# Internal Vercel Deployment This guide deploys WorkOnClock for internal testing with the database hosted on your dev server and the web/admin plus runtime API deployed as Vercel projects. ## Recommended Vercel Projects Create two Vercel projects from the same repository: 1. `workonclock-web` - Root directory: `apps/web` - Install command: `cd ../.. && npm ci` - Build command: `cd ../.. && npm run build -w @workonclock/web` - Output: Vercel auto-detects Next.js. 2. `workonclock-api` - Root directory: `apps/api` - Install command: `cd ../.. && npm ci` - Build command: `cd ../.. && npm run build -w @workonclock/api` - Runtime entry: `apps/api/api/[...path].ts` ## Database The dev-server MySQL database must be reachable from Vercel. Required: - Open inbound MySQL access only to trusted sources where possible. - Use a strong database password. - Enable TLS if your MySQL host supports it. - Create a dedicated database user for internal testing. - Run migrations before connecting live traffic. Example migration command from your local machine or server: ```bash DATABASE_URL="mysql://user:password@host:3306/workonclock" \ npm exec -w @workonclock/web -- prisma migrate deploy --schema prisma/schema.prisma ``` If the imported DB is not Prisma-baselined, use the production runbook first instead of forcing migrations. ## Web Environment Variables Set these in the `workonclock-web` Vercel project: ```bash DATABASE_URL=mysql://user:password@db-host:3306/workonclock NEXTAUTH_URL=https://your-web-project.vercel.app NEXT_PUBLIC_APP_URL=https://your-web-project.vercel.app NEXTAUTH_SECRET=strong-random-secret RESEND_API_KEY=re_... EMAIL_FROM="WorkOnClock " CONTACT_TO=you@your-company.com EMAIL_REQUIRE_PROVIDER=true CRON_SECRET=strong-random-secret API_BASE_URL=https://your-api-project.vercel.app WOC_API_URL=https://your-api-project.vercel.app/api ``` ## API Environment Variables Set these in the `workonclock-api` Vercel project: ```bash DATABASE_URL=mysql://user:password@db-host:3306/workonclock JWT_SECRET=strong-random-secret API_BASE_URL=https://your-api-project.vercel.app WOC_ALLOWED_ORIGINS=https://your-web-project.vercel.app WOC_STORAGE_DIR=/tmp/workonclock/uploads ``` Use the same `JWT_SECRET` expected by packaged desktop builds that talk to this API. ## Desktop Internal Build Point desktop builds to: ```bash WOC_API_URL=https://your-api-project.vercel.app/api ``` Unsigned Windows/macOS builds can be used for technical internal testing, but testers will see OS trust warnings. ## Known Limitation Vercel serverless filesystem storage is ephemeral. The NestJS API can accept screenshot uploads on Vercel, but screenshot image files are not durable there. For internal testing, this is acceptable for login/tracking/API validation. For reliable screenshot viewing, use one of: - private object storage with signed access, - a non-serverless API host with durable disk, - temporary API hosting on the same dev server as MySQL. ## Smoke Checks After deployment: ```bash WOC_WEB_URL=https://your-web-project.vercel.app npm run test:auth -w @workonclock/web WOC_WEB_URL=https://your-web-project.vercel.app npm run test:e2e -w @workonclock/web WOC_TEST_EMAIL=admin@workonclock.local WOC_TEST_PASSWORD=ChangeMe123! npm run test -w @workonclock/api ``` For the API smoke test against Vercel, use the deployed URL manually with `curl` first: ```bash curl https://your-api-project.vercel.app/api/health ```