Deployment

Deploy your ShipSecure application to any platform.

ShipSecure works with any platform that supports Next.js. Follow these general steps regardless of your hosting provider.

Environment Variables

Add these environment variables in your hosting provider's dashboard (Vercel, Netlify, Railway, etc.):

Required Variables

# Database - Use production PostgreSQL (Supabase, Neon, Railway, etc.)
DATABASE_URL=postgresql://user:password@host:port/database

# Authentication - Generate if you don't have one
AUTH_SECRET=your-generated-secret-here

# GitHub OAuth - Get from: https://github.com/settings/developers
GITHUB_CLIENT_ID=your_github_client_id
GITHUB_CLIENT_SECRET=your_github_client_secret

Where to add: Each hosting platform has an "Environment Variables" or "Secrets" section in their dashboard. Add these before your first deployment.

Optional Variables

# Rate Limiting - Recommended for production on serverless platforms
# Get from: https://console.upstash.com/
UPSTASH_REDIS_REST_URL=https://your-redis-instance.upstash.io
UPSTASH_REDIS_REST_TOKEN=your_upstash_token

# Google OAuth - Only if you're using Google sign-in
AUTH_GOOGLE_ID=your_google_client_id
AUTH_GOOGLE_SECRET=your_google_client_secret

# Public URL - Update to your production domain
NEXT_PUBLIC_APP_URL=https://your-domain.com

# Google Analytics - Get from: https://analytics.google.com/
NEXT_PUBLIC_GA_ID=G-XXXXXXXXXX

Important:

Use production database (not localhost)
Generate a new AUTH_SECRET for production (don't reuse development secret)
Update OAuth callback URLs in GitHub/Google settings to your production domain

General Deployment Steps

Follow these steps for any hosting platform:

Step 1: Push Your Code

# Push your code to GitHub (or your Git provider)
git add .
git commit -m "Ready for deployment"
git push origin main

Step 2: Connect Repository

Go to your hosting platform's dashboard (Vercel, Netlify, etc.)
Click "New Project" or "Import Project"
Connect your GitHub repository
Select the repository and branch (usually main)

Step 3: Add Environment Variables

In your hosting platform's dashboard, find "Environment Variables" or "Secrets"
Add all required variables (see Environment Variables section above)
Important: Add them for "Production" environment (some platforms also have Preview/Development)

Step 4: Update OAuth Callback URLs

Before deploying, update OAuth callback URLs in provider settings to your production domain:

GitHub: Add https://your-domain.com/api/auth/callback/github
Google: Add https://your-domain.com/api/auth/callback/google

For detailed instructions, see the Authentication Guide → Production Setup section.

Step 5: Deploy

Click "Deploy" in your hosting platform
Most platforms auto-detect Next.js and run npm run build
Wait for build to complete (usually 2-5 minutes)
Your app will be live at the provided URL!

After deployment: Update NEXT_PUBLIC_APP_URL environment variable to your actual domain.

Build Configuration

The build command is already configured in package.json:

# This command runs automatically during deployment
npm run build

What it does:

Compiles TypeScript
Builds Next.js application
Generates static pages
Optimizes assets

Platform-specific configs:

Netlify: netlify.toml file is included with correct settings
Vercel: Auto-detects Next.js, no config needed
Other platforms: Usually auto-detect, but you can set build command to npm run build if needed

Database Migration

After your first deployment, you need to run database migrations to create tables:

Option 1: Run Migration Manually (Recommended)

After deployment, run this command in your hosting platform's terminal/SSH:

# This applies all pending migrations to production database
npx prisma migrate deploy

When to run: Once after first deployment, or whenever you add new migrations.

Option 2: Add to Build Command (Advanced)

Some platforms allow running commands before build:

# Add this as your build command (if platform supports it)
npx prisma generate && npm run build

Note: prisma generate creates TypeScript types, but doesn't run migrations. You still need to run prisma migrate deploy separately.

Verify Migration

After running migrations, verify tables were created:

# Open Prisma Studio to view database
npx prisma studio

You should see: User, Account, Session tables.

Supported Platforms

ShipSecure works with any platform that supports Next.js:

Recommended Platforms

Vercel - Best Next.js support, auto-detects, zero config needed
Netlify - netlify.toml already configured, great Next.js support
Railway - Easy PostgreSQL setup, good for full-stack apps
Render - Full-stack app support, easy database setup

Other Options

Fly.io - Docker or Node.js deployment
DigitalOcean App Platform - Simple Node.js hosting
AWS Amplify - AWS integration
Any Node.js host - Standard Next.js deployment works anywhere

Platform-Specific Notes

Vercel:

Auto-detects Next.js
Add environment variables in dashboard
Run npx prisma migrate deploy after first deployment (via Vercel CLI or terminal)

Netlify:

netlify.toml is pre-configured
Add environment variables in Site settings → Environment variables
Run migrations via Netlify CLI: netlify dev or deploy via Git

Railway:

Can provision PostgreSQL automatically
Add environment variables in project settings
Run migrations via Railway CLI or in deployment logs

CI/CD

ShipSecure includes GitHub Actions for continuous integration:

Automated Testing

Tests run automatically on every Pull Request via .github/workflows/ci.yml:

# Tests run on:
# - Every pull request
# - Pushes to main branch
# - Includes: Unit tests (Vitest) + E2E tests (Playwright)

What's tested:

Security headers
Rate limiting
Input validation
Authentication flows

Build Process

Note: The deployment build process does NOT run tests (for faster deploys). Tests only run in CI/CD pipeline.

To run tests locally:

# Run all tests
npm test

# Run E2E tests
npm run test:e2e

Next Steps

Security Features - Verify security is configured
Testing Guide - Run tests before deploying
FAQ - Troubleshooting deployment issues