Merge branch 'phase-9-release-hardening'
This commit is contained in:
commit
0ddac10c59
68
docs/RELEASE_HARDENING_CHECKLIST.md
Normal file
68
docs/RELEASE_HARDENING_CHECKLIST.md
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
# Release Hardening Checklist
|
||||||
|
|
||||||
|
This checklist is the final validation gate before shipping security and mobile API changes.
|
||||||
|
|
||||||
|
## 1) Pre-Release Validation
|
||||||
|
|
||||||
|
- [ ] Confirm target branch is up to date with `master`
|
||||||
|
- [ ] Verify no unintended files are staged (`git status --short`)
|
||||||
|
- [ ] Confirm release notes summarize risky changes (authz, API contracts, caching)
|
||||||
|
|
||||||
|
## 2) Automated Checks
|
||||||
|
|
||||||
|
Run from repository root:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
npm run typecheck:admin
|
||||||
|
npm run typecheck:mobile
|
||||||
|
npm run test:admin
|
||||||
|
```
|
||||||
|
|
||||||
|
Run mobile API-focused tests:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cd apps/mobile
|
||||||
|
npm run test -- src/api/__tests__/gyms.test.ts src/api/__tests__/recommendations.test.ts src/api/__tests__/notifications.test.ts
|
||||||
|
```
|
||||||
|
|
||||||
|
## 3) Admin Security Spot Checks
|
||||||
|
|
||||||
|
- [ ] Verify non-admin receives `403` on privileged routes
|
||||||
|
- [ ] Verify unauthenticated requests receive `401`
|
||||||
|
- [ ] Verify cross-gym actions are denied for non-superAdmin
|
||||||
|
- [ ] Verify `DELETE /api/users` blocks self-delete for admin users
|
||||||
|
- [ ] Verify recommendation approval derives approver from auth context (not request body)
|
||||||
|
|
||||||
|
## 4) Mobile Functional Smoke Checks
|
||||||
|
|
||||||
|
- [ ] Sign in as User A and load tabs/profile data
|
||||||
|
- [ ] Sign out and sign in as User B
|
||||||
|
- [ ] Confirm no User A data remains in goals, hydration, nutrition, stats, recommendations, notifications
|
||||||
|
- [ ] Confirm onboarding gym selection and profile save flow still succeed
|
||||||
|
- [ ] Confirm notifications load and unread count updates after read/delete actions
|
||||||
|
|
||||||
|
## 5) Rollback Plan
|
||||||
|
|
||||||
|
If release incidents occur:
|
||||||
|
|
||||||
|
1. Revert the release commit(s) from newest to oldest.
|
||||||
|
2. Redeploy reverted build.
|
||||||
|
3. Validate authentication and onboarding flows.
|
||||||
|
4. Post incident note with root cause and follow-up action.
|
||||||
|
|
||||||
|
Suggested rollback command pattern:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
git revert <latest_commit_sha>
|
||||||
|
git revert <previous_commit_sha>
|
||||||
|
```
|
||||||
|
|
||||||
|
## 6) Deployment Record
|
||||||
|
|
||||||
|
Capture this in PR/release notes:
|
||||||
|
|
||||||
|
- Release date/time:
|
||||||
|
- Release owner:
|
||||||
|
- Commits included:
|
||||||
|
- Validation commands run:
|
||||||
|
- Known caveats (if any):
|
||||||
Loading…
Reference in New Issue
Block a user