9.3 KiB
9.3 KiB
Progress: Sync Current Workspace to 39
2026-07-10
- Initialized a deployment-specific plan.
- Captured the local base commit and full dirty-worktree scope.
- Deployment documentation and remote topology audit are next.
- Read the k3s deployment contract and confirmed migration execution is image-based through the
migrateJob. - Confirmed local Docker is ARM64 and recorded the need to check the target architecture before building.
- Connected read-only to the target and confirmed it is an x86_64 single-node k3s host with sufficient free disk.
- The first audit command stopped at a zsh glob expansion in
custom-columns; the safe retry will avoid bracket syntax. - Completed the safe remote audit: all pods healthy, main migration clean at
20260708110000, and current image tags captured. - Selected local
linux/amd64cross-build plus the repository image-import rollout script because the target does not host a source checkout/build engine. - Reviewed the migration SQL, measured the 313 MB main database, found the actual readiness endpoint, and confirmed the local cross-builder supports amd64.
- Passed backend
go test ./..., admin-web production build, and ops-web production build against the release worktree. - Assigned unique release tag
workspace-5463319-20260710120256and captured pre-build worktree fingerprints. - All nine build targets completed, but release inventory caught that OrbStack retained only the final cross-loaded image; no remote mutation occurred.
- Switched the transfer plan to direct per-service Docker archives using the now-warm BuildKit cache.
- Rebuilt and checksummed all nine linux/amd64 Docker archives; verified expected tags/platforms and inspected the migration file inside the migration image.
- Created and checksummed a source snapshot for remote release traceability.
- Initial Redis audit used the wrong workload kind and made no changes; selective key-prefix discovery is next.
- Completed Redis classification and limited post-rollout deletion to
geo:cache:*; authentication and operational runtime keys will be preserved. - Reverified all nine rebuilt image archives and the source snapshot against their SHA-256 manifests after the user's local image cleanup.
- Synchronized the stale k3s prompt-config copy with the canonical deployment/server prompt so the new brand and numeric-fidelity constraints reach mounted application config.
- Regenerated the source snapshot after synchronizing the prompt copy; archive checksum passed. A follow-on prompt comparison used release-directory-relative paths and will be rerun from the repository root.
- Reconfirmed the cluster is healthy and the release directory is absent immediately before backup. The remote mounted prompt hash matches the stale k3s copy, confirming that a ConfigMap patch is required.
- Created the timestamped remote release directory and completed the pre-mutation rollback set: eight application Deployments, migrate Job, ReplicaSets, mounted ConfigMap, pod/image inventory, exact active image archives, and a verified compressed main-database dump (895 MB total).
- First artifact upload invocation exited before transfer because the local rsync is too old for
--info=progress2; switching to portable progress/statistics flags. - Uploaded the complete 348 MB incoming release set. All nine image archives, the current workspace snapshot, and the canonical prompt file passed SHA-256 verification independently on 39.
- Imported all nine
workspace-5463319-20260710120256linux/amd64 images into k3s containerd and confirmed all nine tagged refs exist. - Replaced the completed old migration Job with the release-tagged Job. It completed successfully; main schema is
20260710183000,dirty=false, all three media-favorite tables exist, and platform-template seeding completed. - The first ConfigMap merge attempt stopped before mutation because jq is absent on 39; the mounted prompt remains on its old checksum. Local jq is available, and the ConfigMap's non-prompt keys are
config.yamlandops-config.yaml. - Applied a locally generated one-field merge patch to
geo-rankly-app-config; both non-prompt values and the key set remained unchanged, whileprompts.ymlnow matches SHA-25661b768b.... - Rolled all six backend/worker Deployments and both web Deployments to the release tag. Every desired replica is Ready.
- Initial post-rollout checks passed: tenant/ops/browser readiness and both web roots return 200, mounted prompts match in four consumers, all release Pods have zero restarts, and the targeted recent-log scan found no panic/fatal/error candidates.
- Cleanup deleted 80 zero-replica application ReplicaSets, 10 unreferenced old geo-rankly image refs, and exactly three
geo:cache:*keys. Redis total keys changed 308 to 305 while 268 refresh and 25 desktop keys were preserved exactly. - Cleanup inventory exposed a pre-existing missing image record for the still-running
official-placeholderPod; it was not among deleted refs. The deployment will be repointed to the current frontend nginx image and rolled once to prove restartability. - Repaired
official-placeholderwith the current frontend nginx image. After one transient Endpoint propagation miss, Service and Pod both return 200 with zero restarts; seven historical zero-replica ReplicaSets were removed. - Updated the declarative placeholder manifest away from its unavailable hard-coded image and refreshed/reverified the remote source snapshot.
- Investigated the final scheduler log candidates: 22 lines represented 11 records repeated across two five-minute checks. Aggregate SQL showed all candidates were soft-deleted articles, with no missing rows or tenant mismatch. Final log verification will exclude only this exact known anomaly and require every other error class to be zero.
- Adjusted log verification accordingly: all 34 current scheduler candidates are the exact known soft-delete anomaly and unexpected log candidates are zero. A later final check found two shared cache keys had been naturally repopulated after the earlier verified deletion; they will be cleared again only after all endpoint checks finish.
- Completed final verification: 11 Deployments and 6 StatefulSets Ready, migration clean, six HTTP checks at 200, release Pod restarts zero, unexpected log candidates zero, stale zero-replica ReplicaSets zero, nine release image refs present, and no old geo-rankly refs remain.
- Cleared the two naturally repopulated
geo:cache:*keys as the last runtime action and immediately verified cache count zero while 270 refresh and 25 desktop keys remained intact. - Repacked the source snapshot without macOS extended attributes and verified both incoming and rollback checksums. Stored rollback instructions and the old prompt merge patch under the timestamped release directory.
2026-07-12
- Started an incremental deployment audit from clean HEAD
e68db14against the stored July 10 production snapshot. - Verified and extracted the prior source snapshot. The first comparison command did not run because a zsh special variable shadowed PATH; the retry will use a safe loop variable.
- Confirmed the prior deployed application tree equals
04c89c6. The July 12 deployable server delta is frontend-only; no SQL migration or backend runtime rollout is required. - Release tests passed: full Go suite, admin-web Vitest (3/3), and desktop-client Vitest (207/207 across 30 files).
- Admin-web production build, desktop-client typecheck, and desktop-client build all passed. A concurrently running signed desktop packaging process is being left untouched and is outside the k3s rollout.
- Built the frontend directly to a linux/amd64 Docker archive tagged
workspace-e68db14-20260712150344; tag, architecture, AIAccounts chunk, and SHA checks passed. A zsh diagnostic-variable error interrupted only the final source-commit printout. - Confirmed the source archive emits the expected commit, but pipefail treated gzip's expected early-reader SIGPIPE as an error; final verification will use a temporary uncompressed tar instead of that pipeline.
- Finished release artifact verification: frontend Docker archive and Git source archive both pass SHA-256, platform is linux/amd64, the expected AIAccounts chunk is present, and all frontend build inputs stayed unchanged during the build.
- Captured an 18 MB frontend-only rollback set on 39, uploaded the 100 MB incoming release, and independently verified both archive checksums on the target.
- Imported the release frontend image. The new Pod initially could not create its sandbox because the node's pause image had been deleted and Docker Hub timed out; restored a checksummed linux/amd64
rancher/mirrored-pause:3.6, after which the Pod became Ready with zero restarts and the old Pod terminated. - Verified the new frontend: root,
/ai-accounts, and the 14.9 KB AIAccounts chunk all return 200; frontend log candidates and restarts are zero, tenant readiness is 200, and schema remains20260710183000|false. - Completed July 12 cleanup and final verification: 11 Deployments and 6 StatefulSets Ready, one stale frontend ReplicaSet removed, no unreferenced geo-rankly image refs found, pause image retained, and release/rollback checksums pass.
- Cleared exactly two
geo:cache:*keys as the last application-affecting step; cache remains zero while 265 refresh and 42 desktop runtime keys were preserved. Desktop-client publishing was not touched after the user's instruction.