Back to Details

environment-deployment-strategy

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Environment Deployment Strategy

环境部署策略

This is a reference pattern. Learn from the approach, adapt to your context — don't copy verbatim.
Problem: Need safe deployment practices that prevent accidental production deployments while enabling rapid development iteration.
Solution: Three-tier environment strategy with deployment restrictions.
这是一个参考模式。 请学习其思路,适配你自身的场景,不要逐字照搬。
问题:需要既能避免意外部署到生产环境,又能支持快速开发迭代的安全部署实践。
解决方案:带部署限制的三层环境策略。

Pattern

模式说明

Three Environments:
  1. Local (
    local
    )
    • Runs on developer machine
    • Uses cloud resources from 
      dev
      environment
    • Cannot be deployed (no cloud resources)
    • Fast iteration, no deployment wait
  2. Development (
    dev
    )
    • Deployed to cloud
    • Mirrors production architecture
    • Can deploy via: Local script OR GitHub Actions (on merge to 
      dev
      branch)
    • Used for testing and validation
  3. Production (
    prod
    )
    • Deployed to cloud
    • Live customer-facing environment
    • Can ONLY deploy via: GitHub Actions (on merge to 
      main
      branch)
    • Never deployed from local machine
三类环境
  1. 本地环境
    local
    • 运行在开发者设备上
    • 使用
      dev
      环境的云资源
    • 无需部署(无专属云资源)
    • 迭代速度快,无部署等待时间
  2. 开发环境
    dev
    • 部署在云端
    • 与生产环境架构完全一致
    • 可通过以下方式部署:本地脚本 或 合并代码到
      dev
      分支时触发GitHub Actions
    • 用于测试和功能验证
  3. 生产环境
    prod
    • 部署在云端
    • 面向用户的线上运行环境
    • 仅可通过合并代码到
      main
      分支时触发GitHub Actions部署
    • 绝对不允许从本地机器直接部署

Why This Pattern?

该模式的优势

Benefits:
  • Safety: Production protected from accidental local deployments
  • Speed: Local development uses cloud dev resources (no local infrastructure)
  • Consistency: Dev mirrors prod, catches issues before production
  • Audit Trail: All prod deployments tracked in GitHub Actions logs
  • Rollback: Git history enables easy rollback
Prevents:
  • Accidental production deployments from developer machines
  • Untested code reaching production
  • Configuration drift between environments
  • "Works on my machine" issues
收益
  • 安全性:避免本地意外部署到生产环境
  • 开发速度:本地开发直接使用云端开发环境资源,无需搭建本地基础设施
  • 一致性:开发环境与生产环境架构一致,可在上线前提前发现问题
  • 审计追溯:所有生产环境部署记录都保存在GitHub Actions日志中
  • 回滚能力:Git历史记录支持快速回滚
可规避的问题
  • 开发者从本地机器意外部署到生产环境
  • 未测试的代码上线到生产环境
  • 不同环境之间的配置漂移
  • "在我本地能运行"类问题

Implementation

实现方式

Environment Configuration:
bash
undefined
环境配置
bash
undefined

.env (local - not committed)

.env (本地环境 - 不提交到代码库)

ENVIRONMENT=local AWS_REGION=eu-central-1
ENVIRONMENT=local AWS_REGION=eu-central-1

Uses dev resources

开发环境资源

API_ENDPOINT=https://api-dev.example.com
API_ENDPOINT=https://api-dev.example.com

.env.dev (committed template)

.env.dev (提交到代码库的模板)

ENVIRONMENT=dev AWS_REGION=eu-central-1 API_ENDPOINT=https://api-dev.example.com
ENVIRONMENT=dev AWS_REGION=eu-central-1 API_ENDPOINT=https://api-dev.example.com

.env.prod (committed template, secrets from SSM)

.env.prod (提交到代码库的模板,敏感信息从SSM获取)

ENVIRONMENT=prod AWS_REGION=eu-central-1 API_ENDPOINT=https://api.example.com

**Deployment Scripts**:

```json
// package.json
{
  "scripts": {
    "deploy:dev": "cdk deploy --all --context environment=dev",
    "deploy:prod": "echo 'ERROR: Production can only be deployed via GitHub Actions' && exit 1"
  }
}
GitHub Actions Workflow:
yaml
undefined
ENVIRONMENT=prod AWS_REGION=eu-central-1 API_ENDPOINT=https://api.example.com

**部署脚本**:

```json
// package.json
{
  "scripts": {
    "deploy:dev": "cdk deploy --all --context environment=dev",
    "deploy:prod": "echo 'ERROR: Production can only be deployed via GitHub Actions' && exit 1"
  }
}
GitHub Actions工作流
yaml
undefined

.github/workflows/deploy.yml

.github/workflows/deploy.yml

name: Deploy
on: pull_request: types: [closed] branches: [dev, main]
jobs: deploy-dev: if: github.base_ref == 'dev' && github.event.pull_request.merged == true runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Deploy to Dev run: npm run deploy:dev
deploy-prod: if: github.base_ref == 'main' && github.event.pull_request.merged == true runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Deploy to Production run: cdk deploy --all --context environment=prod

---
name: Deploy
on: pull_request: types: [closed] branches: [dev, main]
jobs: deploy-dev: if: github.base_ref == 'dev' && github.event.pull_request.merged == true runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Deploy to Dev run: npm run deploy:dev
deploy-prod: if: github.base_ref == 'main' && github.event.pull_request.merged == true runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Deploy to Production run: cdk deploy --all --context environment=prod

---

Deployment Flow

部署流程

Development Cycle:
1. Developer works locally (uses dev resources)
2. Commits to feature branch
3. Opens PR to dev branch
4. PR merged → GitHub Actions deploys to dev
5. Test in dev environment
6. Open PR from dev to main
7. PR merged → GitHub Actions deploys to prod
Local Development:
bash
undefined
开发周期
1. 开发者在本地开发(使用开发环境资源)
2. 提交代码到功能分支
3. 提交PR到dev分支
4. PR合并 → GitHub Actions自动部署到开发环境
5. 在开发环境测试验证
6. 提交PR从dev分支到main分支
7. PR合并 → GitHub Actions自动部署到生产环境
本地开发
bash
undefined

Developer runs frontend locally

开发者在本地运行前端

npm run dev
npm run dev

Frontend connects to dev API

前端连接到开发环境API

No infrastructure deployment needed

无需部署基础设施

Fast iteration

迭代速度快


**Dev Deployment** (two options):
```bash

**开发环境部署**(两种可选方式):
```bash

Option 1: Local deployment (for quick testing)

方式1:本地部署(用于快速测试)

npm run deploy:dev
npm run deploy:dev

Option 2: GitHub Actions (on PR merge to dev)

方式2:GitHub Actions(PR合并到dev分支时自动触发)

Automatic, tracked, consistent

自动化、可追溯、一致性高


**Prod Deployment** (one option only):
```bash

**生产环境部署**(仅支持一种方式):
```bash

Only via GitHub Actions (on PR merge to main)

仅可通过PR合并到main分支时触发GitHub Actions部署

Attempting local deployment fails with error message

尝试本地部署会直接报错终止


---

---

Resource Isolation

资源隔离

Separate Resources Per Environment:
typescript
// All resources include environment identifier
const bucket = new s3.Bucket(this, 'Bucket', {
  bucketName: `${PROJECT_ID}-data-${environment}` // dev or prod
});

const table = new dynamodb.Table(this, 'Table', {
  tableName: `${PROJECT_ID}-users-${environment}` // dev or prod
});
Why: Prevents dev and prod from sharing resources, avoiding data corruption and conflicts.
每个环境独立使用专属资源
typescript
// 所有资源名称都包含环境标识
const bucket = new s3.Bucket(this, 'Bucket', {
  bucketName: `${PROJECT_ID}-data-${environment}` // dev 或 prod
});

const table = new dynamodb.Table(this, 'Table', {
  tableName: `${PROJECT_ID}-users-${environment}` // dev 或 prod
});
原因:避免开发环境和生产环境共享资源,防止数据损坏和资源冲突。

AWS CodePipeline Integration

AWS CodePipeline集成

Alternative: Use AWS CodePipeline instead of GitHub Actions
typescript
// Separate pipelines per environment
const devPipeline = new codepipeline.Pipeline(this, 'DevPipeline', {
  pipelineName: `${PROJECT_ID}-pipeline-dev`
});

const prodPipeline = new codepipeline.Pipeline(this, 'ProdPipeline', {
  pipelineName: `${PROJECT_ID}-pipeline-prod`
});
GitHub Actions trigger:
yaml
- name: Trigger Dev Pipeline
  run: aws codepipeline start-pipeline-execution --name ${PROJECT_ID}-pipeline-dev

- name: Trigger Prod Pipeline
  run: aws codepipeline start-pipeline-execution --name ${PROJECT_ID}-pipeline-prod
Benefits:
  • Build logs in AWS CloudWatch
  • IAM-based permissions (no GitHub secrets)
  • Integrated with AWS services
替代方案:使用AWS CodePipeline代替GitHub Actions
typescript
// 每个环境独立配置流水线
const devPipeline = new codepipeline.Pipeline(this, 'DevPipeline', {
  pipelineName: `${PROJECT_ID}-pipeline-dev`
});

const prodPipeline = new codepipeline.Pipeline(this, 'ProdPipeline', {
  pipelineName: `${PROJECT_ID}-pipeline-prod`
});
GitHub Actions触发配置
yaml
- name: Trigger Dev Pipeline
  run: aws codepipeline start-pipeline-execution --name ${PROJECT_ID}-pipeline-dev

- name: Trigger Prod Pipeline
  run: aws codepipeline start-pipeline-execution --name ${PROJECT_ID}-pipeline-prod
优势
  • 构建日志存储在AWS CloudWatch
  • 基于IAM的权限控制(无需配置GitHub密钥)
  • 与AWS服务深度集成

Variations

变种模式

Two-Environment (simpler projects):
  • dev
    - Development and testing
  • prod
    - Production only
Four-Environment (enterprise):
  • local
    - Developer machines
  • dev
    - Development
  • staging
    - Pre-production testing
  • prod
    - Production
双环境模式(适用于小型项目):
  • dev
    - 开发和测试用
  • prod
    - 仅生产环境
四环境模式(适用于企业级项目):
  • local
    - 开发者本地环境
  • dev
    - 开发环境
  • staging
    - 预发测试环境
  • prod
    - 生产环境

Related Patterns

相关模式

  • Resource Naming - How to name resources per environment
  • Environment Validation - Validate environment config early
  • Static Frontend Hosting - Deployment pipeline example
  • 资源命名规范 - 如何按环境命名资源
  • 环境配置校验 - 提前校验环境配置
  • 静态前端托管 - 部署流水线示例

Progressive Improvement

持续优化

If the developer corrects a behavior that this skill should have prevented, suggest a specific amendment to this skill to prevent the same correction in the future.
如果开发者修正了本模式本应避免的问题,请提出具体的修改建议,避免同类问题再次发生。