stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
96d52884e86650452c9c998d343469ea00fafdce
git.stella-ops.org/ops/deployment/TASKS.md
master 96d52884e8
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Add Policy DSL Validator, Schema Exporter, and Simulation Smoke tools 
- Implemented PolicyDslValidator with command-line options for strict mode and JSON output.
- Created PolicySchemaExporter to generate JSON schemas for policy-related models.
- Developed PolicySimulationSmoke tool to validate policy simulations against expected outcomes.
- Added project files and necessary dependencies for each tool.
- Ensured proper error handling and usage instructions across tools.
2025-10-27 08:00:11 +02:00

8.1 KiB
Raw Blame History

Deployment Task Board

ID Status Owner(s) Depends on Description Exit Criteria
DEVOPS-OPS-14-003 DONE (2025-10-26) Deployment Guild DEVOPS-REL-14-001 Document and script upgrade/rollback flows, channel management, and compatibility matrices per architecture. Helm/Compose guides updated with digest pinning, automated checks committed, rollback drill recorded.
DOWNLOADS-CONSOLE-23-001 TODO Deployment Guild, DevOps Guild DEVOPS-CONSOLE-23-002 Maintain signed downloads manifest pipeline (images, Helm, offline bundles), publish JSON under deploy/downloads/manifest.json, and document sync cadence for Console + docs parity. Pipeline generates signed manifest with checksums, automated PR updates manifest, docs updated with sync workflow, parity check in CI passes.
DEPLOY-POLICY-27-001 TODO Deployment Guild, Policy Registry Guild REGISTRY-API-27-001, DEVOPS-POLICY-27-003 Produce Helm/Compose overlays for Policy Registry + simulation workers, including Mongo migrations, object storage buckets, signing key secrets, and tenancy defaults. Overlays committed with deterministic digests; install docs updated; smoke deploy validated in staging.
DEPLOY-POLICY-27-002 TODO Deployment Guild, Policy Guild DEPLOY-POLICY-27-001, WEB-POLICY-27-004 Document rollout/rollback playbooks for policy publish/promote (canary strategy, emergency freeze toggle, evidence retrieval) under /docs/runbooks/policy-incident.md. Runbook published with decision tree; checklist appended; rehearsal recorded.
DEPLOY-VULN-29-001 TODO Deployment Guild, Findings Ledger Guild LEDGER-29-009 Produce Helm/Compose overlays for Findings Ledger + projector, including DB migrations, Merkle anchor jobs, and scaling guidance. Overlays committed; migrations documented; smoke deploy executed; rollback steps recorded.
DEPLOY-VULN-29-002 TODO Deployment Guild, Vuln Explorer API Guild VULN-API-29-011 Package stella-vuln-explorer-api deployment manifests, health checks, autoscaling policies, and offline kit instructions with signed images. Deployment docs merged; health checks validated; offline kit updated; change control recorded.
DEPLOY-VEX-30-001 TODO Deployment Guild, VEX Lens Guild VEXLENS-30-011 Provide Helm/Compose overlays, scaling defaults, and offline kit instructions for VEX Lens service. Overlays committed; smoke deploy validated; offline kit includes initial config; docs updated.
DEPLOY-VEX-30-002 TODO Deployment Guild, Issuer Directory Guild ISSUER-30-006 Package Issuer Directory deployment manifests, backups, and security hardening guidance. Deployment docs merged; backup tested; hardening checklist appended.
DEPLOY-AIAI-31-001 TODO Deployment Guild, Advisory AI Guild AIAI-31-008 Provide Helm/Compose manifests, GPU toggle, scaling/runbook, and offline kit instructions for Advisory AI service + inference container. Deployment docs merged; smoke deploy executed; offline kit updated; runbooks published.
DEPLOY-ORCH-34-001 TODO Deployment Guild, Orchestrator Service Guild ORCH-SVC-34-004 Provide orchestrator Helm/Compose manifests, scaling defaults, secret templates, offline kit instructions, and GA rollout/rollback playbook. Manifests committed with digests; scaling guidance documented; smoke deploy/rollback rehearsed; offline kit instructions updated.
DEPLOY-EXPORT-35-001 TODO Deployment Guild, Exporter Service Guild EXPORT-SVC-35-001..006 Package exporter service/worker Helm overlays (download-only), document rollout/rollback, and integrate signing KMS secrets. Overlays committed; smoke deploy executed; rollback steps recorded; secrets templates provided.
DEPLOY-EXPORT-36-001 TODO Deployment Guild, Exporter Service Guild DEPLOY-EXPORT-35-001, EXPORT-SVC-36-003 Document OCI/object storage distribution workflows, registry credential automation, and monitoring hooks for exports. Documentation merged; automation scripts validated; monitoring instructions added.

CLI Parity & Task Packs

ID Status Owner(s) Depends on Description Exit Criteria
DEPLOY-CLI-41-001 TODO Deployment Guild, DevEx/CLI Guild CLI-CORE-41-001 Package CLI release artifacts (tarballs per OS/arch, checksums, signatures, completions, container image) and publish distribution docs. Artifacts built and uploaded; docs updated with installation steps; signatures verified.
DEPLOY-PACKS-42-001 TODO Deployment Guild, Packs Registry Guild PACKS-REG-41-001 Provide deployment manifests for packs-registry and task-runner services, including Helm/Compose overlays, scaling defaults, and secret templates. Manifests committed; smoke deploy executed; rollback documented.
DEPLOY-PACKS-43-001 TODO Deployment Guild, Task Runner Guild TASKRUN-42-001 Ship remote Task Runner worker profiles, object storage bootstrap, approval workflow integration, and Offline Kit packaging instructions. Deployment docs merged; offline kit updated; approvals tested; rollback steps recorded.

Containerized Distribution (Epic 13)

ID Status Owner(s) Depends on Description Exit Criteria
DEPLOY-COMPOSE-44-001 TODO Deployment Guild COMPOSE-44-001 Finalize Quickstart scripts (quickstart.sh, backup.sh, reset.sh), seed data container, and publish README with imposed rule reminder. Scripts run end-to-end; README merged; imposed rule appended.
DEPLOY-HELM-45-001 TODO Deployment Guild HELM-45-001 Publish Helm install guide and sample values for prod/airgap; integrate with docs site build. Docs merged; values validated; helm lint/test passing.
DEPLOY-AIRGAP-46-001 TODO Deployment Guild, Offline Kit Guild DEVOPS-CONTAINERS-46-001 Provide instructions and scripts (load.sh) for importing air-gap bundle into private registry; update Offline Kit guide. Scripts tested; docs updated; imposed rule appended.

Compose Quickstart (Epic 13)

ID Status Owner(s) Depends on Description Exit Criteria
COMPOSE-44-001 TODO Deployment Guild, DevEx Guild EXPORT-SVC-37-001 Author docker-compose.yml, .env.example, and quickstart.sh with all core services + dependencies (postgres, redis, object-store, queue, otel). docker compose up yields working stack with seed data; script handles preflight; imposed rule line applied in docs.
COMPOSE-44-002 TODO Deployment Guild COMPOSE-44-001 Implement backup.sh and reset.sh scripts with safety prompts and documentation. Backup produces tarball with checksums; reset script requires confirm flag; docs updated.
COMPOSE-44-003 TODO Deployment Guild, Docs Guild COMPOSE-44-001 Package seed data container and onboarding wizard toggle (QUICKSTART_MODE), ensuring default creds randomized on first run. Seed job loads demo SBOM/advisory/policy; credentials randomized and saved to .secrets; onboarding wizard triggers.

Helm Chart (Epic 13)

ID Status Owner(s) Depends on Description Exit Criteria
HELM-45-001 TODO Deployment Guild COMPOSE-44-001 Scaffold deploy/helm/stella chart with values, component toggles, and pinned image digests for all services; include migration Job templates. Chart installs in dev cluster; images pinned; lint/tests pass.
HELM-45-002 TODO Deployment Guild, Security Guild HELM-45-001 Add TLS/Ingress, NetworkPolicy, PodSecurityContexts, Secrets integration (external secrets), and document security posture. Helm values support secure defaults; policies validated; docs updated.
HELM-45-003 TODO Deployment Guild, Observability Guild HELM-45-001 Implement HPA, PDB, readiness gates, Prometheus scraping annotations, OTel configuration hooks, and upgrade hooks. Rolling upgrade succeeds in CI; observability wires confirmed; upgrade docs updated.