Skip to main content

πŸš€ GitHub Actions Deployment Workflow Guide

πŸ“‹ Overview​

This is the current deployment guide for the API workflow and the shared release story referenced by service deployment docs.

Current promotion flow:

feature/*, fix/*, refactor/*, chore/*, hotfix/*
  -> open PR to beta
beta
  -> deploy beta
  -> open PR to alpha
alpha
  -> deploy alpha
  -> open PR to main
main
  -> deploy production

There is also an emergency production workflow for incidents that cannot wait for the normal promotion path.

πŸ—οΈ Workflow Architecture​

Pipeline Stages​

StagePurposeEnvironmentURL Pattern
Betashared internal validationbetahttps://beta.api.{domain}
Alphastaging / pre-productionalphahttps://alpha.api.{domain}
Productionlive systemproductionhttps://api.{domain}

🎯 Workflow Triggers​

Automatic Triggers​

Push Events​

on:
  push:
    branches:
      - "feature/**"   # build + open PR to beta
      - "refactor/**"  # build + open PR to beta
      - "fix/**"       # build + open PR to beta
      - "chore/**"     # build + open PR to beta
      - "hotfix/**"    # build + open PR to beta
      - "staging/**"   # build + open PR to alpha
      - "beta"         # deploy beta + open PR to alpha
      - "alpha"        # deploy alpha + open PR to main
      - "main"         # deploy production

Pull Request Events​

on:
  pull_request:
    branches:
      - "beta"
      - "alpha"
      - "main"

Merged PRs into beta or alpha are part of the deploy conditions for those target environments.

Manual Triggers​

on:
  workflow_dispatch:
    inputs:
      target_stage:
        type: choice
        options: [beta, alpha, production]

πŸ”§ Jobs & Workflow Steps​

Job 1: Build And Package​

Purpose: validate the repo and create the deployable artifact used by every standard deploy job.

build-and-test:
  runs-on: ubuntu-latest
  steps:
    - Checkout repository
    - Setup Node.js 20.10.0
    - Install dependencies (npm ci)
    - Run type checking
    - Build TypeScript
    - Assemble deployment bundle
    - Upload deploy-package artifact

The standard workflow currently enforces type-check + build.

The test step is still commented out in api-deploy.yml, so do not describe the normal path as fully test-gated.

Job 2: Open Promotion PRs​

Feature-style branches open a PR to beta.

staging/* branches open a PR directly to alpha when beta needs to be bypassed for controlled validation.

These PR jobs do not deploy by themselves. They prepare the branch promotion step that will trigger a deploy after merge or direct branch push.

Job 3: Deploy Beta / Alpha / Production​

The normal deploy jobs now use the same shared deploy action as the emergency workflow:

  • workflow action: .github/actions/deploy
  • artifact contract: deploy-package/dist, deploy-package/package.json, deploy-package/package-lock.json
  • server runtime expectation: app starts from dist/index.js

Environment triggers:

  • beta branch or manual target_stage=beta -> deploy beta
  • alpha branch or manual target_stage=alpha -> deploy alpha
  • main branch or manual target_stage=production -> deploy production

Production also performs the version bump before deploying and runs under the GitHub production environment.

Version Bumping Logic​

  • Commit contains [MAJOR] -> major version bump
  • Commit contains [MINOR] -> minor version bump
  • Default -> patch version bump

πŸ” Required Secrets & Configuration​

Repository Secrets​

secrets:
  DOMAIN_NAME: # Base domain (e.g., attunelogic.com)
  SSH_HOST: # Deployment server hostname/IP
  SSH_USER: # SSH username for deployment
  SSH_PASS: # SSH password/key for deployment
  SSH_PORT: # SSH port (usually 22)
  GITHUB_TOKEN: # Automatic (for PR creation)

GitHub Environments​

Configure in GitHub: Settings β†’ Environments

  • beta: Beta environment configuration
  • alpha: Alpha environment configuration
  • production: Production environment (with protection rules)

Recommended Protection Rules:

  • βœ… Required reviewers for production
  • βœ… Wait timer for production deployments
  • βœ… Restrict to specific branches

πŸ“ Custom Deploy Action​

The workflow uses a custom deploy action: .github/actions/deploy

Expected Interface:

inputs:
  environment: # beta, alpha, production
  domain: # Domain name
  ssh_host: # Server hostname
  ssh_user: # SSH username
  ssh_pass: # SSH credentials
  ssh_port: # SSH port

πŸ“¦ Deployment Bundle Contract​

Current API deploys should be treated as a runnable Node app bundle, not a dist/ folder by itself.

Expected runtime bundle:

  • dist/
  • package.json
  • package-lock.json

Runtime expectation on server:

  • app starts from node dist/index.js
  • health checks verify the deployed app after startup

🚨 Emergency And Fallback Paths​

The API repo also includes an emergency workflow:

  • workflow: .github/workflows/emergency-deploy.yml
  • action used by emergency path: .github/actions/deploy

Use the emergency path only for production incidents that cannot wait for normal promotion. It still builds the app, can run tests by default, and performs production health verification after deploy.

πŸš€ Deployment Flow Examples​

Feature Development β†’ Beta​

  1. Developer pushes to feature/new-security-feature
  2. Workflow triggers build-and-test + deploy-beta
  3. Auto-deployment to beta environment
  4. Auto-PR created: feature/new-security-feature β†’ beta
  5. Testing on https://beta.api.domain.com
  6. Review & Merge PR when testing complete

Beta β†’ Alpha Promotion​

  1. Team merges feature PR into beta branch
  2. Workflow triggers build-and-test + deploy-alpha
  3. Auto-deployment to alpha environment
  4. Auto-PR created: beta β†’ alpha
  5. Staging validation on https://alpha.api.domain.com
  6. Approve & Merge for production release

Alpha β†’ Production Release​

  1. Release Manager merges alpha PR into alpha branch
  2. Workflow triggers build-and-test + deploy-production
  3. Version bump based on commit message
  4. Auto-deployment to production environment
  5. Auto-PR created: alpha β†’ main (with version tag)
  6. Merge to keep main in sync with production

πŸ”„ Branch Strategy & GitOps​

Branch Hierarchy​

main (production sync)
β”œβ”€β”€ alpha (production candidate)
β”‚   β”œβ”€β”€ beta (staging)
β”‚   β”‚   β”œβ”€β”€ feature/security-features
β”‚   β”‚   β”œβ”€β”€ feature/ui-improvements
β”‚   β”‚   └── feature/bug-fixes

GitOps Principles​

  • πŸ”„ Declarative: Infrastructure as code
  • πŸ” Version Controlled: All changes tracked in Git
  • πŸ€– Automated: No manual deployment steps
  • πŸ›‘οΈ Auditable: Complete deployment history
  • πŸ”’ Secure: Environment-based access controls

πŸ“Š Monitoring & Validation​

Health Check Endpoints​

Each deployment includes automatic health check validation:

# Beta Environment
GET https://beta.api.{domain}/health

# Alpha Environment
GET https://alpha.api.{domain}/health

# Production Environment
GET https://api.{domain}/health

Expected Response:

{
  "status": "ok",
  "timestamp": "2024-01-15T10:30:00.000Z",
  "uptime": 1234567,
  "environment": "beta|alpha|production",
  "version": "2.9.0"
}

Deployment Verification​

  • βœ… HTTP 200 response from health endpoint
  • βœ… Correct environment in response
  • βœ… Service uptime > 0
  • βœ… Expected version number

⚠️ Best Practices & Guidelines​

Commit Message Conventions​

# Patch version bump (default)
git commit -m "fix: resolve rate limiting bug"

# Minor version bump
git commit -m "feat: add brute force protection [MINOR]"

# Major version bump
git commit -m "feat!: breaking API changes [MAJOR]"

Branch Naming Conventions​

# Feature development
feature/security-rate-limiting
feature/ui-dashboard-improvements
feature/user-management-system

# Code refactoring
refactor/optimize-database-queries
refactor/restructure-auth-middleware
refactor/cleanup-legacy-code

# Bug fixes
fix/user-authentication-bug
fix/database-connection-issue
fix/api-response-formatting

# Staging branches (service, optional direct-to-Alpha)
staging/critical-security-patch
staging/quick-alpha-validation

For critical, time-sensitive UI fixes in the AttuneLogic Service, prefer a staging/* branch that deploys directly to Alpha over introducing a separate hotfix/* naming scheme. The API workflow itself still follows the standard feature β†’ beta β†’ alpha β†’ production promotion path.

Environment Usage Guidelines​

Beta Environment πŸ§ͺ​

  • Purpose: Feature testing and integration
  • Data: Test data only
  • Access: Development team
  • Stability: May be unstable during active development

Alpha Environment πŸŽ―β€‹

  • Purpose: Staging and user acceptance testing
  • Data: Production-like test data
  • Access: Extended team, stakeholders
  • Stability: Should be stable and production-ready

Production Environment πŸš€β€‹

  • Purpose: Live customer-facing system
  • Data: Real customer data
  • Access: Restricted, monitored
  • Stability: Must be highly available and stable

🚨 Troubleshooting​

Common Issues​

Build Failures​

# Check these locally before pushing:
npm run type-check  # TypeScript errors
npm run build       # Compilation issues
npm run test:safe   # Test failures

Deployment Failures​

  • βœ… Verify SSH credentials in repository secrets
  • βœ… Check server accessibility and ports
  • βœ… Validate environment configurations
  • βœ… Review deploy action logs

PR Creation Failures​

  • βœ… Ensure GITHUB_TOKEN has proper permissions
  • βœ… Check branch protection rules
  • βœ… Verify repository permissions for actions

Manual Intervention​

Emergency Production Deployment​

  1. Use workflow_dispatch with production target
  2. Monitor deployment carefully
  3. Create manual PR for alpha β†’ main sync

Rollback Procedure​

  1. Revert commits in alpha branch
  2. Trigger automatic deployment to production
  3. Create hotfix branch for proper fix

πŸ“ˆ Workflow Metrics & Analytics​

Deployment Frequency​

  • Beta: Multiple times per day
  • Alpha: Daily to weekly
  • Production: Weekly to monthly

Success Rate Targets​

  • Build Success: >95%
  • Beta Deployment: >98%
  • Alpha Deployment: >99%
  • Production Deployment: >99.9%

Performance Metrics​

  • Build Time: <10 minutes
  • Deployment Time: <5 minutes per environment
  • Health Check Response: <30 seconds

πŸ”§ Customization & Extensions​

Adding New Environments​

  1. Create new environment in GitHub settings
  2. Add new job in workflow file
  3. Configure secrets and protection rules
  4. Update custom deploy action

Custom Validation Steps​

- name: Security Scan
  run: npm audit --audit-level high

- name: Performance Test
  run: npm run test:performance

- name: Integration Test
  run: npm run test:integration

Notification Integration​

- name: Slack Notification
  if: failure()
  uses: 8398a7/action-slack@v3
  with:
    status: failure
    webhook_url: ${{ secrets.SLACK_WEBHOOK }}

πŸ“š Related Documentation​

  • Security Implementation Guide
  • Multi-Industry Testing Guide (Coming Soon)
  • Deployment Readiness Report (Coming Soon)
  • GitHub Actions Deploy Action (Coming Soon)

🎯 Summary​

This workflow provides:

βœ… Automated 3-stage deployment pipeline
βœ… Built-in testing and validation
βœ… Automatic PR creation and tracking
βœ… Semantic versioning for releases
βœ… Environment-specific configurations
βœ… Security and access controls
βœ… Health checks and monitoring
βœ… GitOps best practices

The workflow ensures safe, reliable deployments while maintaining fast development velocity and complete audit trails for your multi-tenant, multi-industry SaaS platform. πŸš€