Add service version review system (#196)

## Summary - Add `service-versions.yaml` tracking file with 33 services and upstream release URLs - Add `mise run service-review` task (Python uv script) mirroring the docs-review UX - Add `review-services` how-to article covering the review process by service type - Add `[[review-services]]` link to the how-to index Knowledge Base table ## Deployment and Testing - [x] `mise run service-review` displays 33 services, all "never reviewed" - [x] `mise run service-review -- --type ansible` filters to 7 Ansible services - [x] `mise run service-review -- --limit 5` shows 5 rows - [x] `mise run docs-check-links` — no broken wiki-links - [x] `mise run docs-check-frontmatter` — new doc passes validation - [x] All pre-commit hooks pass Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/196
2026-02-16 17:02:56 -08:00 · 2026-02-16 17:02:56 -08:00 · faf9682b55
commit faf9682b55
parent 994bed0693
8 changed files with 536 additions and 0 deletions
--- a/docs/how-to/knowledgebase/review-services.md
+++ b/docs/how-to/knowledgebase/review-services.md
@ -0,0 +1,84 @@
+---
+title: Review Services
+modified: 2026-02-16
+tags:
+  - how-to
+  - maintenance
+  - services
+---
+
+# Review Services
+
+How to periodically review BlumeOps services for version freshness and upgrade opportunities.
+
+## Review by Staleness
+
+Show services sorted by when they were last reviewed (most stale first):
+
+```bash
+mise run service-review
+```
+
+This reads the tracking file at `service-versions.yaml` (repo root) and sorts by the `last-reviewed` field. Services without a review date float to the top. The script shows a staleness table and then displays the most stale service with a review checklist.
+
+To show more entries in the table:
+
+```bash
+mise run service-review -- --limit 30
+```
+
+To filter by service type:
+
+```bash
+mise run service-review -- --type argocd
+mise run service-review -- --type ansible
+mise run service-review -- --type hybrid
+```
+
+## Review Process by Service Type
+
+### ArgoCD Services
+
+1. Check the upstream releases page for new versions
+2. Compare to the image tag or Helm chart version in `argocd/manifests/<service>/`
+3. Review the upstream changelog for breaking changes
+4. If upgrading, update the manifest and follow [[deploy-k8s-service]]
+
+### Helm Chart Services
+
+Same as ArgoCD, but also check for new chart versions in the mirrored chart repos under `argocd/manifests/<service>/charts/`.
+
+### Hybrid Services (Custom Container + ArgoCD)
+
+1. Check the upstream project for new releases
+2. Check the base image for security updates
+3. If rebuilding, follow [[build-container-image]] to tag and release
+4. Update the ArgoCD manifest with the new image tag
+
+### Ansible Services
+
+1. Check the upstream releases page for new versions
+2. Review the role's vars/defaults for version pins in `ansible/roles/<service>/`
+3. If upgrading, update the version and dry-run: `mise run provision-indri -- --tags <service> --check --diff`
+4. Follow [[add-ansible-role]] patterns for role changes
+
+## Marking a Service as Reviewed
+
+After reviewing, edit `service-versions.yaml` (repo root) and update the service entry:
+
+```yaml
+- name: prometheus
+  type: argocd
+  last-reviewed: 2026-02-16
+  current-version: "v3.9.1"
+  upstream-source: https://github.com/prometheus/prometheus/releases
+```
+
+Commit this change alongside any upgrades you make during the review.
+
+## Related
+
+- [[review-documentation]] - Periodically review documentation cards
+- [[deploy-k8s-service]] - Deploy changes to Kubernetes services
+- [[build-container-image]] - Build and release custom container images
+- [[add-ansible-role]] - Add or modify Ansible roles