🔒 Internal Handbook — confidential. Do not share links or content with anyone outside G-Starlink.
TechDeployment

Deployment

How changes go from developer machine to production.

Per-project deployment

OMS (shopify-esim-system)

  • Hosted: Vercel (main production), with Cloudflare as DNS
  • Branch → environment:
    • main → production at oms.gstarlink.com
    • Feature branches → preview deployments automatically
  • Environment variables configured in Vercel dashboard
  • Database migrations via Supabase CLI (supabase db push)

Handbook (gstarlink-handbook)

  • Hosted: Cloudflare Pages
  • Two separate Pages projects:
    • gstarlink-handbook-internal — builds with npm run build:internal, deploys to handbook.gstarlink.com, protected by Cloudflare Access
    • gstarlink-handbook-public — builds with npm run build:public (runs export script first), deploys to docs.gstarlink.com, unauthenticated
  • GitHub Actions runs both builds on push to main

eSIM Hub (esim-hub)

  • Status: WIP, target Cloudflare Pages or Vercel
  • Will follow same pattern as OMS

Chatbot (gstarlink-chatbot)

  • Cloudflare Workers
  • Deployed via wrangler deploy
  • Changes to main branch auto-deploy via GitHub Actions

Environment separation

Current state: no staging environment. Every change goes straight to production with Vercel preview deployments as the safety net.

Target state:

  • main branch → production
  • staging branch → staging (connected to a separate Supabase project)
  • Feature branches → Vercel previews

Setting up staging is on the tech backlog.

Pre-deploy checklist

Before merging to main:

  • Tests pass locally
  • PR reviewed by at least one other person
  • Database migrations (if any) are additive only — no destructive changes without a planned rollback
  • Environment variables updated if new secrets introduced
  • Changelog or ADR written if this is a significant change

Rollback

Vercel keeps previous deployments — rollback is one-click from the dashboard. Database migrations are harder — keep them additive to avoid needing data-level rollback.

Monitoring

  • Vercel logs for OMS errors
  • Supabase logs for database issues
  • Cloudflare analytics for handbook and chatbot
  • Shopify webhook delivery logs (for retail order ingestion issues)

TODO: set up a unified alerting channel (e.g. Slack #alerts) that all systems post to.

Credentials policyIncident response