feat: persist release details in consul and post-enable governance on GA#1112
Open
aaronkvanmeerten wants to merge 4 commits into
Open
feat: persist release details in consul and post-enable governance on GA#1112aaronkvanmeerten wants to merge 4 commits into
aaronkvanmeerten wants to merge 4 commits into
Conversation
Wire set-release-ga to send a post-enable notification (progress {audience: GA})
after the release is promoted, via the new governance postEnable hook. Runs
last and fails open so a governance error never blocks a release that is
already live. Adds GOVERNANCE_ENABLED/STAGING/VERBOSE and RP_TICKET params.
Store the RP ticket identified at release-core pre-release time into consul KV keyed by release number (releases/<env>/<release>/rp), via new consul-set-release-rp.sh. set-release-ga reads it back (consul-get-release-rp.sh) when no RP_TICKET param is given, so the post-enable notification references the same RP as the original release. Both paths fail open.
aaronkvanmeerten
changed the title
Drop the SSH-tunnel/multi-DC/AWS fan-out from consul-set-release-rp.sh — the reader (consul-get-release-rp.sh) only reads the OCI consul default DC, so a single PUT there is sufficient. Removes the now-unneeded sshagent/credentials wrapper from the release-core call.
Replace the rp-only consul record with a richer JSON details blob keyed by release number (releases/<env>/<release>/details): RP, per-service component versions, signal/jvb versions, branch, requestedBy, and createdAt. - release-core writes the record after pre-release (JsonOutput). - set-release-ga reads it (readJSON) to build the post-enable call from the real RP + component versions (no more single 'core' placeholder), then writes a gaAt timestamp back into the record. - New consul-set/get-release-details.sh (single OCI default-DC PUT/GET) supersede the consul-set/get-release-rp.sh scripts. All paths fail open.
aaronkvanmeerten
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When a release is promoted to GA, emit a post-enable governance notification built from the same RP and component versions as the original release. To do that,
release-corenow persists a full release-details record in Consul KV thatset-release-gareads back.1. Persist release details at release-core time
After pre-release identifies the RP,
release-corewrites a JSON record to Consul KV keyed by release number:{ "releaseNumber": "240", "environment": "stage-8x8", "rp": "RP-100300", "signalVersion": "1184-9295-1.0.7770", "jvbVersion": "8.0-205-g206e038", "branch": "release-240", "requestedBy": "...", "components": [{"name":"jicofo","version":"1184"}, {"name":"jitsi-meet","version":"9295"}, {"name":"prosody","version":"1.0.7770"}, {"name":"jvb","version":"8.0-205-g206e038"}], "createdAt": "2026-06-26T08:00:00Z" }Written via
scripts/consul-set-release-details.sh— a single PUT to the OCI consul default DC.2. Reuse at set-release-ga time + post-enable on GA
set-release-gareads the record (scripts/consul-get-release-details.sh+readJSON) and builds the post-enable call from the stored RP (release.key) and real component versions (release.components) — replacing the old single{name:'core'}placeholder.effectiveAtis the GA moment (now); agaAttimestamp is written back into the record.source: traffic-manager,progress: {audience: GA}.Runs after promotion and fails open — governance never blocks a release that is already live. New params:
GOVERNANCE_ENABLED/STAGING/VERBOSE,RP_TICKET(optional override; otherwise taken from the stored record).Dependencies
govern8PostEnableHook)GovernanceHooks.postEnable)Test plan
releases/<env>/<release>/detailsGOVERNANCE_ENABLED=falseskips the notification