hitanshu/CFTunnels
1
0
Fork 0
forked from Hithomelabs/CFTunnels
Code Pull Requests Activity
003bc776cc
CFTunnels/docs/OPENREWRITE-PLAN.md

190 lines
5.5 KiB
Markdown
Raw Blame History

# OpenRewrite Monthly Rolling Updates Plan for CFTunnels
## Overview
Configuration for OpenRewrite to provide automatic monthly rolling updates for the CFTunnels Spring Boot application with safety-first approach.
## 1. Core Configuration Files to Create/Modify
### build.gradle modifications:
- Add OpenRewrite plugin
- Configure safe update recipes
- Add dependency management
- Set up monthly scheduling hook
### rewrite.yml (new file):
- Custom safety recipes for CFTunnels
- Spring Boot specific update rules
- OAuth2 and OpenAPI compatibility checks
### .gitea/workflows/rewrite-updates.yml (new workflow):
- Monthly trigger (1st of each month)
- Safe update execution
- Test validation
- Rollback mechanisms
## 2. Safety-First Update Strategy
### Monthly Update Process:
1. **Dry Run Mode** - Preview all changes without applying
2. **Compatibility Checks** - Verify Spring Boot alignment
3. **Test Suite Validation** - Run all tests before applying
4. **Staged Application** - Apply in phases with verification
5. **Automatic Rollback** - Revert if any test fails
### Update Scope (Monthly):
- ✅ Security patches (immediate priority)
- ✅ Minor version updates (Spring Boot 3.4.x → 3.5.x)
- ✅ Dependency alignment (Spring ecosystem)
- ❌ Major version updates (manual review required)
- ❌ Experimental features (disabled)
## 3. Specific Recipes for CFTunnels
### Core Recipes:
```yaml
recipeList:
- org.openrewrite.java.spring.boot3.UpgradeSpringBoot_3_5
- org.openrewrite.maven.spring.UpgradeExplicitSpringBootDependencies
- org.openrewrite.java.dependencies.UpgradeDependencyVersion:
groupId: org.springdoc
newVersion: latest.release
- org.openrewrite.java.dependencies.UpgradeDependencyVersion:
groupId: org.springframework.boot
newVersion: 3.5.x
```
### Safety Exclusions:
- Experimental Spring Boot features
- Breaking Jakarta EE changes
- Database schema migrations
- OAuth2 provider configuration changes
## 4. CI/CD Integration Plan
### New Workflow: `.gitea/workflows/rewrite-updates.yml`
- **Schedule**: Cron for monthly execution (1st of month, 2 AM UTC)
- **Triggers**: Manual dispatch for urgent security updates
- **Steps**:
1. Run `rewriteDryRun` to preview changes
2. Execute test suite with current dependencies
3. Apply updates with `rewriteRun`
4. Run full test suite again
5. Create PR with changes for review
6. Auto-merge if all tests pass
### Rollback Mechanism:
- Automatic revert if any test fails
- Previous version tagging before updates
- Deployment rollback capability
## 5. Configuration Specifics
### Critical Dependencies to Update:
- Spring Boot (3.4.5 → latest 3.5.x)
- SpringDoc OpenAPI (2.8.5 → latest compatible)
- PostgreSQL Driver (latest compatible)
- Hibernate Validator
- OAuth2 Client
### Protected Configurations:
- Cloudflare API integration
- Database connection settings
- OAuth2 provider endpoints
- Custom security configurations
## 6. Monitoring & Notification Strategy
### Pre-Update Notifications:
- 3 days before monthly update
- Preview of planned changes
- Security vulnerability summary
### Post-Update Reports:
- List of applied updates
- Test results summary
- Performance impact assessment
- Any manual intervention required
## 7. Implementation Files Summary
### Files to create:
- `rewrite.yml` - Custom recipe configuration
- `.gitea/workflows/rewrite-updates.yml` - Monthly automation
- `scripts/rewrite-safety-check.sh` - Safety validation script
### Files to modify:
- `build.gradle` - Add OpenRewrite plugin and configuration
- `docker-compose.yaml` - Add safety environment variables
### Files to create for monitoring:
- `.github/ISSUE_TEMPLATE/rollback-request.md` - Emergency rollback
- `docs/UPDATE-PROCESS.md` - Documentation
## 8. Current Project Analysis
- **Project Type**: Spring Boot 3.4.5 with Gradle build system
- **Java Version**: 17 (with toolchain)
- **CI/CD**: Gitea workflows (similar to GitHub Actions)
- **Current Dependencies**: Spring Boot starter, OAuth2, PostgreSQL, SpringDoc OpenAPI
## 9. Pending Configuration Decisions
### Security Patch Priority:
Should security patches be applied immediately (outside monthly schedule) or wait for the monthly cycle?
### Pull Request Strategy:
- Auto-merge successful updates?
- Always create PR for manual review?
- Auto-merge only for patch versions?
### Notification Method:
- Gitea notifications?
- Email summary?
- Slack/Discord integration?
### Test Validation:
- Full test suite required?
- Skip integration tests for dependency-only changes?
- Performance baseline validation?
### Backup Strategy:
- Tag before each update?
- Keep rolling history of last 3 versions?
## 10. Next Steps
Once the above decisions are made, proceed with:
1. Create all configuration files
2. Update build.gradle with OpenRewrite plugin
3. Set up monthly workflow
4. Configure safety mechanisms
5. Test dry-run execution
6. Monitor first automated update
## 11. Rollback Procedures
### Emergency Rollback:
1. Identify last working tag
2. Revert to previous version
3. Update docker-compose with rollback image tag
4. Restart services
5. Verify functionality
### Manual Override:
- Disable automatic updates temporarily
- Manual version pinning in build.gradle
- Custom update execution as needed
## 12. Success Metrics
### Metrics to Track:
- Number of successful automated updates
- Failed update rate
- Time to recovery from failed updates
- Security vulnerability reduction
- Dependency currency score
### Monitoring Alerts:
- Failed update notifications
- Security patch availability
- Breaking change warnings
- Performance regression alerts
View Git Blame Copy Permalink