At Accesto we recently came up with a project release checklist that helps us to make sure that we did not miss anything. It helped us a lot during the last releases and ensured peace of mind.
Forgetting about any of those tasks might cause bad things happen — bad user experience, performance issues or even security breaches — having such a checklist makes it easier to ensure we took care of everything.
- Development front-controllers (app_dev.php etc.) removed during the deployment process and denied by the web server
- Application is working correctly through https
- E-mail addresses and credentials changed to production values
- Cron scripts installed (if applicable)
- Correctly configured shared files directories (we use Capistrano)
- Confidential data like JWT Tokens, Security Tokens, API keys changed and not stored in repository
- All assets minimized and compressed
- RWD tests on Browserstack passed
- OWASP top 10 tests passed
- php.ini settings updated: time zone, max upload size etc.
- Unnecessary Symfony bundles disabled
- Custom 404 and 500 error pages
- Custom favicon
- Initial database migration added
- Sentry/error tracking configured
We will keep updating this list as we keep adding new points all the time.
Feel free to comment if you would add anything to it — I have created a git repository to make contributions easier: https://github.com/accesto/Checklists.
Originally published at blog.accesto.com on July 25, 2017.