Skip to content

SDLC Goals

← Back to standards

Purpose

Section titled “Purpose”

These standards exist so every team ships the same way: predictable branch names, audited production deploys, and clear access boundaries between staging, UAT, and production.

Goals

Section titled “Goals”
  1. SOC 2 readiness — Production Fly changes flow through GitHub with a reviewable history; developers work primarily in staging orgs.
  2. One mental modelstaging and main branches map directly to fly.staging.toml / fly.main.toml and matching workflows—no ad hoc “production” filenames.
  3. Safer defaults — Tunnel APIs on port 8080, Cloudflare origins on .internal, and no manual laptop deploys to production.
  4. Faster onboarding — New engineers and auditors can read one site instead of tribal knowledge in each API repo.
  5. Room to grow — UAT and additional tiers use the same patterns when we turn them on.

What we are still developing

Section titled “What we are still developing”
  • Full separation of Fly orgs and tokens per tier across all products
  • UAT branch and fly.uat.toml where products need it
  • Migrating legacy apps (old workflow names, public *.fly.dev APIs) onto tunnel + CI/CD patterns

Contributions and exceptions go through platform / tech lead review, then land in Fly-Standards on GitHub.