Deployment
Environments
| Environment | URL pattern | Purpose |
|---|---|---|
| Local | localhost | Dev on laptop. |
| Dev | attendance-dev.example.com | Auto-deploy on merge to main. |
| Staging | attendance-stg.example.com | Release candidate, data refresh weekly. |
| Production | attendance.example.com | Live tenants. |
CI/CD
- GitHub Actions build + test on every PR.
- On merge to
main: build images, push to registry, deploy todev. - On git tag
vX.Y.Z: deploy to staging, manual promotion to production.
Release Checklist
- Green CI across
server,ui,app. - Migrations reviewed for destructiveness.
- Release notes drafted in
documentation/blog. - Staging smoke tests executed.
- Production deploy during low-traffic window.
- Post-deploy verification of
/up, Horizon health, a synthetic punch.
Secrets
- Managed via GitHub encrypted secrets + container env at deploy time.
- Never committed —
.envat repo root only holds non-sensitive Compose vars. - Rotate quarterly; partner webhook signing secrets rotate on every deploy.
Backups
- MySQL logical backup nightly → S3 with 30-day retention.
- Object storage versioned; lifecycle policy keeps export artefacts for 90 days.
- Quarterly restore test on an isolated environment.