Erich Blume
6a033d55be
- Add last-reviewed date - Align service type sections with actual types (argocd/ansible/nixos) - Remove nonexistent "Helm Chart" and "Hybrid" sections - Fold custom container guidance into ArgoCD section - Reference kustomization.yaml for image tags instead of Helm charts Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2.9 KiB
| title | modified | last-reviewed | tags | |||
|---|---|---|---|---|---|---|
| Review Services | 2026-02-19 | 2026-03-07 |
|
Review Services
How to periodically review BlumeOps services for version freshness and upgrade opportunities.
Review by Staleness
Show services sorted by when they were last reviewed (most stale first):
mise run service-review
This reads the tracking file at service-versions.yaml (repo root) and sorts by the last-reviewed field. Services without a review date float to the top. The script shows a staleness table and then displays the most stale service with a review checklist.
To show more entries in the table:
mise run service-review --limit 30
To filter by service type:
mise run service-review --type argocd
mise run service-review --type ansible
mise run service-review --type hybrid
Review Process by Service Type
ArgoCD Services (type: argocd)
- Check the upstream releases page for new versions
- Compare to the image tag in
argocd/manifests/<service>/kustomization.yaml(images[].newTag) - Review the upstream changelog for breaking changes
- If the service uses a custom-built container, also check the base image for security updates and follow build-container-image to rebuild
- If upgrading, update the manifest and follow deploy-k8s-service
Ansible Services (type: ansible)
- Check the upstream releases page for new versions
- Review the role's vars/defaults for version pins in
ansible/roles/<service>/ - If upgrading, update the version and dry-run:
mise run provision-indri -- --tags <service> --check --diff - Follow add-ansible-role patterns for role changes
NixOS Services (type: nixos)
- Check the upstream project for new releases
- Review the Nix derivation or flake input for version pins
- If upgrading, update and deploy via
mise run provision-ringtail
Version Tracking Convention
The current-version field in service-versions.yaml tracks the upstream application version, not the container image tag. For services with custom-built containers, the container image tag (e.g., v1.0.0) is decoupled from the contained app version (e.g., v1.10.1). This allows container rebuilds (base image updates, build fixes) without implying an upstream version change.
Marking a Service as Reviewed
After reviewing, edit service-versions.yaml (repo root) and update the service entry:
- name: prometheus
type: argocd
last-reviewed: 2026-02-16
current-version: "v3.9.1"
upstream-source: https://github.com/prometheus/prometheus/releases
Commit this change alongside any upgrades you make during the review.
Related
- review-documentation - Periodically review documentation cards
- deploy-k8s-service - Deploy changes to Kubernetes services
- build-container-image - Build and release custom container images
- add-ansible-role - Add or modify Ansible roles