DevPath · Learn to code ESPTEN

Capstone: from code to production

The "production-ready" checklist

"It works" is not "it's production-ready"

An app can work perfectly on your laptop and be a disaster in production: no HTTPS, with the database password in the repository, with no way to know whether it has gone down. Before opening the door to real users, you go through a checklist of non-negotiable conditions.

The checklist

  1. Tests in CI. The suite passes automatically on every change. If it is red, nothing gets deployed.
  2. Secrets out of the repo. Keys, tokens, and passwords live in environment variables (or a secrets manager), never in the code or in Git. A committed secret is considered leaked forever.
  3. HTTPS. All traffic is encrypted. Serving credentials over plain HTTP exposes them to anyone on the network.
  4. Logging. The app records what happens (requests, errors) so you can diagnose incidents later, without having to reproduce them blindly.
  5. Health check. An endpoint (/health) that responds whether the app is alive. The orchestrator and the monitoring query it to decide whether to restart or alert.
  6. Backups. Tested backups of the data. A backup that has never been restored is not a backup: it is a hope.
  7. Monitoring and alerts. Metrics (latency, errors, usage) and alerts that notify a person when something goes outside the norm, ideally before the user suffers it.

Why each point matters

No tests in CI    → you deploy bugs without noticing
Secret in the repo → anyone with code access gets into your data
No HTTPS           → credentials travel in the clear
No logging         → a production failure is a mystery with no clues
No health check    → nobody knows the app is down until a user complains
No backups         → an accidental deletion is final
No alerts          → you find out about the incident on Twitter, not on your dashboard

Ready when everything is green

The rule is simple: the app is production-ready when all the points of the checklist are met. If one is missing, it is blocked until it is resolved. In the capstone you will write an evaluateChecklist(state) function that applies exactly that rule: it lists what is missing and decides whether it can be deployed.

This is the end of the track: you no longer build a single piece, but the complete system and the discipline that takes it to production and keeps it alive.

Put this into practice

DevPath is a hands-on course: you read the theory here; in the app you put it into practice with exercises that really run, offline.

Start free in the app →
← From idea to production: the complete journeyView the module →