Phase 9: Deployment
第9阶段:部署
Deliver the completed application to users.
What to Do in This Phase
本阶段需执行的任务
- Prepare Deployment Environment: Infrastructure setup
- Build: Create production build
- Execute Deployment: Actual deployment
- Verification: Post-deployment operation check
- 部署环境准备:基础设施搭建
- 构建:生成生产环境构建包
- 执行部署:实际部署操作
- 验证:部署后运行状态检查
docs/02-design/
└── deployment-spec.md # Deployment specification
docs/04-report/
└── deployment-report.md # Deployment report
(Infrastructure config files)
├── vercel.json # Vercel configuration
├── Dockerfile # Docker configuration
└── k8s/ # Kubernetes configuration
docs/02-design/
└── deployment-spec.md # 部署规格说明文档
docs/04-report/
└── deployment-report.md # 部署报告
(基础设施配置文件)
├── vercel.json # Vercel配置文件
├── Dockerfile # Docker配置文件
└── k8s/ # Kubernetes配置目录
- Plan: Establish deployment plan
- Design: Design deployment configuration
- Do: Execute deployment
- Check: Verify deployment
- Act: Problem resolution and completion report
- Plan(计划):制定部署方案
- Design(设计):设计部署配置
- Do(执行):实施部署操作
- Check(检查):验证部署结果
- Act(改进):问题排查与完成报告
Level-wise Application
分场景应用
| Level | Deployment Method |
|---|
| Starter | Static hosting (Netlify, GitHub Pages) |
| Dynamic | Vercel, Railway, etc. |
| Enterprise | Kubernetes, AWS ECS, etc. |
| 场景级别 | 部署方式 |
|---|
| 入门级 | 静态托管(Netlify、GitHub Pages) |
| 动态应用 | Vercel、Railway等 |
| 企业级 | Kubernetes、AWS ECS等 |
Starter Deployment (Static Hosting)
入门级部署(静态托管)
Deploy dist/ folder to gh-pages branch
将dist/文件夹部署到gh-pages分支
Configure netlify.toml then connect Git
配置netlify.toml后连接Git仓库
Dynamic Deployment (Vercel)
动态应用部署(Vercel)
Or auto-deploy via Git connection
或通过Git连接自动部署
Enterprise Deployment (Kubernetes)
企业级部署(Kubernetes)
k8s/deployment.yaml
k8s/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 3
template:
spec:
containers:
- name: app
image: my-app:latest
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 3
template:
spec:
containers:
- name: app
image: my-app:latest
Environment Management
环境管理
Environment Configuration Overview
环境变量配置概览
┌─────────────────────────────────────────────────────────────┐
│ Environment Variable Flow │
├─────────────────────────────────────────────────────────────┤
│ │
│ Development │
│ └── .env.local → Developer local machine │
│ │
│ Staging │
│ └── CI/CD Secrets → Preview/Staging environment │
│ │
│ Production │
│ └── CI/CD Secrets → Production environment │
│ └── Vault/Secrets Manager (Enterprise) │
│ │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ 环境变量流转流程 │
├─────────────────────────────────────────────────────────────┤
│ │
│ 开发环境 │
│ └── .env.local → 开发者本地机器 │
│ │
│ 预发布环境 │
│ └── CI/CD密钥 → 预览/预发布环境 │
│ │
│ 生产环境 │
│ └── CI/CD密钥 → 生产环境 │
│ └── Vault/密钥管理器(企业级) │
│ │
└─────────────────────────────────────────────────────────────┘
Environment Classification
环境分类
| Environment | Purpose | Data | Variable Source |
|---|
| Development | Local development | Test data | |
| Staging | Pre-deployment verification | Test data | CI/CD Secrets |
| Production | Live service | Real data | CI/CD Secrets + Vault |
| 环境 | 用途 | 数据 | 变量来源 |
|---|
| 开发环境 | 本地开发 | 测试数据 | |
| 预发布环境 | 部署前验证 | 测试数据 | CI/CD密钥 |
| 生产环境 | 线上服务 | 真实数据 | CI/CD密钥 + Vault |
CI/CD Environment Variable Configuration
CI/CD环境变量配置
GitHub Actions
GitHub Actions
.github/workflows/deploy.yml
.github/workflows/deploy.yml
name: Deploy
on:
push:
branches: [main, staging]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set environment
run: |
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
echo "DEPLOY_ENV=production" >> $GITHUB_ENV
else
echo "DEPLOY_ENV=staging" >> $GITHUB_ENV
fi
- name: Build
env:
# General environment variables (can be exposed)
NEXT_PUBLIC_APP_URL: ${{ vars.APP_URL }}
NEXT_PUBLIC_API_URL: ${{ vars.API_URL }}
# Secrets (sensitive info)
DATABASE_URL: ${{ secrets.DATABASE_URL }}
AUTH_SECRET: ${{ secrets.AUTH_SECRET }}
API_STRIPE_SECRET: ${{ secrets.API_STRIPE_SECRET }}
run: npm run build
- name: Deploy to Vercel
env:
VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
run: |
npx vercel --prod --token=$VERCEL_TOKEN
name: Deploy
on:
push:
branches: [main, staging]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set environment
run: |
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
echo "DEPLOY_ENV=production" >> $GITHUB_ENV
else
echo "DEPLOY_ENV=staging" >> $GITHUB_ENV
fi
- name: Build
env:
# General environment variables (can be exposed)
NEXT_PUBLIC_APP_URL: ${{ vars.APP_URL }}
NEXT_PUBLIC_API_URL: ${{ vars.API_URL }}
# Secrets (sensitive info)
DATABASE_URL: ${{ secrets.DATABASE_URL }}
AUTH_SECRET: ${{ secrets.AUTH_SECRET }}
API_STRIPE_SECRET: ${{ secrets.API_STRIPE_SECRET }}
run: npm run build
- name: Deploy to Vercel
env:
VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
run: |
npx vercel --prod --token=$VERCEL_TOKEN
GitHub Secrets Configuration Guide
GitHub密钥配置指南
Repository Settings → Secrets and variables → Actions
1. Repository secrets (sensitive info)
├── DATABASE_URL
├── AUTH_SECRET
├── API_STRIPE_SECRET
└── VERCEL_TOKEN
2. Repository variables (general settings)
├── APP_URL
├── API_URL
└── NODE_ENV
3. Environment-specific secrets
├── production/
│ ├── DATABASE_URL (production DB)
│ └── API_STRIPE_SECRET (live key)
└── staging/
├── DATABASE_URL (staging DB)
└── API_STRIPE_SECRET (test key)
仓库设置 → 密钥与变量 → Actions
1. 仓库密钥(敏感信息)
├── DATABASE_URL
├── AUTH_SECRET
├── API_STRIPE_SECRET
└── VERCEL_TOKEN
2. 仓库变量(通用设置)
├── APP_URL
├── API_URL
└── NODE_ENV
3. 环境专属密钥
├── production/
│ ├── DATABASE_URL(生产环境数据库)
│ └── API_STRIPE_SECRET(正式密钥)
└── staging/
├── DATABASE_URL(预发布环境数据库)
└── API_STRIPE_SECRET(测试密钥)
Vercel Environment Variable Configuration
Vercel环境变量配置
Project Settings → Environment Variables
┌─────────────────┬─────────────┬─────────────┬─────────────┐
│ Variable Name │ Development │ Preview │ Production │
├─────────────────┼─────────────┼─────────────┼─────────────┤
│ DATABASE_URL │ dev-db │ staging-db │ prod-db │
│ AUTH_SECRET │ dev-secret │ stg-secret │ prod-secret │
│ API_STRIPE_* │ test key │ test key │ live key │
└─────────────────┴─────────────┴─────────────┴─────────────┘
Configuration steps:
1. Project Settings → Environment Variables
2. Add New Variable
3. Select environment (Development / Preview / Production)
4. Check Sensitive (if sensitive info)
项目设置 → 环境变量
┌─────────────────┬─────────────┬─────────────┬─────────────┐
│ 变量名称 │ 开发环境 │ 预览环境 │ 生产环境 │
├─────────────────┼─────────────┼─────────────┼─────────────┤
│ DATABASE_URL │ dev-db │ staging-db │ prod-db │
│ AUTH_SECRET │ dev-secret │ stg-secret │ prod-secret │
│ API_STRIPE_* │ 测试密钥 │ 测试密钥 │ 正式密钥 │
└─────────────────┴─────────────┴─────────────┴─────────────┘
配置步骤:
1. 进入项目设置 → 环境变量
2. 添加新变量
3. 选择环境(开发/预览/生产)
4. 若为敏感信息,勾选「Sensitive」
Secrets Management Strategy
密钥管理策略
Level-wise Secrets Management
分场景密钥管理
| Level | Secrets Management Method | Tools |
|---|
| Starter | CI/CD platform Secrets | GitHub Secrets, Vercel |
| Dynamic | CI/CD + environment separation | GitHub Environments |
| Enterprise | Dedicated Secrets Manager | Vault, AWS Secrets Manager |
| 场景级别 | 密钥管理方式 | 工具 |
|---|
| 入门级 | CI/CD平台密钥 | GitHub Secrets、Vercel |
| 动态应用 | CI/CD + 环境隔离 | GitHub Environments |
| 企业级 | 专属密钥管理器 | Vault、AWS Secrets Manager |
Starter/Dynamic: CI/CD Secrets
入门级/动态应用:CI/CD密钥
Usage in GitHub Actions
GitHub Actions中的使用示例
- name: Deploy
env:
DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
- name: Deploy
env:
DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
Enterprise: HashiCorp Vault
企业级:HashiCorp Vault
Fetch Secrets from Vault
从Vault拉取密钥
- name: Import Secrets from Vault
uses: hashicorp/vault-action@v2
with:
url: https://vault.company.com
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
secret/data/myapp/production db_password | DB_PASSWORD ;
secret/data/myapp/production api_key | API_KEY
- name: Import Secrets from Vault
uses: hashicorp/vault-action@v2
with:
url: https://vault.company.com
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
secret/data/myapp/production db_password | DB_PASSWORD ;
secret/data/myapp/production api_key | API_KEY
Enterprise: AWS Secrets Manager
企业级:AWS Secrets Manager
typescript
// lib/secrets.ts
import { SecretsManagerClient, GetSecretValueCommand } from "@aws-sdk/client-secrets-manager";
const client = new SecretsManagerClient({ region: "ap-northeast-2" });
export async function getSecret(secretName: string): Promise<Record<string, string>> {
const command = new GetSecretValueCommand({ SecretId: secretName });
const response = await client.send(command);
if (response.SecretString) {
return JSON.parse(response.SecretString);
}
throw new Error(`Secret ${secretName} not found`);
}
// Usage
const dbSecrets = await getSecret("myapp/production/database");
// { host: "...", password: "...", ... }
typescript
// lib/secrets.ts
import { SecretsManagerClient, GetSecretValueCommand } from "@aws-sdk/client-secrets-manager";
const client = new SecretsManagerClient({ region: "ap-northeast-2" });
export async function getSecret(secretName: string): Promise<Record<string, string>> {
const command = new GetSecretValueCommand({ SecretId: secretName });
const response = await client.send(command);
if (response.SecretString) {
return JSON.parse(response.SecretString);
}
throw new Error(`Secret ${secretName} not found`);
}
// 使用示例
const dbSecrets = await getSecret("myapp/production/database");
// { host: "...", password: "...", ... }
Environment-specific Build Configuration
环境专属构建配置
Next.js Environment Configuration
Next.js环境配置
javascript
// next.config.js
const nextConfig = {
// Environment-specific settings
env: {
NEXT_PUBLIC_ENV: process.env.NODE_ENV,
},
// Environment-specific redirects
async redirects() {
if (process.env.NODE_ENV === 'production') {
return [
{ source: '/debug', destination: '/', permanent: false },
];
}
return [];
},
};
module.exports = nextConfig;
javascript
// next.config.js
const nextConfig = {
// Environment-specific settings
env: {
NEXT_PUBLIC_ENV: process.env.NODE_ENV,
},
// Environment-specific redirects
async redirects() {
if (process.env.NODE_ENV === 'production') {
return [
{ source: '/debug', destination: '/', permanent: false },
];
}
return [];
},
};
module.exports = nextConfig;
Environment-specific API Endpoints
环境专属API端点配置
typescript
// lib/config.ts
const config = {
development: {
apiUrl: 'http://localhost:3001',
debug: true,
},
staging: {
apiUrl: 'https://api-staging.myapp.com',
debug: true,
},
production: {
apiUrl: 'https://api.myapp.com',
debug: false,
},
} as const;
type Environment = keyof typeof config;
const env = (process.env.NODE_ENV || 'development') as Environment;
export const appConfig = config[env];
typescript
// lib/config.ts
const config = {
development: {
apiUrl: 'http://localhost:3001',
debug: true,
},
staging: {
apiUrl: 'https://api-staging.myapp.com',
debug: true,
},
production: {
apiUrl: 'https://api.myapp.com',
debug: false,
},
} as const;
type Environment = keyof typeof config;
const env = (process.env.NODE_ENV || 'development') as Environment;
export const appConfig = config[env];
Environment Variable Validation (Pre-deployment)
环境变量校验(部署前)
Required Variable Check Script
必填变量检查脚本
javascript
#!/usr/bin/env node
// scripts/check-env.js
const REQUIRED_VARS = [
'DATABASE_URL',
'AUTH_SECRET',
'NEXT_PUBLIC_APP_URL'
];
const missing = REQUIRED_VARS.filter(v => !process.env[v]);
if (missing.length > 0) {
console.error('❌ Missing required environment variables:');
missing.forEach(v => console.error(` - ${v}`));
process.exit(1);
}
console.log('✅ All required environment variables are set');
javascript
#!/usr/bin/env node
// scripts/check-env.js
const REQUIRED_VARS = [
'DATABASE_URL',
'AUTH_SECRET',
'NEXT_PUBLIC_APP_URL'
];
const missing = REQUIRED_VARS.filter(v => !process.env[v]);
if (missing.length > 0) {
console.error('❌ 缺少必填环境变量:');
missing.forEach(v => console.error(` - ${v}`));
process.exit(1);
}
console.log('✅ 所有必填环境变量已配置完成');
Validation in CI/CD
CI/CD中的校验
GitHub Actions
GitHub Actions
- name: Validate Environment
run: node scripts/check-env.js
env:
DATABASE_URL: ${{ secrets.DATABASE_URL }}
AUTH_SECRET: ${{ secrets.AUTH_SECRET }}
NEXT_PUBLIC_APP_URL: ${{ vars.APP_URL }}
- name: Validate Environment
run: node scripts/check-env.js
env:
DATABASE_URL: ${{ secrets.DATABASE_URL }}
AUTH_SECRET: ${{ secrets.AUTH_SECRET }}
NEXT_PUBLIC_APP_URL: ${{ vars.APP_URL }}
Environment Variable Management Checklist
环境变量管理检查清单
Deployment Checklist
部署检查清单
If problems occur:
1. Immediately rollback to previous version
2. Analyze root cause
3. Fix and redeploy
若出现问题:
1. 立即回滚至上一版本
2. 分析问题根源
3. 修复后重新部署
See
templates/pipeline/phase-9-deployment.template.md
详见
templates/pipeline/phase-9-deployment.template.md
Project complete! Start new feature development cycle from Phase 1 as needed
项目交付完成!后续如需开发新功能,可从第1阶段开启新的开发周期