Skip to content

deploy: Railway template — persistent volume config + submission guide (Growth Day 13)#52

Open
alokit-bot wants to merge 4 commits into
mainfrom
feat/growth-2026-06-23
Open

deploy: Railway template — persistent volume config + submission guide (Growth Day 13)#52
alokit-bot wants to merge 4 commits into
mainfrom
feat/growth-2026-06-23

Conversation

@alokit-bot

@alokit-bot alokit-bot commented Jun 23, 2026

Copy link
Copy Markdown
Collaborator

Growth Day 13 — Railway Template

Builds on PR #51 (Replit) to round out the one-click deploy story with a properly configured Railway template — the platform recommended for production use.

What changed

railway.toml — production-hardened

  • Added NIXPACKS_NODE_VERSION = "20" build arg (pins Node 20; avoids version drift)
  • Added DB_PATH = "/data/relay.db" env var default — tells byok-relay where Railway mounts the persistent volume
  • Inline comments explaining volume setup so the file is self-documenting

README.md — Railway section improved

  • Deploy button URL updated: now includes DB_PATH env var prompt with /data/relay.db default (so the user sees it during deploy, not buried in docs)
  • Step 3 rewritten: explicit instruction to add a Railway volume at /data from the dashboard + redeploy step

submissions/railway-template.md — submission guide

  • What to fill in on the Railway Template Marketplace form (name, description, tags, env vars, volume)
  • Volume setup post-deploy checklist (same pattern as submissions/replit-template.md)
  • Smoke test script against the deployed Railway URL

Why the volume step matters

Without a Railway volume at /data, relay.db lives on the ephemeral layer and resets on every redeploy — users lose tokens and keys silently. The PR makes this impossible to miss: the deploy button prompts for DB_PATH, the README section has an explicit step, and the submission guide has a post-deploy checklist.

Metrics (2026-06-23)

Metric Value
GitHub stars 51
Forks 0
Watchers 51
Clones (14d) 246 (114 unique)
Views (14d) 28 (14 unique)

Next step for Avi

Submit to Railway Template Marketplace — full instructions at submissions/railway-template.md. Takes ~5 minutes with a Railway account.

Summary by CodeRabbit

  • Documentation

    • Expanded deployment guidance to support multiple platforms: Railway, Render, Replit, and Vercel.
    • Updated README with clearer onboarding and token/key ownership explanation.
  • Chores

    • Added deployment configuration files for Railway, Render, and Replit.
    • Enhanced Vercel deployment settings with improved security headers and lambda size configuration.

…p, cleaner flow

- Replace verbose opening paragraph with a punchy blockquote value prop
  (one sentence, clear on what changes: CORS handled, keys never in code,
  costs on users' bill)
- Add 'Get started' section right at the top with two clear paths:
  Option A = managed relay (zero setup), Option B = 3-command docker compose self-host
  + npm fallback for non-Docker users
- Move 'How it works' flow diagram up before the comparison table
  (diagram → compare → quickstart is a more natural reading order)
- Tighten 'How it compares' closing line with bold emphasis on the key differentiator
- Remove redundant 'The problem' section (content absorbed into hero paragraph)
…os-only

- Add railway.toml: Nixpacks build, persistent volume, health check at /health,
  ON_FAILURE restart policy. Railway provisions SQLite storage automatically.
- Add render.yaml: web service + 1 GB persistent disk at /app/data, auto-generated
  ENCRYPTION_SECRET and APP_SECRET, DB_PATH pointed at mount.
- Update vercel.json: modern rewrites (replaces deprecated routes), maxLambdaSize,
  X-Content-Type-Options security header.
- Update README 'Deploy in one click': replace single Vercel button with 3-platform
  comparison table (Railway=persistent/recommended, Render=free tier, Vercel=demos).
  Each platform gets its own section with step-by-step instructions. Vercel section
  includes explicit warning about ephemeral filesystem data loss.
- Add Railway deploy button to README header badges alongside Vercel and skills.sh.

Fixes: SQLite + Vercel silent data loss (BACKLOG 🟠). GROWTH_PLAN Day 11.
- .replit: run config (nodejs-20 module, port 3000→80, cloudrun deploy target)
- replit.nix: Node 20 + gcc/gnumake for better-sqlite3 native build
- README header: Run on Replit badge added alongside Railway/Vercel
- README platform table: Replit row (free tier, Repl workspace storage)
- README new section: Run on Replit — 3-step setup with Secrets instructions
- Submission guide: byok-relay-project/submissions/replit-template.md
@coderabbitai

coderabbitai Bot commented Jun 23, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Adds deployment configuration files for Railway (railway.toml), Render (render.yaml), and Replit (.replit, replit.nix). Updates vercel.json with catch-all routing, a security header, and increased lambda size. Rewrites README.md to document all four platforms and adds a Railway template marketplace submission guide.

Changes

Multi-platform Deployment Support

Layer / File(s) Summary
Railway deployment config and submission guide
railway.toml, submissions/railway-template.md
railway.toml uses Nixpacks/Node 20, sets a /health healthcheck, restart policy, and DB_PATH=/data/relay.db. The submission guide documents required env vars, volume mount at /data, one-click deploy URL, and a curl-based post-deploy test checklist.
Render deployment config
render.yaml
Defines the byok-relay web service on the free plan with a 1GB persistent disk mounted at /app/data, generated secrets for ENCRYPTION_SECRET and APP_SECRET, and DB_PATH under the mounted volume.
Replit runtime and Nix environment
.replit, replit.nix
.replit targets Cloud Run deployment, maps container port 3000 to external port 80, and hides config/lockfile paths. replit.nix declares Node 20, npm, Python 3, GCC, and GNU make as dependencies.
Vercel config: routing, headers, and lambda size
vercel.json
Raises maxLambdaSize to 15mb, adds a catch-all rewrites rule to /src/index.js, sets NODE_ENV=production, and adds an X-Content-Type-Options: nosniff header for all routes.
README multi-platform documentation
README.md
Replaces single-platform deploy instructions with a platform comparison table and separate subsections for Railway, Render, Replit, and Vercel; rewrites the intro with deploy badges and a BYOK/CORS ownership explanation.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

  • avikalpg/byok-relay#4: Directly related — modifies vercel.json routing/build configuration and README.md Vercel deploy guidance, both of which this PR further extends.

Suggested reviewers

  • avikalpg

🐇 Four platforms now stand in a row,
Railway, Render, Replit — all set to go!
Vercel got headers and routes that rewrite,
The README shines bright with deployment delight.
One click to deploy, the relay will run —
Hop in, little server, the work is all done! 🚀

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title accurately reflects the primary changes: adding Railway template configuration with persistent volume setup and a submission guide for Railway marketplace deployment.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/growth-2026-06-23

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (1)
README.md (1)

6-8: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Provision TOKEN_HMAC_SECRET in one-click setup guidance.

Current deployment instructions default to HMAC key fallback on ENCRYPTION_SECRET, which reduces secret isolation. Add TOKEN_HMAC_SECRET to the Railway/Vercel prompt parameters and platform setup steps.

Suggested README step updates
-2. Set `ENCRYPTION_SECRET` (`openssl rand -hex 32`), `ALLOWED_ORIGINS` (your frontend domain), `APP_SECRET` (`openssl rand -hex 32`), leave `DB_PATH` as `/data/relay.db`
+2. Set `ENCRYPTION_SECRET` (`openssl rand -hex 32`), `TOKEN_HMAC_SECRET` (`openssl rand -hex 32`), `ALLOWED_ORIGINS` (your frontend domain), `APP_SECRET` (`openssl rand -hex 32`), leave `DB_PATH` as `/data/relay.db`
@@
-3. `ENCRYPTION_SECRET` and `APP_SECRET` are auto-generated by Render
+3. `ENCRYPTION_SECRET` and `APP_SECRET` are auto-generated by Render; also set `TOKEN_HMAC_SECRET` (generate with `openssl rand -hex 32`)
@@
-   - `APP_SECRET` — `openssl rand -hex 32`
+   - `APP_SECRET` — `openssl rand -hex 32`
+   - `TOKEN_HMAC_SECRET` — `openssl rand -hex 32`
@@
-2. Set `ENCRYPTION_SECRET`, `ALLOWED_ORIGINS`, and `APP_SECRET`
+2. Set `ENCRYPTION_SECRET`, `TOKEN_HMAC_SECRET`, `ALLOWED_ORIGINS`, and `APP_SECRET`

Also applies to: 209-241

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` around lines 6 - 8, The one-click deployment buttons for Railway
and Vercel in the README do not include TOKEN_HMAC_SECRET as a configurable
environment variable parameter. Add TOKEN_HMAC_SECRET to the envs parameter in
the Railway deployment button URL and to the env parameter in the Vercel
deployment button URL. Include appropriate descriptions and generation
instructions for TOKEN_HMAC_SECRET (e.g., generate with openssl rand -hex 32)
similar to how ENCRYPTION_SECRET is documented. This ensures proper secret
isolation during one-click deployments instead of relying on fallback behavior
using ENCRYPTION_SECRET.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@README.md`:
- Around line 18-20: The fenced code block containing the URL
https://relay.byokrelay.com is missing a language identifier after the opening
triple backticks, which violates the markdown linting rule MD040. Add the
language identifier "text" after the opening triple backticks so the fence reads
```text instead of just ``` to properly specify the code block language.

In `@submissions/railway-template.md`:
- Around line 19-21: The fenced code blocks at lines 19 and 87 are missing
language identifiers, which violates the markdown linting rule MD040. Add the
language identifier "text" to both code fences by changing the opening fence
markers from triple backticks (```) to triple backticks followed by the word
"text" (```text). This applies to both the Railway template URL block around
line 19 and the alternate template URL block around line 87.
- Around line 99-100: The documentation for the `/health` endpoint response at
line 99 in railway-template.md incorrectly specifies the response format as the
object `{"status":"ok"}` when the service actually returns a boolean `ok`
payload. Update the documented response format to reflect what the service
actually returns instead of the incorrect object structure, ensuring post-deploy
validation expectations match the actual API response.

---

Nitpick comments:
In `@README.md`:
- Around line 6-8: The one-click deployment buttons for Railway and Vercel in
the README do not include TOKEN_HMAC_SECRET as a configurable environment
variable parameter. Add TOKEN_HMAC_SECRET to the envs parameter in the Railway
deployment button URL and to the env parameter in the Vercel deployment button
URL. Include appropriate descriptions and generation instructions for
TOKEN_HMAC_SECRET (e.g., generate with openssl rand -hex 32) similar to how
ENCRYPTION_SECRET is documented. This ensures proper secret isolation during
one-click deployments instead of relying on fallback behavior using
ENCRYPTION_SECRET.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6b61ab74-690b-4b54-b6e3-48526387201a

📥 Commits

Reviewing files that changed from the base of the PR and between f0e1a43 and 2823dc2.

📒 Files selected for processing (7)
  • .replit
  • README.md
  • railway.toml
  • render.yaml
  • replit.nix
  • submissions/railway-template.md
  • vercel.json

Comment thread README.md
Comment on lines 18 to 20
```
https://relay.byokrelay.com
```

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Add a language identifier to the fenced URL block.

The code fence at Line 18 is missing a language tag (MD040).

Suggested fix
-```
+```text
 https://relay.byokrelay.com
</details>

<details>
<summary>🧰 Tools</summary>

<details>
<summary>🪛 markdownlint-cli2 (0.22.1)</summary>

[warning] 18-18: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

</details>

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @README.md around lines 18 - 20, The fenced code block containing the URL
https://relay.byokrelay.com is missing a language identifier after the opening
triple backticks, which violates the markdown linting rule MD040. Add the
language identifier "text" after the opening triple backticks so the fence reads
text instead of just to properly specify the code block language.


</details>

<!-- fingerprinting:phantom:poseidon:hawk -->

<!-- cr-indicator-types:potential_issue -->

<!-- cr-comment:v1:73dbd1cd162f7c4ad4463e9c -->

_Source: Linters/SAST tools_

<!-- This is an auto-generated comment by CodeRabbit -->

Comment on lines +19 to +21
```
https://railway.app/new/template?template=https%3A%2F%2Fgithub.com%2Favikalpg%2Fbyok-relay&envs=ENCRYPTION_SECRET%2CALLOWED_ORIGINS%2CAPP_SECRET%2CDB_PATH&...
```

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Add language identifiers to fenced code blocks.

The fences at Line 19 and Line 87 are missing language tags (MD040).

Suggested fix
-```
+```text
 https://railway.app/new/template?template=https%3A%2F%2Fgithub.com%2Favikalpg%2Fbyok-relay&envs=ENCRYPTION_SECRET%2CALLOWED_ORIGINS%2CAPP_SECRET%2CDB_PATH&...

@@
- +text
https://railway.app/template/byok-relay

Also applies to: 87-89

🧰 Tools
🪛 markdownlint-cli2 (0.22.1)

[warning] 19-19: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@submissions/railway-template.md` around lines 19 - 21, The fenced code blocks
at lines 19 and 87 are missing language identifiers, which violates the markdown
linting rule MD040. Add the language identifier "text" to both code fences by
changing the opening fence markers from triple backticks (```) to triple
backticks followed by the word "text" (```text). This applies to both the
Railway template URL block around line 19 and the alternate template URL block
around line 87.

Source: Linters/SAST tools

Comment on lines +99 to +100
1. Deploy completes → check `/health` returns `{"status":"ok"}`
2. Dashboard → your service → **Volumes** → **Add Volume** → Mount Path: `/data`

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Fix the documented /health response shape.

Line 99 currently checks for {"status":"ok"}, but the service returns an ok boolean payload. This can cause false negatives in post-deploy validation.

Suggested fix
-1. Deploy completes → check `/health` returns `{"status":"ok"}`
+1. Deploy completes → check `/health` returns JSON with `"ok": true` (for example: `{"ok":true,"version":"...","providers":[...]}`)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
1. Deploy completes → check `/health` returns `{"status":"ok"}`
2. Dashboard → your service → **Volumes****Add Volume** → Mount Path: `/data`
1. Deploy completes → check `/health` returns JSON with `"ok": true` (for example: `{"ok":true,"version":"...","providers":[...]}`)
2. Dashboard → your service → **Volumes****Add Volume** → Mount Path: `/data`
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@submissions/railway-template.md` around lines 99 - 100, The documentation for
the `/health` endpoint response at line 99 in railway-template.md incorrectly
specifies the response format as the object `{"status":"ok"}` when the service
actually returns a boolean `ok` payload. Update the documented response format
to reflect what the service actually returns instead of the incorrect object
structure, ensuring post-deploy validation expectations match the actual API
response.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant