39 lines
1.1 KiB
Markdown
39 lines
1.1 KiB
Markdown
# Production Operations Policy
|
|
|
|
Last updated: March 2, 2026
|
|
|
|
## Purpose
|
|
|
|
Prevent destructive production actions that can cause irreversible data loss.
|
|
|
|
## Hard bans in production
|
|
|
|
Never run these commands against production:
|
|
|
|
1. `docker volume rm skymoney_pgdata`
|
|
2. `docker compose down -v` / `docker-compose down -v`
|
|
3. `prisma migrate reset`
|
|
4. `prisma migrate dev`
|
|
5. `prisma db push --accept-data-loss`
|
|
|
|
## Allowed migration path
|
|
|
|
1. `prisma migrate deploy` only.
|
|
2. Mandatory pre-migration backup (`scripts/backup.sh`).
|
|
3. DB target validation (`scripts/validate-prod-db-target.sh`).
|
|
4. Volume guard (`scripts/guard-prod-volume.sh`).
|
|
|
|
## Operator controls
|
|
|
|
1. Prefer constrained sudoers permissions over broad `sudo docker`.
|
|
2. Keep all manual production commands logged in an incident/change ticket.
|
|
3. Require peer confirmation before any storage/volume action.
|
|
|
|
## Intentional rebuild exception
|
|
|
|
Only for explicit rebuild events:
|
|
|
|
1. Set `ALLOW_EMPTY_PROD_VOLUME=1` for one deploy run.
|
|
2. Record reason and approver.
|
|
3. Reset `ALLOW_EMPTY_PROD_VOLUME=0` immediately afterward.
|