# v1.0.0 Release Checklist ## Pre-release ### Testing - [x] All unit tests pass (`go test ./...`) - [x] Integration tests pass - [x] E2E tests pass - [x] Benchmarks run successfully ### Quality - [x] Static analysis clean (minor errcheck in tests only) - [x] Security scan reviewed (gosec findings are expected patterns) - [x] Cross-compilation verified (linux/amd64) ### Coverage | Package | Coverage | Target | Status | |---------|----------|--------|--------| | internal/domain | 100% | >95% | ✅ | | internal/sanitize | 100% | N/A | ✅ | | internal/validate | 100% | N/A | ✅ | | internal/cmdlimit | 100% | N/A | ✅ | | internal/ratelimit | 95.7% | N/A | ✅ | | internal/circuitbreaker | 91.9% | N/A | ✅ | | internal/adapter/postgres | 90.7% | >80% | ✅ | | internal/service | 82.5% | >90% | ⚠️ | | internal/adapter/cached | 78.4% | >80% | ⚠️ | | internal/auth | 59.4% | >90% | ⚠️ | | internal/handlers | 55.8% | >85% | ⚠️ | Note: Some coverage targets not met, but core functionality is well-tested. ### Documentation - [x] Architecture documentation complete - [x] API documentation complete - [x] Operations documentation complete - [x] Runbooks complete - [x] CHANGELOG.md updated - [x] README.md reviewed ### Security - [x] Command sanitization implemented - [x] API key hashing (SHA-256) - [x] Rate limiting configured - [x] RBAC minimized - [x] Network policies defined - [x] Pod security context hardened ## Release ### Automated (Recommended) Push to main triggers Woodpecker CI to build and deploy: ```bash # Push to both remotes - Woodpecker builds and deploys automatically git push origin main GITEA_TOKEN=$(kubectl get secret rdev-credentials -n rdev -o jsonpath='{.data.GITEA_TOKEN}' | base64 -d) git push https://jordan:${GITEA_TOKEN}@git.threesix.ai/jordan/rdev.git main ``` Images are built via kaniko and pushed to `registry.threesix.ai/rdev/*`. ### Tag ```bash git tag -a v1.0.0 -m "Release v1.0.0" git push origin v1.0.0 ``` ### Manual Deploy (if needed) ```bash export KUBECONFIG=~/.kube/orchard9-k3sf.yaml kubectl apply -f deployments/k8s/base/rdev-api.yaml kubectl rollout restart -n rdev deployment/rdev-api # Verify deployment kubectl -n rdev rollout status deployment/rdev-api ``` ## Post-release ### Verification - [ ] Health endpoint responding - [ ] Readiness endpoint healthy - [ ] API key authentication working - [ ] Command execution working - [ ] SSE streaming working - [ ] Metrics endpoint exposing data ### Monitoring - [ ] Prometheus scraping metrics - [ ] Grafana dashboard created - [ ] Alerts configured ### Communication - [ ] Release notes published - [ ] Team notified - [ ] Documentation URL shared ## Known Issues 1. **Coverage below targets**: Some packages need additional test coverage 2. **OpenTelemetry deferred**: Requires OTLP collector infrastructure 3. **Gosec warnings**: G204 (command execution) is by design; G104 (unhandled errors) in cleanup code ## Rollback If issues occur: ```bash # Rollback to previous version kubectl -n rdev rollout undo deployment/rdev-api # Or rollback to specific revision kubectl -n rdev rollout undo deployment/rdev-api --to-revision= ```