Infrastructure
CloudBank uses a pnpm monorepo with Turborepo for build orchestration, GitHub Actions for CI/CD, and a multi-target deployment strategy spanning Cloudflare Pages, EC2, and Goldsky.
Monorepo Structure
cloudbank/
├── contracts/ # Solidity contracts (Foundry)
├── services/ # Go backend services
├── apps/
│ ├── web/ # Trading UI (React + Vite)
│ ├── admin/ # Admin panel (React + Vite)
│ ├── node-presale/ # Node sale site (Next.js)
│ └── docs/ # Documentation (VitePress)
├── packages/
│ ├── subgraph/ # GraphQL queries & types
│ └── contracts/ # Generated ABIs & types
├── turbo.json # Turborepo pipeline config
├── pnpm-workspace.yaml
└── package.jsonBuild Orchestration
Turborepo manages the build dependency graph across all packages and apps:
turbo run buildbuilds all packages in dependency order.turbo run testruns tests across the monorepo with caching.- Package outputs are cached locally and in remote cache, so unchanged packages skip rebuilding.
- The pipeline is configured in
turbo.jsonwith explicitdependsOnrelationships ensuringpackages/*build beforeapps/*.
CI/CD Pipeline
CloudBank maintains 31+ GitHub Actions workflows covering the full lifecycle of every component.
Contracts Workflows
| Workflow | Trigger | Action |
|---|---|---|
| contracts-build | PR to main | Compile contracts, run static analysis |
| contracts-test | PR to main | Run Foundry test suite (forge test) |
| contracts-deploy-testnet | Manual dispatch | Deploy to BSC Chapel via Foundry scripts |
| contracts-deploy-mainnet | Manual dispatch + approval | Deploy to BSC Mainnet with multi-sig verification |
Services Workflows
| Workflow | Trigger | Action |
|---|---|---|
| services-build | PR to main | Build Go binary, lint |
| services-test | PR to main | Run Go test suite with race detector |
| services-deploy | Push to main | Build Docker image, deploy to EC2 via SSH |
Apps Workflows
| Workflow | Trigger | Action |
|---|---|---|
| apps-build | PR to main | Build all frontend apps |
| apps-deploy | Push to main | Deploy to Cloudflare Pages |
Subgraph Workflows
| Workflow | Trigger | Action |
|---|---|---|
| subgraph-build | PR to main | Compile AssemblyScript mappings |
| subgraph-deploy | Push to main | Deploy to Goldsky hosted service |
Documentation Workflows
| Workflow | Trigger | Action |
|---|---|---|
| deploy-docs-test | Push to main | Auto-deploy docs to test environment |
| deploy-docs-live | Manual dispatch | Deploy docs to production |
Deployment Targets
Frontend — Cloudflare Pages
All frontend applications deploy to Cloudflare Pages with automatic preview deployments for pull requests. Production deployments trigger on push to the main branch. Cloudflare's edge network provides global CDN distribution with sub-50ms TTFB in most regions.
Backend — EC2 + Docker Compose
The Go backend runs on an EC2 instance orchestrated with Docker Compose. The composition includes:
- API server — The Gin-based HTTP service.
- MySQL — Primary data store.
- Redis — Cache, rate limiting, and session storage.
Deployments are executed via SSH from GitHub Actions, pulling the latest Docker image and performing a rolling restart.
Subgraph — Goldsky
The Graph subgraph is deployed to Goldsky's hosted service, which handles indexing infrastructure, query serving, and monitoring. Deployments use the Goldsky CLI integrated into the CI pipeline.
Contracts — Foundry Scripts
Smart contract deployments use Foundry's forge script command with:
- Testnet (BSC Chapel) — Triggered manually, uses a dedicated deployer wallet.
- Mainnet (BSC) — Requires manual dispatch plus environment approval gates.
Environment Management
GitHub Environments with protection rules gate sensitive deployments:
- testnet — No approval required, accessible to all maintainers.
- mainnet — Requires approval from at least one designated reviewer.
- production — Backend production deploys require approval.
Each environment stores its own set of secrets (RPC URLs, deployer keys, API tokens) isolated from other environments. Secrets are injected into workflows at runtime and never persisted in artifacts or logs.