Release process

Core server (`tappass/`)

main → staging is continuous. main → prod is promoted manually via a GitHub Actions workflow_dispatch.

PR merged to main
    │
    ▼
GitHub Actions: test, build image, push to Artifact Registry
    │
    ▼
Auto-deploy: Cloud Run staging (staging.tappass.ai)
    │
    ▼ (manual approval)
    │
Promote to prod (app.tappass.ai)

Promote to prod

Actions → “Deploy to prod” → Run workflow → branch: main
Pick the image tag (defaults to latest that passed staging)
Release notes auto-generated from commits since the last prod deploy
Traffic shifts in two steps: 10% → watch 5 min → 100%

Rollback

# Fast rollback via Cloud Run revisions
gcloud run services update-traffic tappass \
  --to-revisions=tappass-prev=100 \
  --region=europe-west1

Or re-run the “Deploy to prod” workflow with the previous image tag.

SDK (`tappass-sdk/`)

Manual bump + tag.

# in tappass-sdk/
uv version patch   # or minor, major
git commit -am "release: $(uv version --short)"
git tag v$(uv version --short)
git push && git push --tags

A GitHub Actions workflow triggers on tags, publishing to PyPI.

Docs (`docs/`, `docs-internal/`)

Push to main → auto-deploy to Cloudflare Pages. No manual step.

Marketing (`tappass.ai`)

Push to main → auto-deploy to Cloudflare Pages.

Changelog discipline

Customer-facing SDK changes: update CHANGELOG.md in tappass-sdk/ before tagging
Server changes that affect the API: update docs/src/content/docs/api.md
Any governance-pipeline change: update docs/src/content/docs/governance/pipeline.md

Feature flags

Non-trivial features ship behind flags. Pattern:

if config.feature_flags.new_trust_engine:
    use_new_engine()
else:
    use_legacy()

Flags configured in config/feature_flags.yaml. Kill-switches always default to the safer path.

Release process

Core server (tappass/)