Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
102 changes: 102 additions & 0 deletions .github/ISSUE_TEMPLATE/release-readiness.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
name: Release Readiness
description: Track release-readiness gates before deploying to production.
title: "Release readiness: <version>"
labels: ["release"]
body:
- type: markdown
attributes:
value: |
Complete every section before approving production deployment.
Items marked ⛔ are **blocking** — the release cannot proceed until they are resolved.

- type: checkboxes
id: ci
attributes:
label: "CI & Quality"
options:
- label: "⛔ All CI checks pass on the release commit (build, tests, lint, type-check)"
required: true
- label: "⛔ Test coverage meets the configured bar; no unticketted skip/xfail markers"
required: true
- label: "⛔ No plaintext secrets or credentials in the diff"
required: true

- type: checkboxes
id: correctness
attributes:
label: "Code Correctness"
options:
- label: "⛔ No known correctness bugs"
required: true
- label: "⛔ All new behaviour covered by tests"
required: true
- label: "⛔ Irreversible changes have a documented rollback path"
required: true

- type: checkboxes
id: security
attributes:
label: "Security"
options:
- label: "⛔ No new security gaps introduced"
required: true
- label: "Sensitive operations are audit-logged"

- type: checkboxes
id: migrations
attributes:
label: "Database Migrations"
options:
- label: "Migrations follow expand → migrate → contract pattern"
- label: "Migrations are backward-compatible"
- label: "Rollback migration written and tested"

- type: checkboxes
id: feature_flags
attributes:
label: "Feature Flags & Progressive Rollout"
options:
- label: "Risky changes are behind a feature flag (default off)"
- label: "Kill switch available and tested"
- label: "Rollout plan defined: canary → % rollout → 100%"

- type: checkboxes
id: ops
attributes:
label: "Operational Readiness"
options:
- label: "Dashboards updated / new metrics added"
- label: "Alerts configured for new failure modes"
- label: "Runbook updated or created"
- label: "On-call team briefed"

- type: checkboxes
id: docs
attributes:
label: "Documentation & Acceptance"
options:
- label: "API docs / OpenAPI spec updated"
- label: "Release notes / CHANGELOG entry added"
- label: "Acceptance criteria verified"
- label: "Stakeholder / PM sign-off recorded"

- type: input
id: signoff
attributes:
label: Stakeholder sign-off
description: Link to approval or @mention the approver.
placeholder: "e.g. Approved by @pm in #releases — 2026-01-15"
validations:
required: true

- type: textarea
id: rollback
attributes:
label: Rollback procedure
description: Step-by-step instructions to revert this release if it fails.
placeholder: |
1. Run `./scripts/rollback.sh <previous-version>`
2. Verify health checks pass
3. Notify on-call channel
validations:
required: true
73 changes: 73 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
## What & Why

<!-- One paragraph: what changed and why. Link the related issue/story. -->

Closes #

## How to verify

<!-- Step-by-step instructions a reviewer can follow to confirm the change works. -->

1.
2.

## Risk & rollback

<!-- What could go wrong? How is this reverted if it fails in production? -->

- **Risk:**
- **Rollback:**

---

## Release-Readiness Checklist

> Complete **every** item before requesting review. Items marked ⛔ are
> merge-blocking — the PR cannot land until they are resolved.

### CI & Quality

- [ ] ⛔ All CI checks pass (build, tests, lint, type-check)
- [ ] ⛔ Test coverage meets the bar; no new `skip`/`xfail` markers without a linked ticket
- [ ] ⛔ PR diff is under 400 lines — split if larger
- [ ] ⛔ No plaintext secrets or credentials in the diff

### Code Correctness

- [ ] ⛔ No known correctness bugs introduced
- [ ] ⛔ New behaviour is covered by at least one test
- [ ] ⛔ Irreversible changes (schema drops, data migrations) have a documented rollback path

### Security

- [ ] ⛔ No new security gaps (injection, auth bypass, exposed endpoints)
- [ ] Input validated and sanitised where applicable
- [ ] Sensitive operations are audit-logged

### Database Migrations

- [ ] Migration follows expand → migrate → contract pattern
- [ ] Migration is backward-compatible with the previous deploy artifact
- [ ] Rollback migration written and tested locally

### Feature Flags & Progressive Rollout

- [ ] Risky changes are behind a feature flag (default **off**)
- [ ] Kill switch is available and tested
- [ ] Rollout plan: canary → % rollout → 100%

### Operational Readiness

- [ ] Dashboards updated / new metrics added
- [ ] Alerts configured for new failure modes
- [ ] Runbook updated or created
- [ ] On-call team briefed if behaviour changes

### Documentation & Acceptance

- [ ] API docs / OpenAPI spec updated (if endpoints changed)
- [ ] Release notes / CHANGELOG entry added
- [ ] Acceptance criteria from the story verified
- [ ] Stakeholder / PM sign-off recorded (paste link or @mention below)

**Sign-off:** <!-- @mention or link to approval -->