Rollout Strategy - SoenCapstone/GameOn GitHub Wiki

a. Security

The rollout plan focuses on keeping all user data, tokens, and system information secure during deployment and public operation.

All sensitive credentials (API keys, database URLs, Clerk tokens, AWS credentials) are stored securely using environment variables and GitHub Secrets.
The backend is fully deployed on AWS EC2, with all services communicating over HTTPS to protect data in transit.
Clerk manages user authentication and ensures only verified users can access protected resources.
Role-Based Access Control (RBAC) is enforced across the platform to restrict actions based on user roles (Admin, Coach, Player).

All seven microservices run inside isolated Docker containers on EC2 instances and are orchestrated using Docker Compose, reducing the attack surface and limiting blast radius between services.
A public-facing API Gateway (Spring Boot) routes all external traffic, validates authentication tokens, and enforces permissions before forwarding requests to the Go-based microservices.

Security tooling includes:

  • Dependabot for vulnerable dependency detection
  • CodeQL for static security analysis
  • AWS Security Groups to restrict inbound and outbound traffic to required ports only

Main Risk:
Exposing services through a public API and managing credentials across cloud infrastructure.

Mitigation:
All services are only accessible through the API Gateway, which performs authentication and authorization checks on every request.
Secrets are never hardcoded and are injected at runtime.
AWS security rules restrict direct access to EC2 services, significantly reducing the risk of unauthorized access or credential leakage.

b. Performance

The goal is to ensure GameOn performs reliably and scales smoothly under real-world usage.

The backend is fully deployed on AWS EC2, benefiting from cloud reliability and consistent performance.
All microservices are containerized using Docker and orchestrated via Docker Compose, ensuring predictable startup and service communication.
The API Gateway optimizes request routing and reduces unnecessary network overhead.
Each Go microservice is designed to be lightweight, fast, and independently scalable.

Performance testing and optimization tools include:

  • JMeter for load and concurrency testing
  • GitHub Actions for automated testing (unit, integration, end-to-end)
  • SonarCloud for performance, code quality, and coverage analysis

On the frontend, React Native / Expo uses optimized builds and lazy loading to improve startup time and responsiveness.

Benchmark Target:

  • Support 100+ concurrent users
  • Maintain average API response times under 500 ms during load testing

c. Deployment Plan

Deployment follows a structured and cloud-ready process to ensure stability, security, and scalability.

The backend is fully deployed on AWS EC2, with a microservices architecture exposed through a public API.

Deployment Architecture

  • Fully deployed backend on AWS EC2
  • 7 microservices
  • All services containerized using Docker
  • Orchestrated using Docker Compose
  • Publicly accessible via API Gateway

Deployment Workflow

1. Branch Creation
Developers work on isolated feature or fix branches (e.g., feature/payments, fix/invite-flow) to keep the main branch stable.

2. Pull Request (PR)
When ready, a PR is opened against main with:

  • Clear description
  • Linked issue
  • Testing notes or screenshots when applicable

3. Automated Checks
GitHub Actions automatically runs:

  • Unit and integration tests (Go + Spring Boot)
  • Frontend tests (Jest, Cypress)
  • Security and quality checks (SonarCloud, CodeQL)

PRs cannot be merged unless all checks pass.

4. Code Review & Approval
Each PR must be reviewed and approved by at least one teammate to ensure quality, consistency, and shared understanding.

5. Deployment to AWS EC2
After merging to main:

  • Docker images are built
  • Containers are deployed to AWS EC2
  • Services are started using Docker Compose
  • The public API Gateway exposes the backend endpoints

Release Plans

Each release stage validates the system progressively and supports adoption growth.

1. Stakeholder Release (Milestone Sign-Off)
Each major milestone is deployed to AWS and shared with stakeholders for validation and approval.

2. Friends & Family Release
An early cloud-based release for close testers and classmates to collect quick usability and flow feedback.

3. Alpha Release (Trusted Testers)
Limited access to trusted testers to validate:

  • Authentication and RBAC
  • Team creation and messaging
  • Payments and public league flows

4. Beta Release (Early Users)
Expanded release to selected external users to test performance, reliability, and real-world usage on AWS infrastructure.

5. Full Release
Final production-ready deployment of GameOn, incorporating all feedback and optimizations.

Rollout & Growth Strategy

To encourage adoption and real-world usage:

  • Partner with advertisement agencies or sports organizations interested in amateur and semi-professional leagues
  • Offer free “Pro tokens” to student sports organizations as an incentive to onboard teams
  • Provide limited-time Pro feature trials to well-known teams or leagues to showcase platform value

These strategies help drive early adoption while gathering meaningful feedback from real users.

Monitoring After Release

After deployment to AWS:

  • Service logs are monitored through Docker Compose logs
  • CI/CD results are tracked via GitHub Actions
  • API behavior and errors are reviewed regularly to ensure system stability

Rollback Plan

If an issue occurs after deployment:

  • The system is reverted to the last stable Docker image and Git commit
  • The issue is fixed in a new branch
  • A new PR is created and redeployed through the same pipeline

This ensures the production environment remains stable at all times.

Deployment and Release Diagram