The Reluctant Guide to Shopify Migrations

Act V: The Appearance of Completion

Your Staging Store Is Lying To You

You push the release. The pipeline turns green. The QA checklist passes, top to bottom, every box. Metafields look populated. Somebody signs off. Two days later, a merchandiser notices that the values are wrong in production—not missing, which would at least be loud, but wrong, which is quiet. They go to staging to reproduce it, because that is what you do, because staging is the place where you reproduce things. The values are fine in staging. The values were always fine in staging. The Matrixify import that was supposed to write those values to staging had finished with a green check and a clean log and a row count that looked exactly like success. It had written nothing.

That last sentence is the whole chapter, and the rest of it is an attempt to make sure it never happens to you—or, more honestly, to make sure that when it does happen to you, you already know why.

Staging stores do not announce when they have gone stale. There is no banner, no warning email, no degraded-mode badge in the admin. They keep accepting deploys and running QA checklists right up until the moment they send you confidently in the wrong direction. A production environment that is down tells you it is down. A staging environment that has quietly drifted away from production tells you nothing at all; it just keeps answering your questions, and some of the answers are now lies, and it has no way of knowing which ones.

The reason this happens is that a Shopify store is not one thing that you can copy. It is at least three things stacked on top of each other, and they drift apart from production along three separate axes, none of which the platform natively reconciles for you.

The first axis is data—products, variants, collections, pages, blog posts, menus, and above all the metafields and metaobjects that an enterprise build leans on to hold everything the native schema doesn’t. The second axis is configuration—theme JSON, store settings, shipping and delivery profiles, the dozens of toggles and policies that live in the admin and never appear in your repository. The third axis is third-party state—the apps you have installed, their internal data, their integration wiring, the half of your store’s behavior that lives on somebody else’s servers and is reachable only through whatever surface that vendor chose to expose.

Each axis drifts on its own clock. You fix a delivery profile in production during a peak-season scramble and forget it ever differed from staging. A merchandiser edits a metaobject in production because that is where the real catalog lives. An app gets configured against production data because that is the data that matters. None of these are mistakes, exactly. They are just the normal entropy of an environment that is actually being used, accumulating against an environment that is only being tested. Drift is not a failure of discipline. Drift is the default. Discipline is the thing you spend to slow it down.

The configuration axis has a sharp edge worth naming on its own, because it bites the teams that did the more sophisticated thing. If you run a custom build pipeline—the kind that compiles and bundles your theme assets before pushing them, which any serious Plus build eventually does—you have, somewhere along the way, stepped outside Shopify’s native GitHub integration. That integration assumes it owns the round trip between the repo and the store. Once you are compiling assets yourself and pushing the output, the section and template JSON on each environment starts to diverge independently, deploy by deploy, because nothing is holding the two stores to the same source of truth anymore. You did not break it carelessly. You broke it by building the more capable thing. The bill for that capability is that environment parity is now your job, manually, forever, and not the platform’s.

Then there is the failure mode that gives the chapter its cold open, the one that is worse than a crash because it wears the costume of success.

You run a Matrixify import to push a few thousand metafield values into staging. It completes. The log is clean. The summary says the rows processed. And not one value lands—because the metafield definitions, the schema that those values are supposed to attach to, were never created in staging in the first place. Matrixify did exactly what it was told: it tried to write values into a shape that did not exist, found nowhere to put them, and reported the attempt as done. There is no error, because from the importer’s point of view nothing went wrong. The values had no home, so they evaporated, quietly, with a green check on top.

This is what stale staging actually costs you, and it is why a bad staging store is worse than no staging store at all. An empty environment produces no confidence; you know you have tested nothing, so you trust nothing. A staging store that looks functional but is missing critical data produces false confidence, which is the expensive kind. Drift beyond a certain threshold doesn’t merely reduce your QA coverage. It inverts it. The checklist still passes. What it is passing against has stopped being true, and the green check is now actively lying to you with a straight face. We assumed the import was working. It wasn’t. That sentence has been said, in some form, in every retro that ever earned the name.

To the engineering lead who is about to onboard a new third-party app this sprint, and has not yet asked the vendor a single question about it: ask whether it has a sandbox. Ask before you sign, before you install, before it becomes load-bearing. Then brace, because the answer is almost certainly no.

This is not a vendor failing, and it is not a list of bad apps to avoid. It is structural, and it is nearly industry-wide. The overwhelming majority of Shopify apps offer no sandbox, no test mode, no way to stand up a parallel copy of their state for a non-production store. They were built to run once, in the merchant’s real store, against the merchant’s real data. Asking most of them to mirror themselves into staging is asking them to do a thing they were never designed to do. So the third axis of drift—the apps—is the one you have the least leverage over, because closing it depends on a capability the vendor mostly didn’t build. You will spend a real fraction of your parity effort here, and you will not get all of it back, and that is a fact about the ecosystem rather than a fact about your competence.

So you cannot copy a store. What you can do is reconcile it, deliberately, in pieces, in the right order. The order is not cosmetic. The order is the entire point, because doing these steps out of sequence is precisely how you get a clean import that writes nothing.

First, sync the schema. Before any values, before any products, you push the metafield and metaobject definitions from production to staging, so that staging has somewhere to put what comes next. In practice this is a schema dump on the source and a schema load on the target—the kind of thing a tool like shopify_toolkit does—and it has to finish before anything else begins. Schema first, always. Not as a slogan; as a load-bearing instruction. The cold open at the top of this chapter is the single sentence “schema first, always” with the word always removed and three thousand vanished metafield values standing in its place.

Second, once the shapes exist, move the bulk data into them. This is the Matrixify pass that actually works, because now there is something to receive it: products, collections, pages, menus, blog posts, and the metafield values that finally have definitions to attach to. The same tool that lied to you in the wrong order tells the truth in the right one. Nothing about Matrixify changed between those two stories except what you did before you ran it.

Third, handle everything the third-party apps own with domain-specific extensions—bespoke scripts, one per integration, that pull or rebuild whatever state lives on the vendor’s side and cannot be captured by a generic export. This is the slow, unglamorous, per-app work, and there is no tool that generalizes it, because the thing you are working around is precisely that every app modeled its world differently. You write a little reconciler for each one that matters, and you accept that some of them you simply cannot reach.

A note on what cannot be moved even when you do all three in order, because honesty about the gap is the only thing that makes the rest of it trustworthy. Combined Listings—Shopify’s mechanism for grouping separate products into a single storefront listing, the parent-and-child relationships that let a shirt in nine colors present as one thing—has no Matrixify support for the relationship itself. You can move the products. You cannot move the fact that they belong together. That relationship has to be rebuilt by hand, or scripted against the API, or simply acknowledged as one of the things staging will not faithfully represent. It is a small example, but it is the shape of every gap you will find: not a thing that is hard to sync, but a thing that the available tooling has no concept of syncing, so it falls silently through the floor unless you go looking for it.

Which is why the audit happens before you need a sync, not during one. The worst time to discover that an app has no sandbox, or that Combined Listings won’t transfer, or that your delivery profiles drifted three months ago, is in the middle of a parity pass with a launch date behind it. Inventory your stack while it is calm: every app, every integration, every metaobject definition, every place where production holds state that staging does not. Write down, in advance, which of those you can reconcile and which you cannot. The audit is cheap when it is a document and expensive when it is a postmortem.

Here is the part nobody wants printed, so we will print it. You are not going to reach full parity. The honest target is somewhere around ninety-five percent—close enough that staging tells the truth about the overwhelming majority of what you will ship through it—and the remaining five percent is not a backlog item you will eventually burn down. It is a permanent property of the territory. There will always be some app state you can’t mirror, some production edit that outran your sync, some relationship the tooling has no word for.

This recalls something the book keeps circling back to in a dozen different costumes. Shopify partially handles staging—which is the polite way of saying it does not really handle it at all, and hands you the seam to manage yourself, the same way it hands you the seam on every other surface where the platform’s reach stops short of your store’s actual complexity. You don’t get to close that seam. You get to know exactly where it runs.

So the teams that get staging right are not the ones who have heroically driven parity to a hundred percent; that number is not for sale at any price. They are the ones who have stopped pretending the gap doesn’t exist. They know which five percent is unsynced. They have it written down. They tell QA which scenarios staging cannot be trusted to answer, so QA stops trusting it for exactly those and not one thing more. What makes a staging store trustworthy was never its coverage. It is honesty about what it covers—a small, known, documented blind spot you steer around on purpose, instead of a large, invisible one that steers you.

A detailed topographic map with one small region deliberately circled and cross-hatched in pencil to mark it as known unknown territory, surrounded by otherwise precise cartographic detail. A pencil rests across the corner.
Not a gap you close. A gap you draw in first.

The lie in the title was never really the staging store’s. The store is just a machine reporting what it was asked to report. The lie is the one we tell ourselves when the check turns green and we decide that means the thing is done. Schema first, always—and then, after that, the harder discipline: knowing precisely what your green checks are not telling you, and saying it out loud before the merchandiser finds it for you.