Deployment Best Practices
A condensed summary of the 25 most important deployment practices drawn from every page in this section.
-
Tag release commits: Every deploy maps to immutable git tag (Deploying Programs).
-
anchor test before deploy: Full matrix green on RC tag.
-
solana-verify in CI: Block release on hash mismatch (Verifiable Builds).
-
Archive every .so:
releases/<version>/retention for rollback. -
dry-run deploy cost:
solana program deploy --dry-runon target cluster. -
Cluster sanity check:
solana config getbefore CLI deploy. -
Program ID sync:
anchor keys syncmatchesdeclare_id!. -
Devnet rehearsal: Same pipeline on devnet before mainnet.
-
Publish hash attestation: README + audit doc with
{program_id, hash, commit}. -
Post-deploy hash verify:
get-program-hashequals CI artifact. -
Multisig before TVL: Transfer upgrade authority to Squads (Governance).
-
No hot wallet mainnet authority: Deployer transfers authority immediately post-deploy.
-
Proposal template: Hash, tests, risk, rollback plan required for upgrades.
-
Timelock on governance: 24-72h for community reaction on upgrades.
-
Immutable only deliberately:
--finalafter bake + audit (Immutable). -
Rollback drill quarterly: Devnet bad deploy + revert exercise.
-
Incident runbook: Dump, rollback, verify, communicate (Rollbacks).
-
Close stale buffers: Reclaim rent after deploy.
-
Pin Agave 4.1.1 toolchain: Build matches validator BPF loader.
-
Document upgrade authority: Public
program showauthority matches docs. -
No config edits in deploy scripts: Keep keys in secret manager.
-
Separate devnet/mainnet keypairs: Prevent wrong-cluster fat-finger.
-
Monitor upgrade slots: Alert on unexpected program data changes.
-
State migration plan: Breaking layouts ship migration ix, not blind upgrade.
-
Audit diff scope: Provide commit range since last audited tag for upgrades.
FAQs
Minimum mainnet checklist?
Tests pass, verify hash, devnet smoke, multisig authority, post-deploy hash check, public attestation.
When to revoke authority?
After extended bake, audits, and governance vote - not day one.
Top deploy mistake?
Deploying unverified artifact with hot wallet upgrade authority on production TVL.
Related
- Deployment Basics - section entry
- Program Upgrades - upgrade flow
- Security Best Practices - secure code
- Testing Best Practices - pre-deploy tests
Stack versions: This page was written for Agave 4.1.1, Solana CLI 3.0.10, Anchor 0.32.1, anchor-lang 0.32.1, Rust 1.91.1, @solana/kit 7.0.0, Surfpool 0.12.0, and LiteSVM 0.6.x.