up
This commit is contained in:
StellaOps Bot
@@ -41,7 +41,7 @@ Keep the language analyzer microbench under the < 5 s SBOM pledge. CI emits
|
||||
- Pager payload should include `scenario`, `max_ms`, `baseline_max_ms`, and `commit`.
|
||||
- Immediate triage steps:
|
||||
1. Check `latest.json` artefact for the failing scenario – confirm commit and environment.
|
||||
2. Re-run the harness with `--captured-at` and `--baseline` pointing at the last known good CSV to verify determinism.
|
||||
2. Re-run the harness with `--captured-at` and `--baseline` pointing at the last known good CSV to verify determinism; include `surface/determinism.json` in the release bundle (see `release-determinism.md`).
|
||||
3. If regression persists, open an incident ticket tagged `scanner-analyzer-perf` and page the owning language guild.
|
||||
4. Roll back the offending change or update the baseline after sign-off from the guild lead and Perf captain.
|
||||
|
||||
|
||||
29
docs/modules/scanner/operations/release-determinism.md
Normal file
29
docs/modules/scanner/operations/release-determinism.md
Normal file
@@ -0,0 +1,29 @@
|
||||
# Scanner Release Determinism Checklist
|
||||
|
||||
> Completes SCAN-DETER-186-010 by ensuring every release ships a reproducibility bundle.
|
||||
|
||||
## What to publish
|
||||
- `determinism.json` generated by the harness (scores, non-deterministic artefacts, thresholds).
|
||||
- `surface/determinism.json` copied from worker surface manifests (pins + runtime toggles + payload hashes).
|
||||
- Canonical artefacts per run (`run_i/*.json`) and diffs for divergent runs.
|
||||
|
||||
## Where to publish
|
||||
- Object store bucket configured for releases (same as reports), prefix: `determinism/<release>/`.
|
||||
- CAS-style paths: `cas://determinism/<head>/<sha>.tar.zst` for bundle archives.
|
||||
- Link from release notes and offline kit manifests.
|
||||
|
||||
## How to generate
|
||||
1. Run determinism harness (`SCAN-DETER-186-009`) against release image with frozen clock/seed/concurrency and pinned feeds/policy.
|
||||
2. Export bundle using the harness CLI (pending) or the helper script `scripts/scanner/determinism-run.sh`.
|
||||
3. Copy worker-emitted `determinism.json` from surface manifest cache into `surface/determinism.json` inside the bundle for cross-checks.
|
||||
4. Sign bundles with DSSE (determinism predicate) and, if enabled, submit to Rekor.
|
||||
|
||||
## Acceptance gates
|
||||
- Overall score >= 0.95 and per-image score >= 0.90.
|
||||
- All bundle files present: `determinism.json`, `surface/determinism.json`, `run_*`, `diffs/` (may be empty when fully deterministic).
|
||||
- Hashes in `surface/determinism.json` match hashes in `determinism.json` baseline artefacts.
|
||||
|
||||
## References
|
||||
- docs/modules/scanner/determinism-score.md
|
||||
- docs/modules/scanner/deterministic-execution.md
|
||||
- docs/replay/DETERMINISTIC_REPLAY.md
|
||||
Reference in New Issue
Block a user