max/ai-sdlc-standards
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
ai-sdlc-standards/devops/requirements.md
Max Mayfield e323c45cb0 Elevate requirements to organizational/architectural policy 
- Security: no IAM in service repos, no custom auth, no direct external calls
- Architecture: no cross-cloud SDKs, no cross-service DB access, no hardcoded tenant/env config
- DevOps: Foxtrot-compatible Helm (no custom ingress), no infra provisioning in service repos, no pinned infra versions
- Cost: resource tagging, no unbounded allocation, no per-tenant infra
- Updated checker and demo to match
- These are NOT static code analysis — they catch organizational policy violations that SonarQube/Checkstyle miss
2026-03-07 07:41:27 +00:00

2.1 KiB
Raw Permalink Blame History

DevOps Requirements

Phase: deployment Enforcement: informational

OPS-001: Foxtrot-Compatible Helm Chart

Every deployable service MUST include a Helm chart that honors the Foxtrot deployment contract.

Rule: The Helm chart must:

  • Use the standard Foxtrot base chart as a dependency (or implement its interface)
  • Expose values.yaml with the required Foxtrot parameters (replicas, resources, env, configMap references)
  • Support the standard lifecycle hooks (pre-deploy validation, health check, rollback trigger)
  • Not define its own ingress/networking — Foxtrot manages routing

Test: Validate Helm chart structure: check for Foxtrot base chart dependency, required values keys, no ingress resource definitions.

OPS-002: No Infrastructure Provisioning in Service Repos

Service repositories MUST NOT provision infrastructure (databases, queues, storage, networking). Infrastructure is managed through the dedicated infrastructure repos.

Rule: No Terraform, CloudFormation, or Pulumi resource definitions in service repos. Services declare their infrastructure dependencies in a manifest; the platform provisions them.

Test: Scan for *.tf, *.template.yaml (CFN), Pulumi.* files in service repos.

OPS-003: Standard Observability Contract

Every service MUST expose metrics, health, and readiness endpoints in the standard format.

Rule:

  • /health or /actuator/health — returns 200 when healthy
  • /ready or /actuator/ready — returns 200 when ready to accept traffic
  • Prometheus metrics endpoint at /metrics or /actuator/prometheus
  • Structured JSON logging with correlation ID propagation

Test: Check for health/ready endpoint registration in code. Verify logging config outputs JSON format.

OPS-004: No Pinned Infrastructure Versions

Service Helm charts MUST NOT pin specific infrastructure versions (database versions, queue versions, runtime versions).

Rule: Infrastructure version management is handled by the platform team. Services declare compatibility ranges, not exact versions. No image: postgres:14.2 in service charts.

Test: Scan Helm values and templates for hardcoded infrastructure image tags.

Reference in New Issue View Git Blame Copy Permalink