בס״ד

Hosting / Deploy Decision Rule

docs/HOW_TO/hosting-deploy-decision-rule.md · last changed (pre-VM history) · rendered from GitHub master

Hosting / Deploy Decision Rule

Last updated: 2026-05-06

Honest Answer First

Use the lowest hosting layer that satisfies the job. Do not default every new web project to Netlify just because Netlify worked before.

The lawn co-op site proved the cheap fast lane: a plain static site in GitHub Pages, with Google Forms and WhatsApp handling the workflow, can be online quickly without Netlify or extra hosting fees.

The Command Center proves the app lane: login/database/PWA work is not just a "website." It needs a frontend host plus a backend/auth/data layer. Supabase can provide the backend, but the frontend can still live on Netlify, Cloudflare Pages, Vercel, or sometimes a static host.

Default Rule

  1. Static public page only -> GitHub Pages first.
  2. Static custom-domain site or PWA shell -> GitHub Pages or Cloudflare Pages first.
  3. Static site with forms, redirects, previews, or quick agent deploys -> Netlify.
  4. Next.js app with server behavior -> Netlify, Vercel, or Cloudflare Pages, chosen per project.
  5. Login, database, file storage, realtime, or user-specific data -> Supabase for backend/auth, independent of frontend host.
  6. Long-running jobs, queues, private APIs, or heavy backend logic -> do not force into a static host. Consider Supabase Edge Functions, Cloudflare Workers, Render, Fly, Railway, or a VPS after a real architecture check.

Current Examples In This Workspace

Project Current path What it teaches
Lawn co-op GitHub Pages at zee78900.github.io/north-woodmere-lawn-coop Best for public flyer pages, interest forms, and community initiatives. No Netlify needed.
LevSMS compliance site Netlify static site at levsms.com Good for quick custom domain, HTTPS, and Twilio compliance pages. Could also be GitHub Pages or Cloudflare Pages if Netlify access is blocked.
Hook Street Services Netlify static/marketing site Fine if using Netlify forms/previews/redirects. If it stays static, it can be moved to GitHub Pages or Cloudflare Pages.
Command Center Next.js + Supabase + Netlify config Real app lane. Supabase handles login/data; frontend host is replaceable if documented.

Platform Fit

Platform Good for Avoid when
GitHub Pages Public static HTML/CSS/JS, simple project pages, emergency publishing, zero-fee fallback Secrets, private data, server code, backend functions, sensitive transactions, complex auth flows
Cloudflare Pages Static sites, custom domains, PWA shells, high-traffic static assets, cheap durable fallback, optional Workers You need a simpler non-technical dashboard or Netlify-specific forms/features
Netlify Static sites, deploy previews, custom domains, redirects, forms, functions, fast agent-driven deploys A site is just a flyer and does not need the Netlify dependency, or account/billing access is unstable
Vercel Next.js-first apps, strong framework support, polished previews You want the cheapest default for many small commercial apps, or you do not need Next.js server behavior
Supabase Postgres, Auth, Storage, Realtime, Edge Functions, API over data Pure static websites, or projects that cannot tolerate database quotas/pausing without paid plan

The Key Distinction

PWA does not automatically mean Netlify. A PWA can be just static files: index.html, JS, CSS, manifest, service worker. That can run on GitHub Pages or Cloudflare Pages.

Login does not automatically mean Netlify either. Login means there is an auth/backend layer. Supabase can provide that while the frontend lives elsewhere. The security burden is then Supabase Row Level Security, environment variables, and data design, not the frontend host by itself.

Next.js server behavior is the real line. If the app relies on middleware, server actions, API routes, server rendering, or protected routes executed on the host, GitHub Pages is not enough unless the app is converted to a static client-side app.

Lockout / Cost Guardrails

For every public site or app, keep an escape hatch:

Decision Checklist

Ask these before choosing a host:

  1. Is this public-only, with no user-specific data?
  2. Is there any secret key or server-only credential?
  3. Is there a login?
  4. Is the login protecting real data or just gating a simple page?
  5. Does it need server-side rendering, API routes, functions, scheduled jobs, webhooks, or email sending?
  6. Could Google Forms/Sheets/WhatsApp handle the workflow for the first version?
  7. If the host account is unavailable for two weeks, can another agent redeploy it from GitHub in under 30 minutes?

Done State

A hosting choice is done when the project has:

Source Trail

Source trail · docs/HOW_TO/hosting-deploy-decision-rule.md @ master · rendered 2026-07-02 7:23 PM EDT by scripts/build-docs.py · the .md in the repo is the truth; this page is the phone-readable view