CI/CD Pipelines
Cloud Build handles all CI/CD. Triggers fire on push to master with includedFiles path filtering — only the affected target rebuilds. YAML configs live in cloudbuild/.
Triggers
| Trigger | Watches | Deploys | Timeout |
|---|---|---|---|
deploy-blog |
frontend/, content/, shared/, tools/build/, package.json |
Hosting (blog) | 1200s |
deploy-functions |
functions/, shared/ |
Cloud Functions | — |
deploy-firestore |
Firestore rules files | Firestore rules | — |
deploy-sludge-report |
sludge-report/ |
Hosting (sludge-report) | 300s |
deploy-remote-config |
Remote Config template | Remote Config | — |
deploy-docs-site |
docs-site/, docs/, spec/, .claude/agents/ |
Hosting (docs) | 600s |
All triggers use the cloud-build-deployer-sa service account.
Blog Deploy Pipeline
The blog deploy (cloudbuild/deploy-blog.yaml) is the most complex pipeline:
- restore-cache — npm cache from
gs://{PROJECT_ID}-build-cache/ - build —
npm ci+npm run build - save-cache — Cache
node_modules(keyed onpackage-lock.jsonhash) - deploy-hosting —
firebase deploy --only hosting:blog - stage-content — Extract published posts manifest
- sync-content —
gsutil rsyncto Ernest AI content bucket - linkedin-scan — Trigger LinkedIn autoposter scan
Scheduled Operations
| Schedule | Frequency | Purpose |
|---|---|---|
scheduled-blog-rebuild |
Mon & Thu at 07:00 UTC | Publish scheduled posts |
| Security scan | Weekly | OWASP ZAP baseline against production |