Branch-to-Environment Map
| Branch or event | What deploys | Follow-up automation |
|---|---|---|
| Feature branch push | Vercel preview deployment for the touched app workflow, subject to the matching vercel-preview-<app> GitHub Environment controls | None by default |
main push | Vercel preview deployment | supabase-staging.yaml can apply staging migrations after preview succeeds |
production push | Vercel production deployment | supabase-production.yaml can apply production migrations after prerequisites pass |
main push for apps/discord | Discord Modal deployment after Python CI succeeds | None |
Manual workflow_dispatch | Depends on workflow | Bypasses normal branch trigger timing, but not the workflow logic; production Supabase migration dispatches must select production |
Self-hosted server after git pull | Docker deploy from current checkout | Optional blue/green cutover through bun serve:web:docker:bg |
Hosted Web Release Flow
Preview
- Preview workflows are named
vercel-preview-<app>.yaml. - They trigger on non-
productionpushes, includingmain. e2e-tests.yamlalso runs only on non-productionpushes; production promotion relies on the already-green validation before the branch is promoted plus the production deployment gates below.- Each workflow checks whether a newer commit exists on the same branch before spending time on install/build/deploy.
- Each deploy job is bound to a
vercel-preview-<app>GitHub Environment and introduces Vercel credentials only after dependency installation. - Preview deploys are the normal validation surface for branch work and merged
mainchanges.
Staging Database
supabase-staging.yamlis tied to theVercel Platform Preview Deploymentworkflow onmain.- The staging migration runs only when the triggering preview deployment concludes successfully, or when manually dispatched.
- The staging deploy step runs
supabase db push --include-allafter linking the staging Supabase project, so staging can converge aftermainmigration history changes. - This means
mainis where app preview and staging schema advancement are meant to stay aligned.
Production
- Production web deploys run through
vercel-production-<app>.yaml. apps/webproduction deploys are handled byvercel-production-platform.yaml.apps/appsproduction deploys are handled byvercel-production-apps.yaml.apps/qrproduction deploys are handled byvercel-production-qr.yaml.- The production workflow also skips if a newer commit already exists on
production. - Production deploy jobs are bound to
vercel-production-<app>GitHub Environments and reject manual dispatches unless the selected branch isproduction.
Browser App Version Metadata
- Browser apps share one platform version from
packages/utils/src/platform-release.ts; do not read visible app versions from individual apppackage.jsonfiles. - The current shared browser app version is
0.1.32. - Every Vercel browser app workflow runs
bun run --silent scripts/ci/generate-build-metadata.tsbeforevercel build. The generated metadata includes the commit hash, short hash, commit message, ref, environment, deployment URL, deployment stamp, and build timestamp. - The account-scoped version badge uses
public.user_configskeySHOW_VERSION_BADGE. It is hidden by default and only exact@tuturuuu.comaccounts may enable a truthy value. - Exact-domain enforcement happens on the server through
isExactTuturuuuDotComEmail; subdomains such as@xwf.tuturuuu.comare not eligible, and client cookies cannot make the badge render for ineligible users.
Production Database
supabase-production.yaml is stricter than staging:
- It re-evaluates automatically after either
Vercel Platform Production Deploymentcompletes onproductionorSupabase Staging Migrationcompletes onmain. - The production Vercel deployment for the target commit must have concluded
successfully on
production. - The
mainstaging migration for the same target commit must have completed with asuccessconclusion. - A manual dispatch can still be used when an operator explicitly wants to run
it, but the dispatch must select the
productionbranch and still satisfy the same production-deployment and staging-migration SHA checks.
supabase db push. This keeps production schema changes behind application
deployment success, staging validation, and branch promotion for the same
commit.
Self-Hosted Web Release Flow
If a server receives code throughgit pull, use the Docker production commands from
the checked-out commit:
bun serve:web:dockerfor in-place replacementbun serve:web:docker:bgfor blue/green rebuild-before-cutover deployment
Team Release Checklist
- Merge the change set with green CI.
- If Docker behavior changed, make sure
docker-setup-check.yamlis green. - If database migrations changed, confirm the
main-driven staging path first. - Promote to
productiononly after preview and staging behavior is understood. - Confirm the follow-up Supabase workflow after production deployment.
- For self-hosted rollout, deploy from the intended commit and prefer
bun serve:web:docker:bg.
Rollback Guidance
- Vercel-hosted rollback: redeploy the previous known-good commit or use Vercel rollback tooling.
- Supabase rollback: use a corrective migration instead of editing applied migration history.
- Self-hosted Docker rollback: checkout the previous known-good commit and rerun
bun serve:web:docker:bg.
What Not To Do
- Do not push production schema changes directly from a laptop as the normal path.
- Do not assume staging and production migrations are interchangeable; they are gated differently.
- Do not manually dispatch production Supabase migration from
main; the only validmainpath is the automatic staging-migration re-evaluation, and the production gate still requires the same commit to have both a successful production deployment and a completed successfulmainstaging migration. - Do not use the in-place Docker path when you specifically need rebuild-before-restart semantics.