Royal Glow internal docs · now fully interactive — Steps, API tables, file trees & live status
Royal Glow Docs

Deployment

Branch strategy, hosting, CI/CD workflows, feature-flag releases, rollback tiers, and backups for Royal Glow.

Deployment

Royal Glow ships through a four-stage Git pipeline with progressively stricter gates, deploys to Cloudflare's edge, and decouples deploy from release using PostHog feature flags. The whole platform runs at ₹0/month on free tiers at launch.

Deploy ≠ release. Code goes live on the edge on every merge to prod; a feature only becomes visible when its PostHog flag is turned on. A bug means flipping a flag off — no rollback required.

Branch strategy

Four persistent branches, each mapped to an environment and a Neon DB branch. Work flows in one direction: dev → test → pprd → prod. There are no direct pushes to prod.

BranchEnvironmentNeon branchProtection / gates
devDevelopmentdevLint + type check + unit tests
testQA / CItest+ integration + Playwright E2E + Lighthouse CI
pprdPre-productionpprd+ k6 load test + smoke suite + dependency audit
prodProductionprod+ manual approval → deploy + health check

The pprd branch is reset from prod every 24h via the Neon Branch Reset API (a near-instant copy-on-write operation), then a PII-anonymisation script scrubs names, phones, and emails so UAT has realistic data without real customer PII. QStash scheduled jobs target prod only.

Hosting topology

  • Edge: Cloudflare Workers (via the OpenNext adapter, @opennextjs/cloudflare) serve the customer site (rgss-web, theroyalglow.in) and the admin portal (rgss-admin, admin.theroyalglow.in) globally — deployed near India (Mumbai / Singapore). Not Cloudflare Pages, not next-on-pages.
  • CMS: Render (Singapore, free tier) hosts Payload CMS (rgss-cms, cms.theroyalglow.in).
  • PDF render: Cloud Run hosts the invoice PDF service (@rgss/invoicing).
  • Database: a single Neon PostgreSQL 16 project with four branches.
  • Media: Cloudflare R2 (S3-compatible, zero egress). Cache + queue: Upstash Redis + QStash. Realtime: Ably.

GitHub Actions workflows

Four workflows enforce the gates above and handle production deploys.

WorkflowFileTriggers onDoes
CIci.ymlPRs to all branches + push to devLint + typecheck, unit tests, build, Trivy + Socket.dev audit
Integration & E2Eintegration.ymlPRs to test/pprd/prodIntegration tests, Playwright E2E, Lighthouse CI
Load & Securityload-test.ymlPRs to pprd/prodk6 load test, Trivy fs scan, OWASP ZAP baseline
Deploy Productiondeploy-prod.ymlPush to prodPre-deploy checks → build + Sentry source maps → Cloudflare Workers deploy (opennextjs-cloudflare deploy / wrangler deploy) → migrations → health check + smoke tests

Lighthouse gates require performance ≥ 95 and accessibility, best-practices, and SEO = 100.

Feature-flag release strategy

Every feature ships to prod behind a PostHog flag and is exposed gradually.

Deploy with the flag OFF

Code goes live on the edge, invisible to everyone.

Flag ON for role = developer

Self-test directly in production.

Flag ON for 10% of customers

Watch Sentry for new errors.

Flag ON for 100%

Full release to all customers.

Remove flag + dead code

After 2 weeks stable, clean up the flag and dead code.

Rollback tiers

When something goes wrong, escalate from the cheapest, fastest lever upward.

Health check

GET /api/health probes the database, Redis, and R2 in parallel and returns a HealthStatus contract: healthy / degraded / unhealthy. It responds 200 for healthy or degraded and 503 for unhealthy, always with Cache-Control: no-store. BetterStack polls it every ~3 minutes and opens an incident on status.theroyalglow.in if it fails.

Backups

TypeFrequencyRetentionStorageRPO
Neon PITR (automatic)Continuous WAL7 daysNeon infrastructure~0 sec
Weekly pg_dumpSun 7:30 AM IST8 weeksCloudflare R2≤ 7 days
Monthly restore test1st of monthTemporary Neon branchValidates integrity
OpenReport an issue

Was this page helpful?

On this page