Deployments
Production map
Section titled “Production map” ┌──────────────────────────────┐ │ Cloudflare │ │ DNS + Access + Pages + Tunnel │ └──────────────┬───────────────┘ │ ┌────────────────────────┼────────────────────────┐ │ │ │ ▼ ▼ ▼ docs.tappass.ai app.tappass.ai internal-docs.tappass.ai (Pages) (Cloud Run) (Pages + Access) │ │ │ ▼ ▼ ▼ tappass/docs tappass/tappass tappass/docs-internal (GitHub Actions → (GitHub Actions → (GitHub Actions → Pages) Artifact Registry → Pages) Cloud Run)Per-service reference
Section titled “Per-service reference”| Service | Platform | Region | CI/CD | Rollback |
|---|---|---|---|---|
| Core server (prod) | Cloud Run | europe-west1 | GH Actions → manual promote | gcloud run services update-traffic |
| Core server (staging) | Cloud Run | europe-west1 | GH Actions → auto on merge | Same |
| License server | Self-hosted (Docker) | On-prem | Manual via SSH | Docker image rollback |
| Assess scanner | Cloud Run | europe-west1 | GH Actions → auto | Same |
| docs.tappass.ai | Cloudflare Pages | Global | GH Actions → Pages | CF dashboard → prior deployment → Rollback |
| internal-docs.tappass.ai | Cloudflare Pages | Global | GH Actions → Pages | Same |
| tappass.ai | Cloudflare Pages | Global | GH Actions → Pages | Same |
| trust.tappass.ai | Cloudflare Pages | Global | GH Actions → Pages | Same |
Secrets
Section titled “Secrets”All runtime secrets in Google Secret Manager (GCP) or Cloudflare Pages secrets (for static deploys). Mirror in 1Password — TapPass / Engineering vault for human access.
Infrastructure as code
Section titled “Infrastructure as code”Cloud Run + Postgres + Secret Manager are managed by Terraform in tappass/infra/. Every change is a PR with a terraform plan output in the description.
See Infrastructure for the full IaC map.