Add ci-passed release admission to decouple merges from deploy time#49
Merged
Conversation
Co-authored-by: mberman84 <mberman84@users.noreply.github.com>
…ion-ci-pass-cbd8 # Conflicts: # src/agent_merge_queue/cli.py Co-authored-by: mberman84 <mberman84@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
The release-admission hold is the biggest throughput limiter in DeployBot: after a batch merges, no newer batch is admitted until the cumulative exact-main release is fully verified live (CI → deploy → health checks). The deployment step is usually the largest chunk of that wait, so merges end up serialized behind deploy time even though the only correctness-critical gate is "don't stack new merges on red CI."
This adds an opt-in policy so teams can reopen admission as soon as exact-main CI is green, letting deploy and health checks finish in the background while the next batch merges.
What changed
pipeline.release_admissionpolicy with two values:verified(default) — unchanged behavior: wait for the cumulative release to be live before admitting the next batch.ci-passed— admit the next batch once exact-main CI passes; the deployment is still dispatched and followed, but a later reaction (or the scheduled reconciliation) carries it through to verification, records the watermark, and emits notifications.follow_releasegains anadmit_gateargument. Inci-passedmode it still dispatches the deployment atawaiting-deploy, then hands control back instead of blocking through deploy/verify. CI and deploy failures still short-circuit and pause exactly as before.command_reactuses the gate at both the start-of-reaction hold and the end-of-reaction follow.The default path is provably identical to the previous behavior: with
release_admission = "verified"the admitted-state set is{"verified"}, so the hold condition and exit check reduce to the originalverified-only logic, andadmit_gatedefaults to"verified"everywhere.Tradeoff (documented)
ci-passedtrades a larger failure blast radius for throughput: because more than one batch can land before a deploy is verified, a deploy failure can implicate multiple batches, and verification/notifications for a release may be emitted by a later reaction rather than the merging one. It suits teams with fast, reliable, cumulative deploys.Testing
python3 -m unittest discover -s tests— 248 tests pass (4 new).python3 -m ruff check .— clean.New tests cover: config parse + rejection + safe default;
follow_releasereturning at the CI-passed gate while still dispatching the deploy; the reactor admitting the next batch atawaiting-deployunderci-passed; and the reactor still holding atawaiting-deployunder the default.Note
This is independent of the delivery-health metrics PR (#47) and is branched off
main.