bamboohr-deploy-integration
Deploy BambooHR integrations to Vercel, Fly.io, and Cloud Run platforms. Use when deploying BambooHR-powered applications to production, configuring platform-specific secrets, or setting up deployment pipelines. Trigger with phrases like "deploy bamboohr", "bamboohr Vercel", "bamboohr production deploy", "bamboohr Cloud Run", "bamboohr Fly.io".
What this skill does
# BambooHR Deploy Integration
## Overview
Deploy BambooHR-powered applications to cloud platforms with proper secrets management, health checks, and webhook endpoint configuration. Covers Vercel (serverless), Fly.io (containers), and Google Cloud Run.
## Prerequisites
- BambooHR integration tested locally and in staging
- Production API key and company domain ready
- Platform CLI installed (`vercel`, `fly`, or `gcloud`)
## Instructions
### Vercel Deployment (Serverless)
```bash
# Set BambooHR secrets in Vercel
vercel env add BAMBOOHR_API_KEY production
vercel env add BAMBOOHR_COMPANY_DOMAIN production
vercel env add BAMBOOHR_WEBHOOK_SECRET production
```
**vercel.json:**
```json
{
"functions": {
"api/**/*.ts": {
"maxDuration": 30
}
},
"crons": [{
"path": "/api/bamboohr/sync",
"schedule": "0 */6 * * *"
}]
}
```
**Webhook endpoint (Vercel serverless):**
```typescript
// api/webhooks/bamboohr.ts
import { verifyBambooHRWebhook } from '../../src/bamboohr/security';
export const config = { api: { bodyParser: false } };
export default async function handler(req: any, res: any) {
if (req.method !== 'POST') return res.status(405).end();
const chunks: Buffer[] = [];
for await (const chunk of req) chunks.push(chunk);
const rawBody = Buffer.concat(chunks);
const sig = req.headers['x-bamboohr-signature'];
const ts = req.headers['x-bamboohr-timestamp'];
if (!verifyBambooHRWebhook(rawBody, sig, ts, process.env.BAMBOOHR_WEBHOOK_SECRET!)) {
return res.status(401).json({ error: 'Invalid signature' });
}
const event = JSON.parse(rawBody.toString());
// Process webhook asynchronously
await processWebhookEvent(event);
return res.status(200).json({ received: true });
}
```
**Deploy:**
```bash
vercel --prod
# Webhook URL: https://your-app.vercel.app/api/webhooks/bamboohr
```
### Fly.io Deployment (Containers)
**fly.toml:**
```toml
app = "my-bamboohr-sync"
primary_region = "iad"
[env]
NODE_ENV = "production"
[http_service]
internal_port = 3000
force_https = true
auto_stop_machines = "suspend"
auto_start_machines = true
min_machines_running = 1
[[services.http_checks]]
interval = "30s"
timeout = "5s"
path = "/api/health"
method = "GET"
```
```bash
# Set secrets
fly secrets set BAMBOOHR_API_KEY="your-prod-key"
fly secrets set BAMBOOHR_COMPANY_DOMAIN="yourcompany"
fly secrets set BAMBOOHR_WEBHOOK_SECRET="your-secret"
# Deploy
fly deploy
# Verify
fly status
curl -s https://my-bamboohr-sync.fly.dev/api/health | jq .
```
### Google Cloud Run Deployment
**Dockerfile:**
```dockerfile
FROM node:20-slim AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
FROM node:20-slim
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package.json ./
ENV NODE_ENV=production
EXPOSE 8080
CMD ["node", "dist/index.js"]
```
```bash
PROJECT_ID="${GOOGLE_CLOUD_PROJECT}"
SERVICE="bamboohr-integration"
REGION="us-central1"
# Store secrets in GCP Secret Manager
echo -n "your-api-key" | gcloud secrets create bamboohr-api-key --data-file=-
echo -n "yourcompany" | gcloud secrets create bamboohr-company-domain --data-file=-
# Build and deploy
gcloud builds submit --tag gcr.io/$PROJECT_ID/$SERVICE
gcloud run deploy $SERVICE \
--image gcr.io/$PROJECT_ID/$SERVICE \
--region $REGION \
--platform managed \
--set-secrets="BAMBOOHR_API_KEY=bamboohr-api-key:latest,BAMBOOHR_COMPANY_DOMAIN=bamboohr-company-domain:latest" \
--min-instances=1 \
--max-instances=10 \
--timeout=30s \
--allow-unauthenticated
```
### Health Check Endpoint (All Platforms)
```typescript
// src/api/health.ts
import { BambooHRClient } from '../bamboohr/client';
export async function handleHealthCheck(client: BambooHRClient) {
const start = Date.now();
try {
// Light-weight check: fetch employee 0 (current user)
await client.getEmployee(0, ['firstName']);
return {
status: 'healthy',
bamboohr: { connected: true, latencyMs: Date.now() - start },
timestamp: new Date().toISOString(),
};
} catch (err) {
return {
status: 'degraded',
bamboohr: {
connected: false,
latencyMs: Date.now() - start,
error: (err as Error).message,
},
timestamp: new Date().toISOString(),
};
}
}
```
### Webhook Registration via API
```typescript
// Register a webhook programmatically via BambooHR API
// POST /webhooks/
const webhook = await client.request('POST', '/webhooks/', {
name: 'Employee Sync',
monitorFields: ['firstName', 'lastName', 'department', 'jobTitle', 'status'],
postFields: {
firstName: 'firstName',
lastName: 'lastName',
department: 'department',
jobTitle: 'jobTitle',
status: 'status',
},
url: 'https://your-app.example.com/api/webhooks/bamboohr',
format: 'json',
frequency: { every: 0 }, // Immediate
limit: { enabled: false },
});
console.log(`Webhook registered: ${webhook.id}`);
```
## Output
- Application deployed to production cloud platform
- BambooHR secrets securely configured via platform secrets
- Health check endpoint responding
- Webhook endpoint configured and registered
- Auto-scaling and health monitoring active
## Error Handling
| Issue | Cause | Solution |
|-------|-------|----------|
| Secret not found at runtime | Missing env var configuration | Re-add via platform CLI |
| Webhook 401 from BambooHR | Signature verification failing | Check webhook secret matches |
| Cold start timeout | Serverless function too slow | Pre-initialize client outside handler |
| Health check failing after deploy | Wrong API key for environment | Verify secrets are production values |
## Resources
- [Vercel Serverless Functions](https://vercel.com/docs/functions)
- [Fly.io Documentation](https://fly.io/docs)
- [Google Cloud Run](https://cloud.google.com/run/docs)
- [BambooHR Webhooks](https://documentation.bamboohr.com/docs/webhooks)
## Next Steps
For webhook handling, see `bamboohr-webhooks-events`.
Related in Cloud & DevOps
appbuilder-action-scaffolder
IncludedCreate, implement, deploy, and debug Adobe Runtime actions with consistent layout, validation, and error handling. Use this skill whenever the user needs to add actions to an App Builder project, understand action structure (params, response format, web/raw actions), configure actions in the manifest, use App Builder SDKs (State, Files, Events, database), deploy and invoke actions via CLI, debug action issues, or implement patterns such as webhook receivers, custom event providers, journaling consumers, large payload redirects, action sequence pipelines, and Asset Compute workers. Also trigger when users mention serverless functions in Adobe context, action logging, IMS authentication for actions, or cron-style scheduled actions.
orchestrating-datacloud
IncludedSalesforce Data Cloud product orchestrator for connect→prepare→harmonize→segment→act workflows. Use this skill when the user needs a multi-step Data Cloud pipeline, cross-phase troubleshooting, or data space and data kit management. TRIGGER when: user needs a multi-step Data Cloud pipeline, asks to set up or troubleshoot Data Cloud across phases, manages data spaces or data kits, or wants a cross-phase sf data360 workflow. DO NOT TRIGGER when: work is isolated to a single phase (use the matching phase-specific skill), the task is STDM/session tracing/parquet telemetry (use observing-agentforce), standard CRM SOQL (use querying-soql), or Apex implementation (use generating-apex).
github-project-automation
IncludedAutomate GitHub repository setup with CI/CD workflows, issue templates, Dependabot, and CodeQL security scanning. Includes 12 production-tested workflows and prevents 18 errors: YAML syntax, action pinning, and configuration. Use when: setting up GitHub Actions CI/CD, creating issue/PR templates, enabling Dependabot or CodeQL scanning, deploying to Cloudflare Workers, implementing matrix testing, or troubleshooting YAML indentation, action version pinning, secrets syntax, runner versions, or CodeQL configuration. Keywords: github actions, github workflow, ci/cd, issue templates, pull request templates, dependabot, codeql, security scanning, yaml syntax, github automation, repository setup, workflow templates, github actions matrix, secrets management, branch protection, codeowners, github projects, continuous integration, continuous deployment, workflow syntax error, action version pinning, runner version, github context, yaml indentation error
sf-datacloud
IncludedSalesforce Data Cloud product orchestrator for connect→prepare→harmonize→segment→act workflows. TRIGGER when: user needs a multi-step Data Cloud pipeline, asks to set up or troubleshoot Data Cloud across phases, manages data spaces or data kits, or wants a cross-phase `sf data360` workflow. DO NOT TRIGGER when: work is isolated to a single phase (use the matching sf-datacloud-* skill), the task is STDM/session tracing/parquet telemetry (use sf-ai-agentforce-observability), standard CRM SOQL (use sf-soql), or Apex implementation (use sf-apex).
fabric-cli
IncludedUse this skill for Fabric.so CLI workflows with the `fabric` terminal command: diagnose/install/login, search or browse a Fabric library, save notes/links/files, create folders, ask the Fabric AI assistant, manage tasks/workspaces, generate shell completion, check subscription usage, produce JSON output, and use Fabric as persistent agent memory. Do not use for Microsoft Fabric/Azure/Power BI `fab`, Daniel Miessler's Fabric framework, Python Fabric SSH, Fabric.js, or textile/fashion fabric.
lark
IncludedLark/Feishu CLI skills: lark-cli operations for docs, markdown, sheets, base, calendar, im, mail, task, okr, drive, wiki, slides, whiteboard, apps, approval, attendance, contact, vc, minutes, event. Use when the user needs to operate Lark/Feishu resources via lark-cli, send messages, manage documents, spreadsheets, calendars, tasks, OKRs, deploy web pages, or any Feishu/Lark workspace operations.