DEV Community

Cover image for Building and Deploying a Scalable Video Platform: DevOps Contributions from the VibeRoll Project
Celestine Ntadi
Celestine Ntadi

Posted on

Building and Deploying a Scalable Video Platform: DevOps Contributions from the VibeRoll Project

As part of my work on VibeRoll, a next-generation video-sharing platform with blockchain integrations, I led the full backend architecture and DevOps implementation. This post outlines how I applied advanced DevOps practices, overcame infrastructure challenges, and built a CI/CD pipeline that aligns with industry best practices. The project is fully open-source and available at GitHub Repo.


Why DevOps Matters for Media-Heavy Applications

VibeRoll aims to blend social video sharing with NFT and AI integrations. The infrastructure requirements included:

  • High I/O and network throughput for video uploads
  • Real-time data support using Redis
  • Token-based authentication and rate limiting
  • Frequent iteration and deployments

To deliver this reliably, I implemented a DevOps-first approach.


Cloud Infrastructure and CI/CD Pipeline

I deployed the application on an Azure Linux VM, using:

  • Node.js (Express) for the backend API
  • PostgreSQL and Redis for persistent and cache storage
  • GitHub Actions for CI/CD with service containers

Contributions:

  • Created a CI/CD workflow that:

    • Spins up Postgres and Redis using Docker
    • Installs dependencies, runs tests, linting, and audit checks
    • Seeds a test database via Prisma
  • Authored the .github/workflows/ci.yml from scratch and debugged cross-service health checks

Repo: viberoll-backend GitHub


Dependency and Security Management

During testing, GitHub Dependabot flagged a high-severity SSRF vulnerability in axios.

My Actions:

  • Used npm-check-updates to upgrade all packages
  • Integrated Dependabot into the CI lifecycle
  • Configured GitHub Actions to fail builds on npm audit high-severity issues

Impact:

  • Improved application security posture
  • Ensured continuous compliance with open-source package hygiene

Infrastructure as Code and Database Migrations

To support version-controlled schema changes:

  • I added Prisma ORM with full migration and seed capabilities
  • Wrote seed scripts to automate admin account provisioning
  • Enabled repeatable test environments in CI/CD
npx prisma migrate deploy
npx prisma db seed
Enter fullscreen mode Exit fullscreen mode

This ensured consistency between local, test, and production environments.


Swagger UI and Dynamic Cloud URLs

Swagger by default binds to localhost, which fails in cloud deployments. I enhanced it to dynamically detect IPs:

const baseUrl = `${process.env.HOST || 'http://localhost:'}${process.env.PORT || 4000}`;
Enter fullscreen mode Exit fullscreen mode

This allowed both local and public Swagger API access, critical for QA and frontend developers.


Final DevOps Checklist

Task Description Status
CI/CD Pipeline GitHub Actions with Docker containers ✅ Done
Prisma Migrations Schema version control ✅ Done
Seed Script Automated admin and test data ✅ Done
.env.example Environment templating and validation ✅ Done
Swagger Dynamic Host Public documentation support ✅ Done
Security Audit Integration npm audit + Dependabot ✅ Done

Outcomes and Lessons Learned

  • Reduced onboarding time by automating dev setup and DB creation
  • Shortened deploy cycles with CI/CD pipelines
  • Prevented production risks by patching vulnerabilities early
  • Enabled safe multi-user collaboration via GitHub workflows

Conclusion

In this project, I showcased how DevOps practices, from CI/CD automation to security enforcement, can transform a backend service from being local-only to becoming cloud-ready. My contributions included infrastructure planning, toolchain integration, and ensuring deployment resilience.

This work reflects my ability to build, scale, and secure cloud-native services with DevOps methodologies.


Feel free to explore the open-source repo and CI/CD workflows: Open-source viberoll-backend repo.

Top comments (0)

Some comments may only be visible to logged-in visitors. Sign in to view all comments.