dimitar/fitaiProto
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Merge branch 'phase-9-release-hardening'

Browse Source
This commit is contained in:
echo 2026-03-29 15:54:11 +02:00
commit 0ddac10c59
1 changed files with 68 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
docs/RELEASE_HARDENING_CHECKLIST.md Normal file
View File

@ -0,0 +1,68 @@
# Release Hardening Checklist
This checklist is the final validation gate before shipping security and mobile API changes.
## 1) Pre-Release Validation
- [ ] Confirm target branch is up to date with `master`
- [ ] Verify no unintended files are staged (`git status --short`)
- [ ] Confirm release notes summarize risky changes (authz, API contracts, caching)
## 2) Automated Checks
Run from repository root:
```bash
npm run typecheck:admin
npm run typecheck:mobile
npm run test:admin
```
Run mobile API-focused tests:
```bash
cd apps/mobile
npm run test -- src/api/__tests__/gyms.test.ts src/api/__tests__/recommendations.test.ts src/api/__tests__/notifications.test.ts
```
## 3) Admin Security Spot Checks
- [ ] Verify non-admin receives `403` on privileged routes
- [ ] Verify unauthenticated requests receive `401`
- [ ] Verify cross-gym actions are denied for non-superAdmin
- [ ] Verify `DELETE /api/users` blocks self-delete for admin users
- [ ] Verify recommendation approval derives approver from auth context (not request body)
## 4) Mobile Functional Smoke Checks
- [ ] Sign in as User A and load tabs/profile data
- [ ] Sign out and sign in as User B
- [ ] Confirm no User A data remains in goals, hydration, nutrition, stats, recommendations, notifications
- [ ] Confirm onboarding gym selection and profile save flow still succeed
- [ ] Confirm notifications load and unread count updates after read/delete actions
## 5) Rollback Plan
If release incidents occur:
1. Revert the release commit(s) from newest to oldest.
2. Redeploy reverted build.
3. Validate authentication and onboarding flows.
4. Post incident note with root cause and follow-up action.
Suggested rollback command pattern:
```bash
git revert <latest_commit_sha>
git revert <previous_commit_sha>
```
## 6) Deployment Record
Capture this in PR/release notes:
- Release date/time:
- Release owner:
- Commits included:
- Validation commands run:
- Known caveats (if any):