ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
548a37c888
TenantAtlas/docs/deployment-checklist.md
ahmido bf43dad3d1 fix: enforce workspace surface scope for customer review workspace (#366) 
## Summary
- keep `/admin/reviews/workspace` workspace-scoped in shell and sidebar context
- treat `tenant` query hints on the customer review workspace as page-level filters only
- update the customer review workspace tests and Spec 311 navigation contract to match the workspace-hub IA

## Testing
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceContextTopbarAndTenantSelectionTest.php tests/Feature/Filament/PanelNavigationSegregationTest.php`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
- `git diff --check`

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #366
2026-05-15 20:52:37 +00:00

103 lines
3.7 KiB
Markdown
Raw Blame History

# TenantPilot Deployment Checklist
Status: 2026-05-15
Target: Sail locally, Dokploy-first staging/production, PostgreSQL, container-based deployment.
## Production Readiness Checklist
- Staging environment exists and is the mandatory production gate.
- `APP_ENV=production` and `APP_DEBUG=false`.
- `APP_KEY` is stable, secret, and backed up securely.
- Database is PostgreSQL 16-compatible.
- Storage volumes/private object storage are persistent.
- Queue workers and scheduler are explicitly configured.
- Health check route `/up` is monitored.
- Logs are collected outside the container.
- Backups are encrypted and restore-tested.
- Dependency audits are clean or exceptions are approved.
## Build and Release Checklist
1. `cd apps/platform && composer install --no-dev --optimize-autoloader`
2. `cd apps/platform && corepack pnpm install --frozen-lockfile`
3. `cd apps/platform && corepack pnpm build`
4. `cd apps/platform && php artisan filament:assets`
5. `cd apps/platform && php artisan migrate --force`
6. `cd apps/platform && php artisan optimize`
7. Restart or reload long-running services with `php artisan reload` or `php artisan queue:restart` depending on runtime setup.
8. Verify `/up`.
9. Verify login, tenant selection, queue dispatch, and audit write on staging.
## Queue Worker Checklist
Do not use `queue:listen` for production workers.
Recommended baseline:
```bash
php artisan queue:work database --queue=high,default,graph,restore,reports,notifications --sleep=3 --tries=3 --timeout=300
```
When Redis is enabled:
```bash
php artisan queue:work redis --queue=high,default,graph,restore,reports,notifications --sleep=3 --tries=3 --timeout=300
```
Rules:
- Use process supervision so exited workers restart.
- Keep worker `--timeout` lower than queue `retry_after`.
- Reload/restart workers on deploy.
- Track queue depth and failed jobs.
- Run destructive restore/backups in separate queues when volume grows.
## Scheduler Checklist
- One scheduler instance per environment.
- Use Laravel scheduler with `withoutOverlapping()` for recurring jobs.
- Monitor last successful scheduler tick and per-command failures.
- Long-running scheduled work dispatches jobs rather than doing Graph work inline.
## Migration Checklist
- Review locks and table size before staging.
- Backfill in chunks where needed.
- Avoid irreversible destructive schema changes after production unless forward-only rollback is documented.
- JSON to JSONB conversions need staging timing proof.
- Composite FK and partial index changes need PostgreSQL CI/staging validation.
## Rollback Checklist
- Keep previous image available.
- Know whether rollback is code-only or code+schema.
- For forward-only migrations, ship a forward fix instead of unsafe down migration.
- Pause workers before risky rollback if queued payload formats changed.
- Verify audit logs and operation runs remain readable.
## Backup/Restore Checklist
- Database backups encrypted.
- Storage backups encrypted.
- Provider credentials excluded from logs and exports.
- Restore tested on staging from a real backup.
- Backup retention and deletion documented.
- Restore runbook includes queue/scheduler coordination.
## Monitoring Checklist
- `/up` uptime check.
- Laravel logs and container logs centralized.
- Queue failures and long-running jobs alerted.
- Scheduler missed-run alert.
- Database connections, slow queries, disk, and backup freshness monitored.
- Graph 429/503 rates visible.
- Error tracking integrated before production.
## Dokploy Notes
- Treat Dokploy as the process/orchestration layer, not as application governance.
- Ensure web, queue, and scheduler processes are separate service definitions or entrypoints.
- Persist `storage/`, database volumes, and uploaded/private files.
- Do not bake `.env` into images.
Reference in New Issue View Git Blame Copy Permalink