This guide provides instructions for deploying the complete RobCo Forge platform to production.
The RobCo Forge platform consists of:
cd terraform/environments/production
# Initialize Terraform
terraform init
# Review plan
terraform plan -out=tfplan
# Apply infrastructure
terraform apply tfplan
This creates:
cd cdk
# Install dependencies
npm install
# Deploy CDK stacks
cdk deploy --all --require-approval never
This creates:
# Store secrets in AWS Secrets Manager
aws secretsmanager create-secret \
--name forge/database \
--secret-string '{"username":"forge","password":"<password>"}'
aws secretsmanager create-secret \
--name forge/anthropic \
--secret-string '{"api_key":"<anthropic-api-key>"}'
aws secretsmanager create-secret \
--name forge/okta \
--secret-string '{"client_id":"<okta-client-id>","client_secret":"<okta-client-secret>"}'
cd api
# Install dependencies
pip install -r requirements.txt
# Set database URL
export DATABASE_URL="postgresql://forge:<password>@<rds-endpoint>:5432/forge"
# Run migrations
alembic upgrade head
# Create admin user
python scripts/create_admin_user.py
# Create default blueprints
python scripts/create_default_blueprints.py
cd api
# Build API image
docker build -t forge-api:latest .
# Push to ECR
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin <account-id>.dkr.ecr.us-east-1.amazonaws.com
docker tag forge-api:latest <account-id>.dkr.ecr.us-east-1.amazonaws.com/forge-api:latest
docker push <account-id>.dkr.ecr.us-east-1.amazonaws.com/forge-api:latest
# Apply Kubernetes manifests
kubectl apply -f k8s/api-deployment.yaml
kubectl apply -f k8s/api-service.yaml
kubectl apply -f k8s/api-ingress.yaml
# Verify deployment
kubectl get pods -n forge-api
kubectl logs -n forge-api -l app=forge-api
# Get load balancer URL
kubectl get ingress -n forge-api
# Configure DNS
# Point api.forge.example.com to load balancer
cd cli
# Install dependencies
npm install
# Build
npm run build
# Package
npm pack
# Publish to npm (if public)
npm publish
# Or distribute binary
npm run package
# Install globally
npm install -g @robco/forge-cli
# Configure
forge config set api-url https://api.forge.example.com
forge config set auth-method okta
cd portal
# Install dependencies
npm install
# Set environment variables
cat > .env.production << EOF
NEXT_PUBLIC_API_URL=https://api.forge.example.com
NEXT_PUBLIC_WS_URL=wss://api.forge.example.com/ws
EOF
# Build
npm run build
# Install Vercel CLI
npm install -g vercel
# Deploy
vercel --prod
# Build Docker image
docker build -t forge-portal:latest .
# Push to ECR
docker tag forge-portal:latest <account-id>.dkr.ecr.us-east-1.amazonaws.com/forge-portal:latest
docker push <account-id>.dkr.ecr.us-east-1.amazonaws.com/forge-portal:latest
# Deploy to Kubernetes
kubectl apply -f k8s/portal-deployment.yaml
# Build static export
npm run build
npm run export
# Deploy to S3 + CloudFront
aws s3 sync out/ s3://forge-portal-bucket/
aws cloudfront create-invalidation --distribution-id <dist-id> --paths "/*"
# Point portal.forge.example.com to deployment
# Vercel: Use Vercel DNS or CNAME
# Kubernetes: Use load balancer URL
# S3: Use CloudFront distribution
# Verify Prometheus is running
kubectl get pods -n forge-system -l app=prometheus
# Access Prometheus UI
kubectl port-forward -n forge-system svc/prometheus 9090:9090
# Get Grafana admin password
kubectl get secret -n forge-system grafana-admin -o jsonpath='{.data.password}' | base64 -d
# Access Grafana UI
kubectl port-forward -n forge-system svc/grafana 3000:3000
# Import dashboards from grafana/dashboards/
# Create alarms for critical metrics
aws cloudwatch put-metric-alarm \
--alarm-name forge-api-high-error-rate \
--alarm-description "Alert when API error rate exceeds 5%" \
--metric-name ErrorRate \
--namespace Forge/API \
--statistic Average \
--period 300 \
--threshold 5 \
--comparison-operator GreaterThanThreshold \
--evaluation-periods 2
# Test API health
curl https://api.forge.example.com/health
# Test authentication
forge login
# Test workspace provisioning
forge launch --bundle STANDARD --os Windows
# Test portal
open https://portal.forge.example.com
cd api
pytest tests/e2e/
cd portal
npm run test:e2e
# Run load tests
cd api
locust -f tests/load/locustfile.py --host https://api.forge.example.com
# API logs
kubectl logs -n forge-api -l app=forge-api --tail=100 -f
# Portal logs (if on Kubernetes)
kubectl logs -n forge-portal -l app=forge-portal --tail=100 -f
# CloudWatch logs
aws logs tail /aws/eks/forge/cluster --follow
# Create user accounts
python scripts/create_users.py --csv users.csv
# Assign roles
python scripts/assign_roles.py --user alice@example.com --role team_lead
# Set budgets
python scripts/set_budgets.py --team engineering --amount 5000
# Rollback to previous version
kubectl rollout undo deployment/forge-api -n forge-api
# Verify rollback
kubectl rollout status deployment/forge-api -n forge-api
# Vercel
vercel rollback
# Kubernetes
kubectl rollout undo deployment/forge-portal -n forge-portal
# Rollback migration
cd api
alembic downgrade -1
# Check pod status
kubectl get pods -n forge-api
# Check logs
kubectl logs -n forge-api -l app=forge-api
# Check database connectivity
kubectl exec -it -n forge-api <pod-name> -- python -c "from src.database import engine; engine.connect()"
# Check build logs
npm run build
# Check environment variables
cat .env.production
# Check API connectivity
curl https://api.forge.example.com/health
# Check AWS WorkSpaces service status
aws workspaces describe-workspaces
# Check IAM permissions
aws iam get-role --role-name ForgeWorkSpacesRole
# Check logs
kubectl logs -n forge-api -l app=forge-api | grep "workspace"
forge --helpDATABASE_URL=postgresql://forge:<password>@<rds-endpoint>:5432/forge
REDIS_URL=redis://<redis-endpoint>:6379
ANTHROPIC_API_KEY=<api-key>
OKTA_CLIENT_ID=<client-id>
OKTA_CLIENT_SECRET=<client-secret>
OKTA_DOMAIN=<okta-domain>
AWS_REGION=us-east-1
LOG_LEVEL=INFO
NEXT_PUBLIC_API_URL=https://api.forge.example.com
NEXT_PUBLIC_WS_URL=wss://api.forge.example.com/ws
FORGE_API_URL=https://api.forge.example.com
FORGE_AUTH_METHOD=okta