Describe steps for safely releasing provision script changes #2384
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| The provison.sh script file sets up any base dependencies required for running envd and sdk commands. | ||
|
Check warning on line 1 in packages/orchestrator/pkg/template/build/phases/base/provision.md
|
||
|
|
||
| # change rollout process | ||
|
|
||
| The provision.sh script is executed immediately after the docker image is pulled from the registry, and before running | ||
| any other build commands, and the result is cached. As such, it is most likely cached for any future builds. The caching | ||
| means that the provision.sh script will most likely not be executed if the template is rebuilt. | ||
|
|
||
| There are two considerations to be made when rolling out new versions of the template: | ||
| - We don't want to overwhelm the template managers by invalidating all cache at once. | ||
| - We want to communicate to the end users that, in order to take advantage of new features, customers need to rebuild their templates. | ||
|
|
||
| Current process: | ||
|
|
||
| 1. Deploy template managers with the new version of `provision.sh`. | ||
| 2. Increment the `build-provision-version` environment variable in the template manager deployment. | ||
|
Check failure on line 16 in packages/orchestrator/pkg/template/build/phases/base/provision.md
|
||
|
There was a problem hiding this comment. 🔴 Step 2 of the rollout guide incorrectly describes Extended reasoning...What the bug is Line 16 of provision.md instructs: "Increment the The code path In BuildProvisionVersion = newIntFlag("build-provision-version", 0)In bb.featureFlags.IntFlag(ctx, featureflags.BuildProvisionVersion, ...)with per-template and per-team targeting contexts passed in. There is no environment variable named Why existing docs don't prevent this The document is newly introduced in this PR, so there is no prior documentation to catch the error. The flag name closely resembles what an env var might be called, which makes the mistake easy to introduce. Impact An operator following this runbook during a live rollout would search the deployment YAML or Helm charts for an env var that does not exist. They would be unable to execute step 2, blocking the rollout. Even if they eventually discovered the correct mechanism, the delay could mean either missed coordinated rollout timing or incorrect configuration methods being applied (e.g., accidentally adding a spurious env var to the deployment). Additionally, the document misses an important capability: because this is a LaunchDarkly feature flag with per-template and per-team targeting, operators can perform a gradual rollout to a subset of templates or teams — which directly addresses the cache stampede concern raised by the document itself. By calling it an env var, this capability is obscured from the reader. How to fix Replace line 16 with accurate guidance, e.g.: "Increment the Step-by-step proof
Note on duplicate reports Multiple verifiers flagged this as a duplicate of other bugs (bug_003/bug_006). The synthesis agent has canonicalized these into merged_bug_001. The underlying issue is confirmed by all verifiers: the documentation is factually wrong about the mechanism for this flag. |
||
| 3. Bump the envd version number and release it. Gate the release of new envd/sdk features with the new envd version. | ||
| 4. (optional) Update the dashboard to alert users to rebuild their templates to take advantage of the new features. | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🟡 Line 1 of provision.md contains a typo: 'provison.sh' is missing the second 'i' and should be 'provision.sh'. This is a minor documentation inconsistency since the rest of the file (lines 5, 15) spells it correctly.
Extended reasoning...
What the bug is: The very first sentence of the newly added provision.md file contains a misspelling: 'The provison.sh script file...' — the word 'provison' is missing the second 'i', making it different from the actual filename 'provision.sh'.
The specific code path: Line 1 of the diff reads: 'The provison.sh script file sets up any base dependencies required for running envd and sdk commands.' The misspelling exists only in this opening sentence.
Why existing code doesn't prevent it: This is a documentation file with no automated spell-checking or linting in place to catch typos. The rest of the document consistently uses the correct spelling 'provision.sh' (lines 5, 7, 8, 15), which confirms the opening sentence is a one-off typo rather than a systemic naming issue.
Impact: The impact is minimal — this is documentation-only and has no runtime effect. However, a misspelling in the very first sentence can cause confusion for readers trying to locate or reference the actual script file named 'provision.sh'.
How to fix it: Change 'provison.sh' to 'provision.sh' on line 1.
Step-by-step proof:
provision.sh.' — correctly spelled