You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
['/opt/engineering-loop/.venv/bin/python3', '-c', 'import json\nfrom pathlib import Path\nfor raw in json.loads('["docs/runbooks/rollback-by-sha.md"]'):\n path = Path(raw)\n if not path.exists():\n continue\n if not path.is_file():\n raise SystemExit(f'not a file: {raw}')\n path.read_text(encoding='utf-8')\n']: passed
Expected production impact
none
Rollback plan
Discard the generated feature worktree and branch; no production state was changed.
Document the runbook (docs/runbooks/rollback-by-sha.md): commands, verification checks, and the migration caveat.
Non-compliant requirements:
Pick a quiet window; record current good SHAs for hyrule-web and hyrule-cloud.
Roll hyrule-web back one release by SHA via the promotion workflow; verify the site serves the prior version; roll forward again.
Repeat for hyrule-cloud, including confirming Alembic migration compatibility posture for one-release rollback.
Requires further human verification:
The actual rollback execution steps (pick window, record SHAs, perform rollback, verify, roll forward) are not part of this PR and require human verification.
The verification step uses git rev-parse HEAD which may not reflect the deployed code if the repository is in a detached HEAD state or if the deployment uses a different mechanism. Consider using the application's version endpoint or a more reliable method to confirm the running SHA.
ssh -i ~/.ssh/id_servify root@2a0c:b641:b50:2::30 \
- 'cd /opt/hyrule-web && git rev-parse HEAD'+ 'curl -sf http://127.0.0.1:8080/version 2>/dev/null || git -C /opt/hyrule-web rev-parse HEAD'
# Must match the SHA you promoted.
Suggestion importance[1-10]: 7
__
Why: The suggestion improves reliability by adding a fallback to a version endpoint, which is more robust than relying solely on git rev-parse HEAD. This is a moderate improvement for verification accuracy.
Medium
Add log check for compatibility
Running alembic current after a rollback may show the head revision from the newer code, but this does not guarantee N-1 compatibility. The runbook should explicitly check for application errors or warnings in logs after the rollback to confirm compatibility.
Why: Adding a log check for errors/warnings after alembic current provides a more thorough validation of N-1 compatibility. This is a useful enhancement to the runbook.
Medium
Include health check tags
The emergency rollback section uses --tags apply which may skip pre-deployment checks or notifications. Consider adding a note to run the full playbook or include necessary tags to ensure all required steps (like health checks) are executed.
Why: Including the health tag ensures that health checks are executed during emergency rollback, which is a good practice. The improvement is minor but adds safety.
Low
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Change class
app_feature
Repos touched
Senior role reviews
Source-of-truth files consulted
Validation gates run
Expected production impact
none
Rollback plan
Discard the generated feature worktree and branch; no production state was changed.
NOC handoff
Post-deploy checks
Operator notes
Closes #358