Deployment Guide
This guide documents the actual current production path in the repo. For the step-by-step operator procedure, see Deploy Runbook.
Current Production Topology
┌─────────────────────────────────┐
│ Cloudflare Pages │
│ qgtmai.com │
│ project: qgtm-trading │
└──────────────┬──────────────────┘
│
│ HTTPS
▼
┌─────────────────────────────────┐
│ DigitalOcean Droplet │
│ 142.93.1.195 │
│ /opt/trading │
│ systemd + venv runtime │
├─────────────────────────────────┤
│ qgtm-api.service │
│ qgtm-daemon.service │
│ redis-server.service │
└─────────────────────────────────┘
Docs deploy separately to Cloudflare Pages
project: qgtm-docs
What Deploys Where
| Surface | Current path | Source of truth |
|---|---|---|
| Terminal web app | Cloudflare Pages project qgtm-trading |
.github/workflows/deploy-web-self-hosted.yml |
| API | DigitalOcean droplet via SSH deploy | .github/workflows/deploy-api-self-hosted.yml |
| Daemon | Restarted on the droplet during API deploy | .github/workflows/deploy-api-self-hosted.yml + infra/systemd/qgtm-daemon.service |
| Redis | OS package service on the droplet | redis-server.service |
| Docs | Cloudflare Pages project qgtm-docs |
.github/workflows/deploy-docs.yml |
| Release artifacts | GitHub Releases with SBOM + signing | .github/workflows/release.yml |
CI / CD Behavior
CI
ci.yml handles linting, tests, and coverage on pushes to main. ci-fast.yml
is the pull-request gate. Supply-chain/security scanning runs in
security-scan.yml.
Production deploy
deploy-api-self-hosted.yml is the production API/daemon deploy workflow:
- fire after green
CIonmainor via guardedworkflow_dispatch - block normal deploys while the market is open
- SSH to the DigitalOcean droplet
git fetch+git reset --hard origin/maininside/opt/trading- refresh selected
.envvalues from GitHub secrets when present - reinstall the package into the droplet virtualenv
- restart
qgtm-api - verify
/health - cancel stale resting paper orders before daemon restart
- restart
qgtm-daemon - verify deep daemon telemetry; rollback to the previous commit on failure
Release engineering
release.yml is not the production deploy path. It builds artifacts, runs
tests, generates SBOMs, signs outputs, and publishes a GitHub Release on tags.
Runtime Services
The droplet uses systemd units that run the checked-out Python package in
/opt/trading/.venv:
infra/systemd/qgtm-api.serviceinfra/systemd/qgtm-daemon.serviceredis-server.servicefrom the OS package
Docker is still used for Grafana/Prometheus/node-exporter, not for the active API, daemon, or Redis runtime.
Verification Targets
After a production deploy, the minimum checks are:
https://qgtmai.comhttps://api.qgtmai.com/healthhttps://api.qgtmai.com/api/v1/market-data/bars/GLD?limit=5https://api.qgtmai.com/api/v1/forecast/gold
If the API health check fails during deploy, the workflow already performs a commit-level rollback on the droplet.
Legacy / Non-Canonical Surfaces
The repo still contains references to older or alternate infrastructure such as Fly.io, Neon, Upstash, Doppler, Terraform, and k8s manifests. Treat those as historical, experimental, or future-state assets unless they are explicitly reintroduced into the active deploy workflows.