diagnose and fix: removed rm for skymoney data in deploy)

2026-03-02 13:56:23 -06:00
parent 503ad3e3f8
commit cfbda7c3cd
7 changed files with 95 additions and 4 deletions
--- a/docs/production-operations-policy.md
+++ b/docs/production-operations-policy.md
@@ -0,0 +1,38 @@
+# Production Operations Policy
+
+Last updated: March 2, 2026
+
+## Purpose
+
+Prevent destructive production actions that can cause irreversible data loss.
+
+## Hard bans in production
+
+Never run these commands against production:
+
+1. `docker volume rm skymoney_pgdata`
+2. `docker compose down -v` / `docker-compose down -v`
+3. `prisma migrate reset`
+4. `prisma migrate dev`
+5. `prisma db push --accept-data-loss`
+
+## Allowed migration path
+
+1. `prisma migrate deploy` only.
+2. Mandatory pre-migration backup (`scripts/backup.sh`).
+3. DB target validation (`scripts/validate-prod-db-target.sh`).
+4. Volume guard (`scripts/guard-prod-volume.sh`).
+
+## Operator controls
+
+1. Prefer constrained sudoers permissions over broad `sudo docker`.
+2. Keep all manual production commands logged in an incident/change ticket.
+3. Require peer confirmation before any storage/volume action.
+
+## Intentional rebuild exception
+
+Only for explicit rebuild events:
+
+1. Set `ALLOW_EMPTY_PROD_VOLUME=1` for one deploy run.
+2. Record reason and approver.
+3. Reset `ALLOW_EMPTY_PROD_VOLUME=0` immediately afterward.