name: deployment-ops
description: "Deploy to Render, Replit, Vercel, Cloudflare Workers. Docker, CI/CD, env management. Use when deploying or managing live services."
metadata:
openclaw:
emoji: "🚀"

Deployment Ops

Patterns for deploying and managing live services across platforms.

Platform Selection

Render Deployment

render.yaml Blueprint

services:
  - type: web
    name: x402-paywall
    runtime: node
    buildCommand: npm install && npm run build
    startCommand: npm start
    envVars:
      - key: NODE_ENV
        value: production
      - key: PRIVATE_KEY
        sync: false  # Manual set in dashboard
      - key: RPC_URL
        sync: false
    healthCheckPath: /health

Key Patterns

• Always add /health endpoint
• Use sync: false for secrets (set in dashboard)
• Free tier spins down after 15min — health checks keep it warm
• Build command runs on every deploy

Docker

FROM node:22-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --production=false
COPY . .
RUN npm run build

FROM node:22-alpine
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
COPY package*.json ./
ENV NODE_ENV=production
EXPOSE 3000
CMD ["node", "dist/index.js"]

Docker Rules

• Multi-stage builds (small final image)
• npm ci not npm install (deterministic)
• Never COPY .env or secrets into image
• Use .dockerignore: node_modules, .git, .env, *.md

Environment Management

Pattern: Chain-Aware Config

const config = {
  chainId: parseInt(process.env.CHAIN_ID || '84532'),
  rpcUrl: process.env.RPC_URL || 'https://sepolia.base.org',
  usdcAddress: process.env.USDC_ADDRESS || '0x036CbD53842c5426634e7929541eC2318f3dCF7e',
  easAddress: process.env.EAS_ADDRESS || '0x4200000000000000000000000000000000000021',
  explorerUrl: process.env.EXPLORER_URL || 'https://sepolia.basescan.org',
};
// Mainnet = change env vars, not code

Required Env Vars Template

# Server
PORT=3000
NODE_ENV=production

# Chain
CHAIN_ID=84532
RPC_URL=https://sepolia.base.org
USDC_ADDRESS=0x036CbD53842c5426634e7929541eC2318f3dCF7e
EAS_ADDRESS=0x4200000000000000000000000000000000000021

# Auth
PRIVATE_KEY=         # Server wallet
API_KEY=             # Service auth

# Optional
EXPLORER_URL=https://sepolia.basescan.org
LOG_LEVEL=info

CI/CD with GitHub Actions

name: Deploy
on:
  push:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 22 }
      - run: npm ci
      - run: npm test

  deploy:
    needs: test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Deploy to Render
        uses: johnbeynon/[email protected]
        with:
          service-id: ${{ secrets.RENDER_SERVICE_ID }}
          api-key: ${{ secrets.RENDER_API_KEY }}

Health Endpoints

Every deployed service MUST have:

app.get('/health', (req, res) => {
  res.json({
    status: 'ok',
    timestamp: Date.now(),
    version: process.env.npm_package_version || '1.0.0',
    chain: config.chainId
  });
});

Pre-Deploy Checklist

• [ ] Tests pass locally
• [ ] Health endpoint exists and returns 200
• [ ] Environment variables documented
• [ ] Secrets not in code or Docker image
• [ ] Build succeeds in clean environment (rm -rf node_modules && npm ci && npm run build)
• [ ] .gitignore includes: node_modules, .env, dist, *.log

Cross-References

• monitoring-alerting: Monitor deployed services
• testing-patterns: Run tests before deploy
• smart-contract-security: Security review before contract deploy