TanstackTemplate
Operations

Quick Deploy

There are two deploy paths. Use the quick workers.dev path for first proof in a copied product. Use the advanced custom-domain and GitHub Actions path after Cloudflare resources, DNS, zone permissions, repository secrets, and Actions billing are ready.

Quick Path: workers.dev Staging

This path avoids custom-domain routing. It proves the Worker and smoke flow against a URL like:

https://<worker-name>.<account-subdomain>.workers.dev

Use it for the first downstream deploy.

  1. Replace the staging Worker name, D1 database, R2 buckets, and staging smoke URL in the copied product.

  2. Keep custom-domain routes out of the first staging target unless the zone is already owned, active, and permissioned for this account.

  3. Create or verify the remote resources. Replace <web-package> with the web package filter in the copied product.

    pnpm --filter <web-package> exec wrangler d1 list
    pnpm --filter <web-package> exec wrangler r2 bucket list
  4. Set the Worker-side demo auth secret for shared demo-auth staging:

    printf '%s' "$CONVERSION_DEMO_AUTH_TOKEN" | pnpm --filter <web-package> exec wrangler secret put CONVERSION_DEMO_AUTH_TOKEN --env staging
  5. Run the local deploy helper:

    export CONVERSION_DEMO_AUTH_TOKEN=<same-token-configured-on-staging-worker>
    pnpm release:deploy-staging-local
    pnpm release:deploy-staging-local -- --yes

The helper runs local release verification, config doctor, Cloudflare auth preflight, staging build with the current commit SHA, target assertion, remote D1 migrations, wrangler deploy, health smoke, Better Auth smoke, and one real conversion smoke. It writes public-safe evidence under artifacts/staging-smoke/local-<commit> unless an output directory override is provided.

For a manual lower-level workers.dev smoke, set the URL explicitly:

export STAGING_BASE_URL=https://<worker-name>.<account-subdomain>.workers.dev
export CURRENT_SHA="$(git rev-parse HEAD)"

DEPLOY_HEALTH_BASE_URL="$STAGING_BASE_URL" \
DEPLOY_HEALTH_EXPECT_RELEASE_COMMIT_SHA="$CURRENT_SHA" \
pnpm smoke:deploy-health -- --environment staging --base-url "$STAGING_BASE_URL"

SMOKE_BASE_URL="$STAGING_BASE_URL" \
SMOKE_EXPECT_RELEASE_COMMIT_SHA="$CURRENT_SHA" \
pnpm smoke:staging

Advanced Path: Custom Domain And GitHub Actions

Use this path after quick staging is proven.

  1. Configure the staging custom domain in apps/web/wrangler.jsonc with custom_domain: true.

  2. Confirm the hostname belongs to an active Cloudflare zone in the deploy account and does not already have a conflicting DNS record.

  3. Make sure the API token can deploy Workers and manage the selected route or custom domain.

  4. Sync GitHub repository secrets:

    pnpm secrets:sync-github
    pnpm secrets:sync-github -- --yes
  5. Confirm Worker secret parity for the staging target:

    printf '%s' "$CONVERSION_DEMO_AUTH_TOKEN" | pnpm --filter <web-package> exec wrangler secret put CONVERSION_DEMO_AUTH_TOKEN --env staging
  6. Dispatch the staging deploy workflow:

    pnpm release:dispatch-staging
    pnpm release:dispatch-staging -- --yes
  7. Download and use current-commit smoke evidence for strict readiness:

    pnpm evidence:download-smoke -- --run-id <run-id> --output-dir artifacts/staging-smoke/github-<commit>
    pnpm report:release-readiness -- --strict --staging-smoke-evidence artifacts/staging-smoke/github-<commit> --image-safety-launch-decision "<decision>"

Production Is A Separate Gate

Do not treat either staging path as production approval. Production needs:

pnpm plan:production-resources
pnpm preflight:production-cutover -- --stage resource-ready --production-resource-ready-evidence <resource-ready-evidence.json> --strict
pnpm preflight:production-cutover -- --stage traffic-ready --production-resource-ready-evidence <resource-ready-evidence.json> --operator-assisted-production-evidence <operator-evidence.json> --strict

Attach DNS, custom-domain, D1/R2, deploy workflow, health smoke, rollback, legal trust, and image-safety evidence before traffic cutover.

On this page