177 lines
4.7 KiB
TOML
177 lines
4.7 KiB
TOML
schema_version = "railiance.app.v1"
|
|
|
|
[app]
|
|
id = "example-service"
|
|
name = "Example Service"
|
|
repo = "railiance-apps/example-service"
|
|
owner = "platform"
|
|
criticality = "critical"
|
|
description = "Reference declaration for the Railiance staged promotion lifecycle."
|
|
|
|
[source]
|
|
revision = "git:main"
|
|
artifact = "image"
|
|
digest_policy = "required"
|
|
|
|
[rollback]
|
|
strategy = "helm-revision"
|
|
command = "bin/railiance rollback example-service"
|
|
verification = "GET /health returns 200 on the restored stable release."
|
|
|
|
[[platform.dependencies]]
|
|
name = "state-hub"
|
|
kind = "state-hub"
|
|
required = true
|
|
stage = "stage2"
|
|
evidence = "State Hub /healthz returns ok from the cluster path."
|
|
|
|
[[platform.dependencies]]
|
|
name = "postgres"
|
|
kind = "postgres"
|
|
required = true
|
|
stage = "stage2"
|
|
evidence = "Target database reports Ready and backup posture is current."
|
|
|
|
[[secrets.references]]
|
|
name = "runtime-api-key"
|
|
route = "openbao-api-key"
|
|
target = "ExternalSecret/example-service-runtime"
|
|
stage = "stage2"
|
|
required = true
|
|
|
|
[[observability.health_endpoints]]
|
|
name = "local-health"
|
|
url = "http://127.0.0.1:8080/health"
|
|
stage = "stage1"
|
|
expected_status = 200
|
|
|
|
[[observability.health_endpoints]]
|
|
name = "cluster-health"
|
|
url = "http://example-service.example-service.svc.cluster.local:8080/health"
|
|
stage = "stage2"
|
|
expected_status = 200
|
|
|
|
[[observability.metrics]]
|
|
name = "request-errors"
|
|
reference = 'promql:rate(http_requests_total{status=~"5.."}[5m])'
|
|
stage = "stage2"
|
|
|
|
[[observability.logs]]
|
|
name = "secret-leak-scan"
|
|
reference = "kubectl logs -n example-service deploy/example-service-canary"
|
|
stage = "stage2"
|
|
|
|
[stages.stage1]
|
|
enabled = true
|
|
namespace = "local"
|
|
release = "example-service-local"
|
|
commands = ["make test", "helm template charts/example-service"]
|
|
checks = ["unit-tests", "helm-template", "local-health"]
|
|
evidence = ["pytest output", "helm template success", "local health 200"]
|
|
requires_approval = false
|
|
|
|
[stages.stage2]
|
|
enabled = true
|
|
namespace = "example-service"
|
|
release = "example-service-canary"
|
|
commands = ["bin/railiance deploy --stage 2 example-service", "bin/railiance observe example-service"]
|
|
checks = ["server-dry-run", "canary-ready", "cluster-health", "operator-approval"]
|
|
evidence = ["release name", "pod readiness", "health 200", "State Hub progress id"]
|
|
requires_approval = true
|
|
canary_mode = "isolated"
|
|
observation_minutes = 60
|
|
|
|
[stages.stage3]
|
|
enabled = true
|
|
namespace = "example-service"
|
|
release = "example-service"
|
|
commands = ["bin/railiance promote example-service", "bin/railiance observe example-service"]
|
|
checks = ["stage2-accepted", "rollback-target", "cluster-health", "operator-approval"]
|
|
evidence = ["promotion command id", "new stable digest", "post-promotion smoke"]
|
|
requires_approval = true
|
|
promotion_mode = "release-replace"
|
|
previous_stable = "helm:example-service:previous"
|
|
|
|
[[checks]]
|
|
id = "unit-tests"
|
|
type = "command"
|
|
stage = "stage1"
|
|
description = "Run repository unit tests."
|
|
required = true
|
|
run = "make test"
|
|
timeout_seconds = 600
|
|
|
|
[[checks]]
|
|
id = "helm-template"
|
|
type = "helm"
|
|
stage = "stage1"
|
|
description = "Render Helm templates locally."
|
|
required = true
|
|
chart = "charts/example-service"
|
|
values = "values/local.yaml"
|
|
mode = "template"
|
|
|
|
[[checks]]
|
|
id = "local-health"
|
|
type = "http"
|
|
stage = "stage1"
|
|
description = "Confirm local service health."
|
|
required = true
|
|
url = "http://127.0.0.1:8080/health"
|
|
expected_status = 200
|
|
timeout_seconds = 10
|
|
|
|
[[checks]]
|
|
id = "server-dry-run"
|
|
type = "helm"
|
|
stage = "stage2"
|
|
description = "Render and submit a server-side dry run before canary."
|
|
required = true
|
|
chart = "charts/example-service"
|
|
values = "values/canary.yaml"
|
|
mode = "server-dry-run"
|
|
|
|
[[checks]]
|
|
id = "canary-ready"
|
|
type = "kubernetes"
|
|
stage = "stage2"
|
|
description = "Canary deployment reaches Available."
|
|
required = true
|
|
namespace = "example-service"
|
|
resource = "deploy/example-service-canary"
|
|
condition = "Available"
|
|
|
|
[[checks]]
|
|
id = "cluster-health"
|
|
type = "http"
|
|
stage = "stage2"
|
|
description = "Cluster health endpoint returns 200."
|
|
required = true
|
|
url = "http://example-service.example-service.svc.cluster.local:8080/health"
|
|
expected_status = 200
|
|
timeout_seconds = 10
|
|
|
|
[[checks]]
|
|
id = "operator-approval"
|
|
type = "manual"
|
|
stage = "stage2"
|
|
description = "Human approval is recorded before production-critical traffic changes."
|
|
required = true
|
|
evidence_required = "State Hub approval note id, candidate digest, rollback target."
|
|
|
|
[[checks]]
|
|
id = "stage2-accepted"
|
|
type = "manual"
|
|
stage = "stage3"
|
|
description = "Stage 2 gates passed for the same candidate artifact."
|
|
required = true
|
|
evidence_required = "State Hub Stage 2 acceptance progress id."
|
|
|
|
[[checks]]
|
|
id = "rollback-target"
|
|
type = "manual"
|
|
stage = "stage3"
|
|
description = "Previous stable release is recorded before promotion."
|
|
required = true
|
|
evidence_required = "Previous Helm revision or image digest."
|