Release Operations runbook
Release operations center on one exact source SHA, a promotion branch, and evidence that is good enough to defend a production deploy.
The current operating model is service-level validation inside a monorepo: global contract gates stay mandatory, domain-local gates shorten feedback, and consumer smokes prove shared-service/product compatibility before promotion. Deterministic local utilities now own repetitive CI/deploy/UAT/evidence summaries; agents act on those packets instead of manually polling.
For the full delivery-system view across gates, profiles, environments, and readback, start with CI/CD Delivery System.
Operator Flow
- Confirm the intended source SHA is integrated and green.
- Run local preflight as a signal.
- Promote the exact SHA to
release/platform-control. - Trigger the chosen release profile.
- Capture release, UAT, security, runtime, and rollback evidence.
- Record exceptions with owner, reason, expiry, and risk domain approval.
Gate Stack
| Gate layer | Current source |
|---|---|
| Source promotion | Platform-control release promotion policy |
| Global contracts | OpenAPI/AsyncAPI, codegen, schema, security, and boundary guards |
| Domain-local validation | Service-level CI/CD operating model and ownership maps |
| Release profile evidence | Platform release profile gates |
| CI/deploy monitoring | Local automation utility layer and Fairway deploy-run evidence |
| UAT/security/runtime proof | Release evidence bundle and production baseline |
GPU Node Rollout Direction
Node-agent and GPU host changes should move by ring: internal, UAT/Security, production canary, broad production, and sensitive tenants. Reserve capacity must exist before patching starts.