# Phase 12: Hardening **Status:** ⬜ Not Started **Parent plan:** [PLAN.md](./PLAN.md) **Domain:** backend ## Objective Production hardening — blue-green deploys, promote flow, dashboard auth, graceful shutdown, structured logging, and config export. ## Tasks - [ ] Task 1: Blue-green deploys — start new container, health check, swap NPM proxy, then stop old container (zero downtime) - [ ] Task 2: Promote flow — enforce `promote_from` for production deploys (only tags running in source stage are eligible) - [ ] Task 3: Dashboard auth — basic auth or token-based authentication for the web UI - [ ] Task 4: Auth middleware — protect all /api/* routes except webhook - [ ] Task 5: Graceful shutdown — handle SIGTERM/SIGINT, drain in-progress deploys, close DB, stop poller - [ ] Task 6: Structured logging — JSON logs with deploy context (project, stage, tag, instance ID) - [ ] Task 7: Config export — download current SQLite state as YAML (reverse of seed import) - [ ] Task 8: Dockerfile — multi-stage build (build frontend + Go, copy to minimal image) - [ ] Task 9: docker-compose.yml — production-ready compose file with volumes, network, env - [ ] Task 10: Final wiring review — ensure all services are properly initialized and shut down ## Files to Modify/Create - `internal/deployer/bluegreen.go` — blue-green deploy strategy - `internal/deployer/promote.go` — promote flow logic - `internal/api/auth.go` — authentication middleware - `internal/config/export.go` — config export to YAML - `internal/logging/logger.go` — structured JSON logger - `cmd/server/main.go` — graceful shutdown, structured logging init - `Dockerfile` — multi-stage build - `docker-compose.yml` — production compose file ## Acceptance Criteria - Blue-green: zero downtime during deploy (old container serves until new one is healthy) - Promote: production deploy only accepts tags from the specified source stage - Auth: unauthenticated requests to /api/* (except webhook) return 401 - Graceful shutdown: in-progress deploys complete before exit - Logs are JSON-formatted with contextual fields - Config export produces valid YAML that could be re-imported - Docker image builds and runs correctly ## Notes - Blue-green: keep old container running until new one passes health check, then swap NPM proxy and stop old - Auth: start simple (basic auth via env var), can be enhanced later (JWT, OIDC) - SIGTERM handling: use Go's `os/signal` + `context.WithCancel` - Structured logging: use `log/slog` (Go stdlib since 1.21) - Dockerfile: build stage with Node.js + Go, runtime stage with scratch/alpine - This is the FINAL phase — build and full test suite MUST pass here ## Review Checklist - [ ] All tasks completed - [ ] Blue-green deploy handles rollback if new container fails - [ ] Auth doesn't block webhook endpoint - [ ] Graceful shutdown tested with concurrent deploys - [ ] Dockerfile produces a minimal image - [ ] docker-compose.yml matches the example in PLAN.md ## Handoff to Next Phase