystem for high scalability.
  • Frontend: Hosted on Firebase Hosting. Global CDN ensures low-latency access.
  • Backend Logic: Cloud Functions for Firebase (2nd Gen). Event-driven, auto-scaling Node.js environment.
  • Database: Cloud Firestore. Multi-region, document-based NoSQL database with strict tenancy rules.
  • Storage: Cloud Storage. Used for grant documents, organization logos, and exported reports.
  • Secrets: Sensitive keys (Stripe, Gemini, Postmark) are managed via GCP Secret Manager.

🚀 CI/CD Pipeline (GitHub Actions)

We use a “Merge to Main” deploy strategy across three environments:
  1. Development: Auto-deploys on every PR. Used for automated testing and manual review.
  2. Staging: Mirrors production. Deployed after PR merge for final validation.
  3. Production: Triggered via a GitHub Release tag.

Pipeline Steps:

  1. Lint & Scan: Running ESLint, Prettier, and security vulnerability scans.
  2. Unit & Integration Tests: Executed via Vitest/Jest.
  3. Build: Compiling the React (Vite) frontend and TypeScript Cloud Functions.
  4. Deploy: Pushing assets to Firebase Hosting and updating Cloud Function instances.

CI/CD Pipeline Diagram

📊 Monitoring and Observability

  • Error Tracking: Sentry captures all frontend and backend exceptions with full stack traces.
  • Performance Monitoring: GCP Cloud Logging and Cloud Trace are used to identify slow API endpoints and database bottlenecks.
  • Alerting: Critical errors (e.g., 5xx spikes, database unreachable) trigger alerts to the Engineering Slack channel via GCP Monitoring.

🛡️ Security Posture

  • VPC Scoping: Internal services are isolated where possible.
  • WAF (Cloud Armor): Protects against DDOS and common web exploits (SQLi, XSS).
  • IAM: Strict “Least Privilege” access for service accounts and developer permissions.