CI/CD, Health Checks, and Production Readiness Checklist

CI/CD, Health Checks, and Production Readiness Checklist

A REST API is production-ready not when it works on your laptop, but when it can be deployed automatically, monitored continuously, and recovered gracefully from failures. This final lesson covers the operational practices professional engineering teams use to run APIs reliably at scale.

Health Check Endpoints

app.get('/health', async (req, res) => {
  const dbStatus = mongoose.connection.readyState === 1 ? 'healthy' : 'unhealthy';
  const redisStatus = await redisClient.ping() === 'PONG' ? 'healthy' : 'unhealthy';
  const status = dbStatus === 'healthy' && redisStatus === 'healthy' ? 200 : 503;

  res.status(status).json({
    status: status === 200 ? 'healthy' : 'degraded',
    timestamp: new Date().toISOString(),
    version: process.env.npm_package_version,
    dependencies: { database: dbStatus, cache: redisStatus }
  });
});

Graceful Shutdown

const shutdown = async (signal) => {
  logger.info(`${signal} received, shutting down gracefully`);
  server.close(async () => {
    await mongoose.connection.close();
    await redisClient.quit();
    logger.info('Shutdown complete');
    process.exit(0);
  });
  setTimeout(() => process.exit(1), 30000);
};

process.on('SIGTERM', () => shutdown('SIGTERM'));
process.on('SIGINT', () => shutdown('SIGINT'));

Production Readiness Checklist

Before deploying to production, verify: all secrets in environment variables (not code), HTTPS enforced, security headers set (helmet), CORS configured with whitelist, rate limiting enabled on all endpoints, input validation and sanitization on all inputs, centralized error handling with no stack traces in responses, structured JSON logging with correlation IDs, error monitoring configured (Sentry), health check endpoint operational, database connection pooling configured, response compression enabled, Docker image builds successfully, all tests passing with 80% coverage, and OpenAPI documentation up to date.