Context
The chart currently relies on the app self-migrating the database on boot. That works but leaves schema state implicit during rollouts — a failing migration can leave pods crash-looping without a clean rollback signal.
Corveil already has a migrator (go/internal/db/migrate.go). The Go cmd needs a corveil migrate subcommand (add if missing — coordinate with the product repo). The chart then runs it as a Helm Job with pre-install,pre-upgrade hooks so rollouts block on successful schema state.
Goal
A templates/job-migrate.yaml that runs schema migrations before the Deployment rolls out and fails the Helm install/upgrade if migrations error.
Work items
Acceptance
helm upgrade --install with a new migration in the image runs the Job, completes, then rolls the Deployment.
helm upgrade --install with a deliberately-broken migration fails the upgrade cleanly (no partial rollout).
Dependencies
- Needs a
corveil migrate subcommand in the binary. Follow-up in the product repo.
Key files
templates/job-migrate.yaml (new)
README.md (upgrading docs)
Context
The chart currently relies on the app self-migrating the database on boot. That works but leaves schema state implicit during rollouts — a failing migration can leave pods crash-looping without a clean rollback signal.
Corveil already has a migrator (
go/internal/db/migrate.go). The Go cmd needs acorveil migratesubcommand (add if missing — coordinate with the product repo). The chart then runs it as a Helm Job withpre-install,pre-upgradehooks so rollouts block on successful schema state.Goal
A
templates/job-migrate.yamlthat runs schema migrations before the Deployment rolls out and fails the Helm install/upgrade if migrations error.Work items
templates/job-migrate.yaml:annotations: helm.sh/hook: pre-install,pre-upgrade; helm.sh/hook-weight: "-5"; helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded.command: ["corveil", "migrate"].restartPolicy: Never,backoffLimit: 1.wait-for-dbinit container on the Deployment (the Job also needs it).README.mdunder "Upgrading".Acceptance
helm upgrade --installwith a new migration in the image runs the Job, completes, then rolls the Deployment.helm upgrade --installwith a deliberately-broken migration fails the upgrade cleanly (no partial rollout).Dependencies
corveil migratesubcommand in the binary. Follow-up in the product repo.Key files
templates/job-migrate.yaml(new)README.md(upgrading docs)