[beingflo]

Your point on cloudflare is something I'm grappling with for an application I'm working on. On one hand I would love the simplicity of something like cloudflare pages or vercel etc. Their preview links on pull requests and automatic deployments would make frontend work very convenient. But on the other hand I have exactly your concerns about warrants. Is there some nice middle ground to avoid completely manual builds and deployment on a VM? Maybe some convenient CI, but this service would also need an ssh key to be able to deploy, so we're in a similar situation again I suppose.

Edit: I spent some time thinking about it and might as well document it here if someone finds it interesting. For context, my application does client side encryption with keys stored only in the browser. The catastrophic case would be if the frontend application is modified to extract those keys. That's why I don't necessarily trust a hosted option (which typically needs control of the SSL certificate as well). Instead I would like to serve the client from a server under my control.

One solution is to use Github Actions and have it automatically deploy via ssh. This doesn't really increase my attack surface, since the code is already at Github anyway. So if this platform is compromised / warranted they could modify my application to their liking.

A second solution would be to use any CI service and restrict the capabilities of the ssh key in the `authorized_keys` to only trigger a fixed command without actually being able to log in. The command would pull the code / image and deploy. This way a compromised key could only be used to trigger a new deployment of authentic code, not inject malicious code.