Skip to main content

Production Checklist

Before launching your Supabase TDD Boilerplate application to production, ensure you've completed the following checklist. This will help you maintain a secure, performant, and well-monitored application.

1. Stripe Configuration

  • Stripe is set to live mode
  • Live webhook endpoints are configured and tested
  • All necessary products and prices are created in the live Stripe dashboard
  • Stripe keys (public and secret) are updated in your environment variables
  • Webhook signing secret is configured
  • Payment methods are properly configured
  • Tax rates are set up (if applicable)
  • Customer portal is configured
  • Refund and dispute handling is tested
  • Email notifications are configured

2. Analytics and Tracking

  • Google Tag Manager is set up
  • Google Analytics is configured and linked to Tag Manager
  • Custom events are tracked as needed
  • Conversion tracking is configured
  • User journey tracking is implemented
  • Error tracking is set up
  • Performance monitoring is enabled
  • Privacy-compliant data collection is configured
  • Cross-domain tracking is set up (if needed)
  • Goals and funnels are defined

3. Search Engine Optimization

  • Google Search Console is set up for your domain
  • Sitemap is generated and accessible at /sitemap.xml
  • Sitemap is submitted to Google Search Console
  • Robots.txt is properly configured
  • Meta tags are optimized for all pages
  • OpenGraph tags are implemented
  • Twitter cards are configured
  • Structured data is implemented where applicable
  • Canonical URLs are set up
  • Mobile-friendly test passed

4. Environment Variables

  • All production environment variables are set in your hosting platform (e.g., Vercel)
  • Sensitive information is properly secured and not exposed in client-side code
  • Development and staging variables are separate
  • API keys have appropriate permissions
  • Backup copies of all credentials are stored securely
  • Environment-specific configurations are documented
  • Secret rotation policy is in place
  • Environment variable validation is implemented
  • Error messages don't leak sensitive information
  • Production URLs are correctly set

5. Email Configuration

  • Custom SMTP is set up (e.g., using Resend)
  • Email templates are finalized and tested
  • Transactional emails are working
  • SPF and DKIM records are configured
  • DMARC policy is set up
  • Bounce handling is configured
  • Unsubscribe functionality works
  • Email analytics are set up
  • Test emails sent to major providers
  • Email templates are responsive

6. Security

  • Review and implement the Supabase Production Checklist
  • Enable Row Level Security (RLS) for all tables
  • Set up appropriate RLS policies
  • Enable SSL enforcement
  • Configure network restrictions for your database
  • Set up multi-factor authentication (MFA) for your Supabase account
  • Security headers are configured:
    • Content Security Policy (CSP)
    • X-Frame-Options
    • X-Content-Type-Options
    • Referrer-Policy
    • Permissions-Policy
  • CORS policies are properly configured
  • Rate limiting is implemented
  • Input validation is thorough
  • SQL injection prevention is in place
  • XSS protection is implemented
  • CSRF protection is enabled
  • Password policies are enforced
  • Session management is secure
  • Error handling doesn't expose sensitive info
  • Audit logging is enabled

7. Performance

  • Run performance tests on your production environment
  • Set up monitoring and alerting for key metrics
  • Image optimization is configured
  • Asset caching is implemented
  • Database queries are optimized
  • CDN is properly configured
  • Lazy loading is implemented where appropriate
  • Bundle size is optimized
  • Server-side rendering is configured correctly
  • Database connection pooling is optimized
  • Memory usage is monitored
  • CPU utilization is tracked
  • Response times are monitored
  • Load balancing is configured (if applicable)
  • Auto-scaling is set up (if applicable)

8. Backup and Recovery

  • Configure regular database backups
  • Test the restore process
  • Implement point-in-time recovery
  • Set up backup monitoring
  • Document recovery procedures
  • Test disaster recovery plan
  • Configure backup retention policies
  • Set up backup notifications
  • Verify backup integrity
  • Store backups in multiple locations

9. Compliance

  • Ensure your application complies with relevant data protection regulations (e.g., GDPR, CCPA)
  • Privacy policy and terms of service are up to date and easily accessible
  • Cookie consent is implemented
  • Data retention policies are in place
  • Data processing agreements are signed
  • User data export functionality exists
  • Right to be forgotten is implemented
  • Age verification is in place (if required)
  • Accessibility compliance (WCAG)
  • Legal requirements for your jurisdiction

10. User Experience

  • Test the entire user journey in the production environment
  • Ensure all transactional emails are being sent and received correctly
  • Error messages are user-friendly
  • Loading states are implemented
  • Form validation is user-friendly
  • Mobile responsiveness is tested
  • Cross-browser testing is complete
  • Offline functionality works (if applicable)
  • Search functionality is optimized
  • Navigation is intuitive

11. Documentation

  • API documentation is up to date (if applicable)
  • Internal documentation for maintenance and troubleshooting is prepared
  • Deployment procedures are documented
  • Configuration changes are tracked
  • Known issues are documented
  • Runbooks are created
  • Architecture diagrams are updated
  • Change log is maintained
  • User documentation is complete
  • Support procedures are documented

Final Steps

  • Conduct a final review of all settings and configurations
  • Perform a soft launch or beta test if possible
  • Set up a process for gathering and acting on user feedback
  • Configure uptime monitoring
  • Set up status page
  • Prepare incident response plan
  • Schedule regular maintenance windows
  • Create rollback procedures
  • Test scaling procedures
  • Document launch plan

By completing this checklist, you'll be well-prepared for a successful launch of your Supabase TDD Boilerplate application. Remember to regularly review and update your production environment to maintain security and performance.

Post-Launch Monitoring

After launch, regularly monitor:

  • Application performance
  • Error rates
  • User feedback
  • Security alerts
  • System resources
  • Database performance
  • API response times
  • User engagement metrics
  • Conversion rates
  • Support tickets

Regular Maintenance

Schedule regular maintenance for:

  • Security patches
  • Dependency updates
  • Performance optimization
  • Database maintenance
  • Backup verification
  • SSL certificate renewal
  • API key rotation
  • Documentation updates
  • Compliance reviews
  • User experience improvements