# Concelier LNM Release Plan (DEVOPS-LNM-21-101-REL / 102-REL / 103-REL)

Scope: package and publish Link-Not-Merge migrations/backfill/object-store seeds for release and offline kits.

## Artefacts
- Migration bundles:
  - 21-101 shard/index migrations (`EnsureLinkNotMergeShardingAndTtlMigration`)
  - 21-102 backfill/tombstone/rollback scripts
  - 21-103 object-store seed bundle (once contract final)
- Checksums (`SHA256SUMS`, signed)
- SBOMs (spdx.json) for migration runner image/tooling
- Cosign attestations for images/bundles
- Offline kit slice tarball with all above + DSSE manifest

## Pipeline outline
1) Build migration runner image (dotnet) with migrations baked; generate SBOM; pin digest.
2) Export migration scripts/bundles to `artifacts/lnm/`.
3) Create offline bundle:
   - `migrations/21-101/` (DLLs, scripts, README)
   - `migrations/21-102/` (backfill, rollback, README)
   - `seeds/object-store/` (placeholder until 21-103 dev output)
   - `SHA256SUMS` + `.sig`
   - SBOMs + cosign attestations
4) Verification stage:
   - `dotnet test` on migration runner
   - `cosign verify-blob` for bundles
   - `sha256sum --check`
5) Publish:
   - Upload to release bucket + offline kit
   - Record manifest (hashes, versions, digests)

## Runbook (apply in staging → prod)
1) Take Mongo backup; freeze Concelier ingest.
2) Apply 21-101 migrations (shards/TTL) — idempotent; record duration.
3) Run 21-102 backfill with `--batch-size=500 --stop-on-error`; capture report hash.
4) Validate counts (observations/linksets/events) and shard balance.
5) Enable outbox publishers; monitor lag and errors.
6) (When ready) apply 21-103 object-store migration: move raw payloads to object store; verify CAS URIs; keep GridFS read-only during move.

## Rollback
- 21-101: restore from backup if shard layout breaks; migrations are idempotent.
- 21-102: run rollback script (`ops/devops/scripts/rollback-lnm-backfill.js`); if inconsistent, restore backup.
- 21-103: switch back to GridFS URI map; restore seeds.

## Monitoring/alerts
- Migration error count > 0
- Mongo oplog lag > 60s during backfill
- Outbox backlog growth post-unfreeze

## Owners
- DevOps Guild (pipeline + rollout)
- Concelier Storage Guild (migration content)
- Platform Security (signing policy)