Environments
Last reviewed: 2026-06-30
AppRanks uses separate Cloudflare and database resources per environment.
Promotion flow
Section titled “Promotion flow”- Pull requests deploy a review environment named
pr-<number>. - Merges to
mainautomatically deploy the merged SHA to staging. - Successful staging deployments automatically queue a production promotion for the same SHA.
- Production still runs through the GitHub
productionenvironment, so repository-level approval rules can stop the queued promotion before it reaches Cloudflare.
Production
Section titled “Production”- Admin/dashboard/docs Worker:
dashboard.appranks.com,docs.appranks.com - Runtime Worker: product/app runtime domains such as
api.scannerninja.com - Ingestion Worker:
ingestion.appranks.com - Runtime label:
prod
Staging
Section titled “Staging”- Admin/dashboard/docs Worker: staging admin host and
stg.docs.appranks.com - Runtime label:
staging - Automatically deployed from
mainby the promotion workflow. - Used for pre-production provider, dashboard and docs smoke tests.
PR Review
Section titled “PR Review”- Worker prefix:
appranks-pr-<number> - Docs URL:
https://pr-<number>.dev-appranks.com/docs - Neon branch:
appranks-pr-<number> - Review Workers: platform, admin, runtime and ingestion
- The workflow comments the platform, admin, docs, runtime and ingestion URLs on the PR.
The review workflow creates or reuses PR-scoped KV, queues, DLQs and R2 resources. PR docs default to custom domains under dev-appranks.com, which belongs to the testing Cloudflare account. Do not point review custom domains at appranks.com unless that zone is moved into the same account. To override the convention, set REVIEW_DOCS_HOST_TEMPLATE; if Cloudflare cannot attach the custom domain, the workflow retries without it and reports the admin Worker URL as the docs fallback.
Required Variables
Section titled “Required Variables”ENVIRONMENTRUNTIME_CONFIG_SOURCEDATABASE_BACKENDAPP_STORE_CONNECT_API_BASE_URLAPP_RUNTIME_CNAME_TARGET
Secrets such as admin tokens, credentials encryption keys, Postgres URLs and provider credentials must be configured as Worker secrets, never committed.