Provider reference
Overview
A provider is a local or remote website hosting service.
HyperTemplates currently provides a built-in git provider and s3 provider for deploying HyperTemplates websites to dozens of hosting services.
Example
Providers are configured on a per-website basis in the website configuration file (site.yaml or site.json).
1---
2base_url: https://hypertemplates.net
3title: HyperTemplates
4description: the pure-HTML templating system for the modern web.
5...: ... # other website settings
6providers:
7 cloudflare-r2:
8 kind: s3
9 endpoint: https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.r2.cloudflarestorage.com
10 config:
11 bucket: hypertemplates-production
12 secrets:
13 - name: access_key_id
14 key: AWS_ACCESS_KEY_ID
15 - name: secret_access_key
16 key: AWS_SECRET_ACCESS_KEY
Reference
provider.kind- The provider type.
See hosting providers for more information.
provider.endpoint- The provider endpoint.
See hosting providers for more information.
provider.config- Provider-specific configuration settings.
See hosting providers for supported
configsettings: provider.secrets- The provider secret(s).
See secrets providers for more information on how HyperTexting clients read secrets.
See hosting providers for supported
secretsnames:
Hosting providers
git provider
- git
config - The git provider supports the following configuration parameters:
branch: the branch name to use (required)publish_dir: the subdirectory (if any) to write to (default:.)known_hosts: SSHknown_hostsentries used to verify the Git remote host identity.author_name: optional author name (default:hyperproviders)author_email: optional author email (default:hyperproviders@localhost)tag_enabled: if enabled, tags deployed commit as<tag_prefix><build_id>(default:false)tag_prefix: optional tag prefix (default:"build-")tag_retain_last: keep only the N most recent matching tags; older ones are pruned locally and on the remote (default:0, no pruning)
Example:
1providers: 2 github_pages: 3 kind: git 4 endpoint: [email protected]:OWNER/REPO.git 5 config: 6 branch: gh-pages 7 known_hosts: | 8 github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl 9 github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= 10 github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvGC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= 11 secrets: 12 - name: ssh_private_key 13 key: ${HOME}/.ssh/id_ed25519NOTE:
publish_dirmust be a relative path and cannot escape the repository root or target.git.NOTE: if
known_hostsis not configured, SSH connections are made with host key verification disabled. - git
secrets - The git provider supports the following secrets for authentication:
token: the authorization token for HTTP/HTTPS endpointsssh_private_key: the SSH keyssh_passphrase: SSH key passphrase
Example
1providers: 2 default: 3 kind: git 4 endpoint: [email protected]/herdworks/hypertemplates-web.git 5 config: 6 branch: gh-pages 7 8 secrets: 9 - name: ssh_private_key 10 key: ${HOME}/.ssh/gh_pagesHTTP/HTTPS git endpoints must provide a
tokensecret (e.g. GitHub Personal Access Token or Deploy Token), and SSH git endpoints must provide anssh_private_keysecret. - git hosting services
- The
gitprovider works with the following hosting services:- Cloudflare Pages (recommended)
- Netlify
- Vercel
- Render
- Fly.io
- Railway
- GitHub Pages
- GitLab Pages
- Codeberg Pages
- DigitalOcean App Platform
- AWS Amplify Hosting
- Azure Static Web Apps
- Self-hosted with any physical or virtual server that builds and serves a site from a git branch.
- ...and more!
The HyperTexting git provider works with any service that builds and serves a site from a git branch — including a plain SSH server with
gitinstalled and apost-receivehook deploying to a web server like nginx, Caddy, or Apache.
s3 provider
- s3
config - The s3 provider supports the following configuration parameters:
addressing_style:pathorvirtual(default:path)bucket: the target bucket name (required)region: the bucket region (default:auto)cache_control: optionalCache-Controlheader value applied to every uploaded objectconditional_mode: if set toetag, objects whose remote ETag matches the local MD5 are skipped (default: not set / always upload)workers: maximum concurrent uploads (default:10, must be ≥ 1)
- s3
secrets - The s3 provider requires the following secrets for authentication:
access_key_id: the access key ID (required)secret_access_key: the secret access key (required)
NOTE:
region: autoonly works for endpoints that don't care (e.g. Cloudflare R2); setregionexplicitly for hosting providers that require a region (e.g. Amazon S3). - s3 hosting services
- The s3 provider works with the following hosting services:
- Cloudflare R2 (recommended)
- Amazon S3
- Google Cloud Storage (via S3 Interoperability mode)
- Fastly Object Storage
- DigitalOcean Spaces
- Linode Object Storage
- Hetzner Object Storage
- Backblaze B2
- Self-hosted S3 buckets with MinIO, Ceph, SeaweedFS, Garage
- ...and more!
The HyperTexting s3 provider is built on the (AWS SDK for Go v2) and should work with any S3-compatible object store.
ssh provider
A dedicated ssh provider is coming soon, but in the interim the git provider already supports deploying to ssh-based git endpoints, complete with SSH key authentication.
.deploymentignore files
All hosting provider implementations support .deploymentignore files for excluding files from deployments.
.deploymentignore uses .gitignore-style patterns, with one pattern per line.
Blank lines and lines starting with # are ignored.
Example
1build.log
2build.json
NOTE: the
hyperctl buildandhyperctl deploycommands auto-generate.deploymentignorefiles whenever the--log-fileand/or--date-fileflags are set.
Secrets providers
HyperTexting secrets providers are key-value stores that return sensitive values needed for access to one or more hosting providers. The HyperTexting secrets manager currently supports the following key-value stores:
- Environment variables (e.g.
$AWS_ACCESS_KEY_ID) - Files (e.g.
path/to/local/keyor${HOME}/.ssh/example) - Runtime secrets
NOTE: the "runtime" secrets provider enables client applications to handle secret retrieval directly instead of relying on the underlying HyperTexting libraries, while ensuring sensitive values are never persisted to disk or printed in HyperTexting log outputs. Clients such as the official HyperTexting iOS app use the runtime provider to take advantage of platform-native secrets APIs such as iCloud Keychain.
Secret key variable expansion
Secret keys support variable expansion of ~/, $HOME/, and ${HOME}/, which are replaced with the absolute path to the current user's home directory.
Resolving secrets
HyperTexting clients such as the official CLI (hyperctl) and HyperTexting app resolve secrets by looking up the provided secret.key value using one or more secrets providers.
For example, because the hyperctl CLI supports the environment variable and files providers, it will first check for an environment variable matching the provided secret key, and if no match is found, it will attempt to read a file at the provided secret key.
Example:
In the following example, hyperctl will skip checking if an environment variable named ${HOME}/.ssh/example exists (because / is an illegal character for environment variable names), and proceed to check if a file exists at that path.
1providers:
2 default:
3 kind: git
4 endpoint: [email protected]:herdworks/hypertemplates-web.git
5 config:
6 branch: gh-pages
7 publish_dir: public/
8 secrets:
9 - name: ssh_private_key
10 key: ${HOME}/.ssh/example
while the official HyperTexting app supports the runtime provider (i.e. the iOS app provides secrets at runtime)