vmiller/Digital-Dabei-Hamburg-Job-Manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(07-03): create comprehensive deployment checklist

Browse Source 
- Server requirements (PHP, WordPress, memory limits)
- Required plugins (ACF Pro, Formidable Forms Pro, Elementor Pro, WP Mail SMTP)
- Plugin configuration (ACF fields, Formidable forms F1-F5, Elementor templates)
- Email configuration (SMTP setup, notification testing)
- Access control verification (pages, redirects)
- User roles and capabilities (ddhh_provider role)
- Action Scheduler monitoring (pending/complete/failed actions)
- Testing checklist (provider/mentor/admin flows from Phase 7)
- Security checklist (HTTPS, ownership validation, CSRF protection)
- Performance considerations (caching, query optimization)
- Backup strategy (pre-deployment, rollback plan)
- Post-deployment verification (smoke tests, functional tests, monitoring)
- Known issues documented (4 minor UX issues from Phase 7 testing)

File: .planning/phases/07-testing-polish/DEPLOYMENT-CHECKLIST.md
This commit is contained in:
Viktor Miller
2026-01-29 12:16:58 +09:00
parent 32ab4d3262
commit 4bc4d18f7b
1 changed files with 312 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

312
.planning/phases/07-testing-polish/DEPLOYMENT-CHECKLIST.md Normal file
View File

@@ -0,0 +1,312 @@
# Digital Dabei Job Manager - Deployment Checklist
This checklist ensures the plugin is ready for production deployment and all requirements are met.
## 1. Server Requirements
- [ ] **PHP Version:** 7.4 or higher (8.0+ recommended)
- [ ] **WordPress Version:** 6.0 or higher
- [ ] **PHP Memory Limit:** 256M minimum (512M recommended for Action Scheduler)
- [ ] **Max Execution Time:** 60 seconds minimum
- [ ] **HTTPS Enabled:** SSL certificate installed and active
- [ ] **WP Cron:** Enabled (required for Action Scheduler)
- [ ] **File Upload Limits:** 10MB minimum for logo uploads
## 2. Required Plugins
### Core Dependencies
- [ ] **Advanced Custom Fields (ACF) Pro:** License activated, all field groups imported
- [ ] **Formidable Forms Pro:** License activated, all forms (F1-F5) created
- [ ] **Elementor Pro:** License activated, templates configured
- [ ] **WP Mail SMTP:** Installed and configured for production email delivery
### Formidable Forms Add-ons
- [ ] Formidable Pro
- [ ] Form Action Automation (for post creation)
- [ ] User Registration Add-on (for provider registration)
## 3. Plugin Configuration
### ACF Field Groups
- [ ] **Job Details** field group exists
- [ ] `job_location` (text field)
- [ ] `job_type` (select: Vollzeit, Teilzeit, Minijob, Freelance/Projekt)
- [ ] `job_deadline` (date picker, return format: Ymd)
- [ ] `job_contact_email` (email field)
- [ ] **Job Deactivation** field group exists
- [ ] `deactivation_reason` (textarea)
- [ ] `deactivation_date` (date picker)
- [ ] **Job Metadata** field group exists
- [ ] `submission_date` (date picker, readonly)
- [ ] All field groups assigned to `job_offer` post type
- [ ] German labels display correctly in admin
### Formidable Forms (F1-F5)
- [ ] **F1: Provider Registration** (form key: `provider_registration`)
- [ ] Creates user with `ddhh_provider` role
- [ ] Required fields: email, password, Anbieter Name
- [ ] Auto-login after registration action configured
- [ ] Redirect to dashboard after registration
- [ ] **F2: Job Submission** (form key: `job_submission`)
- [ ] Creates `job_offer` post with `pending` status
- [ ] Maps all fields to ACF (title, content, location, type, deadline, contact email)
- [ ] Logo upload field (stores as attachment)
- [ ] Redirect to dashboard after submission
- [ ] **F3: Job Edit** (form key: `job_edit`)
- [ ] Loads existing job data via URL parameter
- [ ] Ownership validation via `frm_validate_entry` hook
- [ ] Preserves submission date on update
- [ ] Resets status to `pending` after edit
- [ ] **F4: Job Deactivation** (form key: `job_deactivation`)
- [ ] Loads existing job data via URL parameter
- [ ] Ownership validation
- [ ] Sets status to `draft`
- [ ] Captures deactivation reason in ACF field
- [ ] **F5: Job Application** (form key: `job_application`)
- [ ] Pre-fills mentor email if logged in
- [ ] Sends application to provider's contact email
- [ ] Stays on job detail page after submission
### Elementor Templates
- [ ] Job archive page (`/jobangebote/`) configured with Loop Grid
- [ ] Single job template displays ACF fields dynamically
- [ ] Contact form modal displays on single job pages
- [ ] Templates use German labels and formatting
### User Notification Opt-in
- [ ] Mentor users can opt-in to job notifications
- [ ] User meta key: `ddhh_jm_notification_optin` (value: 'yes')
- [ ] Opt-in setting accessible via profile/account page
## 4. Email Configuration
### WP Mail SMTP Production Setup
- [ ] SMTP provider configured (Gmail, SendGrid, AWS SES, etc.)
- [ ] SMTP credentials entered and tested
- [ ] "From Email" set to verified sender address
- [ ] "From Name" set appropriately (e.g., "Digital Dabei Hamburg")
- [ ] Test email sent successfully from WP Mail SMTP settings
### Email Verification
- [ ] **Admin email** (WordPress Settings → General) is correct
- [ ] Admin receives test notification emails
- [ ] Provider receives test notification emails
- [ ] Mentor receives test notification emails
- [ ] Email templates display correctly (HTML formatting)
- [ ] German text displays correctly (no character encoding issues)
### Notification Testing
- [ ] Job submission triggers admin notification
- [ ] Job edit triggers admin notification with change summary
- [ ] Job deactivation triggers admin notification with reason
- [ ] Job publish triggers mentor notification (async batches)
- [ ] Job application triggers provider notification
- [ ] All email links are clickable and work correctly
## 5. Access Control
### Required Pages
- [ ] `/anbieter-login/` page exists with login/registration forms
- [ ] `/anbieter-dashboard/` page exists with `[ddhh_provider_dashboard]` shortcode
- [ ] Page IDs stored in options: `ddhh_jm_login_page_id`, `ddhh_jm_dashboard_page_id`
- [ ] Pages are published and accessible
### Redirect Testing
- [ ] Providers attempting WP-Admin access redirected to dashboard
- [ ] Exception: `profile.php` accessible for providers
- [ ] Exception: `admin-ajax.php` accessible for AJAX
- [ ] Non-logged-in users accessing dashboard redirected to login page
- [ ] Non-logged-in users accessing job archive redirected to login page
- [ ] Non-logged-in users accessing single job redirected to login page
## 6. User Roles & Capabilities
### ddhh_provider Role
- [ ] Role exists in WordPress
- [ ] Capabilities configured:
- [ ] `read` (can access WordPress)
- [ ] `edit_job_offers` (can edit their own jobs)
- [ ] `delete_job_offers` (can delete their own jobs)
- [ ] `read_job_offer` (can read published jobs)
- [ ] No `publish_job_offers` capability (enforces pending status)
### Test Users
- [ ] Test provider account created and can log in
- [ ] Test mentor account (subscriber role) created and can log in
- [ ] Test admin account can access all features
- [ ] Provider can only edit/delete their own jobs (not others')
- [ ] Provider cannot access WP-Admin (except profile.php)
## 7. Action Scheduler
### Verification
- [ ] Visit: `/wp-admin/tools.php?page=action-scheduler`
- [ ] Action Scheduler page loads without errors
- [ ] WP Cron is running (check via WP-Cron Control plugin or server cron)
- [ ] Alternative: Server cron configured to trigger `wp-cron.php` every 5 minutes
### Monitoring
- [ ] Check "Pending" tab for queued email batches
- [ ] Check "Complete" tab for successfully processed batches
- [ ] Check "Failed" tab for errors (should be empty)
- [ ] Review logs for "Scheduled X notification batches" messages
- [ ] Review logs for "Processed notification batch" messages
- [ ] No PHP errors or warnings in error logs
### Performance
- [ ] Email batches process in chunks of 50 users (rate limiting)
- [ ] No timeout errors during batch processing
- [ ] Batch actions complete within reasonable time (< 30 seconds per batch)
## 8. Testing Checklist
### Provider Flow (See Plan 07-01)
- [ ] Registration creates provider account successfully
- [ ] Auto-login after registration works
- [ ] Redirect to dashboard after registration works
- [ ] Job submission creates pending post with all fields
- [ ] Logo upload and display works
- [ ] Dashboard displays submitted jobs with correct status
- [ ] Edit form loads job data correctly
- [ ] Edit saves changes and resets status to pending
- [ ] Deactivation sets status to draft and captures reason
- [ ] Provider can view their own jobs in dashboard
- [ ] Logout functionality available
### Mentor Flow (See Plan 07-02)
- [ ] Job archive displays published jobs only
- [ ] Login required to access job archive
- [ ] Single job page displays all details correctly
- [ ] Contact form modal displays on single job pages
- [ ] Application form submits successfully
- [ ] Provider receives application notification
- [ ] Notification opt-in preference saves correctly
- [ ] Opted-in mentors receive job publish notifications
### Admin Flow (See Plan 07-03)
- [ ] Admin job list displays custom columns (Eingereicht am, Standort, Art)
- [ ] Custom columns are sortable
- [ ] Pending jobs visible in admin list
- [ ] Admin can change status from pending to published
- [ ] Admin can reject jobs (set to draft)
- [ ] Admin receives submission notification with edit link
- [ ] Admin receives edit notification with change summary
- [ ] Admin receives deactivation notification with reason
- [ ] Email links are clickable and work correctly
## 9. Security Checklist
- [ ] **HTTPS Enabled:** All pages served over SSL
- [ ] **User Enumeration:** Blocked via security plugin or .htaccess
- [ ] **File Upload Restrictions:** Only image files allowed for logos
- [ ] **Ownership Validation:** Forms validate user owns job before editing/deactivation
- [ ] **Capability Checks:** All admin functions check user capabilities
- [ ] **Nonce Verification:** Formidable forms use nonces for CSRF protection
- [ ] **SQL Injection:** All queries use prepared statements (WordPress core)
- [ ] **XSS Protection:** All output escaped via `esc_html()`, `esc_url()`, etc.
- [ ] **Password Strength:** WordPress default password strength enforced
- [ ] **Admin Access:** Providers cannot access WP-Admin backend
## 10. Performance
- [ ] **Query Optimization:** Custom columns use efficient queries (no N+1 issues)
- [ ] **Image Optimization:** Logos auto-cropped to 200x200px on upload
- [ ] **Caching:** Object caching enabled if high traffic expected (Redis, Memcached)
- [ ] **CDN:** Consider CDN for static assets if high traffic
- [ ] **Database Indexes:** ACF meta keys indexed for fast sorting
- [ ] **Action Scheduler Cleanup:** Old completed actions cleaned up regularly (90-day retention)
## 11. Backup Strategy
### Pre-Deployment
- [ ] **Full Database Backup:** Export complete database before plugin activation
- [ ] **File System Backup:** Backup entire WordPress installation
- [ ] **Test Restore:** Verify backup can be restored successfully
- [ ] **Backup Storage:** Store backups in secure, offsite location
### Rollback Plan
- [ ] Document rollback procedure (deactivate plugin, restore database)
- [ ] Identify rollback trigger criteria (critical bugs, data loss)
- [ ] Assign rollback decision authority (who can authorize rollback)
- [ ] Test rollback procedure in staging environment
## 12. Post-Deployment Verification
### Smoke Tests (Within 1 hour)
- [ ] WordPress admin loads without errors
- [ ] Plugin appears in active plugins list
- [ ] Job archive page loads
- [ ] Single job page loads
- [ ] Provider login page loads
- [ ] Provider dashboard loads
- [ ] No fatal PHP errors in error logs
### Functional Tests (Within 24 hours)
- [ ] Provider registration creates account
- [ ] Job submission creates pending post
- [ ] Admin receives submission notification
- [ ] Admin can publish job
- [ ] Mentors receive publish notification (check Action Scheduler)
- [ ] Mentor can apply to job
- [ ] Provider receives application notification
- [ ] Job edit works correctly
- [ ] Job deactivation works correctly
### Monitoring (First 7 days)
- [ ] Monitor error logs daily for PHP warnings/errors
- [ ] Check Action Scheduler for failed actions daily
- [ ] Review email delivery logs for bounces/failures
- [ ] Monitor server performance (CPU, memory, database queries)
- [ ] Collect user feedback on any issues or confusion
- [ ] Track job submission rate and mentor engagement
## Issues Found During Testing
### Known Issues (Phase 7 Testing)
**Issue 1: No logout option on /anbieter-login/ page**
- **Severity:** Low (UX improvement)
- **Impact:** Minor confusion for logged-in providers
- **Status:** Documented, recommended fix for future update
**Issue 2: Admin submission email missing job description**
- **Severity:** Medium (reduces notification usefulness)
- **Impact:** Admin must click through to WP-Admin to read description
- **Status:** Documented, recommended fix for future update
**Issue 3: Deactivation reason not displayed in admin notification**
- **Severity:** Medium (reduces business intelligence)
- **Impact:** Admin loses visibility into deactivation reasons via email
- **Status:** Documented, recommended fix for future update
**Issue 4: Admin email edit links not clickable**
- **Severity:** Medium (reduces notification usefulness)
- **Impact:** Admin cannot click edit link, must copy/paste URL
- **Status:** Documented, recommended fix for future update
## Support Resources
- **Plugin Documentation:** `.planning/PROJECT.md`, `CLAUDE.md`
- **Test Results:** `.planning/phases/07-testing-polish/` (07-01, 07-02, 07-03 summaries)
- **Architecture Reference:** `CLAUDE.md` (subsystems, workflows, hooks)
- **Action Scheduler Docs:** https://actionscheduler.org/
- **ACF Documentation:** https://www.advancedcustomfields.com/resources/
- **Formidable Forms Docs:** https://formidableforms.com/knowledgebase/
## Sign-Off
- [ ] **Technical Review:** All checklist items verified by developer
- [ ] **QA Testing:** All user flows tested end-to-end
- [ ] **Stakeholder Approval:** Product owner approves deployment
- [ ] **Deployment Window:** Scheduled deployment time confirmed
- [ ] **Team Notification:** All stakeholders notified of deployment
**Deployment Date:** _________________
**Deployed By:** _________________
**Verified By:** _________________
---
**Status:** Ready for production deployment with 4 minor UX issues documented for future updates.