Skip to content

feat(upgrade): changelog + impact table + confirm + pre-flight (additive; supersedes #457)#479

Merged
pallakatos merged 1 commit into
mainfrom
feat/upgrade-changelog-impact-confirm
Jun 29, 2026
Merged

feat(upgrade): changelog + impact table + confirm + pre-flight (additive; supersedes #457)#479
pallakatos merged 1 commit into
mainfrom
feat/upgrade-changelog-impact-confirm

Conversation

@pallakatos

Copy link
Copy Markdown
Collaborator

Brings in the valuable features from the stale #457 without breaking anything in the current (v0.1.21) upgrade flow.

Why not just merge #457?

#457 was branched at v0.1.18 — before the #473 upgrade repair (rollback, value preservation, health gating, honest version detection — the fix that recovered the colleague's cluster). It's now CONFLICTING, and resolving in its favour would revert the repair. So this PR re-lands only its net-new, non-conflicting features, rebased on current main.

What's added — all read-only, write path untouched

  • Changelog summary before the confirm — annotated tag messages for the releases between current → target.
  • Impact table — reads the live cluster and lists the controller + sandboxes that will be rolling-restarted (readiness + running image).
  • Y/N confirmation before any write; auto-proceeds under --yes or a non-TTY stdin (existing automation unaffected).
  • Pre-flight node-readiness gate — hard-blocks (no changes made) only when every node is NotReady, where the upgrade would otherwise burn minutes then time out.
  • Version-detection fallback — when the controller runs :latest with no karsRelease stamp, match the running image digest to published release digests to recover the real "Current:" version. Inserted only as a new fallback — never overrides the existing image-tag / stamped-value detection.

Safety

The mutating sequence (az acr importhelm upgrade --atomic → mesh-first rolling restart → health-gated success → rollback) is byte-for-byte unchanged — verified the diff touches only comments there. Every new call is best-effort and never throws. A human confirm + pre-flight now sit in front of the unchanged, already-hardened write path.

Tests

release.test.ts +6 (releasesBetween ×3, summarizeChangelog ×3). CLI typecheck + oxlint (0 errors) + build clean; vitest 888 pass / 2 skipped. All 7 ci-gates pass locally.

Closes #457.

…t (additive, #457)

Re-lands the additive, non-conflicting parts of the stale PR #457 on top of the
current v0.1.21 hardened `kars upgrade` flow — WITHOUT touching the repaired
write path (image import → atomic Helm upgrade → mesh-first rolling restart →
health-gated success → --atomic/rollback is byte-for-byte unchanged).

New, all read-only:
- Changelog summary before the confirm: annotated tag messages for the releases
  between current and target (fetchRecentReleases/releasesBetween/fetchTagMessage
  + summarizeChangelog).
- Impact table: reads the live cluster and lists the controller + sandboxes that
  will be rolling-restarted, with readiness and running image.
- Y/N confirmation before any write; auto-proceeds under --yes or non-TTY stdin
  (existing automation unaffected).
- Pre-flight node-readiness gate: hard-blocks (no changes) only when EVERY node
  is NotReady, where the upgrade would otherwise time out + roll back.
- Version-detection fallback: when the controller runs :latest with no
  karsRelease stamp, match the running image digest to published release digests
  to recover the real "Current:" version. Inserted ONLY as a new fallback step —
  never overrides the existing image-tag or stamped-value detection.

Supersedes #457 (which was branched at v0.1.18, before the #473 upgrade repair,
and is now CONFLICTING; merging it directly would revert the repair). This brings
in just its net-new features rebased on current main, with the security-audit doc
in the tracked docs/security-audits/ folder.

Tests: release.test.ts +6 (releasesBetween x3, summarizeChangelog x3). CLI
typecheck + oxlint (0 errors) + build clean; vitest 888 pass / 2 skipped.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@pallakatos pallakatos merged commit 2e72dbd into main Jun 29, 2026
36 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant