75f6942769
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
- Implemented MigrationCategoryTests to validate migration categorization for startup, release, seed, and data migrations. - Added tests for edge cases, including null, empty, and whitespace migration names. - Created StartupMigrationHostTests to verify the behavior of the migration host with real PostgreSQL instances using Testcontainers. - Included tests for migration execution, schema creation, and handling of pending release migrations. - Added SQL migration files for testing: creating a test table, adding a column, a release migration, and seeding data.
3.3 KiB
3.3 KiB
Sprint 502 · Ops Deployment II (Ops & Offline)
Topic & Scope
- Phase II of ops deployment/offline readiness stream (IMPL 190.A follow-on).
- Produce deployment overlays, Helm scaffolding, and rollout/runbook assets for policy, VEX Lens, Findings Ledger, and downloads pipeline.
- Working directory: docs/implplan (coordination); delivery artefacts expected in
deploy/anddocs/runbooks/as referenced per task.
Dependencies & Concurrency
- Upstream: Sprint 190.A – Ops Deployment I (prereq for this batch).
- Tasks with explicit deps noted in Delivery Tracker (e.g., HELM-45-002 depends on HELM-45-001).
Documentation Prerequisites
- docs/README.md
- docs/07_HIGH_LEVEL_ARCHITECTURE.md
- docs/modules/platform/architecture-overview.md
- Any module-specific runbooks referenced by tasks (policy, VEX Lens, Findings Ledger).
BLOCKED Tasks: Before working on BLOCKED tasks, review BLOCKED_DEPENDENCY_TREE.md for root blockers and dependencies.
Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
|---|---|---|---|---|---|
| 1 | DEPLOY-POLICY-27-002 | TODO | Depends on DEPLOY-POLICY-27-001 | Deployment Guild, Policy Guild | Document rollout/rollback playbooks for policy publish/promote (canary, emergency freeze, evidence retrieval) under docs/runbooks/policy-incident.md |
| 2 | DEPLOY-VEX-30-001 | TODO | None | Deployment Guild, VEX Lens Guild | Provide Helm/Compose overlays, scaling defaults, offline kit instructions for VEX Lens service |
| 3 | DEPLOY-VEX-30-002 | TODO | Depends on DEPLOY-VEX-30-001 | Deployment Guild, Issuer Directory Guild | Package Issuer Directory deployment manifests, backups, security hardening guidance |
| 4 | DEPLOY-VULN-29-001 | TODO | None | Deployment Guild, Findings Ledger Guild | Helm/Compose overlays for Findings Ledger + projector incl. DB migrations, Merkle anchor jobs, scaling guidance |
| 5 | DEPLOY-VULN-29-002 | TODO | Depends on DEPLOY-VULN-29-001 | Deployment Guild, Vuln Explorer API Guild | Package stella-vuln-explorer-api manifests, health checks, autoscaling policies, offline kit with signed images |
| 6 | DOWNLOADS-CONSOLE-23-001 | TODO | None | Deployment Guild, DevOps Guild | Maintain signed downloads manifest pipeline; publish JSON at deploy/downloads/manifest.json; doc sync cadence for Console/docs |
| 7 | HELM-45-001 | TODO | None | Deployment Guild | Scaffold deploy/helm/stella chart with values, toggles, pinned digests, migration Job templates |
| 8 | HELM-45-002 | TODO | Depends on HELM-45-001 | Deployment Guild, Security Guild | Add TLS/Ingress, NetworkPolicy, PodSecurityContexts, Secrets integration (external secrets), document security posture |
| 9 | HELM-45-003 | TODO | Depends on HELM-45-002 | Deployment Guild, Observability Guild | Implement HPA, PDB, readiness gates, Prometheus scrape annotations, OTel hooks, upgrade hooks |
Execution Log
| Date (UTC) | Update | Owner |
|---|---|---|
| 2025-12-02 | Normalized sprint file to standard template; no task status changes | StellaOps Agent |
Decisions & Risks
- Dependencies between HELM-45 tasks enforce serial order; note in task sequencing.
- Risk: Offline kit instructions must avoid external image pulls; ensure pinned digests and air-gap copy steps.
Next Checkpoints
- None scheduled; add dates when guild checkpoints are set.