feat(upgrade): accurate version detection + changelog + impact table + confirm#457
Closed
pallakatos wants to merge 2 commits into
Closed
feat(upgrade): accurate version detection + changelog + impact table + confirm#457pallakatos wants to merge 2 commits into
pallakatos wants to merge 2 commits into
Conversation
…+ confirm Addresses real `kars upgrade` feedback on a cluster deployed before the karsRelease stamp existed. - Current-version detection: was falling back to the chart's static appVersion (showed v0.1.0 on any older cluster). Now resolves the real version, most- reliable first: (1) the karsRelease Helm value stamped by a prior upgrade, (2) IMAGE-DIGEST MATCH — read the controller pod's running image digest and match it against recent published kars-controller release digests (az acr import preserves content-addressed digests, so ACR==GHCR), (3) static appVersion as last resort. - Changelog summary: prints the annotated tag messages (the real feature changelog) for the versions between current and target, before the confirm. - Impact table: reads the live cluster (controller + all sandbox Deployments across namespaces) and shows what will be rolling-restarted — namespace, readiness, running image — the blast radius — before the confirm. - Y/N confirmation before any write (auto-proceeds under --yes / non-TTY). --dry-run shows changelog + impact + plan and exits. All additions are read-only (kubectl get, public GitHub + GHCR APIs) with graceful fallback; the upgrade write path is unchanged. Security audit: docs/internal/security-audits/2026-06-26-upgrade-version-changelog-impact.md (2 sign-offs). Verification: tsc + oxlint clean, 843 tests; validated live against kars-aks (digest match, changelog from tag messages, impact table render, dry-run). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
…luster) Real-world failure: a `kars upgrade` on a cluster whose nodes were all NotReady (AKS reported Running, but every node had shutdown/unreachable/cilium-agent-not- ready taints) ground through a 5.5-min image import and then timed out on the 8-min `helm upgrade --wait` (controller stuck 1/2, 2nd replica unschedulable), ending in a messy `--atomic` rollback that also errored. Add a pre-flight gate: before importing images or touching Helm, check node readiness via `kubectl get nodes`. If ALL nodes are NotReady, abort in ~2s with actionable guidance (check nodes / `az aks start` / describe nodes) instead of ~13 minutes of doomed work. Partial readiness is allowed but surfaced. Verification: tsc + oxlint clean, 843 tests; proven live against the degraded kars-aks cluster — now fails fast with a clear message and makes no changes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Collaborator
Author
|
Superseded by #479. This PR was branched at v0.1.18 — before the #473 |
pallakatos
added a commit
that referenced
this pull request
Jun 29, 2026
…t (additive, #457) (#479) Re-lands the additive, non-conflicting parts of the stale PR #457 on top of the current v0.1.21 hardened `kars upgrade` flow — WITHOUT touching the repaired write path (image import → atomic Helm upgrade → mesh-first rolling restart → health-gated success → --atomic/rollback is byte-for-byte unchanged). New, all read-only: - Changelog summary before the confirm: annotated tag messages for the releases between current and target (fetchRecentReleases/releasesBetween/fetchTagMessage + summarizeChangelog). - Impact table: reads the live cluster and lists the controller + sandboxes that will be rolling-restarted, with readiness and running image. - Y/N confirmation before any write; auto-proceeds under --yes or non-TTY stdin (existing automation unaffected). - Pre-flight node-readiness gate: hard-blocks (no changes) only when EVERY node is NotReady, where the upgrade would otherwise time out + roll back. - Version-detection fallback: when the controller runs :latest with no karsRelease stamp, match the running image digest to published release digests to recover the real "Current:" version. Inserted ONLY as a new fallback step — never overrides the existing image-tag or stamped-value detection. Supersedes #457 (which was branched at v0.1.18, before the #473 upgrade repair, and is now CONFLICTING; merging it directly would revert the repair). This brings in just its net-new features rebased on current main, with the security-audit doc in the tracked docs/security-audits/ folder. Tests: release.test.ts +6 (releasesBetween x3, summarizeChangelog x3). CLI typecheck + oxlint (0 errors) + build clean; vitest 888 pass / 2 skipped. Co-authored-by: Pal Lakatos-Toth <pallakatos@github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Addresses real
kars upgradefeedback from a cluster deployed before thekarsReleasestamp existed (it showedCurrent: v0.1.0and started immediately with no preview).1. Accurate current-version detection
Was falling back to the chart's static
appVersion→v0.1.0on any older cluster. Now resolves the real version, most-reliable first:karsReleaseHelm value stamped by a priorkars upgrade;kars-controllerrelease tags (sinceaz acr importpreserves content-addressed digests, ACR == GHCR);appVersionas last resort.2. Changelog summary
Before the confirm, prints the annotated tag messages (the real feature changelog) for the versions between current and target — e.g.:
3. Impact table (the new ask)
Reads the live cluster and shows what will be rolling-restarted before the confirm:
4. Y/N confirmation
Interactive prompt before any write; auto-proceeds under
--yes/ non-TTY.--dry-runshows changelog + impact + plan and exits.Safety
All additions are read-only (
kubectl get, public GitHub + GHCR APIs) with graceful fallback; the upgrade write path is unchanged, and a human confirm now gates it. Security audit:docs/internal/security-audits/2026-06-26-upgrade-version-changelog-impact.md(2 sign-offs).Verification
tsc+ oxlint clean, 843 tests (newreleasesBetweencases).kars-aks: digest helpers collect 5 manifest digests/tag;releasesBetween("v0.1.15","v0.1.18")→ v0.1.16/17/18; changelog renders real bullets from tag messages; impact table renders;--dry-runshows everything with no changes.