mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-07-10 00:14:38 +00:00
Refresh RC7 packet after release-gate fixes
This commit is contained in:
parent
d796928969
commit
2900e41b2d
4 changed files with 77 additions and 29 deletions
|
|
@ -4,11 +4,11 @@
|
|||
|
||||
- From tag: `v6.0.0-rc.6`
|
||||
- From commit: `c25e95cb2b071551df95c8add62773905ba0628b`
|
||||
- To validation-risk commit: `fc10de9b5477613316473267b72b05b6b2b7aaff`
|
||||
- Git range: `v6.0.0-rc.6..fc10de9b5477613316473267b72b05b6b2b7aaff`
|
||||
- Commit count: `975`
|
||||
- Date span in the range: `2026-05-27` through `2026-06-27`
|
||||
- Changed scope: `1997` files, `239625` insertions, `47030` deletions
|
||||
- To validation-risk commit: `d796928969b0b557ef5ed2d48e0e6f5e5a197df3`
|
||||
- Git range: `v6.0.0-rc.6..d796928969b0b557ef5ed2d48e0e6f5e5a197df3`
|
||||
- Commit count: `979`
|
||||
- Date span in the range: `2026-05-27` through `2026-06-28`
|
||||
- Changed scope: `2003` files, `239767` insertions, `47168` deletions
|
||||
|
||||
The final release workflow dispatch may use a later metadata-only packet
|
||||
refresh commit. That refresh is not counted as a new validation-risk commit
|
||||
|
|
@ -38,8 +38,33 @@ included commits surface deterministic capacity forecasts as finding signals,
|
|||
query capacity forecast history through the metrics target ID, and sanitize
|
||||
Patrol runtime failures in history.
|
||||
|
||||
No public issue comment, retitle, closure, release publication, or customer
|
||||
message was made as part of this packet update.
|
||||
The final RC7 release attempt exposed three release-gate issues after that
|
||||
packet refresh:
|
||||
|
||||
1. GitHub CI runners with real `/sys/block` devices could make the hostagent
|
||||
SMART no-device test observe a real disk instead of the forced no-device
|
||||
fallback.
|
||||
2. Alert manager tests could leave asynchronous active-alert/history saves
|
||||
writing into `t.TempDir()` while Go test cleanup removed the directory.
|
||||
3. The published `install.sh` end-to-end smoke on a minimal Debian systemd
|
||||
container failed with `ssh-keygen is required to verify signed Pulse release
|
||||
assets` because the root installer did not bootstrap `openssh-client` before
|
||||
signed archive verification.
|
||||
|
||||
The corrective commits harden the hostagent no-device proof, track alert save
|
||||
workers during shutdown, and make the root installer install `ca-certificates`
|
||||
and `openssh-client` alongside `curl` and `wget` while treating `jq` as the
|
||||
only optional install-time helper. The Pulse repository `WORKFLOW_PAT` Actions
|
||||
secret was also refreshed on 2026-06-28 after the downstream private Pro
|
||||
publication job failed to dispatch the existing `rcourtman/pulse-enterprise`
|
||||
`Build Pro Release` workflow with the previous token.
|
||||
|
||||
No public issue comment, retitle, closure, or customer message was made as part
|
||||
of this packet update. A failed `v6.0.0-rc.7` release workflow had already
|
||||
published the earlier draft assets before the downstream install smoke and
|
||||
private Pro handoff failures surfaced; final publication must therefore replace
|
||||
that failed public release state with assets built from the refreshed branch
|
||||
head.
|
||||
|
||||
## Verification
|
||||
|
||||
|
|
@ -57,6 +82,9 @@ message was made as part of this packet update.
|
|||
RC7 Docker-default correction
|
||||
- Release packet head refresh:
|
||||
- validation-risk commit
|
||||
`fc10de9b5477613316473267b72b05b6b2b7aaff`
|
||||
- `975` commits from `v6.0.0-rc.6`
|
||||
- `1997` files changed, `239625` insertions, `47030` deletions
|
||||
`d796928969b0b557ef5ed2d48e0e6f5e5a197df3`
|
||||
- `979` commits from `v6.0.0-rc.6`
|
||||
- `2003` files changed, `239767` insertions, `47168` deletions
|
||||
- Final installability proof:
|
||||
- `go test ./scripts/installtests -run 'TestRootInstallScript(ArchiveSupportContract|InstallsSignatureVerificationDependencies)|TestInstallShSmokeWorkflowPresent|TestCreateReleasePublishesPrivateProRuntime' -count=1`
|
||||
- `python3 scripts/release_control/contract_audit.py --check`
|
||||
|
|
|
|||
|
|
@ -38,7 +38,8 @@ prerelease before any stable v6 promotion:
|
|||
- Platform surfaces kept the v5-shaped navigation, but gained substantial
|
||||
table, drawer, filter, and action consistency work.
|
||||
- The release and install pipeline has newer branch-policy, workflow-pin,
|
||||
installer, update, and proof hardening than the shipped RC6 packet.
|
||||
installer, update, and proof hardening than the shipped RC6 packet, including
|
||||
fresh-host dependency bootstrap for signed server-installer verification.
|
||||
|
||||
## What changed since `rc.6`
|
||||
|
||||
|
|
@ -111,6 +112,8 @@ Notable release-readiness changes since RC6 include:
|
|||
- patched Go toolchain wiring for v6 release builds
|
||||
- release dry-run and promotion policy guardrail updates
|
||||
- release asset validation and installer smoke improvements
|
||||
- root server installer bootstrap of `ca-certificates` and `openssh-client`
|
||||
before signed release archive verification
|
||||
- audit log, webhook, tenant, token, and bootstrap handling fixes
|
||||
|
||||
### Monitoring and correctness fixes
|
||||
|
|
@ -131,18 +134,20 @@ refresh may be the workflow dispatch head; the validation range below is the
|
|||
code-backed release-risk range.
|
||||
|
||||
- `v6.0.0-rc.6`: `c25e95cb2b071551df95c8add62773905ba0628b`
|
||||
- validation-risk commit: `fc10de9b5477613316473267b72b05b6b2b7aaff`
|
||||
- range: `v6.0.0-rc.6..fc10de9b5477613316473267b72b05b6b2b7aaff`
|
||||
- commit count: `975`
|
||||
- changed scope: `1997` files, `239625` insertions, `47030` deletions
|
||||
- validation-risk commit: `d796928969b0b557ef5ed2d48e0e6f5e5a197df3`
|
||||
- range: `v6.0.0-rc.6..d796928969b0b557ef5ed2d48e0e6f5e5a197df3`
|
||||
- commit count: `979`
|
||||
- changed scope: `2003` files, `239767` insertions, `47168` deletions
|
||||
|
||||
The final validation-risk commits add deterministic capacity-forecast finding
|
||||
signals, correct capacity-history lookup to use the metrics target ID, and
|
||||
sanitize Patrol runtime failures in history. The earlier RC7 installability
|
||||
correction also remains in scope: repo-root Docker Compose and
|
||||
`scripts/install-docker.sh` default to `6.0.0-rc.7`, while the stable promotion
|
||||
guard stays version-aware so future `6.0.0` promotion still rejects stale
|
||||
prerelease Docker defaults.
|
||||
sanitize Patrol runtime failures in history. The release-validation fixes after
|
||||
that head harden hostagent no-device CI proof, alert shutdown/save lifecycle
|
||||
proof, and the published server installer smoke: repo-root Docker Compose and
|
||||
`scripts/install-docker.sh` default to `6.0.0-rc.7`, the stable promotion guard
|
||||
stays version-aware so future `6.0.0` promotion still rejects stale prerelease
|
||||
Docker defaults, and fresh Debian/Ubuntu/Proxmox installs bootstrap
|
||||
`openssh-client` before signature verification.
|
||||
|
||||
## Retest plan
|
||||
|
||||
|
|
@ -160,8 +165,9 @@ prerelease Docker defaults.
|
|||
discoveries.
|
||||
7. Walk Proxmox, Docker, Kubernetes, TrueNAS, vSphere, Machines, Alerts, Patrol,
|
||||
and Settings in-browser with real or representative data.
|
||||
8. Re-test release assets, checksums, signatures, installer scripts, Docker
|
||||
images, Helm smoke, and preview demo routing before publishing broadly.
|
||||
8. Re-test release assets, checksums, signatures, installer scripts on a fresh
|
||||
minimal Debian/Ubuntu-style host, Docker images, Helm smoke, and preview
|
||||
demo routing before publishing broadly.
|
||||
9. Re-test provider MSP and Cloud control-plane flows only against the governed
|
||||
staging or proof environments.
|
||||
10. Verify self-hosted commercial posture: no monitored-system cap on current
|
||||
|
|
|
|||
|
|
@ -10,7 +10,10 @@ governed `v6.0.0-rc.7` prerelease exists._
|
|||
platform-shaped top-level navigation restored in `rc.6`, but it carries a much
|
||||
larger post-RC6 branch delta across Assistant, Patrol, availability checks,
|
||||
platform-table consistency, provider MSP, commercial continuity, release
|
||||
tooling, installers, security hardening, and monitoring correctness.
|
||||
tooling, installers, security hardening, and monitoring correctness. The final
|
||||
installability fix also keeps signed release verification working on minimal
|
||||
fresh Debian/Ubuntu/Proxmox hosts by bootstrapping the package that provides
|
||||
`ssh-keygen`.
|
||||
|
||||
The branch also contains earlier `v6.0.0` stable-promotion packet work. RC7
|
||||
supersedes that operationally by keeping the next public v6 artifact on the
|
||||
|
|
@ -23,10 +26,10 @@ validation-risk range. A later packet-only refresh may be the workflow dispatch
|
|||
head; the validation range below is the code-backed release-risk range.
|
||||
|
||||
- `v6.0.0-rc.6`: `c25e95cb2b071551df95c8add62773905ba0628b`
|
||||
- validation-risk commit: `fc10de9b5477613316473267b72b05b6b2b7aaff`
|
||||
- range: `v6.0.0-rc.6..fc10de9b5477613316473267b72b05b6b2b7aaff`
|
||||
- commit count: `975`
|
||||
- changed scope: `1997` files, `239625` insertions, `47030` deletions
|
||||
- validation-risk commit: `d796928969b0b557ef5ed2d48e0e6f5e5a197df3`
|
||||
- range: `v6.0.0-rc.6..d796928969b0b557ef5ed2d48e0e6f5e5a197df3`
|
||||
- commit count: `979`
|
||||
- changed scope: `2003` files, `239767` insertions, `47168` deletions
|
||||
|
||||
Those commits are grouped here by operator-visible behavior and release risk
|
||||
instead of listed one by one.
|
||||
|
|
@ -111,6 +114,10 @@ instead of listed one by one.
|
|||
- RC7 Docker install defaults now pin the governed `6.0.0-rc.7` image in both
|
||||
the repo-root Compose sample and Docker bootstrap installer fallback, while
|
||||
keeping stable-promotion proof guarded against leftover prerelease defaults.
|
||||
- The root server installer now installs `ca-certificates` and
|
||||
`openssh-client` before signed release archive verification, so fresh
|
||||
supported hosts do not fail only because `ssh-keygen` was absent before Pulse
|
||||
installation began.
|
||||
- Installer scripts gained additional update resilience, Windows agent install
|
||||
coverage, root install tests, uninstall sensor-proxy support, and bundled
|
||||
agent installer fail-closed behavior.
|
||||
|
|
@ -144,7 +151,8 @@ instead of listed one by one.
|
|||
|
||||
- Release dry run and draft release workflow on `pulse/v6-release`.
|
||||
- Release assets, checksums, signatures, Docker image, Helm smoke, and preview
|
||||
demo routing.
|
||||
demo routing, including the published `install.sh` smoke on a minimal
|
||||
Debian-style systemd container.
|
||||
- Upgrade from v5 stable and from earlier RCs, especially `rc.2` trust-root
|
||||
continuity.
|
||||
- Patrol and Assistant with real alert/finding/resource context.
|
||||
|
|
|
|||
|
|
@ -51,6 +51,9 @@ lets operators test the current branch head without treating it as stable v6.
|
|||
Alerts, and Settings.
|
||||
- Provider MSP, Cloud, commercial continuity, installer, update, and release
|
||||
proof paths were hardened.
|
||||
- Fresh supported Debian, Ubuntu, and Proxmox installs bootstrap the
|
||||
`openssh-client` package before signed release archive verification, so
|
||||
missing `ssh-keygen` on a minimal host should not block the server installer.
|
||||
- Security and correctness fixes landed across outbound HTTP, webhooks, audit
|
||||
logging, tenant boundaries, metrics, alerts, and unified resources.
|
||||
|
||||
|
|
@ -161,7 +164,8 @@ posting.
|
|||
public self-hosted plans and no default trial pressure in normal self-hosted
|
||||
surfaces.
|
||||
13. Re-test install, update, Docker, Helm, preview demo, and release asset
|
||||
workflows before broader retesting.
|
||||
workflows before broader retesting, including the published `install.sh`
|
||||
path on a minimal Debian-style host or container.
|
||||
|
||||
## Ask for these details
|
||||
|
||||
|
|
@ -186,6 +190,8 @@ When a user reports an `rc.7` problem, ask for:
|
|||
Escalate without asking the user to keep experimenting when the report involves:
|
||||
|
||||
- failed install or failed upgrade with no recovery path
|
||||
- `ssh-keygen is required to verify signed Pulse release assets` on a fresh
|
||||
supported Debian, Ubuntu, or Proxmox server install
|
||||
- stable install path unexpectedly landing on a v6 prerelease
|
||||
- duplicate or missing agent identity after a v5-to-v6 upgrade
|
||||
- hosted, checkout, magic-link, SSO, webhook, token, or tenant access granted
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue