masaruk Logo

DevOps & Deployment

DevOps, deployment, release management, and operational environment for MASARUK

1. Purpose

This document defines the DevOps, deployment, release management, and operational environment for the MASARUK platform.

  • Web (Next.js)
  • Mobile (Flutter)
  • Backend (Node.js REST API)
  • Admin Panel (Web)
  • Provider Portal (Web)
  • Database (PostgreSQL)
  • Background jobs (BullMQ / Redis)
  • Integrations (Payments, SMS, Email, Maps)

Deployment follows zero-downtime, automated, and audited pipelines with fully defined environments.

2. Environments

2.1 Development (DEV)

Purpose: Feature development, Rapid testing, Shared testing environment

  • No payment gateways in live mode
  • Debug logs enabled
  • Rate limits relaxed
  • Feature flags allowed
  • Auto-generated seed data

2.2 Staging (STG)

Purpose: Pre-production QA, UAT, API contract validation, Performance tests

  • Payment gateways in test/sandbox mode
  • Debug disabled
  • Mirrors production configs
  • Realistic seeded data

2.3 Production (PROD)

Purpose: Live platform for users

  • Payment gateways in live mode
  • Strict rate limits
  • Debug = OFF
  • Logging with sensitivity masking
  • Zero-downtime deploy
  • Backups active
  • Monitoring + alerts active

3. Deployment Strategy

3.1 Backend (Node.js)

  1. Pull from main branch
  2. npm ci --production
  3. npx prisma migrate deploy
  4. npm run build
  5. Restart PM2 cluster (pm2 reload)
  6. Health check /api/health

3.2 Web Frontend (Next.js)

  1. Build: next build
  2. Deploy to Vercel or Node hosting
  3. Verify build success
  4. Static assets cached at CDN
  5. Health check on /

3.3 Mobile (Flutter)

  1. flutter build apk / flutter build ios
  2. Sign with release keys
  3. Upload to Play Store / App Store
  4. Staged rollout (optional)
  5. Monitor crash reports

4. CI/CD Pipeline

  1. Commit → Trigger
  2. Install dependencies
  3. Run linters & static analysis
  4. Run unit tests
  5. Run integration tests
  6. Build artifacts
  7. Deploy to staging
  8. Run E2E tests
  9. Manual approval for production
  10. Deploy to production
  11. Post-deploy health checks

Tools:

GitHub Actions / GitLab CIDocker for consistent buildsTerraform for infrastructure (optional)Ansible for server config

5. Monitoring & Observability

  • Server metrics (CPU, RAM, Disk)
  • API response times
  • Error rates & exceptions
  • Database slow queries
  • Queue job status
  • Payment transaction status
  • Mobile crash reports
Pino logger (structured logging)Sentry for errorsPrometheus + Grafana (optional)CloudWatch / DigitalOcean monitoring

6. Backup & Recovery

Database:

  • Daily automated backups
  • PITR enabled
  • Retention: 30 days
  • Encrypted backups

Recovery:

  • RTO: < 4 hours
  • RPO: < 1 hour
  • Documented restore procedures
  • Regular recovery drills

7. Security Operations

  • HTTPS everywhere
  • Secrets in environment variables (never in code)
  • Regular dependency updates
  • Penetration testing (quarterly)
  • Access logs retained
  • Admin actions audited