Files
geo/progress.deploy-39.md
T
root 75c9be5eb3
Desktop Client Build / Resolve Build Metadata (push) Successful in 26s
Desktop Client Build / Build Desktop Client (push) Successful in 25m23s
Desktop Client Build / Publish Client Artifacts to NAS (push) Failing after 50s
chore(release): update desktop-client version to 0.1.11 and document July 12 release audit
2026-07-12 17:01:23 +08:00

9.3 KiB

Progress: Sync Current Workspace to 39

2026-07-10

  • Initialized a deployment-specific plan.
  • Captured the local base commit and full dirty-worktree scope.
  • Deployment documentation and remote topology audit are next.
  • Read the k3s deployment contract and confirmed migration execution is image-based through the migrate Job.
  • Confirmed local Docker is ARM64 and recorded the need to check the target architecture before building.
  • Connected read-only to the target and confirmed it is an x86_64 single-node k3s host with sufficient free disk.
  • The first audit command stopped at a zsh glob expansion in custom-columns; the safe retry will avoid bracket syntax.
  • Completed the safe remote audit: all pods healthy, main migration clean at 20260708110000, and current image tags captured.
  • Selected local linux/amd64 cross-build plus the repository image-import rollout script because the target does not host a source checkout/build engine.
  • Reviewed the migration SQL, measured the 313 MB main database, found the actual readiness endpoint, and confirmed the local cross-builder supports amd64.
  • Passed backend go test ./..., admin-web production build, and ops-web production build against the release worktree.
  • Assigned unique release tag workspace-5463319-20260710120256 and captured pre-build worktree fingerprints.
  • All nine build targets completed, but release inventory caught that OrbStack retained only the final cross-loaded image; no remote mutation occurred.
  • Switched the transfer plan to direct per-service Docker archives using the now-warm BuildKit cache.
  • Rebuilt and checksummed all nine linux/amd64 Docker archives; verified expected tags/platforms and inspected the migration file inside the migration image.
  • Created and checksummed a source snapshot for remote release traceability.
  • Initial Redis audit used the wrong workload kind and made no changes; selective key-prefix discovery is next.
  • Completed Redis classification and limited post-rollout deletion to geo:cache:*; authentication and operational runtime keys will be preserved.
  • Reverified all nine rebuilt image archives and the source snapshot against their SHA-256 manifests after the user's local image cleanup.
  • Synchronized the stale k3s prompt-config copy with the canonical deployment/server prompt so the new brand and numeric-fidelity constraints reach mounted application config.
  • Regenerated the source snapshot after synchronizing the prompt copy; archive checksum passed. A follow-on prompt comparison used release-directory-relative paths and will be rerun from the repository root.
  • Reconfirmed the cluster is healthy and the release directory is absent immediately before backup. The remote mounted prompt hash matches the stale k3s copy, confirming that a ConfigMap patch is required.
  • Created the timestamped remote release directory and completed the pre-mutation rollback set: eight application Deployments, migrate Job, ReplicaSets, mounted ConfigMap, pod/image inventory, exact active image archives, and a verified compressed main-database dump (895 MB total).
  • First artifact upload invocation exited before transfer because the local rsync is too old for --info=progress2; switching to portable progress/statistics flags.
  • Uploaded the complete 348 MB incoming release set. All nine image archives, the current workspace snapshot, and the canonical prompt file passed SHA-256 verification independently on 39.
  • Imported all nine workspace-5463319-20260710120256 linux/amd64 images into k3s containerd and confirmed all nine tagged refs exist.
  • Replaced the completed old migration Job with the release-tagged Job. It completed successfully; main schema is 20260710183000, dirty=false, all three media-favorite tables exist, and platform-template seeding completed.
  • The first ConfigMap merge attempt stopped before mutation because jq is absent on 39; the mounted prompt remains on its old checksum. Local jq is available, and the ConfigMap's non-prompt keys are config.yaml and ops-config.yaml.
  • Applied a locally generated one-field merge patch to geo-rankly-app-config; both non-prompt values and the key set remained unchanged, while prompts.yml now matches SHA-256 61b768b....
  • Rolled all six backend/worker Deployments and both web Deployments to the release tag. Every desired replica is Ready.
  • Initial post-rollout checks passed: tenant/ops/browser readiness and both web roots return 200, mounted prompts match in four consumers, all release Pods have zero restarts, and the targeted recent-log scan found no panic/fatal/error candidates.
  • Cleanup deleted 80 zero-replica application ReplicaSets, 10 unreferenced old geo-rankly image refs, and exactly three geo:cache:* keys. Redis total keys changed 308 to 305 while 268 refresh and 25 desktop keys were preserved exactly.
  • Cleanup inventory exposed a pre-existing missing image record for the still-running official-placeholder Pod; it was not among deleted refs. The deployment will be repointed to the current frontend nginx image and rolled once to prove restartability.
  • Repaired official-placeholder with the current frontend nginx image. After one transient Endpoint propagation miss, Service and Pod both return 200 with zero restarts; seven historical zero-replica ReplicaSets were removed.
  • Updated the declarative placeholder manifest away from its unavailable hard-coded image and refreshed/reverified the remote source snapshot.
  • Investigated the final scheduler log candidates: 22 lines represented 11 records repeated across two five-minute checks. Aggregate SQL showed all candidates were soft-deleted articles, with no missing rows or tenant mismatch. Final log verification will exclude only this exact known anomaly and require every other error class to be zero.
  • Adjusted log verification accordingly: all 34 current scheduler candidates are the exact known soft-delete anomaly and unexpected log candidates are zero. A later final check found two shared cache keys had been naturally repopulated after the earlier verified deletion; they will be cleared again only after all endpoint checks finish.
  • Completed final verification: 11 Deployments and 6 StatefulSets Ready, migration clean, six HTTP checks at 200, release Pod restarts zero, unexpected log candidates zero, stale zero-replica ReplicaSets zero, nine release image refs present, and no old geo-rankly refs remain.
  • Cleared the two naturally repopulated geo:cache:* keys as the last runtime action and immediately verified cache count zero while 270 refresh and 25 desktop keys remained intact.
  • Repacked the source snapshot without macOS extended attributes and verified both incoming and rollback checksums. Stored rollback instructions and the old prompt merge patch under the timestamped release directory.

2026-07-12

  • Started an incremental deployment audit from clean HEAD e68db14 against the stored July 10 production snapshot.
  • Verified and extracted the prior source snapshot. The first comparison command did not run because a zsh special variable shadowed PATH; the retry will use a safe loop variable.
  • Confirmed the prior deployed application tree equals 04c89c6. The July 12 deployable server delta is frontend-only; no SQL migration or backend runtime rollout is required.
  • Release tests passed: full Go suite, admin-web Vitest (3/3), and desktop-client Vitest (207/207 across 30 files).
  • Admin-web production build, desktop-client typecheck, and desktop-client build all passed. A concurrently running signed desktop packaging process is being left untouched and is outside the k3s rollout.
  • Built the frontend directly to a linux/amd64 Docker archive tagged workspace-e68db14-20260712150344; tag, architecture, AIAccounts chunk, and SHA checks passed. A zsh diagnostic-variable error interrupted only the final source-commit printout.
  • Confirmed the source archive emits the expected commit, but pipefail treated gzip's expected early-reader SIGPIPE as an error; final verification will use a temporary uncompressed tar instead of that pipeline.
  • Finished release artifact verification: frontend Docker archive and Git source archive both pass SHA-256, platform is linux/amd64, the expected AIAccounts chunk is present, and all frontend build inputs stayed unchanged during the build.
  • Captured an 18 MB frontend-only rollback set on 39, uploaded the 100 MB incoming release, and independently verified both archive checksums on the target.
  • Imported the release frontend image. The new Pod initially could not create its sandbox because the node's pause image had been deleted and Docker Hub timed out; restored a checksummed linux/amd64 rancher/mirrored-pause:3.6, after which the Pod became Ready with zero restarts and the old Pod terminated.
  • Verified the new frontend: root, /ai-accounts, and the 14.9 KB AIAccounts chunk all return 200; frontend log candidates and restarts are zero, tenant readiness is 200, and schema remains 20260710183000|false.
  • Completed July 12 cleanup and final verification: 11 Deployments and 6 StatefulSets Ready, one stale frontend ReplicaSet removed, no unreferenced geo-rankly image refs found, pause image retained, and release/rollback checksums pass.
  • Cleared exactly two geo:cache:* keys as the last application-affecting step; cache remains zero while 265 refresh and 42 desktop runtime keys were preserved. Desktop-client publishing was not touched after the user's instruction.