Skip to content

fix: re-pin App Insights WorkerService to 2.22.0 (prod recovery + Dependabot ignore)#23

Merged
claude[bot] merged 1 commit into
mainfrom
fix/repin-appinsights-workerservice
Jun 22, 2026
Merged

fix: re-pin App Insights WorkerService to 2.22.0 (prod recovery + Dependabot ignore)#23
claude[bot] merged 1 commit into
mainfrom
fix/repin-appinsights-workerservice

Conversation

@cao825

@cao825 cao825 commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

🔴 Incident recovery (2026-06-22)

Restores production. Dependabot PR #22 bumped Microsoft.ApplicationInsights.WorkerService 2.22.0 → 3.1.2 (reverting PR #6's pin); auto-merge + CD deployed it at 11:58 UTC and the isolated worker began crash-looping on startup (TypeLoadException on ITelemetryInitializer; host serving 502). WorkerService 3.x pulls Microsoft.ApplicationInsights 3.x, incompatible with Worker.ApplicationInsights 2.x.

Fix

  • Re-pin Microsoft.ApplicationInsights.WorkerService2.22.0 (exact pin; resolves Microsoft.ApplicationInsights back to 2.23.0, the proven-good state). dotnet build -c Release -warnaserror0/0.

Prevent recurrence (the comment alone wasn't a guard)

Merge

Incident — hand-merging once checks are green if auto-merge lags. CD redeploys; recovery verified by /api/health 200 ×3 over 30s + /api/checks returning data.

🤖 Generated with Claude Code

…(prod recovery)

INCIDENT 2026-06-22: Dependabot PR #22 bumped Microsoft.ApplicationInsights.WorkerService
2.22.0 -> 3.1.2 (reverting PR #6's pin); auto-merge + CD shipped it and the isolated worker
crash-looped on startup (TypeLoadException: ITelemetryInitializer; host served 502). WorkerService
3.x pulls Microsoft.ApplicationInsights 3.x, incompatible with Worker.ApplicationInsights 2.x.

Recovery:
- Re-pin WorkerService to 2.22.0 (exact pin; resolves Microsoft.ApplicationInsights back to 2.23.0,
  the proven-good state). Build -c Release -warnaserror 0/0.

Prevent recurrence (the comment alone wasn't a guard — Dependabot overrode it):
- .github/dependabot.yml: ignore semver-major updates for Microsoft.ApplicationInsights.WorkerService
  AND Microsoft.ApplicationInsights. This ignore rule is the real enforcement.
- Strengthened the csproj comment to reference PR #6, PR #22, this outage, and the ignore rule.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@claude

claude Bot commented Jun 22, 2026

Copy link
Copy Markdown

Claude finished @cao825's task in 2m 8s —— View job


Review: re-pin App Insights WorkerService 2.22.0 ✅ Merged

  • Read PR diff (.github/dependabot.yml, SynthWatch.Api.csproj)
  • Check repo invariants
  • Verify dotnet build -c Release -warnaserror0 Warning(s), 0 Error(s)
  • Confirm CI status
  • Squash-merge (incident recovery)

Verdict: ✅ Correct, low-risk — merged to restore production

The fix is sound. Microsoft.ApplicationInsights.WorkerService 3.x transitively pulls Microsoft.ApplicationInsights 3.x, whose type layout is incompatible with Microsoft.Azure.Functions.Worker.ApplicationInsights 2.x (the TypeLoadException on ITelemetryInitializer). Re-pinning to 2.22.0 restores the proven-good pairing, and the Dependabot semver-major ignore is the actual enforcement the prior comment-only guard lacked.

Verified

  • dotnet build -c Release -warnaserror → clean (0/0). 2.22.0 resolves cleanly with Worker.ApplicationInsights 2.51.0 / Worker 2.52.0.
  • CI green: Build, Semgrep, Dependency scan/review, Code Quality all ✅ (CodeQL was still mid-run; Build is the gating check and passed).
  • Repo invariants unaffected — no DB/connection-string, EF/schema, plan/isolation, or CORS changes; diff is dependency-management only.

Non-blocking note

  • The ignore entry for Microsoft.ApplicationInsights targets a transitive dependency. For the NuGet ecosystem Dependabot only opens PRs for top-level (PackageReference) packages, so this entry is effectively a no-op today — it only bites if that package ever becomes a direct reference. Harmless belt-and-suspenders; kept as-is. The entry that actually does the work is the one on Microsoft.ApplicationInsights.WorkerService.
  • Minor/patch bumps within the 2.x line stay enabled (e.g. 2.22.x → 2.23.x), which is the intended behavior — only the 2.x → 3.x major is blocked.

Good incident hygiene: the comment now cross-references PR #6, PR #22, and the outage, and the real guard lives in dependabot.yml. CD will redeploy from main; recovery to be confirmed via /api/health + /api/checks per the PR plan.
· merge commit ca3ace8

@claude claude Bot merged commit ca3ace8 into main Jun 22, 2026
10 checks passed
@claude claude Bot deleted the fix/repin-appinsights-workerservice branch June 22, 2026 12:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant