Release process
Pre-deploy checklist
Section titled “Pre-deploy checklist”- Confirm intended target environment (staging or production).
- Confirm
workers/wrangler.gateway.tomlenv block values (AUTH_WORKER_VERIFY_URL, routes, prefixes). - Confirm any
_headers/worker/config changes are reviewed as production-affecting. - Run quality gates for affected scope:
yarn workspace cosmos-digital-services lintyarn workspace cosmos-digital-services test:unit- relevant e2e and/or manual auth flow checks
- Validate docs updates for any changed command, route contract, config, or env.
Deployment sequence
Section titled “Deployment sequence”Follow Deployment guide ordering:
- Auth worker
- Gateway worker
- Astro static build/deploy + image worker
Post-deploy validation
Section titled “Post-deploy validation”/api/auth/sessionreturns JSON.- Protected routes enforce auth as expected.
- Header auth state flips Login/Logout correctly.
- Outgoing mail flow works for authenticated session.
- Image optimization routes still resolve.
- No unexpected maintenance rewrite.
Rollback trigger examples
Section titled “Rollback trigger examples”- Session endpoint wrong content/status.
- Protected-route behavior regresses.
- CSP/CORS blocks critical browser calls.
- Worker route mismatch by hostname.
First action: revert the most recent deploy layer that introduced regression (worker config, _headers, or static bundle), then re-validate.