Deployment Procedure

Production deployment checklist for Cloudflare Workers and mobile applications

Public

Deployment Procedure

Implements: Change Management Policy Owner: Security Lead Last Updated: 21 May 2026 Next Review: 21 November 2026

Cloudflare Workers Deployment

All Cloudflare Workers deploy via GitHub Actions CI/CD. Manual deployment is only used for emergencies.

Automated (Standard)

  1. PR merged to main
  2. CI runs: lint, test, build
  3. CI deploys to sandbox (if applicable)
  4. Sandbox deployment verified
  5. CI deploys to production (for repos with production deployment in CI)
  6. Post-deploy health checks run automatically

Pre-Deploy Checklist

Before merging to main:

  • PR approved by required reviewer(s)
  • CI passes (all checks green)
  • No unresolved review comments
  • If API change: backward compatibility confirmed or migration communicated
  • If secret change: secret updated in Cloudflare before deploy

Post-Deploy Verification

After deployment:

  • Worker responds to health check endpoint (where available)
  • No spike in error rates on Cloudflare dashboard
  • Key flows work end-to-end (challenge → proof → verification)
  • Monitor for 30 minutes (standard) or 2 hours (significant change)

Manual Emergency Deployment

# Deploy directly from local machine
cd /path/to/repo
wrangler deploy --env production

Only used when CI is unavailable and a P1/P2 incident requires an immediate fix.

Mobile App Deployment (Provii mobile wallet client repository, MaelstromAI GitHub enterprise)

iOS

  1. Merge to main triggers CI build
  2. CI builds.ipa and uploads to TestFlight
  3. Internal testing on TestFlight (minimum 24 hours for significant changes)
  4. Submit to App Store Connect for review
  5. Apple review (typically 24-48 hours)
  6. Release to App Store (phased rollout: 1%, 5%, 10%, 50%, 100%)

Android

  1. Merge to main triggers CI build
  2. CI builds.aab and uploads to Google Play Console
  3. Internal testing track (minimum 24 hours for significant changes)
  4. Promote to production track
  5. Google Play review (typically 2-7 days)
  6. Staged rollout: 5%, 20%, 50%, 100%

Mobile Rollback

  • iOS: Cannot roll back. Must submit a new version with the fix.
  • Android: Can halt rollout in Google Play Console. Must submit a new version to fix.

Deployment Freeze Periods

No non-emergency deployments during:

  • Active P1/P2 incidents
  • Public holidays (Australian national holidays)
  • Pre-announced maintenance windows for Cloudflare

During freeze periods, only emergency changes per the Emergency Change Process are permitted.