The "It Works on My Machine" Problem at Scale
March 5, 20263 min read10 views
environment parity
devops
developer experience
containerization
docker
kubernetes
infrastructure as code
ci cd
reproducible builds
cloud architecture
scalable systems
configuration management
platform engineering
The "It Works on My Machine" Problem at Scale
How environment parity breaks down in large teams — and why environment strategy is an architectural concern, not a DevOps afterthought
The Scene
It's 2 AM. Production is down. The on-call engineer has identified the bug and pushed a fix. It passes all tests. CI is green. They deploy to staging.
It works perfectly.
They deploy to production.
It breaks immediately.
"But it worked on staging!" they exclaim, as their phone lights up with PagerDuty alerts.
Sound familiar? This isn't a process failure or a testing gap. It's an environment parity problem, and it gets exponentially worse as your team grows.
Why Environment Parity Breaks Down
┌─────────────────────────────────────────────────────────────────────────────┐
│ THE ENVIRONMENT DRIFT LIFECYCLE │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Day 1: Perfect Parity │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Dev │ ═══│ Staging │ ═══│ QA │ ═══│ Prod │ │
│ │ 100% │ │ 100% │ │ 100% │ │ 100% │ │
│ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │
│ │
│ Month 3: "Small" Divergences │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Dev │ │ Staging │ │ QA │ │ Prod │ │
│ │ Node 18 │ │ Node 18 │ │ Node 16 │ │ Node 18 │ │
│ │ 8GB RAM │ │ 4GB RAM │ │ 2GB RAM │ │ 32GB RAM │ │
│ │ no SSL │ │ self-sign│ │ self-sign│ │ real SSL │ │
│ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │
│ │
│ Year 1: "It Works on My Machine" │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Dev │ │ Staging │ │ QA │ │ Prod │ │
│ │ 47 devs │ │ outdated │ │ "broken" │ │ mystery │ │
│ │ 47 setups│ │ data │ │ ignored │ │ config │ │
│ │ works* │ │ works** │ │ works*** │ │ crashes │ │
│ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │
│ │
│ * For some definitions of "works" │
│ ** If you don't test payments │
│ *** Nobody actually deploys here anymore │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
The Root Causes
┌─────────────────────────────────────────────────────────────────────────────┐
│ WHY ENVIRONMENTS DRIFT │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ 1. Configuration Proliferation │
│ • Environment variables scattered across files, dashboards, secrets │
│ • "Just add this flag to staging" accumulates │
│ • Nobody knows the complete configuration anymore │
│ │
│ 2. Infrastructure Divergence │
│ • Dev uses SQLite, prod uses PostgreSQL │
│ • Staging has 1 replica, prod has 12 │
│ • Different cloud regions, different latencies │
│ │
│ 3. Data Asymmetry │
│ • Dev has 100 users, prod has 10 million │
│ • Staging data is 2 years old │
│ • Edge cases only exist in production │
│ │
│ 4. Dependency Version Drift │
│ • Dev upgraded to npm package 2.0 │
│ • Staging is still on 1.8 │
│ • Production is on 1.9 "because 2.0 had issues" │
│ │
│ 5. Secret and Credential Differences │
│ • Dev uses test API keys (different rate limits) │
│ • Staging uses shared sandbox accounts │
│ • Production has real credentials (different behaviors) │
│ │
│ 6. Network Topology Variations │
│ • Dev talks to services directly │
│ • Staging goes through one load balancer │
│ • Production has CDN, WAF, multiple LBs, service mesh │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Docker: Solving 60% of the Problem
Docker helps, but it's not a silver bullet. Here's what it actually solves:
What Docker Fixes
# Dockerfile - The application runtime is now consistent
FROM node:20-alpine AS base
WORKDIR /app
# Dependencies locked to exact versions
COPY package.json package-lock.json ./
RUN npm ci --only=production
# Application code
COPY . .
# Same build process everywhere
RUN npm run build
# Same runtime configuration baseline
ENV NODE_ENV=production
EXPOSE 3000
CMD ["node", "dist/server.js"]
# docker-compose.yml - Local matches production topology
version: '3.8'
services:
app:
build: .
ports:
- "3000:3000"
environment:
- DATABASE_URL=postgres://postgres:postgres@db:5432/app
- REDIS_URL=redis://redis:6379
- NODE_ENV=development
depends_on:
- db
- redis
db:
image: postgres:15 # Same version as production
environment:
POSTGRES_DB: app
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
redis:
image: redis:7-alpine # Same version as production
volumes:
- redis_data:/data
volumes:
postgres_data:
redis_data:
What Docker Doesn't Fix
┌─────────────────────────────────────────────────────────────────────────────┐
│ DOCKER'S LIMITATIONS │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Still Different: │
│ ┌─────────────────────────────────────────────────────────────────┐ │
│ │ • Environment variables (the actual values) │ │
│ │ • Secrets and API keys │ │
│ │ • Network latency and topology │ │
│ │ • Scale (1 container vs 50 containers) │ │
│ │ • Data (empty DB vs 10TB of production data) │ │
│ │ • Third-party service sandboxes vs production │ │
│ │ • Resource limits (8GB laptop vs 256GB server) │ │
│ │ • DNS resolution, service discovery │ │
│ │ • SSL/TLS termination │ │
│ │ • Load balancer behavior │ │
│ └─────────────────────────────────────────────────────────────────┘ │
│ │
│ Docker ensures: Same code runs the same way │
│ Docker doesn't ensure: Same code behaves the same way │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Configuration as Code: The Foundation
The Configuration Hierarchy
// config/index.ts - Configuration with clear precedence
import { z } from 'zod';
// 1. Define the complete configuration schema
const ConfigSchema = z.object({
// Application
app: z.object({
name: z.string().default('my-app'),
environment: z.enum(['development', 'staging', 'production']),
port: z.number().default(3000),
logLevel: z.enum(['debug', 'info', 'warn', 'error']).default('info'),
}),
// Database
database: z.object({
url: z.string(),
poolSize: z.number().default(10),
ssl: z.boolean().default(false),
connectionTimeout: z.number().default(5000),
}),
// Redis
redis: z.object({
url: z.string(),
keyPrefix: z.string().default('app:'),
}),
// External Services
services: z.object({
paymentGateway: z.object({
url: z.string(),
apiKey: z.string(),
timeout: z.number().default(10000),
}),
emailService: z.object({
url: z.string(),
apiKey: z.string(),
fromAddress: z.string(),
}),
}),
// Feature Flags (defaults, overridden by feature flag service)
features: z.object({
newCheckoutFlow: z.boolean().default(false),
betaFeatures: z.boolean().default(false),
maintenanceMode: z.boolean().default(false),
}),
});
type Config = z.infer<typeof ConfigSchema>;
// 2. Load configuration with clear precedence
function loadConfig(): Config {
// Precedence: env vars > env-specific file > defaults
const env = process.env.NODE_ENV || 'development';
// Load base config
const baseConfig = loadYaml('./config/base.yaml');
// Load environment-specific overrides
const envConfig = loadYaml(`./config/${env}.yaml`);
// Merge with environment variables taking precedence
const merged = deepMerge(baseConfig, envConfig, loadEnvVars());
// Validate and return
return ConfigSchema.parse(merged);
}
// 3. Environment variable mapping
function loadEnvVars(): Partial<Config> {
return {
app: {
environment: process.env.NODE_ENV as any,
port: process.env.PORT ? parseInt(process.env.PORT) : undefined,
logLevel: process.env.LOG_LEVEL as any,
},
database: {
url: process.env.DATABASE_URL,
poolSize: process.env.DB_POOL_SIZE
? parseInt(process.env.DB_POOL_SIZE)
: undefined,
},
redis: {
url: process.env.REDIS_URL,
},
services: {
paymentGateway: {
url: process.env.PAYMENT_GATEWAY_URL,
apiKey: process.env.PAYMENT_GATEWAY_API_KEY,
},
emailService: {
url: process.env.EMAIL_SERVICE_URL,
apiKey: process.env.EMAIL_SERVICE_API_KEY,
},
},
};
}
export const config = loadConfig();
Environment-Specific Configuration Files
# config/base.yaml - Shared defaults
app:
name: my-app
port: 3000
logLevel: info
database:
poolSize: 10
connectionTimeout: 5000
redis:
keyPrefix: "app:"
services:
paymentGateway:
timeout: 10000
emailService:
fromAddress: "noreply@example.com"
features:
newCheckoutFlow: false
betaFeatures: false
maintenanceMode: false
# config/development.yaml - Local development
app:
logLevel: debug
database:
url: postgres://postgres:postgres@localhost:5432/app_dev
ssl: false
poolSize: 5
redis:
url: redis://localhost:6379
services:
paymentGateway:
url: https://sandbox.payment.example.com
emailService:
url: https://sandbox.email.example.com
features:
newCheckoutFlow: true # Test new features locally
betaFeatures: true
# config/staging.yaml - Staging environment
app:
logLevel: info
database:
ssl: true
poolSize: 10
features:
newCheckoutFlow: true # Test before production
betaFeatures: true
# config/production.yaml - Production environment
app:
logLevel: warn
database:
ssl: true
poolSize: 50
connectionTimeout: 3000 # Faster timeout in prod
features:
newCheckoutFlow: false # Controlled by feature flags
betaFeatures: false
maintenanceMode: false
Feature Flags: Decoupling Deploy from Release
Feature flags are essential for environment parity because they let you deploy the same code everywhere while controlling behavior dynamically.
Feature Flag Architecture
┌─────────────────────────────────────────────────────────────────────────────┐
│ FEATURE FLAG ARCHITECTURE │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────────┐ │
│ │ Flag Management │ │
│ │ Dashboard │ │
│ └──────────┬──────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────┐ │
│ │ Feature Flag │ │
│ │ Service │ │
│ │ (LaunchDarkly, │ │
│ │ Unleash, custom) │ │
│ └──────────┬──────────┘ │
│ │ │
│ ┌───────────────────────┼───────────────────────┐ │
│ │ │ │ │
│ ▼ ▼ ▼ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Development │ │ Staging │ │ Production │ │
│ │ │ │ │ │ │ │
│ │ All flags │ │ Test flags │ │ Controlled │ │
│ │ enabled │ │ before prod │ │ rollout │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │
│ Same code deployed everywhere, different flag values per environment │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Implementing Feature Flags
// features/feature-flags.ts
interface FeatureFlag {
key: string;
defaultValue: boolean;
description: string;
// Optional targeting rules
rules?: TargetingRule[];
}
interface TargetingRule {
attribute: string;
operator: 'equals' | 'contains' | 'percentage';
value: string | number;
result: boolean;
}
interface EvaluationContext {
userId?: string;
email?: string;
environment: string;
userAttributes?: Record<string, any>;
}
class FeatureFlagService {
private flags: Map<string, FeatureFlag> = new Map();
private overrides: Map<string, boolean> = new Map();
constructor(
private remoteService?: RemoteFeatureFlagService,
private cache?: CacheService
) {}
// Register flag definitions
register(flag: FeatureFlag): void {
this.flags.set(flag.key, flag);
}
// Evaluate a flag for a given context
async isEnabled(key: string, context: EvaluationContext): Promise<boolean> {
// Check local overrides first (for testing)
if (this.overrides.has(key)) {
return this.overrides.get(key)!;
}
// Check cache
const cacheKey = `flag:${key}:${this.hashContext(context)}`;
const cached = await this.cache?.get(cacheKey);
if (cached !== undefined) {
return cached === 'true';
}
// Check remote service
if (this.remoteService) {
try {
const value = await this.remoteService.evaluate(key, context);
await this.cache?.set(cacheKey, String(value), 60); // 60s cache
return value;
} catch (error) {
// Fall through to local evaluation on error
console.warn(`Remote flag evaluation failed for ${key}:`, error);
}
}
// Local evaluation
return this.evaluateLocally(key, context);
}
private evaluateLocally(key: string, context: EvaluationContext): boolean {
const flag = this.flags.get(key);
if (!flag) {
console.warn(`Unknown feature flag: ${key}`);
return false;
}
// Evaluate targeting rules
if (flag.rules) {
for (const rule of flag.rules) {
if (this.evaluateRule(rule, context)) {
return rule.result;
}
}
}
return flag.defaultValue;
}
private evaluateRule(rule: TargetingRule, context: EvaluationContext): boolean {
const value = this.getContextValue(rule.attribute, context);
switch (rule.operator) {
case 'equals':
return value === rule.value;
case 'contains':
return String(value).includes(String(rule.value));
case 'percentage':
// Deterministic percentage based on user ID
const hash = this.hashString(context.userId || 'anonymous');
return (hash % 100) < (rule.value as number);
default:
return false;
}
}
// For testing - override flags locally
setOverride(key: string, value: boolean): void {
this.overrides.set(key, value);
}
clearOverrides(): void {
this.overrides.clear();
}
}
// Usage
const featureFlags = new FeatureFlagService(remoteFlagService, cacheService);
// Register flags
featureFlags.register({
key: 'new-checkout-flow',
defaultValue: false,
description: 'Enable the redesigned checkout flow',
rules: [
// Enable for all internal users
{
attribute: 'email',
operator: 'contains',
value: '@company.com',
result: true
},
// Enable for 10% of external users
{
attribute: 'userId',
operator: 'percentage',
value: 10,
result: true
}
]
});
// In your code
async function handleCheckout(user: User, cart: Cart) {
const context = {
userId: user.id,
email: user.email,
environment: config.app.environment
};
if (await featureFlags.isEnabled('new-checkout-flow', context)) {
return newCheckoutFlow(user, cart);
} else {
return legacyCheckoutFlow(user, cart);
}
}
Feature Flag Categories
// features/flag-definitions.ts
// 1. Release Flags - Temporary, removed after full rollout
const releaseFlags = [
{
key: 'new-checkout-flow',
defaultValue: false,
description: 'Redesigned checkout with Apple Pay',
owner: 'payments-team',
plannedRemoval: '2024-Q2'
},
{
key: 'v2-search-algorithm',
defaultValue: false,
description: 'ML-powered search ranking',
owner: 'search-team',
plannedRemoval: '2024-Q1'
}
];
// 2. Ops Flags - Long-lived, control operational behavior
const opsFlags = [
{
key: 'maintenance-mode',
defaultValue: false,
description: 'Show maintenance page, disable writes'
},
{
key: 'read-only-mode',
defaultValue: false,
description: 'Disable all write operations'
},
{
key: 'circuit-breaker-manual-open',
defaultValue: false,
description: 'Manually open circuit to payment service'
}
];
// 3. Experiment Flags - A/B testing
const experimentFlags = [
{
key: 'exp-pricing-page-v2',
defaultValue: 'control',
variants: ['control', 'variant-a', 'variant-b'],
description: 'Test new pricing page layouts'
}
];
// 4. Permission Flags - User-level feature access
const permissionFlags = [
{
key: 'beta-features',
defaultValue: false,
description: 'Access to beta features'
},
{
key: 'admin-tools',
defaultValue: false,
description: 'Access to admin debugging tools'
}
];
Testing with Feature Flags
// tests/checkout.test.ts
describe('Checkout Flow', () => {
beforeEach(() => {
// Clear all flag overrides between tests
featureFlags.clearOverrides();
});
describe('when new-checkout-flow is disabled', () => {
beforeEach(() => {
featureFlags.setOverride('new-checkout-flow', false);
});
it('uses legacy checkout', async () => {
const result = await handleCheckout(testUser, testCart);
expect(result.flowType).toBe('legacy');
});
});
describe('when new-checkout-flow is enabled', () => {
beforeEach(() => {
featureFlags.setOverride('new-checkout-flow', true);
});
it('uses new checkout with Apple Pay', async () => {
const result = await handleCheckout(testUser, testCart);
expect(result.flowType).toBe('new');
expect(result.paymentMethods).toContain('apple-pay');
});
});
// Test both paths in CI
it.each([true, false])(
'handles errors gracefully (newCheckout=%s)',
async (newCheckoutEnabled) => {
featureFlags.setOverride('new-checkout-flow', newCheckoutEnabled);
// Simulate payment failure
paymentService.mockReject(new PaymentError('Declined'));
const result = await handleCheckout(testUser, testCart);
expect(result.status).toBe('failed');
expect(result.error.message).toContain('Declined');
}
);
});
Environment Strategy as Architecture
The Environment Portfolio
┌─────────────────────────────────────────────────────────────────────────────┐
│ ENVIRONMENT PORTFOLIO │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────────────────────────────────────────────────────────┐ │
│ │ LOCAL DEVELOPMENT │ │
│ │ Purpose: Individual developer productivity │ │
│ │ Parity: Application code + core dependencies │ │
│ │ Data: Seeded test data, minimal │ │
│ │ Services: Docker Compose, mocked external services │ │
│ │ Cost: $0 (runs on developer machines) │ │
│ └─────────────────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────────────────────────────────────────────────────┐ │
│ │ CI ENVIRONMENT │ │
│ │ Purpose: Automated testing │ │
│ │ Parity: Full application + test dependencies │ │
│ │ Data: Generated per test run │ │
│ │ Services: Containerized, isolated per run │ │
│ │ Lifecycle: Ephemeral, destroyed after run │ │
│ └─────────────────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────────────────────────────────────────────────────┐ │
│ │ PREVIEW ENVIRONMENTS (Per PR) │ │
│ │ Purpose: Review and test feature branches │ │
│ │ Parity: Near-production infrastructure │ │
│ │ Data: Seeded or subset of staging │ │
│ │ Services: Real cloud services, sandbox accounts │ │
│ │ Lifecycle: Created on PR, destroyed on merge │ │
│ └─────────────────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────────────────────────────────────────────────────┐ │
│ │ STAGING │ │
│ │ Purpose: Final validation before production │ │
│ │ Parity: Production-identical infrastructure │ │
│ │ Data: Sanitized production data or realistic synthetic │ │
│ │ Services: Production services with sandbox/test credentials │ │
│ │ Scale: Reduced replicas, same architecture │ │
│ └─────────────────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────────────────────────────────────────────────────┐ │
│ │ PRODUCTION │ │
│ │ Purpose: Serve real users │ │
│ │ Parity: THE reference environment │ │
│ │ Data: Real user data │ │
│ │ Services: Production credentials, full scale │ │
│ │ Scale: Full capacity, multi-region │ │
│ └─────────────────────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Infrastructure as Code for All Environments
// infrastructure/environments.ts
// Using Pulumi/Terraform patterns
interface EnvironmentConfig {
name: string;
region: string;
scale: 'minimal' | 'reduced' | 'full';
dataStrategy: 'empty' | 'seeded' | 'sanitized-prod';
externalServices: 'mocked' | 'sandbox' | 'production';
}
const environments: Record<string, EnvironmentConfig> = {
development: {
name: 'dev',
region: 'us-east-1',
scale: 'minimal',
dataStrategy: 'seeded',
externalServices: 'mocked'
},
staging: {
name: 'staging',
region: 'us-east-1',
scale: 'reduced',
dataStrategy: 'sanitized-prod',
externalServices: 'sandbox'
},
production: {
name: 'prod',
region: 'us-east-1',
scale: 'full',
dataStrategy: 'sanitized-prod', // N/A, it's the source
externalServices: 'production'
}
};
// Shared infrastructure module
function createEnvironment(config: EnvironmentConfig) {
// VPC - Same structure, different sizes
const vpc = new VPC(`${config.name}-vpc`, {
cidrBlock: '10.0.0.0/16',
enableDnsHostnames: true
});
// Database - Same engine, different instance sizes
const dbInstanceClass = {
minimal: 'db.t3.micro',
reduced: 'db.t3.medium',
full: 'db.r5.2xlarge'
}[config.scale];
const database = new RDSInstance(`${config.name}-db`, {
engine: 'postgres',
engineVersion: '15.4', // SAME VERSION everywhere
instanceClass: dbInstanceClass,
allocatedStorage: config.scale === 'full' ? 500 : 50,
multiAz: config.scale === 'full',
vpc: vpc.id
});
// Redis - Same version, different sizes
const redisNodeType = {
minimal: 'cache.t3.micro',
reduced: 'cache.t3.small',
full: 'cache.r5.large'
}[config.scale];
const redis = new ElastiCacheCluster(`${config.name}-redis`, {
engine: 'redis',
engineVersion: '7.0', // SAME VERSION everywhere
nodeType: redisNodeType,
numCacheNodes: config.scale === 'full' ? 3 : 1,
vpc: vpc.id
});
// Application - Same container, different replica counts
const appDesiredCount = {
minimal: 1,
reduced: 2,
full: 10
}[config.scale];
const app = new ECSService(`${config.name}-app`, {
cluster: cluster.arn,
taskDefinition: taskDef.arn, // SAME CONTAINER everywhere
desiredCount: appDesiredCount,
loadBalancer: alb.arn
});
return { vpc, database, redis, app };
}
Preview Environments (Per-PR)
# .github/workflows/preview-environment.yml
name: Preview Environment
on:
pull_request:
types: [opened, synchronize, reopened]
jobs:
deploy-preview:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Generate preview name
id: preview
run: echo "name=pr-${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
- name: Deploy preview environment
run: |
# Deploy to isolated namespace/environment
kubectl create namespace preview-${{ steps.preview.outputs.name }} || true
# Deploy using same manifests as staging
helm upgrade --install \
app-${{ steps.preview.outputs.name }} \
./charts/app \
--namespace preview-${{ steps.preview.outputs.name }} \
--set image.tag=${{ github.sha }} \
--set ingress.host=${{ steps.preview.outputs.name }}.preview.example.com \
--set database.url=${{ secrets.PREVIEW_DB_URL }} \
--set scale.replicas=1 \
-f ./charts/app/values-preview.yaml
- name: Seed preview database
run: |
kubectl exec -n preview-${{ steps.preview.outputs.name }} \
deploy/app -- npm run db:seed
- name: Comment preview URL
uses: actions/github-script@v7
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `🚀 Preview environment deployed!\n\nURL: https://${{ steps.preview.outputs.name }}.preview.example.com`
})
cleanup-preview:
runs-on: ubuntu-latest
if: github.event.action == 'closed'
steps:
- name: Delete preview environment
run: |
kubectl delete namespace preview-pr-${{ github.event.pull_request.number }} --ignore-not-found
Data Parity: The Hardest Problem
Data Strategies
┌─────────────────────────────────────────────────────────────────────────────┐
│ DATA PARITY STRATEGIES │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Strategy 1: Seeded Data │
│ ├── Fixed test datasets │
│ ├── Deterministic, reproducible │
│ ├── Good for: Unit tests, local dev │
│ └── Bad for: Performance testing, edge cases │
│ │
│ Strategy 2: Anonymized Production Data │
│ ├── Real data structure and volume │
│ ├── PII removed/replaced │
│ ├── Good for: Realistic testing, performance │
│ └── Bad for: Compliance concerns, stale data │
│ │
│ Strategy 3: Synthetic Data Generation │
│ ├── Programmatically generated │
│ ├── Matches production distributions │
│ ├── Good for: Compliance, fresh data │
│ └── Bad for: Missing edge cases, initial setup │
│ │
│ Strategy 4: Production Traffic Replay │
│ ├── Replay sanitized production requests │
│ ├── Highest fidelity │
│ ├── Good for: Catching regressions, load testing │
│ └── Bad for: State-dependent operations, complex setup │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Data Anonymization Pipeline
// data/anonymization.ts
interface AnonymizationRule {
table: string;
column: string;
strategy: 'hash' | 'fake' | 'null' | 'mask' | 'preserve';
options?: Record<string, any>;
}
const anonymizationRules: AnonymizationRule[] = [
// Users table
{ table: 'users', column: 'email', strategy: 'fake', options: { type: 'email' } },
{ table: 'users', column: 'name', strategy: 'fake', options: { type: 'name' } },
{ table: 'users', column: 'phone', strategy: 'mask', options: { keep: 3 } },
{ table: 'users', column: 'password_hash', strategy: 'hash' },
{ table: 'users', column: 'created_at', strategy: 'preserve' },
// Addresses
{ table: 'addresses', column: 'street', strategy: 'fake', options: { type: 'street' } },
{ table: 'addresses', column: 'city', strategy: 'preserve' }, // Keep for geo testing
{ table: 'addresses', column: 'zip', strategy: 'fake', options: { type: 'zip' } },
// Orders - preserve structure, anonymize amounts slightly
{ table: 'orders', column: 'total', strategy: 'preserve' },
{ table: 'orders', column: 'created_at', strategy: 'preserve' },
// Payment info - never copy
{ table: 'payment_methods', column: '*', strategy: 'null' },
];
class DataAnonymizer {
private faker: Faker;
constructor(private rules: AnonymizationRule[]) {
this.faker = new Faker({ locale: 'en_US' });
}
async anonymizeDatabase(
sourceDb: Database,
targetDb: Database
): Promise<void> {
const tables = await sourceDb.getTables();
for (const table of tables) {
console.log(`Anonymizing ${table}...`);
const tableRules = this.rules.filter(r => r.table === table);
// Stream data in batches
const batchSize = 10000;
let offset = 0;
while (true) {
const rows = await sourceDb.query(
`SELECT * FROM ${table} LIMIT ${batchSize} OFFSET ${offset}`
);
if (rows.length === 0) break;
const anonymizedRows = rows.map(row =>
this.anonymizeRow(row, tableRules)
);
await targetDb.bulkInsert(table, anonymizedRows);
offset += batchSize;
}
}
}
private anonymizeRow(
row: Record<string, any>,
rules: AnonymizationRule[]
): Record<string, any> {
const result = { ...row };
for (const rule of rules) {
if (rule.column === '*') {
// Anonymize all columns
for (const col of Object.keys(result)) {
result[col] = this.applyStrategy(result[col], rule);
}
} else if (result[rule.column] !== undefined) {
result[rule.column] = this.applyStrategy(result[rule.column], rule);
}
}
return result;
}
private applyStrategy(value: any, rule: AnonymizationRule): any {
switch (rule.strategy) {
case 'hash':
return crypto.createHash('sha256').update(String(value)).digest('hex');
case 'fake':
return this.generateFake(rule.options?.type || 'string');
case 'null':
return null;
case 'mask':
const keep = rule.options?.keep || 0;
const str = String(value);
return '*'.repeat(str.length - keep) + str.slice(-keep);
case 'preserve':
return value;
default:
return value;
}
}
private generateFake(type: string): any {
switch (type) {
case 'email': return this.faker.internet.email();
case 'name': return this.faker.person.fullName();
case 'phone': return this.faker.phone.number();
case 'street': return this.faker.location.streetAddress();
case 'zip': return this.faker.location.zipCode();
default: return this.faker.lorem.word();
}
}
}
// Scheduled job: nightly anonymization
async function refreshStagingData() {
const anonymizer = new DataAnonymizer(anonymizationRules);
console.log('Starting staging data refresh...');
// Connect to production (read-only)
const prodDb = new Database(process.env.PROD_DB_URL_READONLY);
// Connect to staging
const stagingDb = new Database(process.env.STAGING_DB_URL);
// Clear staging data
await stagingDb.query('TRUNCATE ALL TABLES CASCADE');
// Anonymize and copy
await anonymizer.anonymizeDatabase(prodDb, stagingDb);
console.log('Staging data refresh complete');
}
External Service Parity
Service Abstraction Layer
// services/payment/payment-service.ts
interface PaymentService {
charge(amount: number, currency: string, source: string): Promise<ChargeResult>;
refund(chargeId: string, amount?: number): Promise<RefundResult>;
getCharge(chargeId: string): Promise<ChargeDetails>;
}
// services/payment/stripe-payment-service.ts
class StripePaymentService implements PaymentService {
constructor(private stripe: Stripe) {}
async charge(amount: number, currency: string, source: string): Promise<ChargeResult> {
const charge = await this.stripe.charges.create({
amount,
currency,
source
});
return {
id: charge.id,
amount: charge.amount,
status: charge.status
};
}
}
// services/payment/mock-payment-service.ts
class MockPaymentService implements PaymentService {
private charges = new Map<string, ChargeDetails>();
async charge(amount: number, currency: string, source: string): Promise<ChargeResult> {
// Simulate various scenarios based on amount
if (amount === 99999) {
throw new PaymentError('Card declined', 'card_declined');
}
if (amount === 88888) {
throw new PaymentError('Insufficient funds', 'insufficient_funds');
}
// Simulate network latency
await this.simulateLatency();
const id = `ch_mock_${Date.now()}_${Math.random().toString(36).slice(2)}`;
const charge: ChargeDetails = {
id,
amount,
currency,
status: 'succeeded',
source,
createdAt: new Date()
};
this.charges.set(id, charge);
return {
id: charge.id,
amount: charge.amount,
status: charge.status
};
}
private async simulateLatency(): Promise<void> {
const latency = 50 + Math.random() * 150; // 50-200ms
await new Promise(resolve => setTimeout(resolve, latency));
}
}
// services/payment/sandbox-payment-service.ts
class SandboxPaymentService implements PaymentService {
constructor(private stripe: Stripe) {
// Uses Stripe's test mode automatically based on API key
}
async charge(amount: number, currency: string, source: string): Promise<ChargeResult> {
// Real API call to Stripe's sandbox
const charge = await this.stripe.charges.create({
amount,
currency,
source
});
return {
id: charge.id,
amount: charge.amount,
status: charge.status
};
}
}
// Dependency injection based on environment
function createPaymentService(config: Config): PaymentService {
switch (config.services.paymentGateway.mode) {
case 'mock':
return new MockPaymentService();
case 'sandbox':
return new SandboxPaymentService(
new Stripe(config.services.paymentGateway.apiKey)
);
case 'production':
return new StripePaymentService(
new Stripe(config.services.paymentGateway.apiKey)
);
default:
throw new Error(`Unknown payment mode: ${config.services.paymentGateway.mode}`);
}
}
Contract Testing for External Services
// tests/contracts/payment-service.contract.ts
import { Pact } from '@pact-foundation/pact';
describe('Payment Service Contract', () => {
const provider = new Pact({
consumer: 'OrderService',
provider: 'PaymentService',
port: 1234
});
beforeAll(() => provider.setup());
afterAll(() => provider.finalize());
afterEach(() => provider.verify());
describe('charge endpoint', () => {
it('successfully charges a card', async () => {
// Define the expected interaction
await provider.addInteraction({
state: 'a valid card exists',
uponReceiving: 'a charge request',
withRequest: {
method: 'POST',
path: '/v1/charges',
headers: {
'Content-Type': 'application/json'
},
body: {
amount: 1000,
currency: 'usd',
source: 'tok_visa'
}
},
willRespondWith: {
status: 200,
headers: {
'Content-Type': 'application/json'
},
body: {
id: Matchers.like('ch_1234'),
amount: 1000,
currency: 'usd',
status: 'succeeded'
}
}
});
// Test our client against the mock
const paymentService = new PaymentServiceClient(provider.mockService.baseUrl);
const result = await paymentService.charge(1000, 'usd', 'tok_visa');
expect(result.status).toBe('succeeded');
expect(result.amount).toBe(1000);
});
it('handles declined cards', async () => {
await provider.addInteraction({
state: 'a declined card exists',
uponReceiving: 'a charge request for declined card',
withRequest: {
method: 'POST',
path: '/v1/charges',
body: {
amount: 1000,
currency: 'usd',
source: 'tok_declined'
}
},
willRespondWith: {
status: 402,
body: {
error: {
type: 'card_error',
code: 'card_declined',
message: 'Your card was declined'
}
}
}
});
const paymentService = new PaymentServiceClient(provider.mockService.baseUrl);
await expect(paymentService.charge(1000, 'usd', 'tok_declined'))
.rejects
.toThrow('card_declined');
});
});
});
Observability Across Environments
Unified Logging Structure
// logging/logger.ts
import pino from 'pino';
interface LogContext {
requestId?: string;
userId?: string;
traceId?: string;
spanId?: string;
environment: string;
service: string;
version: string;
}
const baseLogger = pino({
level: config.app.logLevel,
formatters: {
level: (label) => ({ level: label }),
bindings: () => ({
environment: config.app.environment,
service: config.app.name,
version: process.env.GIT_SHA || 'unknown'
})
},
// Same format everywhere - parse once
messageKey: 'message',
timestamp: pino.stdTimeFunctions.isoTime
});
// Request-scoped logger
export function createRequestLogger(context: Partial<LogContext>) {
return baseLogger.child({
requestId: context.requestId,
userId: context.userId,
traceId: context.traceId,
spanId: context.spanId
});
}
// Usage in middleware
app.use((req, res, next) => {
req.log = createRequestLogger({
requestId: req.headers['x-request-id'] || uuid(),
traceId: req.headers['x-trace-id'],
userId: req.user?.id
});
// Log request
req.log.info({
method: req.method,
path: req.path,
query: req.query,
userAgent: req.headers['user-agent']
}, 'Request received');
// Log response
const start = Date.now();
res.on('finish', () => {
req.log.info({
method: req.method,
path: req.path,
statusCode: res.statusCode,
duration: Date.now() - start
}, 'Request completed');
});
next();
});
Environment-Aware Metrics
// metrics/metrics.ts
import { Counter, Histogram, Registry } from 'prom-client';
const registry = new Registry();
// Add default labels for all metrics
registry.setDefaultLabels({
environment: config.app.environment,
service: config.app.name,
version: process.env.GIT_SHA || 'unknown'
});
// Request duration
const httpRequestDuration = new Histogram({
name: 'http_request_duration_seconds',
help: 'HTTP request duration in seconds',
labelNames: ['method', 'path', 'status_code'],
buckets: [0.01, 0.05, 0.1, 0.5, 1, 5],
registers: [registry]
});
// Feature flag evaluations
const featureFlagEvaluations = new Counter({
name: 'feature_flag_evaluations_total',
help: 'Feature flag evaluation count',
labelNames: ['flag_key', 'result', 'source'],
registers: [registry]
});
// External service calls
const externalServiceDuration = new Histogram({
name: 'external_service_duration_seconds',
help: 'External service call duration',
labelNames: ['service', 'operation', 'status'],
buckets: [0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10],
registers: [registry]
});
// Database queries
const dbQueryDuration = new Histogram({
name: 'db_query_duration_seconds',
help: 'Database query duration',
labelNames: ['operation', 'table'],
buckets: [0.001, 0.005, 0.01, 0.05, 0.1, 0.5, 1],
registers: [registry]
});
// Environment-specific alerts
// Same metrics, different thresholds per environment
const alertThresholds = {
development: {
errorRate: 0.5, // Very lenient
latencyP99: 5000, // 5s
availabilityTarget: 0.9
},
staging: {
errorRate: 0.1,
latencyP99: 1000,
availabilityTarget: 0.95
},
production: {
errorRate: 0.01, // Very strict
latencyP99: 200, // 200ms
availabilityTarget: 0.999
}
};
CI/CD Pipeline for Environment Parity
# .github/workflows/deploy.yml
name: Deploy
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
# Same image used across all environments
IMAGE_NAME: ghcr.io/${{ github.repository }}
jobs:
build:
runs-on: ubuntu-latest
outputs:
image_tag: ${{ steps.meta.outputs.tags }}
steps:
- uses: actions/checkout@v4
- name: Build image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ env.IMAGE_NAME }}:${{ github.sha }}
# Build once, deploy everywhere
cache-from: type=gha
cache-to: type=gha,mode=max
test:
needs: build
runs-on: ubuntu-latest
services:
postgres:
image: postgres:15
env:
POSTGRES_DB: test
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
ports:
- 5432:5432
redis:
image: redis:7-alpine
ports:
- 6379:6379
steps:
- uses: actions/checkout@v4
- name: Run tests
run: |
docker run --rm \
--network host \
-e DATABASE_URL=postgres://postgres:postgres@localhost:5432/test \
-e REDIS_URL=redis://localhost:6379 \
-e NODE_ENV=test \
${{ env.IMAGE_NAME }}:${{ github.sha }} \
npm test
deploy-preview:
if: github.event_name == 'pull_request'
needs: [build, test]
runs-on: ubuntu-latest
environment:
name: preview-pr-${{ github.event.pull_request.number }}
url: https://pr-${{ github.event.pull_request.number }}.preview.example.com
steps:
- name: Deploy to preview
run: |
# Same Helm chart, different values
helm upgrade --install \
pr-${{ github.event.pull_request.number }} \
./charts/app \
--namespace preview \
--set image.tag=${{ github.sha }} \
--set environment=preview \
-f ./charts/app/values-preview.yaml
deploy-staging:
if: github.ref == 'refs/heads/main'
needs: [build, test]
runs-on: ubuntu-latest
environment:
name: staging
url: https://staging.example.com
steps:
- name: Deploy to staging
run: |
# Same Helm chart, staging values
helm upgrade --install \
app \
./charts/app \
--namespace staging \
--set image.tag=${{ github.sha }} \
--set environment=staging \
-f ./charts/app/values-staging.yaml
- name: Run smoke tests
run: |
npm run test:smoke -- --env=staging
- name: Run integration tests
run: |
npm run test:integration -- --env=staging
deploy-production:
needs: [deploy-staging]
runs-on: ubuntu-latest
environment:
name: production
url: https://example.com
steps:
- name: Deploy to production (canary)
run: |
# Deploy to 10% of traffic first
helm upgrade --install \
app \
./charts/app \
--namespace production \
--set image.tag=${{ github.sha }} \
--set environment=production \
--set canary.enabled=true \
--set canary.weight=10 \
-f ./charts/app/values-production.yaml
- name: Monitor canary
run: |
# Check error rates for 10 minutes
./scripts/monitor-canary.sh --duration=10m --threshold=0.01
- name: Promote canary
if: success()
run: |
helm upgrade --install \
app \
./charts/app \
--namespace production \
--set image.tag=${{ github.sha }} \
--set environment=production \
--set canary.enabled=false \
-f ./charts/app/values-production.yaml
The Environment Parity Checklist
## Environment Parity Audit
### Code Parity
□ Same Docker image deployed to all environments
□ Same container runtime version
□ Same application dependencies (lockfile enforced)
□ Feature flags control behavior differences (not code branches)
### Infrastructure Parity
□ Same database engine and version
□ Same cache engine and version
□ Same message queue technology
□ Same load balancer type
□ Infrastructure defined as code (IaC)
□ IaC templates parameterized, not duplicated
### Configuration Parity
□ Configuration schema validated
□ Environment-specific values clearly separated
□ Secrets managed consistently (same secret manager)
□ No hardcoded environment-specific values in code
### Data Parity
□ Schema migrations run identically everywhere
□ Staging has realistic data volume
□ Data anonymization process documented and automated
□ Test data covers production edge cases
### External Service Parity
□ Same API versions of external services
□ Contract tests verify service compatibility
□ Sandbox/test accounts behave like production
□ Mock services replicate real failure modes
### Observability Parity
□ Same logging format across environments
□ Same metrics collected everywhere
□ Same tracing infrastructure
□ Dashboards work for all environments
### Deployment Parity
□ Same deployment process (CI/CD pipeline)
□ Same health checks
□ Same rollback procedures
□ Same scaling policies (different thresholds OK)
Quick Reference
Environment Parity Principles
1. Build Once, Deploy Everywhere
Same artifact (Docker image) in all environments.
Configuration changes behavior, not code.
2. Infrastructure as Code
Environments differ in parameters, not structure.
One template, different values.
3. Feature Flags Over Branches
Don't maintain environment-specific code paths.
Use runtime flags for behavioral differences.
4. Test Pyramid Across Environments
Unit tests: Mock everything
Integration tests: Real dependencies, isolated
E2E tests: Production-like environment
Production: Monitoring as testing
5. Shift Left, but Verify Right
Catch issues early in development.
But always validate in production-like conditions.
When "Works on My Machine" Happens
┌─────────────────────────────────────────────────────────────────────────────┐
│ DEBUGGING ENVIRONMENT ISSUES │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Step 1: Identify the difference │
│ ├── Configuration? Check env vars, feature flags │
│ ├── Dependencies? Check container image, package versions │
│ ├── Data? Check for edge cases only in prod │
│ ├── Scale? Check if issue only appears under load │
│ └── Network? Check timeouts, DNS, SSL │
│ │
│ Step 2: Reproduce in lower environment │
│ ├── Copy the exact configuration │
│ ├── Replicate the data pattern │
│ ├── Simulate the traffic pattern │
│ └── If you can't reproduce, the env difference IS the bug │
│ │
│ Step 3: Fix the parity gap │
│ ├── Update IaC to match environments │
│ ├── Add the missing test case │
│ ├── Add monitoring to catch this earlier │
│ └── Document in runbook │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Closing Thoughts
"It works on my machine" isn't a joke—it's a signal that your environment strategy needs work. The gap between development and production is where bugs hide, where confidence erodes, and where 2 AM pages originate.
Environment parity isn't about making everything identical—that's impossible and expensive. It's about being intentional about differences. Every environment divergence should be documented, justified, and accounted for in your testing strategy.
The teams that ship with confidence aren't the ones with the most environments or the most sophisticated tooling. They're the ones who can answer this question for any code change: "How do I know this will work in production?"
When the answer is "because it's the same code, running in the same container, with the same dependencies, against the same database schema, with behavior controlled by feature flags I can test"—that's when "it works on my machine" stops being a punchline and becomes a reliable prediction.
Environment parity is a journey, not a destination. Start with Docker. Add configuration management. Implement feature flags. Build preview environments. Each step gets you closer to the goal: shipping code with confidence.
What did you think?