# Deployment ## Hugging Face (this repo == the Space) 1. **Push** to `main` → HF auto-rebuilds: ```bash git push origin main ``` 2. **Set secrets** once (Settings → Variables and secrets): - `DATABASE_URL` — Neon Postgres (persistence). See [persistence.md](persistence.md). - `API_KEY` — gateway auth. See [api-gateway.md](api-gateway.md). 3. After build → **log in** to ChatGPT/Gemini/Flow in the monitor UI once. ### HF git auth (important) The `origin` remote embeds a token: `https://:@huggingface.co/spaces//`. - The token **must belong to the Space owner** (`akash1313`) with `repo.write`. A token from a different account → `pre-receive hook declined: You are not authorized to push`. - Rotate/replace the token in the URL with: `git remote set-url origin https://akash1313:@huggingface.co/spaces/akash1313/selfapi-v2` - Local token files (`hf-token`, `neon-db`, `api-key`) are gitignored — never commit them. ### Watch the build ```bash curl -s -H "Authorization: Bearer " \ https://huggingface.co/api/spaces/akash1313/selfapi-v2/runtime # stage: RUNNING_BUILDING → RUNNING_APP_STARTING → RUNNING (errors: BUILD_ERROR / RUNTIME_ERROR) ``` ## Self-host Docker ```bash echo "API_KEY=$(openssl rand -hex 24)" > .env # gateway auth (DATABASE_URL not needed) docker compose up --build -d ``` Only the `chrome` service exists — it bakes in all 3 servers. Open `http://localhost:3001`. ## Dockerfile build stages (what gets built) | Stage | Image | Output | |-------|-------|--------| | `monitor-build` | golang:1.22 | `/monitor` (UI + gateway) | | `profilesync-build` | golang:1.22 | `/profilesync` | | `chatgpt-build` | golang:1.26 | `/agent` (+ `config.json`) | | `gemini-build` | golang:1.26 | `/free-gemini-api` | | final (on `akashyadav758/chrome`) | — | copies binaries, `pip install` flow deps, installs Chrome-for-Testing, perms | > If you bump a server's `go.mod` Go version, bump its build-stage image too, or the build pulls a > toolchain at build time.