EPIC: Separate deployable runtime images from CI validation environments #66

New Issue

darkhelm · 2026-06-17T19:33:30-04:00

darkhelm commented

2026-06-17 19:33:30 -04:00

Summary

Establish a CI/CD architecture where deployable backend and frontend images are minimal runtime artifacts, while checks and tests run in dedicated validation environments. Promote only validated immutable digests to staging.

Problem

Current CI and validation concerns are coupled to a CI-focused image. We need a clearer boundary between:

deployable runtime artifacts
CI tooling and validation environments

This will reduce release-image complexity, improve deploy confidence, and make digest promotion explicit.

Goals

Keep deployable backend and frontend images minimal and production-focused.
Run source-level checks independently of deployable images.
Run post-build integration and E2E checks against running runtime containers.
Promote immutable validated digests only.
Avoid rebuilding artifacts after validation passes.

Non-Goals

Full production rollout automation in this epic.
Re-architecting app behavior or feature logic.
Replacing current test frameworks.

Acceptance Criteria

Backend and frontend runtime images are independently buildable and deployable.
Source-level checks run in their own lane and gate downstream promotion.
Integration and E2E validation run against started runtime containers over network.
Staging deployment consumes immutable digests produced by validated builds.
No post-validation rebuild occurs in promotion path.

Subtickets

1. Define and lock minimal deployable backend/frontend image requirements.
2. Split CI tooling environment from deployable runtime images.
3. Establish source-level fast-check lane.
4. Add post-build black-box integration tests against runtime containers.
5. Run browser E2E from dedicated runner image against runtime services.
6. Implement digest-based artifact promotion gates.
7. Wire staging deployment to validated runtime digests only.
8. Add observability and rollback for staged digest deployments.

Dependencies

None.

Definition of Done

All subtickets are complete and acceptance criteria are met end-to-end.

## Summary Establish a CI/CD architecture where deployable backend and frontend images are minimal runtime artifacts, while checks and tests run in dedicated validation environments. Promote only validated immutable digests to staging. ## Problem Current CI and validation concerns are coupled to a CI-focused image. We need a clearer boundary between: - deployable runtime artifacts - CI tooling and validation environments This will reduce release-image complexity, improve deploy confidence, and make digest promotion explicit. ## Goals 1. Keep deployable backend and frontend images minimal and production-focused. 2. Run source-level checks independently of deployable images. 3. Run post-build integration and E2E checks against running runtime containers. 4. Promote immutable validated digests only. 5. Avoid rebuilding artifacts after validation passes. ## Non-Goals 1. Full production rollout automation in this epic. 2. Re-architecting app behavior or feature logic. 3. Replacing current test frameworks. ## Acceptance Criteria 1. Backend and frontend runtime images are independently buildable and deployable. 2. Source-level checks run in their own lane and gate downstream promotion. 3. Integration and E2E validation run against started runtime containers over network. 4. Staging deployment consumes immutable digests produced by validated builds. 5. No post-validation rebuild occurs in promotion path. ## Subtickets [1. Define and lock minimal deployable backend/frontend image requirements.](https://dogar.darkhelm.org/DarkHelm.org/plex-playlist/issues/58) [2. Split CI tooling environment from deployable runtime images.](https://dogar.darkhelm.org/DarkHelm.org/plex-playlist/issues/59) [3. Establish source-level fast-check lane.](https://dogar.darkhelm.org/DarkHelm.org/plex-playlist/issues/60) [4. Add post-build black-box integration tests against runtime containers.](https://dogar.darkhelm.org/DarkHelm.org/plex-playlist/issues/61) [5. Run browser E2E from dedicated runner image against runtime services.](https://dogar.darkhelm.org/DarkHelm.org/plex-playlist/issues/62) [6. Implement digest-based artifact promotion gates.](https://dogar.darkhelm.org/DarkHelm.org/plex-playlist/issues/63) [7. Wire staging deployment to validated runtime digests only.](https://dogar.darkhelm.org/DarkHelm.org/plex-playlist/issues/64) [8. Add observability and rollback for staged digest deployments.](https://dogar.darkhelm.org/DarkHelm.org/plex-playlist/issues/65) ## Dependencies None. ## Definition of Done All subtickets are complete and acceptance criteria are met end-to-end.

darkhelm added a new dependency 2026-06-17 19:35:39 -04:00

#58 TASK: Define and lock minimal deployable backend/frontend image requirements

darkhelm added a new dependency 2026-06-17 19:35:52 -04:00

#59 TASK: Split CI tooling environment from deployable runtime images

darkhelm added a new dependency 2026-06-17 19:36:07 -04:00

#60 TASK: Establish source-level fast-check lane

darkhelm added a new dependency 2026-06-17 19:38:28 -04:00

#61 TASK: Add post-build black-box integration tests against runtime containers

darkhelm added a new dependency 2026-06-17 19:38:42 -04:00

#62 TASK: Run browser E2E from dedicated runner image against runtime services

darkhelm added a new dependency 2026-06-17 19:38:56 -04:00

#63 TASK: Implement digest-based artifact promotion gates

darkhelm added a new dependency 2026-06-17 19:39:11 -04:00

#64 TASK: Wire staging deployment to validated runtime digests only

darkhelm added a new dependency 2026-06-17 19:39:26 -04:00

#65 TASK: Add observability and rollback for staged digest deployments

darkhelm changed title from ~~Epic: Separate deployable runtime images from CI validation environments~~ to EPIC: Separate deployable runtime images from CI validation environments

2026-06-18 11:55:30 -04:00

darkhelm added the epic label 2026-06-18 11:56:31 -04:00

darkhelm added this to the META: Plex Dynamic Realtime Playlist Generator v1 milestone 2026-06-18 11:58:32 -04:00

darkhelm added this to the Main Project Board project 2026-06-18 11:58:40 -04:00

darkhelm self-assigned this 2026-06-18 11:59:25 -04:00

darkhelm added the afk label 2026-06-18 12:05:02 -04:00

darkhelm moved this to To Do in Main Project Board on 2026-06-19 09:24:27 -04:00

darkhelm moved this to In Progress in Main Project Board on 2026-06-19 09:24:31 -04:00

darkhelm referenced this issue

2026-06-19 09:34:19 -04:00

TASK: Define and lock minimal deployable backend/frontend image requirements #58

darkhelm referenced this issue