[Task] Define release migration squashing and baseline workflow #223
Closed
opened 2026-07-09 11:37:01 +02:00 by zemion
·
10 comments
Labels
Clear labels
area/api
HTTP API contracts, routers, schemas, or API smoke behavior.
area/auth
Authentication, sessions, access bootstrap, or login behavior.
area/db
Database sessions, models, transactions, or persistence primitives.
area/deployment
Deployment, release, operations, or runtime packaging.
area/devex
Local developer workflow, scripts, tests, tooling, or release helpers.
area/docs
Durable documentation and project guidance.
area/governance
Governance policy, audit, privacy, retention, or compliance behavior.
area/marketing
Public website, product messaging, publication copy, or legal page content.
area/migrations
Alembic migrations, schema bootstrap, or persistence evolution.
area/module-system
Module discovery, manifests, capabilities, routing, or optional integrations.
area/rbac
Permissions, roles, delegation, or authorization policy.
area/release
Versioning, release locks, tags, packaging, or dependency pins.
area/security
Security posture, static analysis, supply-chain hardening, or vulnerability remediation.
area/tenancy
Tenant boundaries, provisioning, or tenant-scoped data behavior.
area/webui
Shared WebUI shell, frontend components, routing, or frontend tests.
audit/complexity
Complexity finding from Radon, Xenon, or equivalent maintainability scans.
audit/duplication
Duplicated-code finding from jscpd or equivalent similarity scans.
audit/false-positive
Audit finding reviewed as a narrow false positive or acceptable risk.
audit/needs-design
Audit finding that needs an architectural or product decision before implementation.
audit/quick-fix
Audit finding that appears narrow and directly fixable.
audit/structural
Audit finding that needs design, refactoring, or behavior review.
codex/needs-human
Needs an explicit human decision before Codex should implement.
codex/ready
Suitable for Codex to pick up with the existing issue context.
module/access
GovOPlaN access, identity, authentication, RBAC, and administration behavior.
module/addresses
GovOPlaN Addresses module behavior or integration.
module/admin
GovOPlaN Admin module behavior or integration.
module/appointments
GovOPlaN Appointments module behavior or integration.
module/approvals
GovOPlaN Approvals module behavior or integration.
module/assets
GovOPlaN Assets module behavior or integration.
module/audit
GovOPlaN Audit module behavior or integration.
module/booking
GovOPlaN Booking module behavior or integration.
module/calendar
GovOPlaN Calendar module behavior or integration.
module/campaign
GovOPlaN campaign module behavior or integration.
module/cases
GovOPlaN Cases module behavior or integration.
module/certificates
GovOPlaN Certificates module behavior or integration.
module/committee
GovOPlaN Committee module behavior or integration.
module/connectors
GovOPlaN Connectors module behavior or integration.
module/consultation
GovOPlaN Consultation module behavior or integration.
module/contracts
GovOPlaN Contracts module behavior or integration.
module/core
GovOPlaN core runner, shared primitives, shell, or extension points.
module/dist-lists
GovOPlaN Distribution Lists module behavior or integration.
module/dms
GovOPlaN Dms module behavior or integration.
module/docs
GovOPlaN documentation layer behavior or integration.
module/erp
GovOPlaN Erp module behavior or integration.
module/evaluation
GovOPlaN Evaluation module behavior or integration.
module/facilities
GovOPlaN Facilities module behavior or integration.
module/files
GovOPlaN files module behavior or integration.
module/fit-connect
GovOPlaN Fit Connect module behavior or integration.
module/forms
GovOPlaN Forms module behavior or integration.
module/forms-runtime
GovOPlaN Forms Runtime module behavior or integration.
module/grants
GovOPlaN Grants module behavior or integration.
module/helpdesk
GovOPlaN Helpdesk module behavior or integration.
module/identity
GovOPlaN Identity module behavior or integration.
module/identity-trust
GovOPlaN Identity Trust module behavior or integration.
module/idm
GovOPlaN Idm module behavior or integration.
module/inspections
GovOPlaN Inspections module behavior or integration.
module/issue-reporting
GovOPlaN Issue Reporting module behavior or integration.
module/learning
GovOPlaN Learning module behavior or integration.
module/ledger
GovOPlaN Ledger module behavior or integration.
module/mail
GovOPlaN mail module behavior or integration.
module/notifications
GovOPlaN Notifications module behavior or integration.
module/ops
GovOPlaN Ops module behavior or integration.
module/organizations
GovOPlaN Organizations module behavior or integration.
module/payments
GovOPlaN Payments module behavior or integration.
module/permits
GovOPlaN Permits module behavior or integration.
module/policy
GovOPlaN Policy module behavior or integration.
module/poll
GovOPlaN Poll module behavior or integration.
module/portal
GovOPlaN Portal module behavior or integration.
module/postbox
GovOPlaN Postbox module behavior or integration.
module/procurement
GovOPlaN Procurement module behavior or integration.
module/records
GovOPlaN Records module behavior or integration.
module/reporting
GovOPlaN Reporting module behavior or integration.
module/resources
GovOPlaN Resources module behavior or integration.
module/risk-compliance
GovOPlaN Risk Compliance module behavior or integration.
module/scheduling
GovOPlaN Scheduling module behavior or integration.
module/search
GovOPlaN Search module behavior or integration.
module/tasks
GovOPlaN Tasks module behavior or integration.
module/templates
GovOPlaN Templates module behavior or integration.
module/tenancy
GovOPlaN Tenancy module behavior or integration.
module/transparency
GovOPlaN Transparency module behavior or integration.
module/web
GovOPlaN public website, product page, or publication content.
module/workflow
GovOPlaN Workflow module behavior or integration.
module/xoev
GovOPlaN Xoev module behavior or integration.
module/xrechnung
GovOPlaN Xrechnung module behavior or integration.
module/xta-osci
GovOPlaN Xta Osci module behavior or integration.
priority
p0
Immediate stop-the-line priority.
priority
p1
High priority for the next focused work window.
priority
p2
Normal planned priority.
priority
p3
Low priority or opportunistic cleanup.
source/backlog-import
Imported from markdown backlog, roadmap, plan, or TODO files.
source/module-roadmap
Created from GovOPlaN module and integration roadmap planning.
source/security-audit
Created from a structured security or code-quality audit report.
source/todo-scan
Imported from inline TODO/FIXME/HACK markers by the Gitea TODO importer.
status
blocked
Cannot progress without a decision, dependency, credential, or external change.
status
in-progress
Currently being worked.
status
needs-info
Needs clarifying input before implementation can proceed safely.
status
ready
Ready for implementation.
status
triage
Needs review, ownership, priority, or acceptance criteria.
type
bug
A reproducible defect, regression, or incorrect behavior.
type
debt
Cleanup, refactoring, risk reduction, or deferred engineering work.
type
docs
Documentation, process, or developer workflow work.
type
feature
New user-visible behavior or platform capability.
type
task
Implementation, maintenance, migration, or operational work.
type
user-story
End-to-end user journey or real-world process story used to steer product slices.
Milestone
No items
No Milestone
Projects
Clear projects
No project
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: add-ideas/govoplan-core#223
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Objective
Define and implement the GovOPlaN release policy for Alembic migration squashing/baselines so fresh installations do not pay for unreleased development churn, while released installations keep immutable upgrade paths.
Scope
Desired policy
Checklist
Verification Target
Implemented the first workflow slice.
Done:
Current audit result: no migration graph errors. There is intentionally no recorded release baseline yet, so strict mode fails until the first stable release baseline is created and recorded.
Verification:
Remaining work before first stable release: manually squash/review the unreleased development migrations into first public release baselines, populate docs/migration-release-baselines.json, then run the PostgreSQL release check.
Finished the helper/workflow gap items.
Implemented:
Decision: do not implement an automatic migration squash generator right now. Squashing remains a reviewed release step because generating destructive/rewrite migration history automatically is too risky for the current stage. The helper now prints the squash plan and records the reviewed outcome.
I intentionally did not record docs/migration-release-baselines.json for the current working tree. HEAD is tagged v0.1.6 but the workspace has unreleased migration changes, so stamping those heads as v0.1.6 would be misleading.
Verification:
Codex State: progress
Summary
Verification
./.venv/bin/python scripts/release-migration-audit.py --squash-plan ran./.venv/bin/python scripts/release-migration-audit.py --strict fails as expected: no released migration baseline recordedNext / Blocked
Suggested status label:
status/in-progressLinked compatibility-cleanup umbrella
add-ideas/govoplan-core#40: #40.Migration baselines/squashing define when historical compatibility code can be retired safely.
Current check after the target-state planner work:
scripts/release-migration-audit.pyreports a clean graph but no recorded release baseline.2c3d4e5f7081, mail3d4e5f708192, access4a5b6c7d8e9f, core4f2a9c8e7b6d, organizations6d7e8f9a0b1c, idm8f9a0b1c2d3e, calendar9e0f1a2b3c4d, filesa7b8c9d0e1f3.v0.1.6is not the current code state, and the workspace has unreleased planner/task-contract changes, so recording these heads as0.1.6would be wrong.Decision: the remaining checkbox is not a normal implementation slice. It is a release-freeze action: choose the first stable baseline version, decide whether to manually squash the unreleased migration chains or accept the current chains as the first public baseline, run the release checks, then record that baseline. Do not close this until that release decision is made and the real release heads are recorded.
Released v0.1.7 and recorded the migration baseline. Core was amended once before final verification so the published core v0.1.7 tag includes the catalog test expectation update for 0.1.7.
Verification:
Core remote tag refs/tags/v0.1.7 dereferences to
bfc882f.Final release refs after including the late IDM/organizations UI commits and regenerating the core release lock:
a00ef54821webui/package-lock.release.json now resolves those module commits. Final checks passed:
Addendum: govoplan-web was also tagged as tag-only for v0.1.7.
Final all-repo check: every /mnt/DATA/git/govoplan-* repository has local v0.1.7, and no repo is dirty/ahead/behind.
Implemented the v0.1.7 first-baseline migration squash. The old unreleased v0.0.0 -> v0.1.7 development chains were replaced with one reviewed baseline migration per migration owner (core, access, calendar, campaign, files, identity, idm, mail, organizations), preserving the public revision IDs. The release audit now understands Alembic depends_on dependencies, and docs/tests were updated for dependency-leaf graph heads vs per-owner heads. Verified with strict migration audit, fresh SQLite baseline migration tests for core/default/full+idm, and module-system tests.
Implemented the two-track migration policy requested after the initial v0.1.7 squash: release/default loads reviewed shortcut migrations from
versions, while explicitGOVOPLAN_MIGRATION_TRACK=devloads restored detailed chains fromdev_versions. Old development migrations were restored into dev_versions across core/access/calendar/campaign/files/identity/idm/mail/organizations; release baseline files remain in versions. The release audit now supports--track release|dev, records release baselines only on the release track, and release scripts force release-track audit. Added docs and tests for both tracks, including a dev-track catch-up migration for audit_outbox_events so dev and release fresh schemas converge. Verified with migration unit tests, release/dev audits, module-system tests, and backend smoke on the release track.