Appearance
Secrets & Environments
The project separates build-time values, runtime secrets and manual contract deployment secrets. This avoids putting deployer private keys into application containers and keeps public frontend values explicit.
Environment map
Build-time values
Frontend values are baked into the static SPA during build. The most important production value is API_BASE_URL=https://api.usecontent.app. Public RPC URLs can also be provided for frontend wallet reads, but private keys are never needed by the frontend build.
Backend image build is handled by GitHub Actions. The workflow injects MinIO-related build configuration for Encore Docker build and then pushes the image to GHCR.
Runtime values
| Runtime area | Values |
|---|---|
| Backend API | MONGO_URI, JWT_SECRET, MinIO credentials, RPC URLs, deployment registry token |
| Frontend container | Static files and public build-time config |
| MongoDB | Persistent metadata volume |
| MinIO | Persistent object storage volume and root credentials |
| Coolify proxy | Domains, routing labels and TLS certificates |
Contract deployment secrets
Contract deployment is intentionally separate from normal application deployment. Manual GitHub Actions workflows receive deployer private keys, treasury addresses, RPC URLs and registry token only for the duration of the deployment job. Runtime containers only read the resulting deployment registry records.
For reader and platform billing contract deployments, REGISTRY_API_BASE_URL and DEPLOYMENT_REGISTRY_TOKEN are mandatory in GitHub Actions. REGISTRY_API_BASE_URL should be the public backend origin, normally https://api.usecontent.app; it must not be the Coolify internal backend port such as http://server-ip:8080. The deploy scripts check /health before any on-chain transaction, register the deployed contracts, then perform public read-back checks against the backend lookup endpoints. Local platform deploys can intentionally skip this with SKIP_DEPLOYMENT_REGISTRY_SYNC=true, but CI should not.
If an on-chain deployment already succeeded and only registry sync failed, rerun the manual Platform Billing Contracts workflow with the existing platformTierManagerAddress and platformStorageManagerAddress inputs. That mode syncs and verifies the addresses without deploying new contracts.
Domain layout
https://usecontent.appfor the main useContent frontend;https://api.usecontent.appfor frontend-to-backend API traffic;https://docs.usecontent.appfor the VitePress documentation portal.
Keeping these origins explicit makes CORS, certificate routing and deployment ownership easier to reason about.