A Modern, Secure, and Scalable Self-Hosted CI/CD Deployment Platform
Features β’ Quick Start β’ Documentation β’ Architecture β’ Contributing
- Overview
- Key Features
- What Problems Does It Solve?
- Architecture
- Technology Stack
- Quick Start
- Installation
- Configuration
- Documentation
- Security
- RBAC System
- Project Structure
- Roadmap
- Contributing
- Support
- License
Deploy Center is a comprehensive, self-hosted CI/CD deployment platform designed to automate and streamline your deployment workflows. Built with modern technologies and security best practices, it provides enterprise-grade features while remaining simple to use and maintain.
- π Self-Hosted: Full control over your data and infrastructure
- π¨ Modern UI: Beautiful, responsive React dashboard
- π Enterprise Security: Role-Based Access Control (RBAC), JWT authentication, SSH key management
- π Real-Time Monitoring: Live deployment status, queue management, and notifications
- π Easy Setup: Quick installation and configuration
- π± Notifications: Discord, Slack, and Email β central Provider/Channel model with per-project subscriptions (v3.0 F-006)
- π Persistent Queue: BullMQ + Redis β deployments survive process restart (v3.0 F-001)
- β©οΈ Rollback UI: One-click rollback to last successful deployment (v3.0 F-007)
- 𧩠Project Templates: Built-in scaffolds (Node.js, React, Next.js, Astro, Static) (v3.0 F-008)
- π Workspaces: Drag-and-drop project grouping with
@dnd-kit(v3.0 F-009) - π Encrypted Env Vars: Per-project AES-256-GCM secrets, injected at deploy time (v3.0 F-003)
- π Scalable: Designed to handle multiple projects and teams
-
Multi-Layer Authentication
- JWT-based access & refresh tokens
- Secure session management
- Password encryption with bcrypt
- API key authentication for external integrations
-
Role-Based Access Control (RBAC)
- 4 user roles: Admin, Manager, Developer, Viewer
- Granular permissions system
- Project-level access control
- Feature-based authorization
-
SSH Key Management
- Automated SSH key generation (ED25519/RSA)
- Encrypted private key storage (AES-256-GCM)
- Key rotation and lifecycle management
- GitHub Deploy Keys integration
-
Intelligent Deployment Pipeline
- Customizable multi-step pipelines
- Conditional step execution
- Variable substitution system
- Pre/post deployment hooks
-
Multiple Trigger Types
- GitHub webhook integration
- Manual deployment triggers
- Scheduled deployments (coming soon)
- API-triggered deployments
-
Persistent Queue (BullMQ + Redis) β v3.0 F-001
- Deployments survive server restart (one-shot re-enqueue migration)
- Retry policy: 3 attempts, exponential backoff (1s β 5s β 25s)
- Bull Board admin UI at
/admin/queues(Admin-only) - 503 short-circuit via
QueueReadyMiddlewarewhen Redis is unreachable - Manual cancel + retry from the Queue page
-
Rollback β v3.0 F-007
- One-click rollback from any failed deployment
- Creates a NEW deployment row with
TriggerType=rollback - Goes through the standard queue (priority 20)
- Audit log entry with from/to commit hashes
-
Real-Time Monitoring
- Live deployment status via WebSocket
- Detailed step-by-step logs
- Deployment history tracking
- Performance metrics and analytics
-
Multi-Project Support
- Unlimited projects
- Project-specific configurations
- Independent deployment pipelines
- Project archiving and activation
-
Project Members
- Team collaboration features
- Member role assignment (Owner/Member)
- Access control per project
- Audit trail for member changes
-
Configuration Management
- JSON-based configuration
- Encrypted environment variables (v3.0 F-003) β
EnvironmentVariablestable with AES-256-GCM, unique IV per row, secrets redacted from logs - Configuration versioning
-
Project Templates β v3.0 F-008
- 5 built-in templates: Node.js Backend, React SPA (Vite), Next.js, Static HTML, Astro
- Custom templates editable by Admin/Manager (built-ins are read-only)
- Wizard runs as Step 0 of Create-Project; user can skip and start blank
-
Workspaces β v3.0 F-009
- Visual grouping of projects with color + icon (20-icon catalog)
- Drag-and-drop project reassignment (
@dnd-kit) - Optional β projects without a workspace appear in "Unassigned"
- Workspace mutation is owner-or-admin RBAC
-
Dashboard
- Overview of all projects
- Deployment statistics
- Success/failure rates
- Recent activity feed
-
Project Statistics
- Total deployments count
- Success rate percentage
- Average deployment duration
- Deployment timeline graphs
-
Audit Logging
- Complete activity tracking
- User action logs
- Project modification history
- Security event logging
-
Multi-Channel Support
- Discord webhooks
- Slack webhooks (
@slack/webhook) - Email via SMTP (
nodemailer) with presets for Gmail / SendGrid / Mailgun - Per-channel credentials stored AES-256-GCM-encrypted
-
Three-Table Model
- NotificationProvider: credentials (one Discord workspace, one SMTP server, etc.)
- NotificationChannel: per-provider delivery target (specific channel-id, recipient list)
- ProjectNotificationSubscription: M:N β which projects fire which events to which channels
-
Failure Isolation (FR-025b)
- Fan-out via
Promise.allSettledβ one channel failing does NOT block the others - Per-channel failure logged with channel + provider context
- Fan-out via
-
Test endpoint per provider + per channel β verify config without triggering a deploy
-
Modern Tech Stack
- TypeScript for type safety
- React 19 with modern hooks
- Material-UI components
- Socket.IO for real-time updates
-
Developer Tools
- Comprehensive API documentation
- Postman collection
- CLI tools (coming soon)
- SDK for integrations (coming soon)
-
Code Quality
- ESLint configuration
- Prettier formatting
- TypeScript strict mode
- Jest + Vitest test suites β server gate 40% lines / client gate 30% lines (v3.0 F-002)
- GitHub Actions CI: typecheck + lint + tests + coverage on every PR (v3.0 F-010)
Problem: Manually deploying applications is time-consuming, error-prone, and doesn't scale.
Solution: Deploy Center automates the entire deployment process with customizable pipelines, reducing deployment time from hours to minutes.
Problem: Teams don't know who deployed what, when, or why deployments failed.
Solution: Complete audit trails, real-time monitoring, and detailed logs provide full transparency into every deployment.
Problem: Shared credentials and SSH keys create security vulnerabilities.
Solution: Encrypted SSH key storage, RBAC, and project-level access control ensure secure deployments.
Problem: Multiple developers can't safely deploy to the same project simultaneously.
Solution: Intelligent queue system prevents conflicts and ensures deployments run in the correct order.
Problem: Deployments scattered across different tools and scripts make management difficult.
Solution: Centralized platform for all deployments with unified configuration and monitoring.
Problem: When deployments fail, recovering the previous state is manual and risky.
Solution: Automatic failure detection, rollback capabilities, and deployment history for easy recovery.
Problem: All team members have the same access level, creating security risks.
Solution: Granular RBAC system with 4 roles and project-level permissions.
Problem: Teams aren't notified when deployments fail or succeed.
Solution: Multi-channel notifications (Discord, Slack) keep teams informed in real-time.
Deploy Center follows a modern three-tier architecture:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Frontend (React SPA) β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β Dashboard β β Projects β β Settings β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β Deployments β β Queue β β Users β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
WebSocket + REST API
β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Backend (Node.js + Express) β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β Auth β β Projects β β Deployments β β
β β Service β β Service β β Service β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β Queue β β Pipeline β βNotification β β
β β Service β β Service β β Service β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
Sequelize ORM
β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Database (MySQL/MariaDB) β
β ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ β
β β Users β β Projects β βDeploymentsβ β Sessions β β
β ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ β
β ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ β
β β ApiKeys β β Members β βAuditLogs β β Settings β β
β ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
-
Frontend Layer
- React 19 + TypeScript
- Material-UI (MUI) components
- React Query for data fetching
- Socket.IO client for real-time updates
-
Backend Layer
- Express.js server
- Service-oriented architecture
- JWT authentication middleware
- WebSocket server
-
Data Layer
- MySQL/MariaDB database
- Sequelize ORM
- Automated migrations
- Connection pooling
-
External Integrations
- GitHub webhooks
- Discord notifications
- SSH Git operations
- Runtime: Node.js 18+
- Framework: Express.js
- Language: TypeScript 5.7
- ORM: Sequelize 6.37
- Database: MySQL 8.0 / MariaDB 11.2
- Authentication: JWT (jsonwebtoken)
- Encryption: bcryptjs, crypto (AES-256-GCM)
- Real-time: Socket.IO 4.8
- Process Manager: PM2
- Logging: Winston
- Validation: express-validator
- Framework: React 19
- Language: TypeScript 5.6
- UI Library: Material-UI (MUI) 7.5
- State Management: React Query (TanStack Query)
- Routing: React Router 7.6
- Charts: Recharts 2.15
- HTTP Client: Axios
- Build Tool: Vite 7.2
- Version Control: Git
- Package Manager: npm
- Code Quality: ESLint, Prettier
- Security Scanning: CodeQL, npm audit
- CI/CD: GitHub Actions
- Container: Docker (optional)
- Node.js >= 18.0.0
- MySQL >= 8.0 or MariaDB >= 11.2
- Git
- PM2 (for production)
# Clone the repository
git clone https://github.com/FutureSolutionDev/Deploy-Center-Server.git
cd Deploy-Center-Server
# Install backend dependencies
cd server
npm install
# Install frontend dependencies
cd ../client
npm install- Backend Configuration (
server/.env)
# Server
NODE_ENV=production
PORT=9090
# Database
DB_HOST=localhost
DB_PORT=3306
DB_NAME=deploy_center
DB_USER=your_db_user
DB_PASSWORD=your_db_password
# JWT Secrets (generate strong random strings)
JWT_ACCESS_SECRET=your_access_secret_here
JWT_REFRESH_SECRET=your_refresh_secret_here
# Encryption Key (32-byte hex string)
ENCRYPTION_KEY=your_64_character_hex_string_here
# Default Admin (created on first run)
DEFAULT_ADMIN_USERNAME=admin
DEFAULT_ADMIN_EMAIL=admin@example.com
DEFAULT_ADMIN_PASSWORD=change_me_immediately
# Optional: Discord Webhook
DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/...- Generate Encryption Key
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"cd server
# Run migrations
npm run migrate
# Or let the server create tables automatically on first run
npm run devDevelopment:
# Terminal 1 - Backend
cd server
npm run dev
# Terminal 2 - Frontend
cd client
npm run devProduction:
# Build frontend
cd client
npm run build
# Start backend with PM2
cd ../server
pm2 start ecosystem.config.js --env productionAccess the application at http://localhost:9090
Default credentials:
- Username:
admin - Password:
change_me_immediately(change this!)
All documentation lives under docs/. Start with
docs/README.md for the full index.
- Quick Start β Get running in 5 minutes
- Installation Guide β Detailed setup
- API Documentation β Complete API reference
- Project Structure β Codebase architecture
- Roadmap β Master product roadmap (every F-NNN feature)
- Changelog β Full release history (v1.0 β v3.0)
- Migration v2 β v3 β Upgrade guide
- Coding Standards β TypeScript / SOLID conventions
- Release Guide β Release process + CI ops + branch protection
- Test Coverage Status β Gates per module
- Creating Projects
- Deployment Workflows
- Pipeline Configuration
- SSH Key Management
- Webhook Setup
- Environment Variables
- Notifications Setup
- v3.0 β Foundation β Released 2026-05-24
- v3.1 β Remote Targets β Planned
- v3.2 β Governance β Planned
- v3.3 β Smart Strategies β Planned
- See
docs/versions/for v4.0+ and v5.0 vision
- FAQ β Frequently asked questions
- Webhooks Setup β GitHub webhook configuration
- Private Repos β Connect private GitHub repos
- Postman Guide β API testing with Postman
Deploy Center implements a comprehensive 4-tier role system:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Admin β
β β’ Full system access β
β β’ User management β
β β’ All projects (create, edit, delete, deploy) β
β β’ System settings β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Manager β
β β’ User management (create, edit users) β
β β’ All projects (create, edit, delete, deploy) β
β β’ Cannot modify system settings β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Developer β
β β’ Assigned projects only (edit, deploy) β
β β’ Cannot create/delete projects β
β β’ Cannot manage users β
β β’ Cannot access system settings β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Viewer β
β β’ Read-only access to assigned projects β
β β’ View deployments and logs β
β β’ Cannot trigger deployments β
β β’ Cannot modify anything β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
| Feature | Admin | Manager | Developer | Viewer |
|---|---|---|---|---|
| View Dashboard | β | β | β | β |
| View All Projects | β | β | β | β |
| View Assigned Projects | β | β | β | β |
| Create Project | β | β | β | β |
| Edit Project | β | β | β * | β |
| Delete Project | β | β | β | β |
| Deploy Project | β | β | β * | β |
| View Deployments | β | β | β * | β * |
| View Deployment Logs | β | β | β * | β * |
| Cancel Deployment | β | β | β * | β |
| Retry Deployment | β | β | β * | β |
| View Queue | β | β | β * | β * |
| Manage Queue | β | β | β * | β |
| Manage Users | β | β | β | β |
| Manage Project Members | β | β | β | β |
| View Sensitive Data | β | β | β | β |
| Manage API Keys | β | β | β | β |
| System Settings | β | β | β | β |
*Only for assigned projects
Projects support two member roles:
- Owner: Can manage project members (future feature)
- Member: Regular project access based on user role
deploy-center/
βββ client/ # Frontend React application
β βββ src/
β β βββ components/ # Reusable React components
β β βββ contexts/ # React contexts (Auth, Theme, etc.)
β β βββ hooks/ # Custom React hooks
β β βββ pages/ # Page components
β β βββ services/ # API service layer
β β βββ types/ # TypeScript type definitions
β β βββ utils/ # Utility functions
β βββ public/ # Static assets
β βββ package.json
β
βββ server/ # Backend Node.js application
β βββ src/
β β βββ Controllers/ # Route controllers
β β βββ Services/ # Business logic services
β β βββ Models/ # Sequelize models
β β βββ Middlewares/ # Express middlewares
β β βββ Routes/ # API routes
β β βββ Utils/ # Utility functions
β β βββ Types/ # TypeScript type definitions
β β βββ Migrations/ # Database migrations
β β βββ index.ts # Application entry point
β βββ .github/
β β βββ workflows/ # GitHub Actions workflows
β βββ public/ # Built frontend files
β βββ logs/ # Application logs
β βββ package.json
β
βββ README.md # This file (GitHub entry point)
βββ LICENSE.md # Project license
βββ CLAUDE.md # AI-agent instructions (project conventions)
βββ .github/ # GitHub community files + CI workflows
β βββ AUTHORS.md
β βββ CODE_OF_CONDUCT.md
β βββ CONTRIBUTING.md
β βββ SECURITY.md
β βββ SUPPORT.md
β βββ workflows/ # GitHub Actions
βββ docs/ # All project documentation
βββ README.md # Documentation index
βββ ROADMAP.md # Master product roadmap
βββ CHANGELOG.md # Full release history
βββ API_DOCUMENTATION.md # API reference
βββ versions/ # Per-release feature specs
βββ guides/ # In-depth how-tos
Deploy Center implements multiple layers of security:
- JWT-based token authentication
- 2FA Authentication
- Secure refresh token rotation
- Configurable token expiration
- Session management
- AES-256-GCM encryption for sensitive data
- bcrypt password hashing (10 rounds)
- Encrypted SSH private keys
- Secure environment variable handling
- CORS configuration
- Rate limiting (coming soon)
- Input validation and sanitization
- SQL injection prevention (Sequelize ORM)
- XSS protection
- Role-Based Access Control (RBAC)
- Project-level permissions
- API key authentication
- Audit logging
- CodeQL security analysis
- Dependency vulnerability scanning
- Automated security updates
- Code quality checks
We welcome contributions! Please see our Contributing Guide for details.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Run tests (
npm test) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Follow the Coding Standards
- Use TypeScript strict mode
- Write meaningful commit messages
- Add tests for new features
See docs/ROADMAP.md for the master roadmap (every F-NNN feature
mapped to its target version) and docs/versions/ for per-release specs.
- β Complete RBAC implementation
- β Project member management
- π Docker support
- π Slack notifications
- π Email notifications
- π Deployment rollback UI
- Multi-server deployment support
- Kubernetes integration
- Advanced analytics dashboard
- CLI tool
- Mobile app (React Native)
This project is licensed under the MIT License - see the LICENSE file for details.
- Express.js - Web framework
- React - UI library
- Material-UI - Component library
- Sequelize - ORM
- Socket.IO - Real-time communication
- All our contributors
- π§ Email: support@futuresolutionsdev.com
- π¬ Discord: Join our server
- π Issues: GitHub Issues
- π Documentation ( Coming Soon): Wiki
Made with β€οΈ by the Deploy Center Team