Deploying to Render
Render Blueprints define your entire stack (web service + Postgres) as a single render.yaml file committed to your repo. Render handles TLS, health checks, and zero-downtime deploys automatically.
Official docs: render.com/docs/blueprint-spec
render.yaml
Section titled “render.yaml”A ready-to-use render.yaml is included in the repo root:
# render.yaml — Procella Blueprintdatabases: - name: procella-db plan: basic-1gb # basic-256mb | basic-1gb | pro-4gb ... region: oregon # match your web service region databaseName: procella user: procella postgresMajorVersion: 17
envVarGroups: - name: procella-secrets envVars: # Mark sync:false so Render prompts for values on first deploy - key: PROCELLA_DEV_AUTH_TOKEN sync: false - key: PROCELLA_ENCRYPTION_KEY sync: false - key: PROCELLA_DESCOPE_PROJECT_ID sync: false - key: PROCELLA_DESCOPE_MANAGEMENT_KEY sync: false - key: AWS_ACCESS_KEY_ID sync: false - key: AWS_SECRET_ACCESS_KEY sync: false
services: - name: procella type: web runtime: docker # use your Dockerfile region: oregon plan: starter # starter | standard | pro dockerfilePath: ./Dockerfile # dockerContext: . # defaults to repo root
# Non-sensitive config envVars: - key: PROCELLA_LISTEN_ADDR value: ":10000" # Render assigns ~10000, not 9090 - key: PROCELLA_AUTH_MODE value: descope # or dev - key: PROCELLA_BLOB_BACKEND value: s3 - key: PROCELLA_BLOB_S3_REGION value: us-east-1 - key: PROCELLA_BLOB_S3_BUCKET value: your-bucket-name # REQUIRED when using S3 backend - key: PROCELLA_BLOB_S3_ENDPOINT value: https://s3.amazonaws.com # change for R2, MinIO, etc.
# Wire DATABASE_URL from the Blueprint Postgres instance - key: PROCELLA_DATABASE_URL fromDatabase: name: procella-db property: connectionString
# Pull in the secrets group - fromGroup: procella-secrets
# Health check — Render marks deploy failed if this doesn't return 200 healthCheckPath: /healthz
# Auto-deploy on every push to the linked branch autoDeploy: true
# Run DB migrations before starting the new instance. # Procella uses drizzle-kit for migrations — run from the build stage: # preDeployCommand: "bunx drizzle-kit migrate --config packages/db/drizzle.config.ts"PostgreSQL
Section titled “PostgreSQL”The databases block provisions a fully managed Render Postgres. Available plans:
| Plan | RAM | Notes |
|---|---|---|
free | 256 MB | Dev/testing only, 90-day expiry |
basic-256mb | 256 MB | Smallest paid tier |
basic-1gb | 1 GB | Good for small production |
pro-4gb | 4 GB | Includes PITR, read replicas |
Render Postgres v17 is available. Use postgresMajorVersion: 17 to pin it.
The connectionString property auto-generates as:
postgresql://user:password@host:5432/procella?sslmode=require
Secrets
Section titled “Secrets”Set sync: false env vars in the Render Dashboard under Environment → Environment Variables before the first Blueprint sync. After that, values persist across resyncs.
Alternatively, use the Render CLI:
render env:set PROCELLA_ENCRYPTION_KEY="$(openssl rand -hex 32)" --service procellaDeploy
Section titled “Deploy”- Push
render.yamlto your GitHub/GitLab repo. - In the Render Dashboard: New → Blueprint → connect your repo.
- Fill in
sync: falsesecret values. - Click Apply — Render provisions Postgres, then deploys your Docker image.
On subsequent pushes, Render auto-deploys (if autoDeploy: true).
Scaling
Section titled “Scaling”services: - name: procella plan: standard # upgrade plan for more CPU/RAM scaling: minInstances: 1 maxInstances: 5 targetMemoryPercent: 80 targetCPUPercent: 70Bun / Docker Notes
Section titled “Bun / Docker Notes”- Render builds your
Dockerfileon its own build machines. Thebun build --compileoutput produces a standalone binary in a distroless container — no shell, no package manager, no runtime installation needed. - Render automatically terminates TLS and routes HTTPS on port 443 to your container’s
internal_port(Render uses thePORTenv var; ensure your app binds to0.0.0.0:$PORTor setPROCELLA_LISTEN_ADDR=:10000— Render assigns a port around 10000). - Health check failures block the deploy and trigger a rollback.