Hi! I'm

Federico Calò

Software Developer | Technical Writer

I create modern web applications and custom digital tools to help businesses grow through technological innovation. My passion is combining computer science and economics to generate real value.

Contact Me

About Me

My passion for computer science was born at the Technical Commercial Institute of Maglie, where I discovered the power of programming and the fascination of creating digital solutions. From the start, I understood that computer science was not just code, but an extraordinary tool for turning ideas into reality.

During my studies in Business Information Systems, I began to interweave computer science and economics, understanding how technology can be the engine of growth for any business. This vision accompanied me to the University of Bari, where I obtained my degree in Computer Science, deepening my technical skills and passion for software development.

Today I put this experience at the service of businesses, professionals and startups, creating tailor-made digital solutions that automate processes, optimize resources and open new business opportunities. Because true innovation begins when technology meets the real needs of people.

My Skills

Data Analysis & Predictive Models

I transform data into strategic insights with in-depth analysis and predictive models for informed decisions

Process Automation

I create custom tools that automate repetitive operations and free up time for value-added activities

Custom Systems

I develop tailor-made software systems, from platform integrations to customized dashboards

const federico = {
  nome: "Federico Calò",
  ruolo: "Sviluppatore Software",
  città: "Bari, Italia",
  missione: "Aiutare attraverso l'informatica",
  passioni: [
    "Codice Pulito",
    "Innovazione",
    "Crescita Continua"
  ]
};

La Mia Missione

Credo fermamente che l'informatica sia lo strumento più potente per trasformare le idee in realtà e migliorare la vita delle persone.

Democratizzare la Tecnologia

La mia missione è rendere l'informatica accessibile a tutti: dalle piccole imprese locali alle startup innovative, fino ai professionisti che vogliono digitalizzare la propria attività. Ogni realtà merita di sfruttare le potenzialità del digitale.

Unire Informatica ed Economia

Non è solo questione di scrivere codice: è capire come la tecnologia possa generare valore reale. Intrecciando competenze informatiche e visione economica, aiuto le attività a crescere, ottimizzare processi e raggiungere nuovi traguardi di efficienza e redditività.

Creare Soluzioni su Misura

Ogni attività è unica, e così devono esserlo le soluzioni. Sviluppo strumenti personalizzati che rispondono alle esigenze specifiche di ciascun cliente, automatizzando processi ripetitivi e liberando tempo per ciò che conta davvero: far crescere il business.

Trasforma la Tua Attività con la Tecnologia

Che tu gestisca un negozio, uno studio professionale o un'azienda, posso aiutarti a sfruttare le potenzialità dell'informatica per lavorare meglio, più velocemente e in modo più intelligente.

Parliamone Insieme →

Join the Community

Join the developer community where we discuss software, AI, architecture and DevOps. Share ideas, ask questions and grow with us.

Channel

FC Dev Blog

Get notifications on new articles, complete series, weekly tips and featured tools. Bilingual IT/EN content directly in your Telegram.

New articles as they are published
Weekly tips and code snippets
Polls on future topics

Subscribe to Channel

Group

FC Dev Community

A bilingual IT/EN community for developers. Discussions, Q&A, mutual help and networking with other professionals.

Discussions on articles and technologies
Coding help and code review
Job opportunities and collaboration

Join the Group

Discussion Topics

View

Master SQL

RoadMap.sh

November 2024

View

Oracle Certified Foundations Associate

Oracle

October 2024

View

People Leadership Credential

Connect

September 2024

💻 Languages & Technologies

Java

Python

JavaScript

Angular

React

TypeScript

SQL

PHP

CSS/SCSS

Node.js

Docker

Git

💼

12/2024 - Present

Custom Software Engineering Analyst

Accenture

Bari, Puglia, Italy · Hybrid Analysis and development of computer systems through the use of Java and Quarkus in Health and Public Sector. Continuous training on modern technologies for creating customized and efficient software solutions and on agents.

💼

06/2022 - 12/2024

Software analyst and Back End Developer Associate Consultant

Links Management and Technology SpA

Experience analyzing as-is software systems and ETL flows using PowerCenter. Completed Spring Boot training for developing modern and scalable backend applications. Backend developer specialized in Spring Boot, with experience in database design, analysis, development and testing of assigned tasks.

💼

02/2021 - 10/2021

Software programmer

Adesso.it (prima era WebScience srl)

Experience in AS-IS and TO-BE analysis, SEO evolutions and website evolutions to improve user performance and engagement.

🎓

2018 - 2025

Degree in Computer Science

University of Bari Aldo Moro

Bachelor's degree in Computer Science, focusing on software engineering, algorithms, and modern development practices.

📚

2013 - 2018

Diploma - Corporate Information Systems

Technical Commercial Institute of Maglie

Technical diploma specializing in Business Information Systems, combining IT knowledge with business management.

Contattami

Hai un progetto in mente? Parliamone! Compila il form qui sotto e ti risponderò al più presto.

* Campi obbligatori. I tuoi dati saranno utilizzati solo per rispondere alla tua richiesta.

Deploy and DevOps with Copilot

Deployment is the final step to make your project accessible to the world. But it's not just "putting it online": professional deployment means containerization, automated CI/CD, health checks, logging, and monitoring. GitHub Copilot can help you configure all of this correctly and securely.

In this article we'll explore how to create optimized Dockerfiles, configure Docker Compose for development and production, implement complete CI/CD pipelines with GitHub Actions, and prepare the application for a production-ready environment.

Series Overview

#	Article	Focus
1	Foundation and Mindset	Setup and mindset
2	Ideation and Requirements	From idea to MVP
3	Backend Architecture	API and database
4	Frontend Structure	UI and components
5	Prompt Engineering	Prompts and MCP Agents
6	Testing and Quality	Unit, integration, E2E
7	Documentation	README, API docs, ADR
8	You are here -> Deploy and DevOps	Docker, CI/CD
9	Evolution	Scalability and maintenance

Pre-Deploy Checklist

Before deploying, make sure the project is ready for production.

      Pre-Production Checklist
      
        AreaRequirementVerified
SecuritySecrets in environment variables (not in code)
SecurityHTTPS configured
SecurityRate limiting active
SecurityCORS configured correctly
PerformanceOptimized build (minification, tree-shaking)
PerformanceCompression enabled (gzip/brotli)
MonitoringHealth check endpoint
MonitoringStructured logging configured
MonitoringError tracking (Sentry, etc.)
ResilienceGraceful shutdown implemented
ResilienceDatabase connection pooling
BackupAutomated database backup

    

Docker: Professional Containerization

A well-written Dockerfile produces small, secure, and fast-to-build images. The key is multi-stage build.

Prompt for Dockerfile

Prompt - Generate Production Dockerfile

Create a production-ready Dockerfile for my Node.js + TypeScript application.

PROJECT INFO:
- Runtime: Node.js 20
- Package manager: npm
- Build: TypeScript compilation
- Entry point: dist/server.js
- Port: 3000

REQUIREMENTS:
1. Multi-stage build (minimize final image size)
2. Non-root user for security
3. Health check command
4. Proper layer caching for faster builds
5. Only production dependencies in final image
6. Environment variables support
7. Metadata labels (maintainer, version, description)
8. .dockerignore recommendations

SECURITY:
- No secrets in image
- Minimal attack surface (alpine base)
- Read-only filesystem where possible

Complete Multi-Stage Dockerfile

Dockerfile - Production Ready

# ===============================================================
# Stage 1: Dependencies (cached layer)
# ===============================================================
FROM node:20-alpine AS deps

WORKDIR /app

# Copy package files first (better cache utilization)
COPY package.json package-lock.json ./

# Install ALL dependencies (including devDependencies for build)
RUN npm ci --include=dev

# ===============================================================
# Stage 2: Builder
# ===============================================================
FROM node:20-alpine AS builder

WORKDIR /app

# Copy dependencies from deps stage
COPY --from=deps /app/node_modules ./node_modules
COPY . .

# Build TypeScript
RUN npm run build

# Remove devDependencies after build
RUN npm prune --production

# ===============================================================
# Stage 3: Production
# ===============================================================
FROM node:20-alpine AS production

# Metadata
LABEL maintainer="your-email@example.com"
LABEL version="1.0.0"
LABEL description="TaskFlow API Server"

# Security: Create non-root user
RUN addgroup -g 1001 -S nodejs \
    && adduser -S nodejs -u 1001

WORKDIR /app

# Copy only production artifacts
COPY --from=builder --chown=nodejs:nodejs /app/dist ./dist
COPY --from=builder --chown=nodejs:nodejs /app/node_modules ./node_modules
COPY --from=builder --chown=nodejs:nodejs /app/package.json ./

# Environment variables (defaults, override at runtime)
ENV NODE_ENV=production
ENV PORT=3000

# Switch to non-root user
USER nodejs

# Expose port
EXPOSE 3000

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
  CMD node -e "require('http').get('http://localhost:3000/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))"

# Start application
CMD ["node", "dist/server.js"]

.dockerignore

# Dependencies
node_modules
npm-debug.log

# Build output (built inside container)
dist
build

# Development files
.git
.gitignore
.env
.env.*
!.env.example

# IDE
.vscode
.idea
*.swp
*.swo

# Documentation
README.md
docs
*.md

# Tests
test
tests
__tests__
coverage
.nyc_output
*.test.ts
*.spec.ts
jest.config.js

# CI/CD
.github
.gitlab-ci.yml
Jenkinsfile

# Docker
Dockerfile*
docker-compose*
.dockerignore

# OS files
.DS_Store
Thumbs.db

# Logs
logs
*.log

# Temporary files
tmp
temp

Docker Compose: Local and Production Orchestration

Docker Compose allows you to manage multi-container environments. Create separate files for development and production.

Docker Compose for Development

docker-compose.yml - Development

version: '3.8'

services:
  # -------------------------------------------------------------
  # Application (with hot reload)
  # -------------------------------------------------------------
  app:
    build:
      context: .
      dockerfile: Dockerfile.dev
    ports:
      - "3000:3000"
      - "9229:9229"  # Node.js debugger
    environment:
      - NODE_ENV=development
      - DATABASE_URL=postgresql://postgres:postgres@db:5432/taskflow_dev
      - REDIS_URL=redis://redis:6379
      - JWT_SECRET=dev-secret-change-in-production
    volumes:
      - .:/app
      - /app/node_modules  # Don't override node_modules
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
    command: npm run dev

  # -------------------------------------------------------------
  # PostgreSQL Database
  # -------------------------------------------------------------
  db:
    image: postgres:16-alpine
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres
      POSTGRES_DB: taskflow_dev
    ports:
      - "5432:5432"
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - ./scripts/init-db.sql:/docker-entrypoint-initdb.d/init.sql:ro
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres -d taskflow_dev"]
      interval: 5s
      timeout: 5s
      retries: 5

  # -------------------------------------------------------------
  # Redis Cache
  # -------------------------------------------------------------
  redis:
    image: redis:7-alpine
    ports:
      - "6379:6379"
    volumes:
      - redis_data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 5s
      retries: 5
    command: redis-server --appendonly yes

  # -------------------------------------------------------------
  # pgAdmin (Database GUI)
  # -------------------------------------------------------------
  pgadmin:
    image: dpage/pgadmin4:latest
    environment:
      PGADMIN_DEFAULT_EMAIL: admin@admin.com
      PGADMIN_DEFAULT_PASSWORD: admin
    ports:
      - "5050:80"
    depends_on:
      - db
    profiles:
      - tools  # Only start with: docker-compose --profile tools up

  # -------------------------------------------------------------
  # Redis Commander (Redis GUI)
  # -------------------------------------------------------------
  redis-commander:
    image: rediscommander/redis-commander:latest
    environment:
      - REDIS_HOSTS=local:redis:6379
    ports:
      - "8081:8081"
    depends_on:
      - redis
    profiles:
      - tools

volumes:
  postgres_data:
  redis_data:

networks:
  default:
    name: taskflow-network

Docker Compose for Production

docker-compose.prod.yml - Production

version: '3.8'

services:
  # -------------------------------------------------------------
  # Application
  # -------------------------------------------------------------
  app:
    image: ghcr.io/username/taskflow:#123;{ '{' }}TAG:-latest{{ '}' }}
    ports:
      - "3000:3000"
    environment:
      - NODE_ENV=production
      - DATABASE_URL=#123;{ '{' }}DATABASE_URL{{ '}' }}
      - REDIS_URL=#123;{ '{' }}REDIS_URL{{ '}' }}
      - JWT_SECRET=#123;{ '{' }}JWT_SECRET{{ '}' }}
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
    restart: unless-stopped
    deploy:
      replicas: 2
      resources:
        limits:
          cpus: '1'
          memory: 512M
        reservations:
          cpus: '0.5'
          memory: 256M
      update_config:
        parallelism: 1
        delay: 10s
        failure_action: rollback
      rollback_config:
        parallelism: 1
        delay: 10s
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    healthcheck:
      test: ["CMD", "wget", "-q", "--spider", "http://localhost:3000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

  # -------------------------------------------------------------
  # Nginx Reverse Proxy
  # -------------------------------------------------------------
  nginx:
    image: nginx:alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/ssl:/etc/nginx/ssl:ro
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
    depends_on:
      - app
    restart: unless-stopped

  # -------------------------------------------------------------
  # PostgreSQL Database
  # -------------------------------------------------------------
  db:
    image: postgres:16-alpine
    environment:
      POSTGRES_USER: #123;{ '{' }}POSTGRES_USER{{ '}' }}
      POSTGRES_PASSWORD: #123;{ '{' }}POSTGRES_PASSWORD{{ '}' }}
      POSTGRES_DB: #123;{ '{' }}POSTGRES_DB{{ '}' }}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U #123;{ '{' }}POSTGRES_USER{{ '}' }} -d #123;{ '{' }}POSTGRES_DB{{ '}' }}"]
      interval: 10s
      timeout: 5s
      retries: 5

  # -------------------------------------------------------------
  # Redis Cache
  # -------------------------------------------------------------
  redis:
    image: redis:7-alpine
    volumes:
      - redis_data:/data
    restart: unless-stopped
    command: redis-server --appendonly yes --requirepass #123;{ '{' }}REDIS_PASSWORD{{ '}' }}
    healthcheck:
      test: ["CMD", "redis-cli", "-a", "#123;{ '{' }}REDIS_PASSWORD{{ '}' }}", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5

volumes:
  postgres_data:
    driver: local
  redis_data:
    driver: local

networks:
  default:
    name: taskflow-prod
    driver: bridge

CI/CD with GitHub Actions

A CI/CD pipeline automates testing, building, and deployment. With GitHub Actions, everything is configured in the repository.

Prompt for CI/CD Pipeline

Prompt - Generate GitHub Actions Workflow

Create a complete GitHub Actions CI/CD workflow for my Node.js project.

REQUIREMENTS:
1. Trigger on push to main/develop and pull requests to main
2. Run linting and type checking
3. Run unit tests with coverage report
4. Run integration tests (with PostgreSQL service)
5. Build Docker image
6. Push to GitHub Container Registry (on main only)
7. Deploy to staging (on develop branch)
8. Deploy to production (on main branch, manual approval)
9. Cache npm dependencies between runs
10. Send Slack notification on failure

ENVIRONMENTS:
- Staging: staging.taskflow.dev
- Production: taskflow.dev

SECRETS NEEDED:
- CODECOV_TOKEN
- SLACK_WEBHOOK_URL
- SSH_PRIVATE_KEY (for deployment)

Include proper job dependencies and failure handling.

Complete GitHub Actions Workflow

.github/workflows/ci-cd.yml

name: CI/CD Pipeline

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: #123;{ '{{' }} github.repository {{ '}}' }}
  NODE_VERSION: '20'

# Limit concurrent runs
concurrency:
  group: #123;{ '{{' }} github.workflow {{ '}}' }}-#123;{ '{{' }} github.ref {{ '}}' }}
  cancel-in-progress: true

jobs:
  # ===============================================================
  # LINT AND TYPE CHECK
  # ===============================================================
  lint:
    name: Lint & Type Check
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: #123;{ '{{' }} env.NODE_VERSION {{ '}}' }}
          cache: 'npm'

      - name: Install dependencies
        run: npm ci

      - name: Run ESLint
        run: npm run lint

      - name: Run TypeScript check
        run: npm run type-check

  # ===============================================================
  # UNIT TESTS
  # ===============================================================
  unit-tests:
    name: Unit Tests
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: #123;{ '{{' }} env.NODE_VERSION {{ '}}' }}
          cache: 'npm'

      - name: Install dependencies
        run: npm ci

      - name: Run unit tests with coverage
        run: npm run test:coverage

      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@v4
        with:
          token: #123;{ '{{' }} secrets.CODECOV_TOKEN {{ '}}' }}
          files: ./coverage/lcov.info
          fail_ci_if_error: true

  # ===============================================================
  # INTEGRATION TESTS
  # ===============================================================
  integration-tests:
    name: Integration Tests
    runs-on: ubuntu-latest
    services:
      postgres:
        image: postgres:16-alpine
        env:
          POSTGRES_USER: test
          POSTGRES_PASSWORD: test
          POSTGRES_DB: taskflow_test
        ports:
          - 5432:5432
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
      redis:
        image: redis:7-alpine
        ports:
          - 6379:6379
        options: >-
          --health-cmd "redis-cli ping"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: #123;{ '{{' }} env.NODE_VERSION {{ '}}' }}
          cache: 'npm'

      - name: Install dependencies
        run: npm ci

      - name: Run database migrations
        run: npm run db:migrate
        env:
          DATABASE_URL: postgresql://test:test@localhost:5432/taskflow_test

      - name: Run integration tests
        run: npm run test:integration
        env:
          DATABASE_URL: postgresql://test:test@localhost:5432/taskflow_test
          REDIS_URL: redis://localhost:6379
          JWT_SECRET: test-secret-for-ci

  # ===============================================================
  # BUILD AND PUSH DOCKER IMAGE
  # ===============================================================
  build:
    name: Build Docker Image
    runs-on: ubuntu-latest
    needs: [lint, unit-tests, integration-tests]
    if: github.event_name == 'push'
    permissions:
      contents: read
      packages: write
    outputs:
      image-tag: #123;{ '{{' }} steps.meta.outputs.tags {{ '}}' }}

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to Container Registry
        uses: docker/login-action@v3
        with:
          registry: #123;{ '{{' }} env.REGISTRY {{ '}}' }}
          username: #123;{ '{{' }} github.actor {{ '}}' }}
          password: #123;{ '{{' }} secrets.GITHUB_TOKEN {{ '}}' }}

      - name: Extract metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: #123;{ '{{' }} env.REGISTRY {{ '}}' }}/#123;{ '{{' }} env.IMAGE_NAME {{ '}}' }}
          tags: |
            type=sha,prefix=
            type=ref,event=branch
            type=raw,value=latest,enable=#123;{ '{{' }} github.ref == 'refs/heads/main' {{ '}}' }}

      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: #123;{ '{{' }} steps.meta.outputs.tags {{ '}}' }}
          labels: #123;{ '{{' }} steps.meta.outputs.labels {{ '}}' }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

  # ===============================================================
  # DEPLOY TO STAGING
  # ===============================================================
  deploy-staging:
    name: Deploy to Staging
    runs-on: ubuntu-latest
    needs: [build]
    if: github.ref == 'refs/heads/develop'
    environment:
      name: staging
      url: https://staging.taskflow.dev

    steps:
      - name: Deploy to staging server
        uses: appleboy/ssh-action@v1.0.3
        with:
          host: #123;{ '{{' }} secrets.STAGING_HOST {{ '}}' }}
          username: #123;{ '{{' }} secrets.STAGING_USER {{ '}}' }}
          key: #123;{ '{{' }} secrets.SSH_PRIVATE_KEY {{ '}}' }}
          script: |
            cd /opt/taskflow
            docker compose -f docker-compose.staging.yml pull
            docker compose -f docker-compose.staging.yml up -d
            docker system prune -f

      - name: Verify deployment
        run: |
          sleep 30
          curl -f https://staging.taskflow.dev/health || exit 1

  # ===============================================================
  # DEPLOY TO PRODUCTION
  # ===============================================================
  deploy-production:
    name: Deploy to Production
    runs-on: ubuntu-latest
    needs: [build]
    if: github.ref == 'refs/heads/main'
    environment:
      name: production
      url: https://taskflow.dev

    steps:
      - name: Deploy to production server
        uses: appleboy/ssh-action@v1.0.3
        with:
          host: #123;{ '{{' }} secrets.PRODUCTION_HOST {{ '}}' }}
          username: #123;{ '{{' }} secrets.PRODUCTION_USER {{ '}}' }}
          key: #123;{ '{{' }} secrets.SSH_PRIVATE_KEY {{ '}}' }}
          script: |
            cd /opt/taskflow
            docker compose -f docker-compose.prod.yml pull
            docker compose -f docker-compose.prod.yml up -d --no-deps app
            docker system prune -f

      - name: Verify deployment
        run: |
          sleep 30
          curl -f https://taskflow.dev/health || exit 1

      - name: Notify on success
        if: success()
        uses: slackapi/slack-github-action@v1.25.0
        with:
          payload: |
            {{ '{' }}
              "text": "Production deployment successful!",
              "blocks": [
                {{ '{' }}
                  "type": "section",
                  "text": {{ '{' }}
                    "type": "mrkdwn",
                    "text": "*Production deployment successful!*\n*Commit:* `#123;{ '{{' }} github.sha {{ '}}' }}`\n*By:* #123;{ '{{' }} github.actor {{ '}}' }}"
                  {{ '}' }}
                {{ '}' }}
              ]
            {{ '}' }}
        env:
          SLACK_WEBHOOK_URL: #123;{ '{{' }} secrets.SLACK_WEBHOOK_URL {{ '}}' }}

  # ===============================================================
  # NOTIFY ON FAILURE
  # ===============================================================
  notify-failure:
    name: Notify on Failure
    runs-on: ubuntu-latest
    needs: [lint, unit-tests, integration-tests, build]
    if: failure()
    steps:
      - name: Send Slack notification
        uses: slackapi/slack-github-action@v1.25.0
        with:
          payload: |
            {{ '{' }}
              "text": "CI/CD Pipeline failed!",
              "blocks": [
                {{ '{' }}
                  "type": "section",
                  "text": {{ '{' }}
                    "type": "mrkdwn",
                    "text": "*CI/CD Pipeline failed!*\n*Branch:* `#123;{ '{{' }} github.ref_name {{ '}}' }}`\n*Commit:* `#123;{ '{{' }} github.sha {{ '}}' }}`\n*By:* #123;{ '{{' }} github.actor {{ '}}' }}\n<#123;{ '{{' }} github.server_url {{ '}}' }}/#123;{ '{{' }} github.repository {{ '}}' }}/actions/runs/#123;{ '{{' }} github.run_id {{ '}}' }}|View Run>"
                  {{ '}' }}
                {{ '}' }}
              ]
            {{ '}' }}
        env:
          SLACK_WEBHOOK_URL: #123;{ '{{' }} secrets.SLACK_WEBHOOK_URL {{ '}}' }}

Health Check Endpoint

A health check endpoint allows orchestrators and load balancers to verify if the application is operational.

TypeScript - health.controller.ts

import {{ '{' }} Router, Request, Response {{ '}' }} from 'express';
import {{ '{' }} db {{ '}' }} from '../database';
import {{ '{' }} redis {{ '}' }} from '../cache';
import {{ '{' }} logger {{ '}' }} from '../logger';

const router = Router();

interface HealthStatus {{ '{' }}
  status: 'healthy' | 'degraded' | 'unhealthy';
  timestamp: string;
  version: string;
  uptime: number;
  checks: Record<string, CheckResult>;
{{ '}' }}

interface CheckResult {{ '{' }}
  status: 'ok' | 'error';
  latency?: number;
  message?: string;
{{ '}' }}

/**
 * Lightweight liveness probe
 * Returns 200 if the server is running
 */
router.get('/health/live', (req: Request, res: Response) => {{ '{' }}
  res.status(200).json({{ '{' }} status: 'ok' {{ '}' }});
{{ '}' }});

/**
 * Comprehensive readiness probe
 * Checks all dependencies
 */
router.get('/health', async (req: Request, res: Response) => {{ '{' }}
  const health: HealthStatus = {{ '{' }}
    status: 'healthy',
    timestamp: new Date().toISOString(),
    version: process.env.npm_package_version || '1.0.0',
    uptime: process.uptime(),
    checks: {{ '{' }}{{ '}' }},
  {{ '}' }};

  // Check Database
  try {{ '{' }}
    const start = Date.now();
    await db.query('SELECT 1');
    health.checks.database = {{ '{' }}
      status: 'ok',
      latency: Date.now() - start,
    {{ '}' }};
  {{ '}' }} catch (error) {{ '{' }}
    health.checks.database = {{ '{' }}
      status: 'error',
      message: 'Database connection failed',
    {{ '}' }};
    health.status = 'unhealthy';
    logger.error('Health check: Database failed', {{ '{' }} error {{ '}' }});
  {{ '}' }}

  // Check Redis
  try {{ '{' }}
    const start = Date.now();
    await redis.ping();
    health.checks.redis = {{ '{' }}
      status: 'ok',
      latency: Date.now() - start,
    {{ '}' }};
  {{ '}' }} catch (error) {{ '{' }}
    health.checks.redis = {{ '{' }}
      status: 'error',
      message: 'Redis connection failed',
    {{ '}' }};
    // Redis failure = degraded (app can still work without cache)
    if (health.status === 'healthy') {{ '{' }}
      health.status = 'degraded';
    {{ '}' }}
    logger.warn('Health check: Redis failed', {{ '{' }} error {{ '}' }});
  {{ '}' }}

  // Check disk space (optional)
  try {{ '{' }}
    const {{ '{' }} execSync {{ '}' }} = require('child_process');
    const diskUsage = execSync("df -h / | awk 'NR==2 {{ '{' }}print $5{{ '}' }}'")
      .toString()
      .trim()
      .replace('%', '');

    health.checks.disk = {{ '{' }}
      status: parseInt(diskUsage) > 90 ? 'error' : 'ok',
      message: `#123;{ '{' }}diskUsage{{ '}' }}% used`,
    {{ '}' }};
  {{ '}' }} catch {{ '{' }}
    // Ignore disk check errors
  {{ '}' }}

  // Check memory
  const memUsage = process.memoryUsage();
  const heapUsedMB = Math.round(memUsage.heapUsed / 1024 / 1024);
  const heapTotalMB = Math.round(memUsage.heapTotal / 1024 / 1024);

  health.checks.memory = {{ '{' }}
    status: heapUsedMB / heapTotalMB > 0.9 ? 'error' : 'ok',
    message: `#123;{ '{' }}heapUsedMB{{ '}' }}MB / #123;{ '{' }}heapTotalMB{{ '}' }}MB`,
  {{ '}' }};

  // Set HTTP status based on health
  const statusCode = health.status === 'healthy' ? 200 :
                     health.status === 'degraded' ? 200 : 503;

  res.status(statusCode).json(health);
{{ '}' }});

export default router;

Production Logging

Structured logging is essential for debugging and monitoring in production. Use JSON format for easy parsing.

TypeScript - logger.ts (Pino)

import pino from 'pino';
import {{ '{' }} config {{ '}' }} from './config';

// Create base logger
export const logger = pino({{ '{' }}
  level: config.env === 'production' ? 'info' : 'debug',

  // Pretty print only in development
  transport: config.env === 'development'
    ? {{ '{' }}
        target: 'pino-pretty',
        options: {{ '{' }}
          colorize: true,
          translateTime: 'HH:MM:ss',
          ignore: 'pid,hostname',
        {{ '}' }},
      {{ '}' }}
    : undefined,

  // Structured format for production
  formatters: {{ '{' }}
    level: (label) => ({{ '{' }} level: label {{ '}' }}),
    bindings: (bindings) => ({{ '{' }}
      pid: bindings.pid,
      host: bindings.hostname,
      service: 'taskflow-api',
      version: process.env.npm_package_version,
    {{ '}' }}),
  {{ '}' }},

  // ISO timestamp
  timestamp: pino.stdTimeFunctions.isoTime,

  // Redact sensitive fields
  redact: {{ '{' }}
    paths: [
      'req.headers.authorization',
      'req.headers.cookie',
      'res.headers["set-cookie"]',
      '*.password',
      '*.token',
      '*.secret',
      '*.apiKey',
    ],
    censor: '[REDACTED]',
  {{ '}' }},
{{ '}' }});

// Child logger with request context
export function createRequestLogger(requestId: string, userId?: string) {{ '{' }}
  return logger.child({{ '{' }}
    requestId,
    userId,
  {{ '}' }});
{{ '}' }}

// Express middleware for request logging
export function requestLogger(req, res, next) {{ '{' }}
  const start = Date.now();
  const requestId = req.headers['x-request-id'] || crypto.randomUUID();

  // Attach request ID for correlation
  req.requestId = requestId;
  res.setHeader('X-Request-Id', requestId);

  // Create child logger
  req.log = createRequestLogger(requestId, req.user?.id);

  // Log request start
  req.log.info({{ '{' }}
    msg: 'Request started',
    method: req.method,
    url: req.url,
    userAgent: req.headers['user-agent'],
    ip: req.ip,
  {{ '}' }});

  // Log response on finish
  res.on('finish', () => {{ '{' }}
    const duration = Date.now() - start;

    const logData = {{ '{' }}
      msg: 'Request completed',
      method: req.method,
      url: req.url,
      status: res.statusCode,
      duration,
    {{ '}' }};

    // Use appropriate log level based on status code
    if (res.statusCode >= 500) {{ '{' }}
      req.log.error(logData);
    {{ '}' }} else if (res.statusCode >= 400) {{ '{' }}
      req.log.warn(logData);
    {{ '}' }} else {{ '{' }}
      req.log.info(logData);
    {{ '}' }}
  {{ '}' }});

  next();
{{ '}' }}

// Error logger
export function logError(error: Error, context?: Record<string, any>) {{ '{' }}
  logger.error({{ '{' }}
    msg: error.message,
    error: {{ '{' }}
      name: error.name,
      message: error.message,
      stack: error.stack,
    {{ '}' }},
    ...context,
  {{ '}' }});
{{ '}' }}

Graceful Shutdown

Graceful shutdown allows the application to complete in-progress requests before terminating, avoiding data loss.

TypeScript - graceful-shutdown.ts

import {{ '{' }} Server {{ '}' }} from 'http';
import {{ '{' }} logger {{ '}' }} from './logger';
import {{ '{' }} db {{ '}' }} from './database';
import {{ '{' }} redis {{ '}' }} from './cache';

let isShuttingDown = false;

export function setupGracefulShutdown(server: Server) {{ '{' }}
  const shutdown = async (signal: string) => {{ '{' }}
    if (isShuttingDown) {{ '{' }}
      logger.warn('Shutdown already in progress, ignoring signal');
      return;
    {{ '}' }}

    isShuttingDown = true;
    logger.info(`Received #123;{ '{' }}signal{{ '}' }}, starting graceful shutdown...`);

    // Set a timeout for graceful shutdown
    const shutdownTimeout = setTimeout(() => {{ '{' }}
      logger.error('Graceful shutdown timed out, forcing exit');
      process.exit(1);
    {{ '}' }}, 30000); // 30 seconds timeout

    try {{ '{' }}
      // 1. Stop accepting new connections
      logger.info('Closing HTTP server...');
      await new Promise<void>((resolve, reject) => {{ '{' }}
        server.close((err) => {{ '{' }}
          if (err) reject(err);
          else resolve();
        {{ '}' }});
      {{ '}' }});
      logger.info('HTTP server closed');

      // 2. Close database connections
      logger.info('Closing database connections...');
      await db.disconnect();
      logger.info('Database connections closed');

      // 3. Close Redis connections
      logger.info('Closing Redis connections...');
      await redis.quit();
      logger.info('Redis connections closed');

      // 4. Cleanup complete
      clearTimeout(shutdownTimeout);
      logger.info('Graceful shutdown completed');
      process.exit(0);

    {{ '}' }} catch (error) {{ '{' }}
      logger.error('Error during graceful shutdown', {{ '{' }} error {{ '}' }});
      clearTimeout(shutdownTimeout);
      process.exit(1);
    {{ '}' }}
  {{ '}' }};

  // Handle different signals
  process.on('SIGTERM', () => shutdown('SIGTERM'));
  process.on('SIGINT', () => shutdown('SIGINT'));

  // Handle uncaught exceptions
  process.on('uncaughtException', (error) => {{ '{' }}
    logger.fatal('Uncaught exception', {{ '{' }} error {{ '}' }});
    shutdown('uncaughtException');
  {{ '}' }});

  // Handle unhandled rejections
  process.on('unhandledRejection', (reason, promise) => {{ '{' }}
    logger.fatal('Unhandled rejection', {{ '{' }} reason, promise {{ '}' }});
    shutdown('unhandledRejection');
  {{ '}' }});
{{ '}' }}

// Middleware to reject new requests during shutdown
export function shutdownMiddleware(req, res, next) {{ '{' }}
  if (isShuttingDown) {{ '{' }}
    res.status(503).json({{ '{' }}
      error: {{ '{' }}
        code: 'SERVICE_UNAVAILABLE',
        message: 'Server is shutting down',
      {{ '}' }},
    {{ '}' }});
    return;
  {{ '}' }}
  next();
{{ '}' }}

DevOps Best Practices

Anti-Patterns

Secrets in code
Build without cache
Images too large
Run as root
No health checks
No logging
Manual deployment
No rollback strategy

Best Practices

Secrets in environment/vault
Multi-stage build with cache
Alpine base, minimal layers
Non-root user in container
Health check configured
Structured logging (JSON)
Automated CI/CD
Blue-green / rolling deploy

Deploy Checklist

      Before Production Deploy
      All tests pass
Docker build works locally
Health check responds correctly
Secrets configured in environment
SSL/TLS configured
Database backup verified
Monitoring and alerting active
Rollback plan documented
Team notified of deploy
Changelog updated

    

Conclusion and Next Steps

A good DevOps setup makes deployment reliable, repeatable, and secure. With Docker, CI/CD, and proper monitoring, you can deploy with confidence knowing that any issues will be identified quickly.

Copilot can generate Docker configurations, CI/CD workflows, and monitoring code, but you must always verify and test before using them in production. The security and reliability of your system depends on your understanding of every component.

In the next and final article we'll see how to evolve the project over time: scalability, continuous refactoring, dependency management, advanced monitoring, and long-term maintenance.

Key Takeaways

Docker: Multi-stage build, non-root user, health check
Compose: Separate files for dev and prod
CI/CD: Automated tests, build, deploy with approval
Health: Endpoint for liveness and readiness probe
Logging: Structured (JSON), with correlation ID
Shutdown: Graceful to avoid data loss
Secrets: Never in code, always in environment
Verify: Always test before deploy

Area	Requirement	Verified
Security	Secrets in environment variables (not in code)
Security	HTTPS configured
Security	Rate limiting active
Security	CORS configured correctly
Performance	Optimized build (minification, tree-shaking)
Performance	Compression enabled (gzip/brotli)
Monitoring	Health check endpoint
Monitoring	Structured logging configured
Monitoring	Error tracking (Sentry, etc.)
Resilience	Graceful shutdown implemented
Resilience	Database connection pooling
Backup	Automated database backup