jordan/rdev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
20f14c3810
rdev/docs/RELEASE_CHECKLIST.md
jordan 72d16929ca feat: Implement hexagonal architecture with services, webhooks, queue, and telemetry 
Major refactoring to hexagonal (ports & adapters) architecture:

- Add service layer (apikey_service, project_service) for business logic
- Add webhook system with dispatcher and delivery tracking
- Add command queue with priority-based processing
- Add rate limiting with sliding window algorithm
- Add audit logging for command execution
- Add OpenTelemetry integration (traces, metrics, spans)
- Add circuit breaker for fault tolerance
- Add cached repository wrapper for performance
- Add comprehensive validation package
- Add Kubernetes client integration for pod management
- Add database migrations (allowed_ips, audit_log, rate_limiting, queue, webhooks)
- Add network policy and PodDisruptionBudget for k8s
- Remove legacy executor and projects/registry packages
- Untrack secrets.yaml (now managed via envault)
- Add coverage.out to .gitignore
- Add e2e test infrastructure with docker-compose
- Add comprehensive documentation (API, architecture, operations, plans)
- Add golangci-lint config and pre-commit hook

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-25 19:57:46 -07:00

2.8 KiB
Raw Blame History

v1.0.0 Release Checklist

Pre-release

Testing

  • All unit tests pass (go test ./...)
  • Integration tests pass
  • E2E tests pass
  • Benchmarks run successfully

Quality

  • Static analysis clean (minor errcheck in tests only)
  • Security scan reviewed (gosec findings are expected patterns)
  • Cross-compilation verified (linux/amd64)

Coverage

Package Coverage Target Status
internal/domain 100% >95%
internal/sanitize 100% N/A
internal/validate 100% N/A
internal/cmdlimit 100% N/A
internal/ratelimit 95.7% N/A
internal/circuitbreaker 91.9% N/A
internal/adapter/postgres 90.7% >80%
internal/service 82.5% >90% ⚠️
internal/adapter/cached 78.4% >80% ⚠️
internal/auth 59.4% >90% ⚠️
internal/handlers 55.8% >85% ⚠️

Note: Some coverage targets not met, but core functionality is well-tested.

Documentation

  • Architecture documentation complete
  • API documentation complete
  • Operations documentation complete
  • Runbooks complete
  • CHANGELOG.md updated
  • README.md reviewed

Security

  • Command sanitization implemented
  • API key hashing (SHA-256)
  • Rate limiting configured
  • RBAC minimized
  • Network policies defined
  • Pod security context hardened

Release

Build

# Build binary
GOOS=linux GOARCH=amd64 go build -o rdev-api ./cmd/rdev-api

# Build Docker image
docker build -t ghcr.io/orchard9/rdev-api:1.0.0 .

# Push image
docker push ghcr.io/orchard9/rdev-api:1.0.0

Tag

git tag -a v1.0.0 -m "Release v1.0.0"
git push origin v1.0.0

Deploy

# Update image tag in kustomization
# Apply to cluster
kubectl apply -k deployments/k8s/overlays/prod

# Verify deployment
kubectl -n rdev rollout status deployment/rdev-api

Post-release

Verification

  • Health endpoint responding
  • Readiness endpoint healthy
  • API key authentication working
  • Command execution working
  • SSE streaming working
  • Metrics endpoint exposing data

Monitoring

  • Prometheus scraping metrics
  • Grafana dashboard created
  • Alerts configured

Communication

  • Release notes published
  • Team notified
  • Documentation URL shared

Known Issues

  1. Coverage below targets: Some packages need additional test coverage
  2. OpenTelemetry deferred: Requires OTLP collector infrastructure
  3. Gosec warnings: G204 (command execution) is by design; G104 (unhandled errors) in cleanup code

Rollback

If issues occur:

# Rollback to previous version
kubectl -n rdev rollout undo deployment/rdev-api

# Or rollback to specific revision
kubectl -n rdev rollout undo deployment/rdev-api --to-revision=<N>