{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://stella-ops.org/schemas/production-release-manifest.schema.json", "title": "StellaOps Production Release Manifest Schema", "description": "Schema for production release manifests, image digests, and deployment artifacts. Unblocks DEPLOY-ORCH-34-001, DEPLOY-POLICY-27-001, and downstream deployment tasks (10+ tasks).", "type": "object", "definitions": { "ReleaseManifest": { "type": "object", "description": "Production release manifest", "required": ["release_id", "version", "services"], "properties": { "release_id": { "type": "string", "description": "Unique release identifier" }, "version": { "type": "string", "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+(-[a-z0-9.]+)?$", "description": "Release version (semver)" }, "codename": { "type": "string", "description": "Release codename" }, "released_at": { "type": "string", "format": "date-time" }, "release_notes_url": { "type": "string", "format": "uri" }, "services": { "type": "array", "items": { "$ref": "#/definitions/ServiceRelease" } }, "infrastructure": { "$ref": "#/definitions/InfrastructureRequirements" }, "migrations": { "type": "array", "items": { "$ref": "#/definitions/MigrationStep" } }, "breaking_changes": { "type": "array", "items": { "$ref": "#/definitions/BreakingChange" } }, "signatures": { "type": "array", "items": { "$ref": "#/definitions/ReleaseSignature" } }, "manifest_digest": { "type": "string", "pattern": "^sha256:[a-f0-9]{64}$" } } }, "ServiceRelease": { "type": "object", "description": "Individual service release information", "required": ["service_id", "image", "digest"], "properties": { "service_id": { "type": "string", "description": "Service identifier" }, "name": { "type": "string" }, "image": { "type": "string", "description": "Container image (without tag)" }, "tag": { "type": "string", "description": "Image tag" }, "digest": { "type": "string", "pattern": "^sha256:[a-f0-9]{64}$", "description": "Image digest for pinning" }, "version": { "type": "string", "description": "Service version" }, "config_version": { "type": "string", "description": "Configuration schema version" }, "ports": { "type": "array", "items": { "$ref": "#/definitions/PortMapping" } }, "health_check": { "$ref": "#/definitions/HealthCheckConfig" }, "resources": { "$ref": "#/definitions/ResourceRequirements" }, "dependencies": { "type": "array", "items": { "type": "string" }, "description": "Service IDs this depends on" }, "environment_defaults": { "type": "object", "additionalProperties": { "type": "string" } }, "sbom_ref": { "type": "string", "format": "uri", "description": "Reference to SBOM" }, "attestation_ref": { "type": "string", "format": "uri", "description": "Reference to build attestation" } } }, "PortMapping": { "type": "object", "description": "Port mapping configuration", "required": ["container_port"], "properties": { "name": { "type": "string" }, "container_port": { "type": "integer" }, "protocol": { "type": "string", "enum": ["tcp", "udp"], "default": "tcp" }, "service_port": { "type": "integer" } } }, "HealthCheckConfig": { "type": "object", "description": "Health check configuration", "properties": { "path": { "type": "string", "default": "/health" }, "port": { "type": "integer" }, "interval_seconds": { "type": "integer", "default": 30 }, "timeout_seconds": { "type": "integer", "default": 10 }, "failure_threshold": { "type": "integer", "default": 3 }, "success_threshold": { "type": "integer", "default": 1 } } }, "ResourceRequirements": { "type": "object", "description": "Resource requirements", "properties": { "cpu_request": { "type": "string", "pattern": "^[0-9]+(m)?$" }, "cpu_limit": { "type": "string", "pattern": "^[0-9]+(m)?$" }, "memory_request": { "type": "string", "pattern": "^[0-9]+(Mi|Gi)$" }, "memory_limit": { "type": "string", "pattern": "^[0-9]+(Mi|Gi)$" }, "storage": { "type": "string", "pattern": "^[0-9]+(Mi|Gi|Ti)$" } } }, "InfrastructureRequirements": { "type": "object", "description": "Infrastructure requirements for release", "properties": { "kubernetes_version": { "type": "string", "description": "Minimum Kubernetes version" }, "docker_version": { "type": "string", "description": "Minimum Docker version" }, "databases": { "type": "array", "items": { "$ref": "#/definitions/DatabaseRequirement" } }, "external_services": { "type": "array", "items": { "$ref": "#/definitions/ExternalServiceRequirement" } } } }, "DatabaseRequirement": { "type": "object", "description": "Database requirement", "required": ["type", "min_version"], "properties": { "type": { "type": "string", "enum": ["mongodb", "postgres", "redis", "rabbitmq"] }, "min_version": { "type": "string" }, "recommended_version": { "type": "string" }, "storage_estimate": { "type": "string" } } }, "ExternalServiceRequirement": { "type": "object", "description": "External service requirement", "required": ["service", "required"], "properties": { "service": { "type": "string" }, "required": { "type": "boolean" }, "description": { "type": "string" }, "default_url": { "type": "string", "format": "uri" } } }, "MigrationStep": { "type": "object", "description": "Migration step", "required": ["migration_id", "type", "description"], "properties": { "migration_id": { "type": "string" }, "type": { "type": "string", "enum": ["database", "config", "data", "manual"] }, "description": { "type": "string" }, "from_version": { "type": "string" }, "to_version": { "type": "string" }, "reversible": { "type": "boolean", "default": false }, "script_path": { "type": "string" }, "estimated_duration": { "type": "string" }, "requires_downtime": { "type": "boolean", "default": false } } }, "BreakingChange": { "type": "object", "description": "Breaking change documentation", "required": ["change_id", "description", "migration_guide"], "properties": { "change_id": { "type": "string" }, "service": { "type": "string" }, "description": { "type": "string" }, "impact": { "type": "string", "enum": ["api", "config", "data", "behavior"] }, "migration_guide": { "type": "string" }, "affected_versions": { "type": "string" } } }, "ReleaseSignature": { "type": "object", "description": "Release signature", "required": ["signature_type", "signature"], "properties": { "signature_type": { "type": "string", "enum": ["cosign", "gpg", "dsse"] }, "signature": { "type": "string" }, "key_id": { "type": "string" }, "signed_at": { "type": "string", "format": "date-time" }, "rekor_log_index": { "type": "integer" } } }, "DeploymentProfile": { "type": "object", "description": "Deployment profile with service overrides", "required": ["profile_id", "name"], "properties": { "profile_id": { "type": "string", "enum": ["development", "staging", "production", "airgap"] }, "name": { "type": "string" }, "description": { "type": "string" }, "service_overrides": { "type": "object", "additionalProperties": { "type": "object", "properties": { "replicas": { "type": "integer" }, "resources": { "$ref": "#/definitions/ResourceRequirements" }, "environment": { "type": "object", "additionalProperties": { "type": "string" } } } } }, "feature_flags": { "type": "object", "additionalProperties": { "type": "boolean" } } } }, "ReleaseChannel": { "type": "object", "description": "Release channel configuration", "required": ["channel_id", "name"], "properties": { "channel_id": { "type": "string", "enum": ["stable", "beta", "alpha", "nightly"] }, "name": { "type": "string" }, "description": { "type": "string" }, "current_version": { "type": "string" }, "manifest_url": { "type": "string", "format": "uri" }, "update_frequency": { "type": "string", "description": "How often this channel updates" } } } }, "properties": { "manifest": { "$ref": "#/definitions/ReleaseManifest" }, "profiles": { "type": "array", "items": { "$ref": "#/definitions/DeploymentProfile" } }, "channels": { "type": "array", "items": { "$ref": "#/definitions/ReleaseChannel" } } }, "examples": [ { "manifest": { "release_id": "stellaops-2025.10.0", "version": "2025.10.0", "codename": "Aurora", "released_at": "2025-12-06T10:00:00Z", "release_notes_url": "https://github.com/stellaops/stellaops/releases/tag/v2025.10.0", "services": [ { "service_id": "orchestrator", "name": "Orchestrator", "image": "ghcr.io/stellaops/orchestrator", "tag": "2025.10.0", "digest": "sha256:orch123def456789012345678901234567890123456789012345678901234orch", "version": "2025.10.0", "ports": [ { "name": "http", "container_port": 8080, "protocol": "tcp" }, { "name": "grpc", "container_port": 9090, "protocol": "tcp" } ], "health_check": { "path": "/health", "port": 8080, "interval_seconds": 30 }, "resources": { "cpu_request": "100m", "cpu_limit": "1000m", "memory_request": "256Mi", "memory_limit": "1Gi" }, "dependencies": ["postgres", "redis", "rabbitmq"], "sbom_ref": "https://sbom.stella-ops.org/orchestrator/2025.10.0.json", "attestation_ref": "https://attestation.stella-ops.org/orchestrator/2025.10.0.jsonl" }, { "service_id": "policy-engine", "name": "Policy Engine", "image": "ghcr.io/stellaops/policy-engine", "tag": "2025.10.0", "digest": "sha256:policy123def456789012345678901234567890123456789012345678901234pol", "version": "2025.10.0", "ports": [ { "name": "http", "container_port": 8081 } ], "health_check": { "path": "/health", "port": 8081 }, "resources": { "cpu_request": "200m", "cpu_limit": "2000m", "memory_request": "512Mi", "memory_limit": "2Gi" }, "dependencies": ["mongodb", "orchestrator"] }, { "service_id": "scanner", "name": "Scanner", "image": "ghcr.io/stellaops/scanner", "tag": "2025.10.0", "digest": "sha256:scan123def456789012345678901234567890123456789012345678901234scan", "version": "2025.10.0" }, { "service_id": "findings-ledger", "name": "Findings Ledger", "image": "ghcr.io/stellaops/findings-ledger", "tag": "2025.10.0", "digest": "sha256:ledger123def456789012345678901234567890123456789012345678901234led", "version": "2025.10.0", "dependencies": ["postgres", "redis"] }, { "service_id": "vex-lens", "name": "VEX Lens", "image": "ghcr.io/stellaops/vex-lens", "tag": "2025.10.0", "digest": "sha256:vex123def456789012345678901234567890123456789012345678901234vexl", "version": "2025.10.0" }, { "service_id": "concelier", "name": "Concelier", "image": "ghcr.io/stellaops/concelier", "tag": "2025.10.0", "digest": "sha256:conc123def456789012345678901234567890123456789012345678901234conc", "version": "2025.10.0", "dependencies": ["mongodb", "redis"] } ], "infrastructure": { "kubernetes_version": ">=1.27", "docker_version": ">=24.0", "databases": [ { "type": "mongodb", "min_version": "7.0", "recommended_version": "7.0.4", "storage_estimate": "50Gi" }, { "type": "postgres", "min_version": "16", "recommended_version": "16.1", "storage_estimate": "100Gi" }, { "type": "redis", "min_version": "7", "recommended_version": "7.2" } ], "external_services": [ { "service": "S3-compatible storage", "required": true, "description": "For evidence and artifact storage" }, { "service": "OIDC provider", "required": false, "description": "For SSO authentication" } ] }, "migrations": [ { "migration_id": "mig-2025.10-001", "type": "database", "description": "Add risk_score column to findings table", "from_version": "2025.09.0", "to_version": "2025.10.0", "reversible": true, "script_path": "migrations/2025.10/001_add_risk_score.sql", "estimated_duration": "5m", "requires_downtime": false } ], "breaking_changes": [ { "change_id": "bc-2025.10-001", "service": "policy-engine", "description": "Policy API v1 deprecated, use v2", "impact": "api", "migration_guide": "See docs/migration/policy-api-v2.md", "affected_versions": "<2025.10.0" } ], "manifest_digest": "sha256:manifest123def456789012345678901234567890123456789012345678901234" }, "profiles": [ { "profile_id": "development", "name": "Development", "description": "Single-replica development deployment", "service_overrides": { "orchestrator": { "replicas": 1, "resources": { "cpu_limit": "500m", "memory_limit": "512Mi" } } }, "feature_flags": { "debug_mode": true, "airgap_mode": false } }, { "profile_id": "production", "name": "Production", "description": "High-availability production deployment", "service_overrides": { "orchestrator": { "replicas": 3 }, "policy-engine": { "replicas": 3 } }, "feature_flags": { "debug_mode": false, "airgap_mode": false } }, { "profile_id": "airgap", "name": "Air-Gap", "description": "Offline deployment without external connectivity", "feature_flags": { "debug_mode": false, "airgap_mode": true } } ], "channels": [ { "channel_id": "stable", "name": "Stable", "description": "Production-ready releases", "current_version": "2025.10.0", "manifest_url": "https://releases.stella-ops.org/stable/manifest.json", "update_frequency": "Monthly" }, { "channel_id": "beta", "name": "Beta", "description": "Pre-release testing", "current_version": "2025.11.0-beta.1", "manifest_url": "https://releases.stella-ops.org/beta/manifest.json", "update_frequency": "Weekly" } ] } ] }