TradePsykl Docs

Appearance

Deployment

This guide describes how TradePsykl is deployed using GitHub Actions and cloud-native services. It references workflow files and cloud resources; see those files directly for exact configuration.

  • Workflows: .github/workflows/ (CI in ci.yml, deployment workflows will be added as deploy*.yml)
  • Environments: GitHub Environments (dev, prod) with protection rules
  • Runtime: Container images in a registry and services running on a managed container platform
  • Secrets: Managed via GitHub Environments/Secrets and/or a cloud secrets manager; apps read them at runtime

Environments

  • dev (local Docker): fast iteration; manual runs allowed via workflow_dispatch for dev deploys when applicable.
  • prod: protected; deploys only from signed/tagged releases with environment approval.

Each environment is represented as a GitHub Environment with its own secrets and protection settings. See docs/devops/environments.md for shared definitions.

Access from GitHub Actions (OIDC)

  • Use OpenID Connect (OIDC) federation to obtain short-lived cloud credentials at job runtime.
  • Avoid long-lived credentials in repo/secrets.
  • Assign least-privilege roles to the workflow identity to allow only:
    • Push/pull container images
    • Deploy/update services
    • Read needed secrets from the secrets manager

Artifacts and versioning

  • Images are tagged with branch, short SHA, and release tags.
  • Prod pulls immutable release tags (or digests) to support deterministic rollbacks.

See docs/devops/registry.md for image naming, tagging, and promotion practices using GHCR.

Triggers

  • CI (.github/workflows/ci.yml): validates on push/PR.
  • Deployment workflows (to be added):
    • dev: manual from Actions (workflow_dispatch) and optional on main merges
    • prod: on release tags with environment approval

Observability

  • Centralized logs and metrics (container logs, request metrics).
  • Health checks exposed by services are used for rollout validation and can gate progressive deployment.

Runbooks

  • Manual deploy (dev): trigger the dev deployment workflow from Actions; select image tag and environment.
  • Rollback: redeploy the last known-good image tag for the target environment.
  • Secrets rotation: update in the GitHub Environment secrets or cloud secrets manager and redeploy services to refresh configuration.

References

  • CI/CD overview: docs/devops/ci-cd.md
  • Environments: docs/devops/environments.md
  • Secrets management: docs/devops/secrets.md
  • Implementation plan: docs/05-implementation.md
  • Workflows: .github/workflows/

Documentation generated with VitePress

© 2025 TradePsykl