Release v0.75.1

Release v0.75.1 — HA regression coverage + website copy + billing-block restoration

Date: 2026-04-22 Tag: v0.75.1

Summary

Operational-follow-through patch. Commits since v0.75.0 cover four workstreams: automated HA regression coverage for the previously-deferred schedule-fires-once check, website copy hygiene (Enterprise engagement shape, hero metric strip, contact + security coordination), restoration of CI/Release under the cleared GitHub Actions billing block, and the bundle of CI fixes that re-running CI after 5+ weeks of disabled signal surfaced (turbo typecheck dep, Windows NSIS PATH propagation, SQL Server GO batch handling, stale editor e2e selector).

No public-API surface changes. No breaking changes. No new features. Routes, schemas, status codes, CLI shapes, and installer layout are all untouched. This is a patch release covering infrastructure + copy only.

This is the first release to ship under restored CI signal since the 2026-04-19 Actions billing block. The CI and Release workflows were re-enabled for this release; the ha-nightly workflow landed + ran green end-to-end (run 24750139850, 15m13s) as the billing-restoration proof before the version was bumped.

What shipped

1. Automated HA regression coverage

Run 1 (recorded in v0.74.0, 2026-04-21) closed 3/6 HA checks PASS, 2/6 deferred, 1/6 N/A. v0.75.0 shipped reproducible drivers for the two deferred checks. v0.75.1 turns Check 2 — schedule fires exactly once across replicas — into continuous coverage.

.github/workflows/ha-nightly.yml — nightly at 14:00 UTC + manual workflow_dispatch. Single job ha-check-2 on ubuntu-latest, timeout-minutes: 25. Mirrors the docker-build-smoke pattern at .github/workflows/ci.yml:319-413: local image build (GHA layer cache), ephemeral secrets generated into $GITHUB_ENV (no .env.ha file), boots docker-compose.ha.yml -f docker-compose.ha.ci.yml, probes each replica individually via docker compose exec ... wget -q --spider /health/ready (nginx in the HA stack has no upstream health awareness — LB-only probing is a blind spot), runs pnpm ha:check-2, always uploads compose logs as a 7-day artifact, always tears down with down -v.
docker-compose.ha.ci.yml — minimal CI-only override adding SCHEDULE_ENABLED: "true" to api1 and api2. The base docker-compose.ha.yml intentionally leaves SCHEDULE_ENABLED unset (default false per apps/api/src/config.ts line 548–552) so operators opt in explicitly. This override must not be used in production.
Run 2 entry in docs/ha-validation-report.md — Run 1 preserved as frozen historical record; Run 2 (2026-04-22) records Check 2 as PASS-automated with the CI run URL as evidence. Check 6 (API-key rotation) stays DEFERRED — no driver script yet; playbook remains at “How to drive the checks > Check 6” plus docker-compose.ha.override.yml.example.

First green run: 24750139850, 2026-04-22, 15m13s, on commit 5eb1a68.

Why a separate CI-only override instead of flipping the default: production operators who run the reference HA stack should not inherit a hot scheduler they didn’t opt into. Keeping SCHEDULE_ENABLED off in the base compose matches the config default and the explicit opt-in documented in docs/deployment-guide.md. The CI needs it on; operators do not.

Why wget and not curl: the runtime image ships wget (Dockerfile:176) and intentionally does NOT ship curl (Dockerfile:236 comment). A curl-based readiness probe would have failed for the wrong reason.

2. Website copy hygiene

Four commits tightening marketing-surface copy; no functional change.

Enterprise pricing band + FAQ (apps/website/src/pages/pricing.astro) — added an explicit engagement-shape paragraph so prospects land with accurate expectations: onboarding is a 6–12 week SOW-scoped hardening engagement covering HA topology validation, tenant provisioning, and (for multi-region) region-by-region cutover. Multi-region runs as independent deployments per region, each with its own Postgres and object store; Pulp Engine does not replicate data across regions, so cross-region orchestration stays with the buyer’s infrastructure team. Pricing unchanged (USD $15K/year floor, “From · quote-based” framing).
Hero metric strip — swapped the isolation-modes chip for an SDK-breadth chip. Reflects the four first-party SDKs (TypeScript, Python, .NET, Go) now landed and in lockstep via scripts/check-version.mjs.
Contact routing — consolidated support + security contact on troy@tksolutions.co.nz (single inbox). Fixed canonical domain on several marketing pages. Dead-end GitHub links removed; evaluation-installer downloads switched to an email-gate.
RFC 9116 /.well-known/security.txt — disclosure coordination repointed at pulpengine.dev; dead GitHub URLs dropped.

3. Billing-block restoration

The GitHub Actions billing block tracked from 2026-04-19 was cleared before this release. Verification path: workflow_dispatch on .github/workflows/ha-nightly.yml was accepted, a runner assigned, and the job completed success in 15m13s. This is the first post-block successful run and the end-to-end proof.

Consequence for this release: v0.75.1 ships with CI signal, and with a functioning release.yml publish path to GHCR. The docs/runbooks/ghcr-republish.md playbook for post-billing republish is unblocked but is operator-gated against prior unpublished tags; this release follows the standard push-tag → Release workflow path, not the republish runbook.

4. CI fixes surfaced by the resumed signal

Re-running CI after five-plus weeks of disabled signal surfaced four pre-existing issues that had landed in prior un-CI-verified releases and would otherwise have silently broken the tag-time pipeline. All four are landed in this release.

turbo.json typecheck dep — changed typecheck.dependsOn from ["^typecheck"] to ["^build"]. Upstream typecheck scripts run tsc --noEmit and produce no dist/*.d.ts, so downstream packages (e.g. @pulp-engine/plugin-testing) could not resolve workspace imports like @pulp-engine/plugin-api whose package.json#exports["."].types points at ./dist/index.d.ts. Local typechecks were hiding the issue via stale dist/ from prior builds; a fresh CI checkout hit it immediately. The fix adds one cheap full build pass to the typecheck chain (~20s local, single-digit minutes on CI) and has been kept minimal on purpose — a future follow-up could expose source paths through typesVersions so typecheck does not require a prior build, but the present fix is the lowest-risk path to green.
CI Windows installer — NSIS PATH — choco install nsis -y --no-progress installs NSIS but chocolatey does not propagate PATH across GitHub Actions steps. The next step (./installer/build.ps1) then failed with makensis not found on PATH. Fixed by appending C:\Program Files (x86)\NSIS to $env:GITHUB_PATH in the install step. This is the standard GHA pattern; no third-party action introduced.
SQL Server migration runner — GO batch handling — the mssql npm driver does not understand GO (it is a sqlcmd/SSMS client-side batch delimiter, not part of the SQL Server wire protocol). Migration 006_add_tenant_primitive.sql uses GO extensively because later batches reference columns added in earlier batches (ALTER TABLE ADD tenant_id → UPDATE ... SET tenant_id = ... → ALTER COLUMN ... NOT NULL → ADD CONSTRAINT FK_...). The runner at apps/api/src/scripts/migrate-sqlserver.ts now splits each migration file on /^\s*GO\s*$/im and executes each non-empty batch within the same transaction. Migrations 001–005 do not use GO and are unchanged in behaviour. Root cause had been present since C.0 Stage 1 shipped (2026-04-11) — SQL Server CI has not exercised it in production flow since. Surfaced here as the first full CI run post-billing-block.
Editor auth E2E — stale More actions selector — apps/editor/e2e/auth-flows.spec.ts line 182-184 opened Version History via a “More actions” dropdown that no longer contains a History entry. The Version History action is a top-level toolbar button (aria-label="Version history") in apps/editor/src/components/shell/EditorHeader.tsx line 320–335, visible whenever the current template is an API template (which the test fixture is). The test selector has been updated. Not a product regression — only the e2e was stale relative to the shell decomposition work.

Operational status

CI + Release workflows re-enabled. Previously disabled_manually during the billing block. State change is tracked in internal operations notes (not in repo).
Node.js 20 deprecation warning surfaced by GitHub on the standard actions: actions/checkout@v4, setup-node@v4, upload-artifact@v4, docker/build-push-action@v6, docker/setup-buildx-action@v3, pnpm/action-setup@v4. Forced flip to Node.js 24 default on 2026-06-02; Node.js 20 removed 2026-09-16. Bump action versions repo-wide before then (non-blocking for this release).
HA Run 2 is partially complete. Check 2 (schedule fires exactly once) is now continuous via ha-nightly. Check 6 (API-key rotation) stays DEFERRED — no driver script yet. Writing one + extending the workflow is a follow-up.
No tenant hard-delete, no cross-tenant audit API, no batch-job durability across pod restarts, no named SLAs. These remain the Enterprise-tier capabilities documented as operator-SOW work in apps/website/src/pages/pricing.astro and the buyer-audit findings; none are in scope for this patch.

Verification done locally before tag

pnpm lint — 22/22 successful (all packages)
pnpm typecheck — 27/27 successful (0 errors, 0 warnings, 2 pre-existing hints in apps/website/src/pages/index.astro)
node scripts/check-version.mjs — lockstep across root, apps/api, apps/editor, apps/preview, packages/sdk-typescript, packages/template-model, packages/sdk-python, packages/sdk-dotnet, packages/sdk-go; CHANGELOG section + link for 0.75.1; docs/release-v0.75.1.md present

CI and Release run end-to-end on the tag push (ubuntu + Windows coverage, Docker image smoke, SDK spec freshness, installer build, eval-bundle, trivy scan, cosign signature, SBOMs, GitHub Release assets). Any failure blocks downstream publish.

← Back to releases