Git, Docker & Deploy

Just enough DevOps to put DocChat online with a shareable link

Cheat sheet · DocChat capstone · ship to GitHub daily — the commit history is evidence for recruiters

Essential git

Command	Does
`git init`	Start tracking this folder
`git status`	What changed / staged
`git add .`	Stage all changes
`git commit -m "msg"`	Save a snapshot
`git log --oneline`	Compact history
`git branch`	List branches
`git checkout -b feat/x`	Create + switch to branch
`git checkout main`	Switch branch
`git push -u origin main`	Upload (first push sets upstream)
`git push`	Upload later commits
`git pull`	Fetch + merge remote changes

First-time push to GitHub

git init
git add .
git commit -m "Initial commit"
git branch -M main
git remote add origin git@github.com:you/docchat.git
git push -u origin main

Good commit messages

Imperative mood, present tense — finish the sentence "If applied, this commit will…"
✓ Add JWT auth to /login
✓ Fix 500 on empty doc upload
✗ fixed stuff · ✗ updates · ✗ asdf

.gitignore

# .gitignore
.venv/
__pycache__/
*.pyc
.env                # secrets — NEVER commit
node_modules/
.next/
.DS_Store

.dockerignore

# .dockerignore — keep the image small
.venv/
__pycache__/
.git/
.env
node_modules/
*.md

Never commit secrets. No API keys, DB passwords, or .env in git. If you ever do, the secret is compromised even after deletion — rotate it immediately.

Dockerfile (FastAPI)

# Dockerfile
FROM python:3.13-slim

WORKDIR /app

# Install deps first — layer caching keeps rebuilds fast
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Then copy the app code
COPY . .

EXPOSE 8000

CMD ["fastapi", "run", "main.py", \
     "--port", "8000", "--host", "0.0.0.0"]

Build & run locally

docker build -t docchat-api .
docker run -p 8000:8000 --env-file .env docchat-api
# open http://localhost:8000/docs

--host 0.0.0.0 matters. Inside a container, the default 127.0.0.1 is unreachable from the host — bind to all interfaces.

Environment variables

Where	How
Local dev	`.env` file (gitignored) → load with `--env-file .env` or `python-dotenv`
Production	Set in the host's dashboard (Vercel / Render / Railway) — never in code

# .env  (local only, gitignored)
DATABASE_URL=postgresql+psycopg://user:pass@host/db
ANTHROPIC_API_KEY=sk-ant-...
SECRET_KEY=change-me

# read them in Python
import os
db_url = os.environ["DATABASE_URL"]   # required
key = os.getenv("SECRET_KEY", "dev")  # with default

Deploy checklist (DocChat)

Database — provision managed Postgres on Neon or Supabase (both have free tiers + pgvector for RAG). Copy the connection string.
Backend — push the Dockerfile'd FastAPI app to a container host (Render / Railway / Fly.io). Set DATABASE_URL, ANTHROPIC_API_KEY, SECRET_KEY in the host dashboard.
Frontend — deploy the Next.js app to Vercel (connect the GitHub repo → auto-deploys on push). Set NEXT_PUBLIC_API_URL to the backend's public URL.
CORS — on the backend, allow the Vercel domain via CORSMiddleware so the browser can call your API.
Secrets — confirm nothing sensitive is in git history; all keys live in host dashboards.
Smoke test — hit /docs on the live backend, then run the full flow (upload → ask → answer) from the live frontend.
README — architecture diagram, screenshots, live URL. Recruiters read it.

GitHub Actions CI (the idea)

One workflow file makes every push run your checks. Even a minimal "install deps + run tests" job signals professionalism.

# .github/workflows/ci.yml
name: CI
on: [push, pull_request]
jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with: { python-version: "3.13" }
      - run: pip install -r requirements.txt
      - run: pytest        # add ruff/mypy here later