Workshops ... Where to go from here
Part 12: CI/CD with GitHub Actions Continuing development with an agent team

Where to go from here

We built the whole thing across the day. We wrote a React frontend and a FastAPI backend generated from an OpenAPI spec. We ran a database that starts as SQLite, then becomes Postgres in containers. We packaged it in a Docker Compose stack, deployed to AWS with CloudFormation, and wired up a CI/CD pipeline.

To keep the workshop to one day, we made the simplest choice at several points and left the harder version for later. Here's what to tighten, roughly in the order it matters once real users show up.

Security and secrets

Three security shortcuts in the workshop build need attention before this faces public traffic:

  • Lock down CORS, because the backend allows requests from any origin, which is convenient locally and too open in public. Restrict it in main.py to the single domain you deploy the app to, so other sites can't call your API.
  • Move secrets out of the instance. The deploy writes SECRET_KEY into a .env on the box, but AWS Secrets Manager or SSM Parameter Store keeps it out of the filesystem and lets you rotate it.
  • Serve HTTPS. The EC2 deploy answers on plain HTTP, so put it behind an Application Load Balancer with an ACM certificate, or run a reverse proxy like Caddy that gets a Let's Encrypt certificate automatically.

Data and scale

Two data choices keep the app small but limit how far it scales:

  • Use a managed database. Postgres runs as a container on the same box as the app, so it shares that box's fate. Amazon RDS gives you backups, failover, and upgrades you don't have to run yourself.
  • Add migrations, because the app creates tables on startup, which is fine until the schema changes and you need to alter live data. Alembic is already a dependency, so wire it in and your schema changes get versioned instead of manual.

A bigger deployment

When a single instance stops being enough, a managed container host is the next step:

  • Try a managed container host, since a single EC2 instance is the simplest thing that works but leaves you patching the server. AWS App Runner or ECS on Fargate with RDS removes that server, at the cost of a more involved CloudFormation template. Render, Railway, and Fly.io are simpler managed options to compare.

A real multiplayer game

One piece of the game still polls instead of streaming, and live updates need a push channel:

  • Make spectating live. On the spectate page, the browser fetches active games over plain HTTP requests, so you only see new moves after you reload the page. To let viewers watch each move arrive on its own, add a push channel like WebSockets on both the backend and the frontend.

Each of these is a good next prompt for the assistant. The pattern from the workshop holds. Describe what you want, point it at the file, and read the result against what you know.

Part 12: CI/CD with GitHub Actions Next: Continuing development with an agent team

Questions & Answers

Sign up to ask questions, track your progress, and get access to other workshops · Already have an account? Sign in