Production Operations & Deployments Runbook

Environments & Base URLs#

StudentHub defines multiple environments: dev, dev-server, and prod for the backend, and dev and prod for each frontend portal. Environment-specific configuration files are located under environments/*/common/config/main-local.php in the backend and src/environments/environment.*.ts in each frontend.

Backend API base URLs (as configured in environment files):

Admin: http://localhost:21080 (dev local)
Candidate: http://localhost:22080 (dev local)
Company: http://localhost:23080 (dev local)
Staff: http://localhost:25080 (dev local)
Inspector: http://localhost:24080 (dev local)
Verification: http://localhost:26080 (dev local)

Production and Dev-Server API base URLs (from environment configs):

Staff: https://staff.api.dev.studenthub.co/v1 (dev), https://staff.api.studenthub.co/v1 (prod)
Candidate: https://student.api.dev.studenthub.co/v1 (dev), https://student.api.studenthub.co/v1 (prod)
Verification: https://v.dev.studenthub.co/ (dev), https://v.studenthub.co/ (prod)

Admin Frontend (src/environments/environment.dev.ts and environment.prod.ts):

Dev: apiEndpoint=https://admin.api.dev.studenthub.co/v1, candidateAppUrl=https://student.dev.studenthub.co/, employerAppUrl=https://employer.dev.studenthub.co/, permanentBucketUrl=https://studenthub-uploads-dev-server.s3.amazonaws.com/, cloudinaryUrl=https://res.cloudinary.com/studenthub/image/upload/c_thumb,w_200,h_200,g_face,q_auto:low/v1596525812/dev/
Prod: apiEndpoint=https://admin.api.studenthub.co/v1, candidateAppUrl=https://student.studenthub.co/, employerAppUrl=https://employer.studenthub.co/, permanentBucketUrl=https://studenthub-uploads.s3.amazonaws.com/, cloudinaryUrl=https://res.cloudinary.com/studenthub/image/upload/c_thumb,w_200,h_200,g_face,q_auto/v1596525812/

Staff Frontend (src/environments/environment.dev.ts and environment.prod.ts):

Dev: apiEndpoint=https://staff.api.dev.studenthub.co/v1, permanentBucketUrl=https://studenthub-uploads-dev-server.s3.amazonaws.com/, cloudinaryUrl=https://res.cloudinary.com/studenthub/image/upload/c_thumb,w_200,h_200,g_face,q_auto:low/v1596525812/dev/
Prod: apiEndpoint=https://staff.api.studenthub.co/v1, permanentBucketUrl=https://studenthub-uploads.s3.amazonaws.com/, cloudinaryUrl=https://res.cloudinary.com/studenthub/image/upload/c_thumb,w_200,h_200,g_face,q_auto/v1596525812/

Candidate Frontend (src/environments/environment.dev.ts and environment.prod.ts):

Dev: apiEndpoint=https://student.api.dev.studenthub.co/v1, permanentBucketUrl=https://studenthub-uploads-dev-server.s3.amazonaws.com/, cloudinaryUrl=https://res.cloudinary.com/studenthub/image/upload/c_thumb,w_200,h_200,g_face,q_auto:low/v1596453482/dev/
Prod: apiEndpoint=https://student.api.studenthub.co/v1, permanentBucketUrl=https://studenthub-uploads.s3.amazonaws.com/, cloudinaryUrl=https://res.cloudinary.com/studenthub/image/upload/c_thumb,w_200,h_200,g_face,q_auto/v1596453482/

Company Frontend: No deployment or environment config found in the repo; see "Configured outside code".

Deployment Pipelines#

Backend (Railway)#

Build & Deploy: Uses Railway CLI. Set RAILWAY_DOCKERFILE_PATH to ./Dockerfile-nginx-dev-railway (dev) or ./Dockerfile-nginx-railway (prod). Use railway login, railway link, and railway up to deploy. Reference
Required Env Vars: Set via Railway dashboard or .env files (not in repo).
Database Connectivity:
- Dev: MySQL (host=mysql, db=studenthub, user=studenthubuser, pass=12345)
- Prod: AWS RDS (host=studenthub-prod.cluster-c8mekjvvbygf.eu-west-2.rds.amazonaws.com, db=studenthub, user=bawes, pass=bawes12student!hub)
Logs: Use docker logs <container_id> or Railway dashboard logs. Reference

Admin Frontend (CircleCI → S3/CloudFront)#

Build Steps: On develop branch, runs npm run build:devserver; on master, runs npm run build:production. Reference
Deploy Steps:
- Dev: Syncs www/ to s3://studenthub-admin-dev/, invalidates CloudFront EWGE3N1OKYVZX
- Prod: Syncs to s3://studenthub-admin-prod/, sets cache-control on index.html, invalidates CloudFront E3PPAL159PAQIU
Branch→Env Mapping: develop → dev, master → prod
AWS Credentials: Provided via CircleCI context org-global

Staff Frontend (CircleCI, Netlify)#

Build Steps: CircleCI runs npm run build:devserver (dev) or npm run build:production (prod). Reference
Deploy Steps: Syncs to s3://studenthub-staff-dev/ (dev) or studenthub-staff-prod/ (prod), invalidates CloudFront (ESU6JF6718T50 for dev, E97L4ND30CEDZ for prod)
Netlify: No netlify.toml or Netlify-specific config found in repo. Build settings, redirects, env vars, and deploy triggers must be verified in the Netlify dashboard.

Candidate & Company Frontends#

Hosting/Deploy Config: No deployment config or hosting evidence found in the repo. Marked as Unknown/Verify. To check: inspect hosting provider dashboards (Netlify, AWS, Vercel, etc.) for deployment pipeline, branch-to-environment mapping, build settings, redirects, and environment variables.

Migrations#

Scheduled: Cron runs cd ~/www && ./yii migrate --interactive=0 >> ~/logs/migrate.log every minute. Reference
Manual Run: SSH into the server/container and execute from ~/www:
```
./yii migrate --interactive=0
```
Safety Steps: After migrations, flush schema and cache:
```
./yii cache/flush-schema db
./yii cache/flush cache
```
If issues persist, clear runtime cache directories:
```
rm -rf /var/www/html/*/runtime/cache
```
Reference

Cron/Background Jobs#

Scheduling: OS-level cron, not Docker or Railway cron. Reference
Main Jobs:
- Git/composer updates: every minute
- Environment init: every minute
- Migrations: every minute
- Daily jobs (1:30 PM): birthday/age/civil ID/company payment
- Daily jobs (8:00 AM): summary/payable candidate
- Attendance check (10:30 AM Sun-Thu): sends morning report to staff
- Every-minute job: background tasks
Manual Rerun: SSH and run php ~/www/yii cron/<job>

Backups & Recovery#

MySQL Backup: Dump db.sql and upload to S3:

aws s3 cp ./db.sql s3://studenthub-uploads-dev-server/exports/db.sql

Reference

Restore: Use Railway CLI:

railway connect mysql
SET foreign_key_checks = 0;
source ./railway/staging/studenthub.sql
source ./railway/staging/wallet.sql
SET foreign_key_checks = 1;

Reference

File Storage: Uses AWS S3 buckets (studenthub-uploads-dev-server for dev, studenthub-uploads for prod) and Cloudinary. No backup scripts for Cloudinary; rely on provider retention/versioning.

Observability & Incident Response#

Sentry Logging: Configured in backend environment files (environments/*/common/config/main-local.php) with DSN https://6cbd2100e1ff41e7875352655ffbf50d:e18336b09d864b29aa12aca3fbc6706c@sentry.io/168200 for error/warning levels, tagged by environment (dev, dev-server, production). Reference
Slack Logging: Configured for info/warning levels for admin, candidate, company, staff, remail, common, console categories.
What to Check First: Sentry project for stack traces (environment tags), Slack channels for notifications, ~/logs for cron and migration logs.
Common Incidents: No documentation found in repos for email not sending, PDF export 500, or transfers stuck. Debugging steps must be sourced from Sentry, Slack, Railway, Netlify, or AWS dashboards.

Configured Outside Code#

DNS/base domains: Managed in AWS/Netlify dashboards, not in code.
Staff frontend Netlify build settings, redirects, env vars, deploy triggers: Not present in repo; verify in Netlify dashboard.
Candidate & company frontend hosting/deployment: Not present in repo; verify in hosting provider dashboards (Netlify, AWS, Vercel, etc.).
Pipeline secrets (AWS credentials): Managed in CircleCI contexts.
Incident response playbooks: Not documented in code; check Sentry, Slack, Railway, Netlify, or AWS dashboards.

Day-1 Ops Checklist#

Verify Railway deployments for dev/prod: run railway link, confirm RAILWAY_DOCKERFILE_PATH, inspect AWS RDS/Redis connections in environments/prod/common/config/main-local.php.
Confirm CircleCI contexts: ensure org-global context holds AWS credentials for admin/staff S3/CloudFront buckets as listed in .circleci/config.yml.
Check Sentry project (dsn ...@sentry.io/168200) for alerting rules tied to environment tags and ensure Slack logger targets the correct workspace.
Review cron job logs under ~/logs and trigger key jobs manually (e.g., php ~/www/yii cron/daily) after verifying cache flush steps from README.
Snapshot MySQL (prod RDS) via railway connect mysql and push .sql dump to the appropriate S3 bucket (studenthub-uploads).
Confirm candidate & company frontend deployment channels by logging into their hosting dashboards (Netlify/AWS) and documenting build steps.
Validate environment URLs and APIs for admin/staff/candidate portals using the src/environments/environment.*.ts files for each frontend and the backend environments/ directory before releasing.