Skip to content

docs: add operator release runbook#88

Merged
EffortlessSteven merged 1 commit into
mainfrom
docs/release-runbook
Apr 16, 2026
Merged

docs: add operator release runbook#88
EffortlessSteven merged 1 commit into
mainfrom
docs/release-runbook

Conversation

@EffortlessSteven

Copy link
Copy Markdown
Member

Summary

Adds `docs/release-runbook.md` — a one-page operator crib sheet for cutting a crates.io release train via Shipper.

Relationship to existing docs

`docs/release-v0.3.0-rc.1-manifest.md` is already a comprehensive release reference (topo order, rate-limit plan, workflow contract, `.shipper/` state persistence rules, resume discipline). This new runbook complements that — it's what an operator actually types and reads during the train:

  • pre-flight checklist (CI lanes green, rehearsal passed, crates.io status, token/Trusted Publishing)
  • exact tag-cut commands
  • stop conditions matrix (Permanent / Retryable / Ambiguous / runner death / status incident)
  • resume path (`gh workflow run release.yml --field mode=resume --field artifact_run_id=...`)
  • post-train verification (sparse-index + API + `cargo search` + scratch install)
  • containment via reverse-topological `cargo yank`

Total: ~100 lines. No code, manifest, workflow, or `Cargo.*` changes. Doc-only.

Scope / status

Deferred. Current `main` is the release-candidate baseline for the first crates.io publish wave. Per the closeout plan, no mainline changes (including this doc) land before that wave completes. This PR stays draft until post-release, same queue policy as #87.

The doc is in the right state to use during Wave 1 even without being merged: an operator can pull from this branch's tip or read it directly on the PR.

Test plan

  • Review content for accuracy against `release.yml` workflow contract and `release-v0.3.0-rc.1-manifest.md`.
  • After the first successful crates.io wave, un-draft and merge.
  • Post-merge: confirm links in the runbook resolve correctly from `main`'s `docs/` view.

One-page operator crib sheet for cutting a crates.io release train
via Shipper. Cross-references `docs/release-v0.3.0-rc.1-manifest.md`
for the deep reference detail (topo order, rate-limit plan,
workflow contract); this doc focuses on the operator's sharp edges:

- pre-flight checklist (CI, rehearsal, crates.io status, auth)
- exact tag-cut commands
- during-train stop conditions matrix
- resume via `mode=resume --field artifact_run_id=...`
- post-train verification steps
- containment via reverse-topo `cargo yank`

No code, manifest, or workflow changes. Doc-only.
@coderabbitai

coderabbitai Bot commented Apr 16, 2026

Copy link
Copy Markdown

Warning

Rate limit exceeded

@EffortlessSteven has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 40 minutes and 7 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 40 minutes and 7 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: d46848fc-480d-4d81-8bac-7dba4396b0ea

📥 Commits

Reviewing files that changed from the base of the PR and between 5beab9b and a5124d7.

📒 Files selected for processing (1)
  • docs/release-runbook.md
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch docs/release-runbook

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a comprehensive release runbook for operators using Shipper to publish crates to crates.io. The documentation covers pre-flight checks, tag creation, monitoring, error handling, and post-release verification. Feedback was provided to improve the document's maintainability and reusability by replacing hardcoded values—specifically the number of crates and the version string—with generic placeholders or descriptive phrases.

Comment thread docs/release-runbook.md
Comment on lines +17 to +18
- Trusted Publishing (preferred): the GitHub Actions OIDC path is configured for this repo on crates.io. Verify the trusted-publishing configuration for each of the 12 crates if they've been pre-registered.
- Token fallback: `CARGO_REGISTRY_TOKEN` repo secret is set with publish scope for all 12 crates.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

To improve the long-term maintainability of this runbook, consider avoiding the hardcoded number of crates (12). This number could change as the workspace evolves. A more generic phrase like "all crates in the release plan" would be more resilient to such changes. This also applies to line 78.

Suggested change
- Trusted Publishing (preferred): the GitHub Actions OIDC path is configured for this repo on crates.io. Verify the trusted-publishing configuration for each of the 12 crates if they've been pre-registered.
- Token fallback: `CARGO_REGISTRY_TOKEN` repo secret is set with publish scope for all 12 crates.
- Trusted Publishing (preferred): the GitHub Actions OIDC path is configured for this repo on crates.io. Verify the trusted-publishing configuration for each of the crates in the release plan if they've been pre-registered.
- Token fallback: `CARGO_REGISTRY_TOKEN` repo secret is set with publish scope for all crates in the release plan.

Comment thread docs/release-runbook.md
Comment on lines +26 to +27
git tag -a v0.3.0-rc.1 -m "v0.3.0-rc.1 — first public crates.io wave"
git push origin v0.3.0-rc.1

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

This runbook is very helpful, but it's tightly coupled to the v0.3.0-rc.1 release. To make it reusable for future releases, consider replacing the hardcoded version with a placeholder like <version>. You could add a note at the top for the operator to set this value.

This change would apply to several places in the document, such as lines 6, 48, 83, 95-99, and 102.

Suggested change
git tag -a v0.3.0-rc.1 -m "v0.3.0-rc.1 — first public crates.io wave"
git push origin v0.3.0-rc.1
git tag -a <version> -m "<version> — first public crates.io wave"
git push origin <version>

@EffortlessSteven EffortlessSteven marked this pull request as ready for review April 16, 2026 09:11
@EffortlessSteven EffortlessSteven merged commit bfd4e9d into main Apr 16, 2026
17 checks passed

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a5124d7605

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread docs/release-runbook.md
| `Permanent` error (auth, version conflict, manifest) | **Stop.** Fix the cause, bump version, re-tag. Do NOT retry a permanent error. |
| `Retryable` error (429, transient network) | Let the engine retry — `--max-attempts 12`, `--max-delay 15m` is configured to ride out rate-limit windows. |
| `Ambiguous` error (upload may have succeeded) | **Pause.** Query the sparse index and API directly for `<crate>@0.3.0-rc.1`. Only resume after out-of-band confirmation; see Resume below. |
| Runner dies / 180-min timeout | `.shipper/` artifact is still uploaded. Use Resume below. |

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Do not route timeout recovery to resume unconditionally

This guidance can send operators into a dead end after a mid-train timeout: in .github/workflows/release.yml, release-resume downloads only shipper-state-final, but that artifact is uploaded in the last step of publish-crates-io (after publish/verification). If the runner dies or the job times out before that step, only earlier artifacts exist, so “Use Resume below” will fail to recover state despite the table implying it always works.

Useful? React with 👍 / 👎.

Comment thread docs/release-runbook.md
Comment on lines +97 to +99
cargo yank --vers 0.3.0-rc.1 shipper-config shipper-registry
cargo yank --vers 0.3.0-rc.1 shipper-types
cargo yank --vers 0.3.0-rc.1 shipper-cargo-failure shipper-duration shipper-encrypt shipper-output-sanitizer shipper-retry shipper-sparse-index shipper-webhook

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Run cargo yank once per crate

These rollback commands pass multiple crate names to a single cargo yank invocation, which aborts the containment procedure at exactly the point it is needed most. cargo yank --help documents Usage: cargo yank [OPTIONS] [CRATE] (single crate argument), so each crate must be yanked in its own command to avoid a CLI parse error during incident response.

Useful? React with 👍 / 👎.

@codecov

codecov Bot commented Apr 16, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant