All notable changes to the Deploy Center project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Real-time deployment logging with structured
LogFormatteroutputs across clone, sync, post-deploy, rollback, and completion phases, emitted throughSocketServicefor live UI updates (commit 8b8b434232d5978f7927a30934ac2b71583ab689). - Post-deployment pipelines run after rsync in each production path (with per-path execution markers); includes optional pre-sync backups and rollback on failure to keep production safe.
- Post-deployment pipelines now emit start/success/failure logs and per-path execution markers when multiple production paths are used, giving clearer visibility into each post phase.
- Detailed pipeline step logging now includes formatted commands, outputs, warnings, and SSH authentication context to improve traceability and debugging during deployments.
- Registered new migrations in
MigrationRunnerto grow log-related columns and prevent truncation of verbose deployment logs. - Updated lint tooling to
@typescript-eslint/*v8.51 and aligned package version to 2.1.1.
- Migration 006: Increase
DeploymentSteps.OutputandDeploymentSteps.ErrortoLONGTEXT(model updated insrc/Models/DeploymentStep.ts). - Migration 007: Increase
Deployments.ErrorMessageandDeployments.CommitMessagetoLONGTEXT(model updated insrc/Models/Deployment.ts). - Migration 008: Increase
ProjectAuditLogs.ChangestoLONGTEXT(model updated insrc/Models/ProjectAuditLog.ts).
- Added support for deploying to multiple paths simultaneously
- Changed
ProjectPathfrom single string to array of strings (DeploymentPaths) - Projects can now sync/deploy to multiple directories in parallel
- Each path is processed independently with its own success/failure tracking
- Changed
- Added executed command to deployment step logs
- Each step now shows the exact command that was executed
- Improves debugging and troubleshooting capabilities
- Command is displayed in step output for transparency
- Fixed npm warnings (
npm warn) incorrectly appearing as errors in deployment logs- Warnings now properly categorized and displayed separately
- Error detection improved to only flag actual errors
- Better log parsing for npm output
- Migration 004: Convert
ProjectPathtoDeploymentPaths(JSON array)- Backward compatible: migrates existing single paths to array format
- Index updated to support new structure
- Updated Project creation/update endpoints to accept
DeploymentPathsarray - Maintained backward compatibility with
ProjectPathfor legacy clients
- Updated Project form to support multiple deployment paths
- Dynamic path input fields (add/remove)
- Validation for each path
- Visual indicator for path synchronization status
Complete implementation of Role-Based Access Control (RBAC) with support for multiple owners per project and comprehensive audit logging.
- Added
Managerrole to the system- Full access to all projects
- Can assign/remove project members
- Cannot be assigned as project member (admin-level role)
-
ProjectMember Model (
server/src/Models/ProjectMember.ts)- Enables many-to-many relationship between Projects and Users
- Distinguishes between
owner(creator) andmember(assigned developer) - Tracks who added the member and when
- Unique constraint on (ProjectId, UserId)
- Prevents duplicate memberships
-
ProjectAuditLog Model (
server/src/Models/ProjectAuditLog.ts)- Comprehensive audit trail for all project modifications
- Tracks: Action, EntityType, Changes (JSON), IP Address, User Agent, Timestamp
- Supported actions:
create,update,deleteadd_member,remove_memberregenerate_webhooktoggle_ssh_key,regenerate_ssh_key
- Indexes on ProjectId, UserId, Timestamp, and Action for fast queries
-
Migration 002 (
002_create_project_members.ts)- Creates ProjectMembers table
- Migrates existing projects (adds creators as owners)
- Adds unique constraint on (ProjectId, UserId)
- Adds indexes for performance
-
Migration 003 (
003_create_project_audit_logs.ts)- Creates ProjectAuditLogs table
- Adds comprehensive indexes for querying audit history
- AuditLogService (
server/src/Services/AuditLogService.ts)- Centralized audit logging for all modifications
- Automatically captures IP address and User Agent
- Helper methods for common operations:
RecordProjectCreation()RecordProjectUpdate()- tracks changed fieldsRecordProjectDeletion()RecordWebhookRegeneration()RecordSshKeyToggle()RecordMemberAddition()RecordMemberRemoval()RecordConfigUpdate()RecordPipelineUpdate()
GET /api/projects/:id/members- Get all members of a projectPOST /api/projects/:id/members- Add member to project (Admin/Manager only)DELETE /api/projects/:id/members/:userId- Remove member from project (Admin/Manager only)
-
RoleMiddleware:
RequireAdminOrManager- For admin/manager-only operationsRequireAdminManagerOrDeveloper- For all non-viewer operationsIsManager()- Check if user is a managerIsAdminOrManager()- Check if user is admin or manager
-
ProjectAccessMiddleware:
CheckProjectDeleteAccess- STRICT validation for project deletion- Only allows owners to delete (members cannot delete)
- Admin/Manager have full access
-
Project Creation:
- BEFORE: Admin only
- AFTER: Admin, Manager, or Developer
- Developers automatically become owners of their created projects
-
Project Update:
- BEFORE: Admin only
- AFTER: Admin/Manager or Project Owner/Member
- All modifications are audit logged
-
Project Deletion (STRICT):
- BEFORE: Admin only
- AFTER: Admin/Manager or Project Owner ONLY
- Members CANNOT delete projects (even if they can modify)
- Deletion is audit logged before execution
-
Webhook Regeneration:
- BEFORE: Admin only
- AFTER: Admin/Manager or Project Owner/Member
- Audit logged with timestamp
- ProjectAccessMiddleware - Complete rewrite:
- Now checks
ProjectMembertable instead ofCreatedByfield - Stores membership info in
req.projectMembershipfor controllers - Three validation levels:
CheckProjectAccess- View access (owners + members)CheckProjectModifyAccess- Modification access (owners + members)CheckProjectDeleteAccess- Delete access (owners only - STRICT)
- Now checks
-
ProjectService.CreateProject():
- Now accepts
Requestparameter for audit logging - Automatically adds creator as owner in ProjectMember table
- Records project creation in audit log
- Now accepts
-
ProjectService.UpdateProject():
- Now accepts
Requestparameter for audit logging - Tracks changed fields automatically
- Records before/after values in audit log
- Only logs if fields actually changed
- Now accepts
-
ProjectService.DeleteProject():
- Now accepts
Requestparameter for audit logging - Records deletion in audit log before soft delete
- Now accepts
-
ProjectService.RegenerateWebhookSecret():
- Now accepts
Requestparameter for audit logging - Records webhook regeneration with timestamp
- Now accepts
-
ProjectService.ToggleSshKeyUsage():
- Now accepts
Requestparameter for audit logging - Records SSH key toggle with enabled/disabled state
- Now accepts
-
New ProjectService Methods:
GetProjectMembers(projectId)- Get all members with user detailsAddProjectMember(projectId, userId, role, addedBy, req)- Add member with audit logRemoveProjectMember(projectId, userId, req)- Remove member with validation- Prevents removing the last owner from a project
-
Added associations for ProjectMember:
Project.hasMany(ProjectMember, { as: 'Members' })User.hasMany(ProjectMember, { as: 'ProjectMemberships' })
-
Added associations for ProjectAuditLog:
Project.hasMany(ProjectAuditLog, { as: 'AuditLogs' })User.hasMany(ProjectAuditLog, { as: 'ProjectAuditLogs' })
- Developers can only delete projects they own (Role='owner' in ProjectMember)
- Members can modify but cannot delete projects
- Cannot remove the last owner from a project
- All modifications are logged with IP address and User Agent
- Before/after values tracked for all changes
- Every project modification is logged with:
- User ID (who made the change)
- IP Address (where the change came from)
- User Agent (what client was used)
- Timestamp (when it happened)
- Changes (what changed - JSON format with before/after)
- Action type (create, update, delete, etc.)
- Entity type (project, config, pipeline, etc.)
| Action | Admin | Manager | Developer (Owner) | Developer (Member) | Viewer |
|---|---|---|---|---|---|
| Create Project | ✅ | ✅ | ✅ | ✅ | ❌ |
| View Project | ✅ | ✅ | ✅ (own/member) | ✅ (own/member) | ✅ (all) |
| Update Project | ✅ | ✅ | ✅ (own/member) | ✅ (own/member) | ❌ |
| Delete Project | ✅ | ✅ | ✅ Owner ONLY | ❌ Cannot | ❌ |
| Regenerate Webhook | ✅ | ✅ | ✅ (own/member) | ✅ (own/member) | ❌ |
| Add Member | ✅ | ✅ | ❌ | ❌ | ❌ |
| Remove Member | ✅ | ✅ | ❌ | ❌ | ❌ |
| SSH Operations | ✅ | ✅ | ✅ (with access) | ✅ (with access) | ❌ |
-- New Table: ProjectMembers
CREATE TABLE ProjectMembers (
Id INT PRIMARY KEY AUTO_INCREMENT,
ProjectId INT NOT NULL,
UserId INT NOT NULL,
Role ENUM('owner', 'member') NOT NULL DEFAULT 'member',
AddedBy INT NOT NULL,
AddedAt DATETIME NOT NULL DEFAULT NOW(),
CreatedAt DATETIME NOT NULL DEFAULT NOW(),
UpdatedAt DATETIME NOT NULL DEFAULT NOW(),
UNIQUE KEY unique_project_user (ProjectId, UserId),
INDEX idx_project_members_project_id (ProjectId),
INDEX idx_project_members_user_id (UserId),
FOREIGN KEY (ProjectId) REFERENCES Projects(Id) ON DELETE CASCADE,
FOREIGN KEY (UserId) REFERENCES Users(UserId) ON DELETE CASCADE,
FOREIGN KEY (AddedBy) REFERENCES Users(UserId)
);
-- New Table: ProjectAuditLogs
CREATE TABLE ProjectAuditLogs (
Id INT PRIMARY KEY AUTO_INCREMENT,
ProjectId INT NOT NULL,
UserId INT NOT NULL,
Action ENUM('create', 'update', 'delete', 'add_member', 'remove_member',
'regenerate_webhook', 'toggle_ssh_key', 'regenerate_ssh_key') NOT NULL,
EntityType ENUM('project', 'config', 'pipeline', 'webhook', 'ssh_key', 'member') NOT NULL,
Changes TEXT NOT NULL,
IpAddress VARCHAR(45),
UserAgent TEXT,
Timestamp DATETIME NOT NULL DEFAULT NOW(),
CreatedAt DATETIME NOT NULL DEFAULT NOW(),
UpdatedAt DATETIME NOT NULL DEFAULT NOW(),
INDEX idx_project_audit_project_id (ProjectId),
INDEX idx_project_audit_user_id (UserId),
INDEX idx_project_audit_timestamp (Timestamp),
INDEX idx_project_audit_action (Action),
FOREIGN KEY (ProjectId) REFERENCES Projects(Id) ON DELETE CASCADE,
FOREIGN KEY (UserId) REFERENCES Users(UserId)
);server/src/Models/ProjectMember.tsserver/src/Models/ProjectAuditLog.tsserver/src/Migrations/002_create_project_members.tsserver/src/Migrations/003_create_project_audit_logs.tsserver/src/Services/AuditLogService.ts
server/src/Types/ICommon.ts- Added Manager roleserver/src/Models/index.ts- Added new model exports and associationsserver/src/Database/MigrationRunner.ts- Added new migrationsserver/src/Middleware/RoleMiddleware.ts- Added Manager supportserver/src/Middleware/ProjectAccessMiddleware.ts- Complete rewrite for multi-ownerserver/src/Routes/ProjectRoutes.ts- Updated permissions and added member endpointsserver/src/Controllers/ProjectController.ts- Added audit logging and member managementserver/src/Services/ProjectService.ts- Added audit logging and member management
To apply these changes to your database:
# Run migrations
npm run migrate
# Or manually through the application
# Migrations will run automatically on server startMigration Order:
001_add_created_by_to_projects(existing)002_create_project_members(new) - Creates table and migrates existing projects003_create_project_audit_logs(new) - Creates audit log table
- ProjectService.CreateProject() now requires
Requestparameter - ProjectService.UpdateProject() now requires
Requestparameter - ProjectService.DeleteProject() now requires
Requestparameter - ProjectService.RegenerateWebhookSecret() now requires
Requestparameter - ProjectService.ToggleSshKeyUsage() now requires
Requestparameter
Migration Guide:
// Before:
await projectService.CreateProject(data);
// After:
await projectService.CreateProject(data, req);- Fixed TypeScript strict mode issues with optional request parameters
- Fixed IP address extraction from forwarded headers
- Improved validation for request parameter parsing
- Added comprehensive inline documentation for all new methods
- Updated model documentation with association details
- Added permission matrix documentation in middleware
Complete transformation from simple webhook handler to comprehensive deployment platform.
- TypeScript Setup - Full TypeScript implementation with strict mode
- PascalCase Convention - Enforced PascalCase naming throughout codebase
- SOLID Principles - Architecture following SOLID design principles
- OOP Classes - Object-oriented design with proper encapsulation
- MariaDB Integration - Sequelize ORM with MariaDB support
- Database Models:
User- Authentication and user managementProject- Project configurationsDeployment- Deployment trackingDeploymentStep- Pipeline step executionAuditLog- Comprehensive audit trail
- Model Associations - Proper foreign key relationships
- Soft Deletes - Non-destructive data removal
- Timestamps - Automatic CreatedAt/UpdatedAt tracking
- JWT Authentication - Secure token-based auth
- Role-Based Access Control - Admin, Developer, Viewer roles
- Password Security - bcrypt hashing with 12 salt rounds
- Token Refresh - Refresh token mechanism
- Password Validation - Strong password requirements
- CRUD Operations - Complete project lifecycle management
- Webhook Integration - GitHub webhook support
- Auto-Deploy Configuration - Automatic deployment on push
- Path-Based Triggers - Deploy only on specific file changes
- Project Statistics - Success rate, average duration metrics
- Queue Management - Prevents concurrent deployments per project
- Priority Queue - Manual deployments get higher priority
- Pipeline Execution - Custom deployment pipeline support
- Variable Substitution - Dynamic variable replacement in commands
- Conditional Execution - RunIf conditions for steps
- Real-time Tracking - Track each deployment step
- Retry Mechanism - Retry failed deployments
- Cancel Support - Cancel queued deployments
- Step-by-Step Execution - Sequential pipeline processing
- Timeout Support - Per-step timeout configuration
- Continue on Error - Optional error handling
- Working Directory - Per-step directory control
- Output Capture - Store command outputs
- Duration Tracking - Measure execution time
- Discord Integration - Rich embeds with deployment status
- Slack Integration - Formatted attachments
- Email Notifications - HTML email templates
- Telegram Support - Markdown-formatted messages
- Status Colors - Color-coded by deployment status
- Deployment Details - Commit info, duration, errors
- Signature Verification - HMAC-SHA256 verification
- Payload Validation - Structure validation
- Event Filtering - Process only relevant events
- URL Normalization - Smart URL comparison
- File Pattern Matching - Glob pattern support
- Branch Filtering - Deploy only configured branches
- Authentication Routes - Register, Login, Profile, Password Change
- Project Routes - CRUD, Statistics, Webhook Management
- Deployment Routes - List, Create, Retry, Cancel, Statistics
- Webhook Routes - GitHub webhook handler, Test endpoint
- Health Check - Server health monitoring
- Authentication Middleware - JWT token validation
- Role Middleware - Permission enforcement
- Validation Middleware - Joi schema validation
- Rate Limiting - Prevent API abuse
- General API: 100 req/15min
- Auth: 5 req/15min
- Deployment: 10 req/5min
- Webhook: 60 req/min
- Error Handler - Global error handling
- Request Logger - HTTP request logging
- Helmet.js - Security headers
- CORS Configuration - Cross-origin resource sharing
- Input Sanitization - XSS protection
- SQL Injection Prevention - Sequelize ORM protection
- Rate Limiting - DoS protection
- Encryption - AES-256-GCM for sensitive data
- HMAC Signatures - Webhook verification
- Winston Logger - Structured logging
- Daily Rotation - Automatic log rotation
- Log Levels - Info, Warn, Error
- Separate Log Files:
- Combined logs
- Error-only logs
- Deployment-specific logs
- Contextual Logging - Rich metadata
- Password Helper - Hashing, verification, validation
- Encryption Helper - Encryption, decryption, HMAC
- Response Helper - Standardized API responses
- Logger - Singleton logging instance
- Environment Variables - Comprehensive .env support
- Validation - Config validation on startup
- Defaults - Sensible default values
- Singleton Pattern - Centralized configuration
- README.md - Comprehensive project documentation
- QUICK_START.md - Quick start guide
- PROJECT_STRUCTURE.md - Detailed architecture docs
- CHANGELOG.md - Version history
- Code Comments - Inline documentation
- ESLint - Code linting with PascalCase enforcement
- Prettier - Code formatting
- Nodemon - Development hot reload
- TypeScript Paths - Module path aliases
- Jest Setup - Testing framework configuration
npm run dev- Development server with hot reloadnpm run build- Production buildnpm start- Start production servernpm run lint- Lint codenpm run format- Format codenpm test- Run tests
- From: Simple Express server with basic webhook handling
- To: Enterprise-grade deployment platform
- Runtime: Node.js 18+
- Language: TypeScript 5.3+
- Framework: Express.js 4.18+
- Database: MariaDB 10.6+ with Sequelize ORM
- Authentication: JWT (jsonwebtoken)
- Security: Helmet, bcrypt, AES-256-GCM
- Logging: Winston with daily rotation
- Validation: Joi
- Rate Limiting: express-rate-limit
- Testing: Jest
- Code Quality: ESLint + Prettier
- Layered Architecture - Routes → Controllers → Services → Models → Database
- Dependency Injection Ready - Loose coupling for testability
- Singleton Patterns - Config, Logger, Database, Queue
- Factory Patterns - Response formatting, Middleware creation
- Repository Pattern - Data access abstraction
- Service Layer Pattern - Business logic separation
- Event-Driven - Queue service with EventEmitter
- Total Files Created: 40+
- Lines of Code: 5000+
- Models: 5
- Services: 7
- Controllers: 4
- Middleware: 6
- Routes: 4 groups
- Utilities: 4
- Strictly PascalCase for:
- All Classes
- All Interfaces (with 'I' prefix)
- All Class Properties
- All Class Methods
- All Enums
- All Types
- Complete API redesign
- New database schema
- New authentication system
- PascalCase property names in responses
Not applicable - this is a complete rebuild. If migrating from old system:
- Export existing project configurations
- Set up new database
- Recreate projects via API
- Update GitHub webhooks
- Reconfigure notifications
- No built-in CI/CD pipeline templates (coming soon)
- No web dashboard (server-side only)
- No database migrations system yet
- No Socket.IO real-time updates yet (infrastructure ready)
- Web dashboard (React/Vue frontend)
- Database migrations with Sequelize CLI
- Real-time deployment updates via Socket.IO
- Deployment rollback functionality
- Multi-server deployment support
- Container deployment support (Docker/K8s)
- Deployment scheduling
- Environment variables management
- Secret management
- Deployment approvals workflow
- Advanced analytics dashboard
- Integration with more Git providers (GitLab, Bitbucket)
- Developed following SOLID principles
- PascalCase naming enforced throughout
- Clean, maintainable, production-ready code
- Basic GitHub webhook receiver
- Simple deployment execution
- Discord notification support
- No database
- No authentication
- Single project support
Legend:
- ✅ Supported / Allowed
- ❌ Not Supported / Denied
⚠️ Warning / Important Note