Deploy, release, and operate FormaOS in production. Use when working with Vercel deployment, CI/CD pipelines (GitHub Actions), environment variables, database migrations, release discipline, monitoring (Sentry, PostHog, OpenTelemetry), cron jobs, or production incidents. Also use for mobile app deployment (Capacitor/React Native).
syd1)| Area | Path |
|---|---|
| Vercel config | vercel.json |
| Next.js config |
next.config.ts |
| CI/CD workflows | .github/workflows/ (10+ pipelines) |
| Environment template | .env.example |
| Release checklist | RELEASE_DISCIPLINE_CHECKLIST.md |
| Changelog | CHANGELOG.md |
| Database migrations | supabase/migrations/ |
| Background jobs | trigger/ |
| Mobile app | mobile/, capacitor.config.json |
| Build scripts | scripts/ |
| Cron config | vercel.json (compliance check at 6 AM UTC) |
# 1. Code quality (run in parallel)
npm run lint # ESLint — must pass
npm run type-check # TypeScript — zero errors
# 2. Tests
npm run test # Unit tests — must pass
npm run qa:smoke # Smoke E2E — must pass
# 3. Build
npm run build # Next.js build — must succeed
# 4. Full QA (for major releases)
npm run qa:full # All test suites
npm run test:compliance:all # Compliance checks
npm run test:security # Security baseline
| Workflow | Purpose |
|---|---|
qa-pipeline.yml | Primary: lint, type-check, tests, build |
security-scan.yml | Dependency audits, security baseline |
compliance-testing.yml | GDPR + SOC 2 validation |
accessibility-testing.yml | A11y smoke tests |
performance-check.yml | Lighthouse metrics |
deployment-gates.yml | Pre-deployment validation |
visual-regression.yml | Screenshot regression |
security-baseline.yml | Security baseline checks |
load-testing.yml | Load/stress testing |
quality-dashboard.yml | Test metrics aggregation |
| Variable | Purpose |
|---|---|
NEXT_PUBLIC_SUPABASE_URL | Database connection |
SUPABASE_SERVICE_ROLE_KEY | Server-only admin DB access |
STRIPE_* (6 keys) | Billing (LIVE production keys) |
FOUNDER_EMAILS | Admin access control |
UPSTASH_REDIS_* | Rate limiting / caching |
SENTRY_* | Error monitoring |
TRIGGER_* | Background job config |
main → Vercel auto-deploys/api/healthsupabase/migrations/mobile/ build scriptscapacitor.config.json version| Schedule | Job | Path |
|---|---|---|
| Daily 6 AM UTC | Compliance check | app/api/cron/ |
main — ensure CI passes firstRELEASE_DISCIPLINE_CHECKLIST.md for major releases/api/health) must return 200 post-deployvercel.json).env.local — it contains production secrets