Skip to content

DEPLOYMENT_CHECKLIST.md

Latest commit

 

History

History
138 lines (108 loc) · 3.75 KB

DEPLOYMENT_CHECKLIST.md

File metadata and controls

138 lines (108 loc) · 3.75 KB

Deployment Checklist for synchronizer-cli

Pre-deployment Steps

1. Update Package Metadata

  • Update author field in package.json (currently "Your Name")
  • Update repository.url in package.json (currently has placeholder)
  • Verify version number follows semver
  • Review description for accuracy
  • Check keywords are relevant

2. Code Review

  • Review index.js for any hardcoded values
  • Ensure no API keys or secrets are exposed
  • Verify all console.log statements are appropriate for production
  • Check error handling is comprehensive

3. Security Audit

  • Run npm audit to check for vulnerabilities
  • Review dependencies are up to date
  • Ensure the generated sync hash is cryptographically secure
  • Verify config files are stored securely in user's home directory

4. Testing

  • Test synchronizer init command
  • Test synchronizer start command (requires Docker)
  • Test synchronizer service command
  • Test on different operating systems if possible
  • Verify the CLI works when installed globally

5. Documentation

  • README.md is complete and accurate
  • Installation instructions are clear
  • Usage examples are provided
  • Any prerequisites (Docker) are documented

Deployment Steps

1. Final Checks

# Run the pre-publish check
node pre-publish-check.js

# Check what files will be published
npm pack --dry-run

# Review the package contents
npm pack
tar -tzf synchronizer-cli-1.0.0.tgz
rm synchronizer-cli-1.0.0.tgz

2. NPM Authentication

# Login to npm (if not already)
npm login

# Verify you're logged in
npm whoami

3. Publish

# Do a dry run first
npm publish --dry-run

# If everything looks good, publish
npm publish

# For scoped packages (if you decide to use one)
# npm publish --access public

4. Post-deployment Verification

# Check the package on npm
npm view synchronizer-cli

# Test installation
npm install -g synchronizer-cli

# Verify the CLI works
synchronizer --version
synchronizer --help

What's Included in the Package

Based on the files field in package.json, only these files will be published:

  • index.js - The main CLI script
  • README.md - Documentation
  • package.json - Package metadata (always included)

The following are explicitly excluded:

  • node_modules/ - Dependencies are installed by users
  • package-lock.json - Not needed for libraries
  • .npmignore - Not published
  • pre-publish-check.js - Development tool
  • DEPLOYMENT_CHECKLIST.md - This file

Security Considerations

  1. Sync Hash Generation: The app generates a unique sync hash using:

    • Optional user-provided name
    • System hostname
    • Random 8-byte secret
    • SHA-256 hashing

  2. Config Storage: User configurations are stored in ~/.synchronizer-cli/config.json

    • Contains sensitive data (keys, wallets)
    • Should have appropriate file permissions

  3. Docker Security: The app runs Docker containers

    • Uses official cdrakep/synqchronizer:latest image
    • Passes sensitive data as command-line arguments (consider using environment variables instead)

Potential Improvements for Future Versions

  1. Add --version flag support
  2. Add more robust error handling for Docker operations
  3. Consider using environment variables instead of CLI args for sensitive data
  4. Add update notifications
  5. Add config backup/restore functionality
  6. Add support for multiple configurations/profiles
  7. Consider adding tests
  8. Add TypeScript types or JSDoc comments

Emergency Procedures

If you need to unpublish (only works within 72 hours):

npm unpublish synchronizer-cli@1.0.0

To deprecate a version:

npm deprecate synchronizer-cli@1.0.0 "Critical bug, please update"