--- id: daily-shipping-and-launch name: "shipping-and-launch" url: https://skills.yangsir.net/skill/daily-shipping-and-launch author: addyosmani domain: ai-ci-cd-deployment tags: ["ci-cd", "deployment", "monitoring", "devops", "release-management"] install_count: 3100 rating: 4.40 (20 reviews) github: https://github.com/addyosmani/agent-skills --- # shipping-and-launch > 安全发布实践，确保部署可观测、可回滚、可增量，部署前配置监控和告警，明确成功指标并准备回滚预案 **Stats**: 3,100 installs · 4.4/5 (20 reviews) ## Before / After 对比 ### 发布成功率 **Before**: 直接部署到生产环境，出现问题后紧急排查和回滚，平均每次发布故障恢复需要 2 小时，月度发布成功率 85% **After**: 自动化预发布检查、金丝雀发布和实时监控，异常自动触发回滚，故障恢复时间降至 5 分钟，月度发布成功率提升至 99% | Metric | Before | After | Change | |---|---|---|---| | 故障恢复时间 | 120分钟 | 5分钟 | -96% | | 发布成功率 | 85% | 99% | +16% | ## Readme # shipping-and-launch # Shipping and Launch ## Overview Ship with confidence. The goal is not just to deploy — it's to deploy safely, with monitoring in place, a rollback plan ready, and a clear understanding of what success looks like. Every launch should be reversible, observable, and incremental. ## When to Use - Deploying a feature to production for the first time - Releasing a significant change to users - Migrating data or infrastructure - Opening a beta or early access program - Any deployment that carries risk (all of them) ## The Pre-Launch Checklist ### Code Quality - All tests pass (unit, integration, e2e) - Build succeeds with no warnings - Lint and type checking pass - Code reviewed and approved - No TODO comments that should be resolved before launch - No `console.log` debugging statements in production code - Error handling covers expected failure modes ### Security - No secrets in code or version control - `npm audit` shows no critical or high vulnerabilities - Input validation on all user-facing endpoints - Authentication and authorization checks in place - Security headers configured (CSP, HSTS, etc.) - Rate limiting on authentication endpoints - CORS configured to specific origins (not wildcard) ### Performance - Core Web Vitals within "Good" thresholds - No N+1 queries in critical paths - Images optimized (compression, responsive sizes, lazy loading) - Bundle size within budget - Database queries have appropriate indexes - Caching configured for static assets and repeated queries ### Accessibility - Keyboard navigation works for all interactive elements - Screen reader can convey page content and structure - Color contrast meets WCAG 2.1 AA (4.5:1 for text) - Focus management correct for modals and dynamic content - Error messages are descriptive and associated with form fields - No accessibility warnings in axe-core or Lighthouse ### Infrastructure - Environment variables set in production - Database migrations applied (or ready to apply) - DNS and SSL configured - CDN configured for static assets - Logging and error reporting configured - Health check endpoint exists and responds ### Documentation - README updated with any new setup requirements - API documentation current - ADRs written for any architectural decisions - Changelog updated - User-facing documentation updated (if applicable) ## Feature Flag Strategy Ship behind feature flags to decouple deployment from release: ``` // Feature flag check const flags = await getFeatureFlags(userId); if (flags.taskSharing) { // New feature: task sharing return ; } // Default: existing behavior return null; ``` **Feature flag lifecycle:** ``` 1. DEPLOY with flag OFF → Code is in production but inactive 2. ENABLE for team/beta → Internal testing in production environment 3. GRADUAL ROLLOUT → 5% → 25% → 50% → 100% of users 4. MONITOR at each stage → Watch error rates, performance, user feedback 5. CLEAN UP → Remove flag and dead code path after full rollout ``` **Rules:** - Every feature flag has an owner and an expiration date - Clean up flags within 2 weeks of full rollout - Don't nest feature flags (creates exponential combinations) - Test both flag states (on and off) in CI ## Staged Rollout ### The Rollout Sequence ``` 1. DEPLOY to staging └── Full test suite in staging environment └── Manual smoke test of critical flows 2. DEPLOY to production (feature flag OFF) └── Verify deployment succeeded (health check) └── Check error monitoring (no new errors) 3. ENABLE for team (flag ON for internal users) └── Team uses the feature in production └── 24-hour monitoring window 4. CANARY rollout (flag ON for 5% of users) └── Monitor error rates, latency, user behavior └── Compare metrics: canary vs. baseline └── 24-48 hour monitoring window └── Advance only if all thresholds pass (see table below) 5. GRADUAL increase (25% -> 50% -> 100%) └── Same monitoring at each step └── Ability to roll back to previous percentage at any point 6. FULL rollout (flag ON for all users) └── Monitor for 1 week └── Clean up feature flag ``` ### Rollout Decision Thresholds Use these thresholds to decide whether to advance, hold, or roll back at each stage: Metric Advance (green) Hold and investigate (yellow) Roll back (red) Error rate Within 10% of baseline 10-100% above baseline >2x baseline P95 latency Within 20% of baseline 20-50% above baseline >50% above baseline Client JS errors No new error types New errors at <0.1% of sessions New errors at >0.1% of sessions Business metrics Neutral or positive Decline <5% (may be noise) Decline >5% ### When to Roll Back Roll back immediately if: - Error rate increases by more than 2x baseline - P95 latency increases by more than 50% - User-reported issues spike - Data integrity issues detected - Security vulnerability discovered ## Monitoring and Observability ### What to Monitor ``` Application metrics: ├── Error rate (total and by endpoint) ├── Response time (p50, p95, p99) ├── Request volume ├── Active users └── Key business metrics (conversion, engagement) Infrastructure metrics: ├── CPU and memory utilization ├── Database connection pool usage ├── Disk space ├── Network latency └── Queue depth (if applicable) Client metrics: ├── Core Web Vitals (LCP, INP, CLS) ├── JavaScript errors ├── API error rates from client perspective └── Page load time ``` ### Error Reporting ``` // Set up error boundary with reporting class ErrorBoundary extends React.Component { componentDidCatch(error: Error, info: React.ErrorInfo) { // Report to error tracking service reportError(error, { componentStack: info.componentStack, userId: getCurrentUser()?.id, page: window.location.pathname, }); } render() { if (this.state.hasError) { return this.setState({ hasError: false })} />; } return this.props.children; } } // Server-side error reporting app.use((err: Error, req: Request, res: Response, next: NextFunction) => { reportError(err, { method: req.method, url: req.url, userId: req.user?.id, }); // Don't expose internals to users res.status(500).json({ error: { code: 'INTERNAL_ERROR', message: 'Something went wrong' }, }); }); ``` ### Post-Launch Verification In the first hour after launch: ``` 1. Check health endpoint returns 200 2. Check error monitoring dashboard (no new error types) 3. Check latency dashboard (no regression) 4. Test the critical user flow manually 5. Verify logs are flowing and readable 6. Confirm rollback mechanism works (dry run if possible) ``` ## Rollback Strategy Every deployment needs a rollback plan before it happens: ``` ## Rollback Plan for [Feature/Release] ### Trigger Conditions - Error rate > 2x baseline - P95 latency > [X]ms - User reports of [specific issue] ### Rollback Steps 1. Disable feature flag (if applicable) OR 1. Deploy previous version: `git revert && git push` 2. Verify rollback: health check, error monitoring 3. Communicate: notify team of rollback ### Database Considerations - Migration [X] has a rollback: `npx prisma migrate rollback` - Data inserted by new feature: [preserved / cleaned up] ### Time to Rollback - Feature flag: < 1 minute - Redeploy previous version: < 5 minutes - Database rollback: < 15 minutes ``` ## See Also - For security pre-launch checks, see `references/security-checklist.md` - For performance pre-launch checklist, see `references/performance-checklist.md` - For accessibility verification before launch, see `references/accessibility-checklist.md` ## Common Rationalizations Rationalization Reality "It works in staging, it'll work in production" Production has different data, traffic patterns, and edge cases. Monitor after deploy. "We don't need feature flags for this" Every feature benefits from a kill switch. Even "simple" changes can break things. "Monitoring is overhead" Not having monitoring means you discover problems from user complaints instead of dashboards. "We'll add monitoring later" Add it before launch. You can't debug what you can't see. "Rolling back is admitting failure" Rolling back is responsible engineering. Shipping a broken feature is the failure. ## Red Flags - Deploying without a rollback plan - No monitoring or error reporting in production - Big-bang releases (everything at once, no staging) - Feature flags with no expiration or owner - No one monitoring the deploy for the first hour - Production environment configuration done by memory, not code - "It's Friday afternoon, let's ship it" ## Verification Before deploying: - Pre-launch checklist completed (all sections green) - Feature flag configured (if applicable) - Rollback plan documented - Monitoring dashboards set up - Team notified of deployment After deploying: - Health check returns 200 - Error rate is normal - Latency is normal - Critical user flow works - Logs are flowing - Rollback tested or verified ready Weekly Installs557Repository[addyosmani/agent-skills](https://github.com/addyosmani/agent-skills)GitHub Stars8.9KFirst SeenFeb 16, 2026Security Audits[Gen Agent Trust HubPass](/addyosmani/agent-skills/shipping-and-launch/security/agent-trust-hub)[SocketPass](/addyosmani/agent-skills/shipping-and-launch/security/socket)[SnykPass](/addyosmani/agent-skills/shipping-and-launch/security/snyk)Installed oncodex544opencode540gemini-cli539github-copilot538kimi-cli538cursor538 --- *Source: https://skills.yangsir.net/skill/daily-shipping-and-launch* *Markdown mirror: https://skills.yangsir.net/api/skill/daily-shipping-and-launch/markdown*