You've built something with Cursor, Bolt, or v0. It works on your laptop. You've manually copied files to production a dozen times using FTP or drag-and-drop deployment panels. Every deploy is an act of prayer.

Now you want CI/CD — continuous integration and continuous deployment — so code changes automatically deploy when you push to GitHub. No more manual uploads. No more "wait, did I deploy the right version?"

But here's the problem: AI-generated code breaks in ways traditional code doesn't. Your vibe-coded app has hidden dependencies, environment variables that only exist on your machine, and test files that don't exist. Standard CI/CD tutorials assume you wrote clean, tested, production-ready code.

You didn't. And that's okay.

This guide shows you how to set up CI/CD for AI-generated apps without breaking everything — even if you've never touched GitHub Actions, even if your codebase is messy, even if "continuous integration" sounds like developer jargon.

What CI/CD Actually Means (For Non-Developers)

CI = Continuous Integration

Every time you push code to GitHub, an automated system checks if your code still works. It runs tests (if you have them), checks for syntax errors, and makes sure dependencies install correctly.

CD = Continuous Deployment

If the CI checks pass, your code automatically deploys to your production server. No manual file uploads. No "did I remember to deploy that fix?"

What this looks like in practice:

  1. You fix a bug in your Cursor-generated code
  2. You commit and push to GitHub
  3. GitHub Actions runs your checks (builds the app, tests it)
  4. If everything passes, your code automatically deploys to Vercel/Cloudflare/Railway
  5. Your live site updates within 2-3 minutes

Why vibe-coded apps need this:

Manual deploys are error-prone. You forget to upload a file. You deploy the wrong branch. You overwrite production with broken code. CI/CD removes the human error layer.

Why Standard CI/CD Tutorials Don't Work for AI-Generated Code

Most CI/CD guides assume:

  • ✅ You have a test suite
  • ✅ Your environment variables are documented
  • ✅ Your dependencies are pinned to specific versions
  • ✅ Your build process is repeatable

AI-generated apps usually have:

  • ❌ No tests (or tests that don't run)
  • ❌ Hardcoded secrets in .env files you forgot to .gitignore
  • ❌ Dependencies with version conflicts
  • ❌ Build steps that only work on your machine

The result: You follow a tutorial, your CI/CD pipeline fails with cryptic errors, and you give up.

This guide accounts for the reality of vibe-coded projects.

Step 1: Clean Up Your Codebase (Pre-CI/CD Checklist)

Before automating deploys, fix the things that will break automation:

Move Secrets to Environment Variables

Search your codebase for API keys, database URLs, auth secrets. Move them to .env.local.

``javascript

// Bad (will break CI/CD):

const apiKey = "sk_live_abc123...";

// Good:

const apiKey = process.env.STRIPE_API_KEY;

`

Add .env to .gitignore

Your secrets should NEVER go to GitHub. Add .env, .env.local, and .env.production to your .gitignore.

Create .env.example

This file documents what environment variables your app needs — WITHOUT the actual secrets. Commit this to GitHub as documentation.

Fix Dependency Warnings

Run npm install and fix conflicts. Run npm audit fix to auto-resolve most security issues.

Step 2: Set Up GitHub Actions

Create .github/workflows/deploy.yml in your project root:

`yaml

name: Deploy to Production

on:

push:

branches:

- main

jobs:

deploy:

runs-on: ubuntu-latest

steps:

- name: Checkout code

uses: actions/checkout@v3

- name: Setup Node.js

uses: actions/setup-node@v3

with:

node-version: '18'

- name: Install dependencies

run: npm ci

- name: Build

run: npm run build

env:

NEXT_PUBLIC_API_URL: ${{ secrets.NEXT_PUBLIC_API_URL }}

- name: Deploy to Vercel

uses: amondnet/vercel-action@v25

with:

vercel-token: ${{ secrets.VERCEL_TOKEN }}

vercel-org-id: ${{ secrets.VERCEL_ORG_ID }}

vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }}

vercel-args: '--prod'

`

What each step does:

  • on: push: branches: main — Trigger on every push to main branch
  • actions/checkout@v3 — Download your code from GitHub
  • npm ci — Install dependencies (faster, cleaner than npm install)
  • npm run build — Build your app for production
  • vercel-action — Deploy to Vercel automatically

Step 3: Add Secrets to GitHub

Your workflow references ${{ secrets.VERCEL_TOKEN }} but GitHub doesn't know it yet.

  1. Go to your GitHub repo → SettingsSecrets and variablesActions
  2. Click New repository secret
  3. Add each secret your workflow needs:

- VERCEL_TOKEN — From vercel.com/account/tokens

- VERCEL_ORG_ID — From .vercel/project.json (run npx vercel locally first)

- VERCEL_PROJECT_ID — Same file

- Any env vars your build needs

Why this works: Secrets are encrypted and only accessible during workflow runs.

Step 4: Test Your First Automated Deploy

Make a small code change, commit, and push:

`bash

git add .

git commit -m "Test CI/CD deploy"

git push

`

Then go to GitHub repo → Actions tab to watch it run in real time.

Your first deploy will probably fail. This is normal. Common reasons:

Common CI/CD Failures (And How to Fix Them)

"Module not found" During Build

Your package.json is missing a dependency. Fix: npm install some-package --save, commit, push.

"Process completed with exit code 1"

Your build failed. Run npm run build locally — it'll fail with the same error. Fix locally first.

"Secret Not Found"

Misspelled secret name or it wasn't added to GitHub. Check Settings → Secrets (case-sensitive).

Build Works Locally But Fails in CI

Your local environment has something the CI server doesn't — usually undocumented environment variables or files in .gitignore that your code depends on.

Platform-Specific Deploy Examples

Cloudflare Workers

`yaml

  • name: Deploy to Cloudflare

uses: cloudflare/wrangler-action@2.0.0

with:

apiToken: ${{ secrets.CF_API_TOKEN }}

accountId: ${{ secrets.CF_ACCOUNT_ID }}

`

Railway

`yaml

  • name: Deploy to Railway

run: |

npm i -g @railway/cli

railway up --service your-service-name

env:

RAILWAY_TOKEN: ${{ secrets.RAILWAY_TOKEN }}

`

Netlify

`yaml

  • name: Deploy to Netlify

uses: netlify/actions/cli@master

with:

args: deploy --prod

env:

NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}

NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}

`

Is Your App CI/CD Ready? (5-Question Check)

  1. Does npm run build succeed on your machine?
  2. Are all secrets in .env files (not hardcoded)?
  3. Is .env in your .gitignore`?
  4. Does your code live in a GitHub repository?
  5. Do you know which platform you're deploying to?

5 yes: You're ready. Follow this guide.

3-4 yes: Fix the gaps, then set up CI/CD.

0-2 yes: Fix your build process first.

When to Get Professional Help

Keep trying yourself if your app builds locally, you understand what environment variables are, and you can read error logs.

Get help if:

  • Your build fails locally with unexplained errors
  • Your app has custom deployment requirements (Docker, databases, background jobs)
  • You've tried for 3+ hours and are stuck on the same error

AI App → Production Ready includes CI/CD setup in Scale Ready and Enterprise tiers — full GitHub Actions workflows, staging environments, and deployment automation.