Shipflash logoDocs

Deployment

Deployment needs Vercel configuration, Supabase production setup, provider webhooks, cron routes, domains, and a go-live checklist.

On this page

Deployment checklist

StepVerify
Vercel, Netlify, RailwaySet production env vars, build command, domain, and deployment URL values. Vercel is the default documented path; Netlify and Railway configurations are also supported.
Supabase productionPush migrations, regenerate types, configure auth redirects, and keep the secret key server-only.
WebhooksConfigure Stripe, Lemon Squeezy, and Resend endpoints using production URLs and signing secrets.
Cron jobsSchedule publish, notification outbox, and retention endpoints with Authorization: Bearer <CRON_SECRET>.
DomainsPoint DNS, confirm HTTPS, and ensure APP_URL matches the canonical domain (NEXT_PUBLIC_SITE_URL is legacy fallback).
Smoke testsRun auth, admin, billing setup, checkout, email, cron, and no-secret-in-logs checks.

Deployment safety source map

Production URL and metadata

Public site URL, production URL safety, and SEO metadata rely on validated config.

  • src/lib/config.ts
  • src/lib/seo/metadata/builders.ts

Cron endpoints

Scheduler and cron routes delegate to protected services and preserve request id context.

  • src/features/notifications/server/outbox/services/cron.ts
  • src/features/compliance/server/retention/service.ts

Webhook endpoints

Billing and notification provider callbacks validate signatures and keep processing state visible.

  • src/app/api/webhooks/stripe/billing/route.ts
  • src/app/api/notifications/webhooks/resend/route.ts