ShipAI Docs
Deployment

Production Checklist

Pre-deploy and post-deploy checks for safe launches.

Use this before each production release.

Release gate

Treat this checklist as a blocking gate before production rollout, especially for migration safety and webhook correctness.

Validate secrets and topology

Confirm auth, storage, provider, and billing credentials are production-safe and URL values match exposed domains.

Verify runtime and data readiness

Check Docker/Swarm state, apply migrations, and seed plans where required.

Verify post-deploy behavior

Run health probes, smoke tests, webhook checks, and security checklist items.

1) Secrets and Environment Safety

  • generate strong secrets and never use defaults for auth, DB, object storage, and webhook values
  • confirm production URLs (BETTER_AUTH_URL, APP_URL, WEBSITE_URL, S3_PUBLIC_ENDPOINT)
  • confirm at least one AI provider key is present
  • ensure Stripe values are set if billing is enabled

2) Deployment Prerequisites

On the server, verify Docker and Compose:

docker --version
docker compose version

If using Swarm CI/CD, verify status:

docker info
docker node ls

3) Data and Schema Readiness

Run migrations before traffic cutover:

bun db:migrate

Seed/update plans if required:

bun db:seed:plans

Container-based variant:

docker compose exec app bun run db:migrate
docker compose exec app bun run packages/db/src/seed-plans.ts

4) Service Health and Connectivity

bun health

Manual checks:

  • PostgreSQL: docker compose exec postgres pg_isready -U postgres
  • Redis: docker compose exec redis redis-cli ping
  • MinIO: curl -sf http://localhost:4000/minio/health/live
  • Qdrant (if memory enabled): curl -sf http://localhost:6333/readyz
  • SearXNG (if search enabled): curl -sf http://localhost:8080

5) Feature and Service Alignment

Ensure feature flags match deployed services.

Examples:

  • if SearXNG is not deployed: FEATURE_SEARCH_ENABLED=false, SERVICE_SEARXNG_AVAILABLE=false
  • if Qdrant is not deployed: FEATURE_MEMORY_ENABLED=false, SERVICE_QDRANT_AVAILABLE=false
  • for production billing: DEVELOPMENT_MODE=false and FEATURE_BILLING_ENFORCEMENT_ENABLED=true

6) External Webhooks

Stripe

Create webhook endpoint:

  • https://<your-domain>/api/billing/webhook

Enable events:

  • checkout.session.completed
  • customer.subscription.created
  • customer.subscription.updated
  • customer.subscription.deleted
  • invoice.paid
  • invoice.payment_failed

Telegram (optional)

curl -X POST "https://api.telegram.org/bot$TELEGRAM_CHAT_BOT_TOKEN/setWebhook" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://<your-app-domain>/api/webhooks/telegram",
    "secret_token": "'"$TELEGRAM_CHAT_WEBHOOK_SECRET_TOKEN"'"
  }'

Verify:

curl "https://api.telegram.org/bot$TELEGRAM_CHAT_BOT_TOKEN/getWebhookInfo"

7) Release Verification

After deploy:

  • check running services (docker compose ps or docker stack services ai)
  • check app logs (docker compose logs -f app, docker compose logs -f web)
  • smoke test app/admin/web endpoints and auth flow
  • validate file upload and one billing path (if enabled)

8) Security Hardening

  • enable TLS
  • restrict open ports and SSH access
  • protect CI variables and protected branches
  • schedule database backups and test restore path

Backup examples:

docker compose exec postgres pg_dump -U ai ai > backup-$(date +%Y%m%d).sql
docker compose exec -T postgres psql -U ai ai < backup-20240108.sql

Docker

Run and operate the full stack with Docker Compose and Docker Swarm.

Environment Strategy

Structure env files, flags, and service availability across local, staging, and production.

On this page

Validate secrets and topologyVerify runtime and data readinessVerify post-deploy behavior1) Secrets and Environment Safety2) Deployment Prerequisites3) Data and Schema Readiness4) Service Health and Connectivity5) Feature and Service Alignment6) External WebhooksStripeTelegram (optional)7) Release Verification8) Security Hardening