Skip to content
Bookmarks Docs

Deployment

Deployment

Section titled “Deployment”

Bookmarks deployment is Cloudflare-first.

Release sequence

Section titled “Release sequence”
  1. Create/verify D1 database bookmarks and R2 bucket bookmarks-media.
  2. Update workers/bookmarks/api/wrangler.toml bindings and IDs.
  3. Deploy mail worker for auth notifications (bookmarks-mail-worker preferred target).
  4. Deploy auth worker.
  5. Deploy API worker (wrangler deploy).
  6. Set AUTH_MODE=service and bind AUTH_SERVICE to auth worker (cosmos-auth-worker current, bookmarks-auth-worker target).
  7. Set worker vars:
    • APP_URL=https://bookmarksapp.cosmosdigitalservices.com
    • CORS_ORIGINS includes deployed app origins.
  8. Deploy apps/bookmarks/site to Cloudflare Pages with canonical env:
    • PUBLIC_BOOKMARKS_APP_URL=https://bookmarksapp.cosmosdigitalservices.com
  9. Build/deploy Flutter web and mobile with production API base URL.

Prerequisites

Section titled “Prerequisites”
  • Auth worker has APP_URL set to deployed Bookmarks app URL.
  • Auth worker has healthy MAIL_SERVICE binding (bookmarks-mail-worker preferred).
  • JWT_SECRET and ENCRYPTION_KEY are configured on auth worker.

Post-deploy smoke tests

Section titled “Post-deploy smoke tests”

Run these in order after each production deploy:

  1. GET /health returns { ok: true, service: "bookmarks-api-worker" }.
  2. Login flow works (/v1/auth/login and /v1/auth/refresh).
  3. Session expiry handling works: expired refresh token redirects user to app login with session-expired notice.
  4. /auth/open-app redirects to https://bookmarksapp.cosmosdigitalservices.com.
  5. Email verification redirect lands on /verify-email with verified=1 or error.
  6. Authenticated GET /v1/me returns user context.
  7. Create club (POST /v1/clubs) returns 201 and clubId.
  8. Member can open /v1/clubs/:clubId/settings.
  9. Admin can update club settings and member role.
  10. Note create/comment/reaction flow works.
  11. Meeting create/RSVP/calendar endpoints work.
  12. /v1/clubs/:clubId/stream websocket connects for a member.
  13. Realtime reconnects after app background/resume.

Rollback guidance

Section titled “Rollback guidance”

If critical regressions are detected:

  1. Roll back worker to previous known-good deployment.
  2. Revert app/site to previous release artifact.
  3. Re-run smoke tests against rolled-back versions.
  4. If DB migration introduced incompatibility, halt write traffic and apply a tested corrective migration before re-enable.

Operational guidance

Section titled “Operational guidance”
  • Treat API worker as authorization and persistence boundary.
  • Keep site deployment independent so marketing updates do not block app/API releases.
  • Add direct R2 upload flows only when attachment throughput requires it.
  • After logo updates, regenerate native launcher icons in apps/bookmarks/app using dart run flutter_launcher_icons.