Skip to main content
There is a simplified deployment type without Kubernetes. This type is recommended for most new applications because it allows you to set up infrastructure faster and doesn’t require additional DevOps knowledge from the development team. You can switch to a more complex Kubernetes solution when your application will be at scale. It’s a step-by-step Ship deployment guide. We will use the Digital Ocean Apps and GitHub Actions for automated deployment. A DigitalOcean Managed PostgreSQL database and Redis Cloud for data storage, Cloudflare for DNS and SSL configuration and Pulumi for Infrastructure as Code. You need to create GitHub, Digital Ocean, CloudFlare and Redis Cloud accounts. Also, you need git and Node.js if you already haven’t.

Setup project

First, initialize your project. Type npx create-ship-app init in the terminal then choose desired build type and Digital Ocean Apps as a cloud service provider. 
npx @paralect/ship init
You will have the next project structure. 
/my-app
  /deploy
  /apps
    /web
    /api
  /.github
  ...
Create GitHub private repository and upload source code. Private repo 
cd my-app
git remote add origin https://github.com/Oigen43/my-app.git
git branch -M main
git push -u origin main

PostgreSQL

Ship runs on PostgreSQL via Drizzle ORM. Provision a DigitalOcean Managed PostgreSQL cluster for your app.

Database creation

  1. In the DigitalOcean Control Panel, open the Databases tab and click Create Database Cluster.
  2. Select PostgreSQL as the database engine.
  3. Choose a region. We recommend the same region you set in your Pulumi config to keep latency low.
  4. Select a plan. A basic single-node plan is enough for staging/demo environments. For production, pick a plan with standby nodes and automated backups.
  5. Name the cluster and click Create Database Cluster.

Connection

After the cluster is provisioned, open its Overview page and copy the connection string from the Connection Details section. This is your DATABASE_URL value in the form postgresql://user:password@host:port/dbname?sslmode=require. Save this value. You’ll add it to your Pulumi environment file in the next step.
The Pulumi program reads DATABASE_URL from your environment file and passes it to the API, migrator, and scheduler resources as a secret env var. If you prefer to manage the database with Pulumi as well, you can declare a digitalocean.DatabaseCluster resource with engine: "pg" and wire its uri output into DATABASE_URL instead of pasting the value by hand.
Before moving to production, enable automated backups on your PostgreSQL cluster.This ensures that you can reliably restore your data in the event of unforeseen circumstances.

Redis Cloud

Navigate to Redis Cloud and create an account. Select cloud provider and region, then press Let's start free to finish database creation. Redis create database Open database settings and get the database public endpoint and password. Redis public endpoint Redis password Form Redis connection string using public endpoint and password redis://:<password@<public-endpoint>. Save this value. It will be needed later when creating the app in Digital Ocean.

Environment variables

The APP_ENV environment variable is typically set based on the environment in which the application is running. Its value corresponds to the specific environment, such as “development”, “staging” or “production”. This variable helps the application identify its current environment and load the corresponding configuration. For the web application, by setting the environment variable APP_ENV, the application can determine the environment in which it is running and load the appropriate configuration file:
APP_ENVFile
development.env.development
staging.env.staging
production.env.production
These files hold the client config for each environment. The web app is built with Vite, so client-side variables are prefixed with VITE_ and read through import.meta.env (for example VITE_API_URL, VITE_WS_URL, VITE_WEB_URL). They are baked in at build time, so commit up-to-date values before you deploy. In contrast, the API utilizes a single .env file that houses its environment-specific configuration. This file typically contains variables like API keys, secrets, or other sensitive information. To ensure security, it’s crucial to add the .env file to the .gitignore file, preventing it from being tracked and committed to the repository. So just specify the environment variables that will contain the values of your secrets. For example, if you have a secret named API_KEY, create an environment variable named API_KEY and set the value of the corresponding secret for it. The API needs at least DATABASE_URL (your PostgreSQL connection string) and REDIS_URI (your Redis connection string).

Digital Ocean via Pulumi

Pulumi is an open-source Infrastructure as Code (IaC) platform that allows developers to define and provision cloud infrastructure using familiar programming languages.
Instead of using domain-specific languages or YAML templates, Pulumi leverages existing languages like TypeScript, Python, Go, and C#. The Ship Pulumi program defines the web app (TanStack Start), the API service, a pre-deploy migrator job that applies Drizzle migrations, and a scheduler worker. It injects DATABASE_URL and REDIS_URI into the API, migrator, and scheduler as secret env vars. Go to the /deploy directory at the root of your project and proceed to the next steps:
1

Pulumi CLI

Ensure you have Pulumi CLI installed.
After installing, verify everything is in working order by running the pulumi CLI:
pulumi version
2

Pulumi Login

Login in pulumi for managing your stacks:
pulumi login --local
3

DigitalOcean Tokens and Keys

Create your Personal Access Token and Access Keys for DigitalOcean
4

Configuring Tokens and Keys

Add DigitalOcean Personal Access Token and Access Keys to your configuration file: .zshrc or .bashrcFirst you’ll need to enter the .zshrc or .bashrc file in editing mode:
vi ~/.zshrc
Insert the following variables at the end of the configuration file:
# DigitalOcean start
export DIGITALOCEAN_TOKEN=dop_v1_...
export SPACES_ACCESS_KEY_ID=DO...
export SPACES_SECRET_ACCESS_KEY=...
# DigitalOcean end
To reflect the changes in the bash, either exit and launch the terminal again.Or use the command:
source ~/.zshrc
5

GitHub apps

Grant DigitalOcean access to your GitHub repository using this link.
6

Stack initialization

Initialize your stack using the command:
pulumi stack init organization/{project-name}/{environment}
Substitute {project-name} with the actual name of your project and make sure to update it in Pulumi.yaml file.
Replace {environment} with the desired environment: staging or production values are allowed.
7

App environments

Duplicate the .env.example file to create a new environment-specific file using the command:
cp .env.example .env.staging
Populate the new file with the necessary environment variables.
Ensure that you set the necessary variables in your web application. Edit the .env files accordingly and remember to push these changes to your remote repository.
8

Installing dependencies

Install the required dependencies using the command:
npm i
9

Resources creating

To create the resources in the initialized stack, execute the command:
pulumi up
Finally, you will observe the following output: Pulumi Preview Review the planned resource creation and proceed with the resource update. This process may take a few minutes to complete.

Cloudflare

Navigate to your Digital Ocean application and open Settings tab. Navigate to Domains row to open domain settings and copy starter domain of application. Digital Ocean domains Navigate to CloudFlare and sign into account.
  1. Go to DNS tab and create a new record.
  2. Click Add record. Select type CNAME, enter domain name (must be the same you entered in digital ocean settings) and paste alias into target field. Make sure Proxy status toggle enabled.
  3. Save changes
Cloudflare DNS Now go back to digital ocean and submit form. It usually takes about 5 minutes for digital ocean to confirm and start using your new domain. Once domain is confirmed, application can be accessed by new address.

GitHub Actions

You can find two GitHub actions in the .github/workflows folder, responsible for triggering deployment when you push changes in your repository. If you chose frontend or backend on the initialization step, you’ll have one github workflow for the selected application type. These actions require a Digital Ocean Personal Access Token and application ID. Respectively these are DO_ACCESS_TOKEN and DO_API_STAGING_APP_ID/DO_WEB_STAGING_APP_ID/DO_API_PRODUCTION_APP_ID/DO_WEB_PRODUCTION_APP_ID. Next, navigate to the Apps tab in the left sidebar and open your Digital Ocean application. You can find the id of your application id in the browser address bar. Do application id Now you can add these keys to your GitHub repository’s secrets. Navigate to the GitHub repository page, and open the Settings tab and these values. You have to be repository admin or owner to open this tab. Github secrets Done! Application deployed and can be accessed by provided domain. Deployed application

Logging (optional)

Build-in

Digital Ocean has built-in logs in raw format. It will gather all data that your apps will produce. In order to view them, follow these steps:
  1. Log in to your Digital Ocean account.
  2. Click on the Apps tab in the left-hand navigation menu.
  3. Click on the name of the app you want to view the logs for.
  4. Click on the Runtime Logs tab in the app dashboard.
  5. You will see a list of logs for different components of your app. Click on the component you want to view the logs for.
  6. You can filter the logs by time, severity, and component. Use the drop-down menus provided to select your filter criteria.
  7. You can also search for specific keywords in the logs by using the search bar at the top of the page.
Runtime built in logs screen

Integrations

Currently, Digital Ocean Apps supports only 3 integrations: PaperTrail, Logtail and Datadog. You can find detailed instructions on how to set up these logs at this link.

Example Integration Logtail

To configure Logtail follow these steps:
  1. Create account on Logtail
  2. Open Sources on the left sidebar.
  3. Create new source by clicking “Connect source” button
Logs Integrations logtail sources
  1. Select HTTP source and specify name for this connection
Logs Integrations Logtail connect
  1. Copy source token
Logs Integrations Logtail token
  1. Open Digital Ocean Apps
  2. Select Settings tab for your application
Logs Integrations Settings
  1. Select Log Forwarding and then press “Add Destination”
Logs Forwarding
  1. Fill information with token that we retrieved from Logtail
Logs Create Log Forward
  1. That’s it! In couple minutes your app will send the latest logs to Logtail
Logs Logtail Final View