Skip to main content

How to deploy to staging

Staging deployments use the same CI/CD pipeline as dev but target the staging namespace and configuration.

info

Staging environment is not yet provisioned. The Terraform tier at infra/terraform/environments/staging/ contains only a placeholder README. This guide documents the intended workflow for when staging is active.

CI/CD pipeline flow

Intended workflow

Automatic (CI-driven)

  1. Push to main triggers ci.yml — runs tests for changed components
  2. Tests pass → build Docker images, tag with commit SHA
  3. Push images to ACR (aucertacr41e0x5.azurecr.io)
  4. Deploy to dev namespace first (canary)
  5. Dev smoke test passes → promote to staging
  6. Staging smoke test → ready for production approval

Manual promotion

# Build and tag for staging
docker build -t aucertacr41e0x5.azurecr.io/backend:staging-$(git rev-parse --short HEAD) \
  -f backend/platform/Dockerfile backend/platform/
docker push aucertacr41e0x5.azurecr.io/backend:staging-$(git rev-parse --short HEAD)

# Deploy via Helm with staging values
helm upgrade --install aucert-staging infra/k8s/charts/aucert-backend \
  -n aucert-staging \
  -f infra/k8s/charts/aucert-backend/values/staging.yaml \
  --set backend.image.tag=staging-$(git rev-parse --short HEAD)

# Verify
kubectl get pods -n aucert-staging
kubectl logs -n aucert-staging -l app=backend --tail=50

Staging vs. dev differences

AspectDevStaging
Namespaceaucert-devaucert-staging
Values filevalues/dev.yamlvalues/staging.yaml
Replicas12+
ResourcesMinimalNear-production
Databaseaucertdev-product-pgSeparate staging PG (planned)
VNet CIDR10.0.0.0/1610.1.0.0/16 (reserved)

What needs to be provisioned

Before staging is operational:

  1. Terraform: Populate infra/terraform/environments/staging/ (database, Redis)
  2. Network: Create staging VNet or subnets (CIDR 10.1.0.0/16 reserved)
  3. K8s namespace: Create aucert-staging namespace with resource quotas
  4. Secrets: Create staging-specific secrets in Key Vault
  5. CI workflow: Add staging deployment step to ci.yml

See Terraform changes for infrastructure provisioning.

What's next