Environments
Five environments make up the Fastlane deployment topology. develop owns the governed promotion lane through all five environments, while the release lane allows release/* branches to target only the lower environments (dev, qa, uat).
Environment Matrix
| Environment | Owner | Trigger | Approval Required |
|---|---|---|---|
| Dev | develop or release lane | Automatic on develop, manual on release lane | None |
| QA | develop or release lane | Manual | QA lead / team |
| UAT | develop or release lane | Manual | QA lead / team |
| Staging | develop only | Manual | PM / tech lead |
| Production | develop or main | Manual | Tech lead + PM |
Heroku App Mapping
Dev
| App | Heroku App | URL |
|---|---|---|
| fastlane-portal | dev-fastlane-portal | https://dev-fastlane-portal.goosehead.com |
| fastlane-admin | dev-fastlane-admin | https://dev-fastlane-admin.goosehead.com |
| fastlane-api-gateway | dev-fastlane-api-gateway | https://dev-fastlane-api-gateway.goosehead.com |
| docs | dev-fastlane-docs | https://dev-fastlane-docs.goosehead.com |
| components | dev-fastlane-storybook | https://dev-fastlane-storybook.goosehead.com |
QA
| App | Heroku App | URL |
|---|---|---|
| fastlane-portal | test-fastlane-portal | https://test-fastlane-portal.goosehead.com |
| fastlane-admin | test-fastlane-admin | https://test-fastlane-admin.goosehead.com |
| fastlane-api-gateway | test-fastlane-api-gateway | https://test-fastlane-api-gateway.goosehead.com |
UAT
| App | Heroku App | URL |
|---|---|---|
| fastlane-portal | uat-fastlane-portal | https://uat-fastlane-portal.goosehead.com |
| fastlane-admin | uat-fastlane-admin | https://uat-fastlane-admin.goosehead.com |
| fastlane-api-gateway | uat-fastlane-api-gateway | https://uat-fastlane-api-gateway.goosehead.com |
Staging
| App | Heroku App | URL |
|---|---|---|
| fastlane-portal | preprod-fastlane-portal | https://preprod-fastlane-portal.goosehead.com |
| fastlane-admin | preprod-fastlane-admin | https://preprod-fastlane-admin.goosehead.com |
| fastlane-api-gateway | preprod-fastlane-api-gateway | https://preprod-fastlane-api-gateway.goosehead.com |
Production
| App | Heroku App | URL |
|---|---|---|
| fastlane-portal | prod-fastlane-portal | https://prod-fastlane-portal.goosehead.com |
| fastlane-admin | prod-fastlane-admin | https://prod-fastlane-admin.goosehead.com |
| fastlane-api-gateway | prod-fastlane-api-gateway | https://prod-fastlane-api-gateway.goosehead.com |
Docs and Storybook are only deployed to dev. QA, UAT, staging, and production deploy the 3 core apps.
DOTENV_KEY Configuration
Environment variables are encrypted in .env.vault and decrypted at build/runtime using environment-specific DOTENV_KEY values.
| Environment | CI Variable | Used By |
|---|---|---|
| Dev | DOTENV_KEY_DEVELOPMENT | Frontend build args + API runtime |
| QA | DOTENV_KEY_TEST | Frontend build args + API runtime |
| UAT | DOTENV_KEY_UAT | Frontend build args + API runtime |
| Staging | DOTENV_KEY_PREPROD | Frontend build args + API runtime |
| Production | DOTENV_KEY_PROD | Frontend build args + API runtime |
Frontend apps receive DOTENV_KEY as a Docker build argument to inject VITE_* variables at build time. The API gateway loads .env.vault at runtime via dotenv/config.
E2E Test URLs
Required GitLab CI/CD Variables
These must be configured in GitLab > Settings > CI/CD > Variables:
| Variable | Type | Purpose |
|---|---|---|
HEROKU_PRODUCTION_KEY | Protected | Heroku API key for Docker push, release, migrations, and seed dynos |
DOTENV_ME | Protected | dotenv.org service credential for the build-vault CI job (auto-rebuilds .env.vault before deploys) |
DOTENV_KEY_DEVELOPMENT | Protected | dotenv-vault decryption key for dev |
DOTENV_KEY_TEST | Protected | dotenv-vault decryption key for QA |
DOTENV_KEY_UAT | Protected | dotenv-vault decryption key for UAT |
DOTENV_KEY_PREPROD | Protected | dotenv-vault decryption key for staging |
DOTENV_KEY_PROD | Protected | dotenv-vault decryption key for production |
GL_PROJECT_TOKEN | Protected | GitLab Project Access Token (api + write_repository) for MR notes, sync-to-main, backport |
CLAUDE_API_KEY | Protected | Anthropic API key for AI code reviews |
TEAMS_WEBHOOK_URL | Optional | Microsoft Teams webhook for deployment notifications |
TEST_AUTH_API_KEY | Protected | API key for uploading Playwright test results |
Cache Strategy
The pipeline uses a pnpm store cache to speed up pnpm install:
- Cache key:
pnpm-lock.yamlfile hash - Cache path:
.pnpm-store/ - Default policy:
pull(read-only for most jobs) - Cache warmup: Runs on
mainanddevelopwithpull-pushpolicy to refresh the cache
All jobs extend .node-setup which configures pnpm to use the cached store directory.
Protected Environments
Protected environments are configured in GitLab > Settings > CI/CD > Protected Environments:
| Environment | Required Approvers |
|---|---|
| qa | QA lead / team |
| uat | QA lead / team |
| staging | PM / tech lead |
| production | Tech lead + PM |
When a manual deploy job is triggered, GitLab will require the configured approvers to approve before the job executes.