Skip to content

Commit 8e2fc60

Browse files
dforsberclaude
andcommitted
chore(release): 0.10.27 / chart 0.3.37 — regular-user SPA cred-vending fix
Re-release covering the regular-user branch of `dashboard.rs:: generate_credentials` that 0.10.26 missed. The 0.10.26 published images do still ship the superadmin-path SPA fix, but every `user_*` cred from the SPA pointed at `:5432` (the listener the chart removed), so SPA users on a fresh 0.10.26 cluster couldn't psql in. 0.10.27 has both paths going through the same broker- registry round-robin. Also bundles two pipeline-hardening commits (no behaviour change to the published binaries): - `make ec2-release` now hard-prereqs `make sync-s3` so a future build cannot compile against a stale source tarball — the failure mode that caused the 0.10.25 retraction. - Test fixture `dan@boilingdata.com` renamed to `integration-test-user@example.com` (RFC-2606 reserved domain). `scripts/reset_staging_test_users.sh` deletes every entry on every run, and the previous address was real-looking enough to shadow operator inboxes. Verified on staging: 275/275 curated tests passing; both SPA distribution tests cycle across all 3 pods (15432/15433/15434). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent 2171052 commit 8e2fc60

4 files changed

Lines changed: 25 additions & 5 deletions

File tree

CHANGELOG.md

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,26 @@ All notable changes to BoilStream will be documented in this file.
55
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
66
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
77

8+
## [0.10.27] - 2026-04-29
9+
10+
### Fixes
11+
12+
- **SPA `POST /auth/api/credentials` regular-user path was returning bare `:5432`.** 0.10.26's SPA round-robin landed on the superadmin branch only — the regular-user branch in `dashboard.rs::generate_credentials` kept the pre-fix `host: state.pgwire_host.clone()` / `port: state.pgwire_port`, so every `user_*` cred handed to the SPA pointed at `app.boilstream.com:5432`, the gateway listener the chart had just removed. The two `Json(CredentialsResponse {…})` blocks differed only in indentation (12 spaces in the superadmin nested block, 8 spaces at the function tail), which is why the original `replace_all` Edit only matched one of them. Caught when matview_stress (which registers fresh regular users) failed `Connection refused (os error 61)` on Phase 2; the existing staging guard authenticates as superadmin so it didn't see it. Added `auth::spa_credentials_distribution_test::test_spa_credentials_for_regular_user_returns_per_pod_port` to lock both paths down.
13+
14+
### Pipeline
15+
16+
- **`make ec2-release` now hard-prereqs `make sync-s3`** so the EC2 build host can't compile against a stale source tarball — the failure mode that caused the 0.10.25 retraction. `SKIP_SYNC_S3=1` bypasses for retries against an already-uploaded tarball.
17+
- **Test-fixture `dan@boilingdata.com` renamed to `integration-test-user@example.com`.** `scripts/reset_staging_test_users.sh` deletes every entry on every staging-test run; the previous address was real-looking enough to shadow operator inboxes. Reset list now carries a "RULE: only `@example.com`" comment to keep future maintainers from putting plausibly-real addresses on the auto-delete list.
18+
19+
### Stress harness
20+
21+
- `matview_stress` and `tantivy_stress` both extracted `host` from the SPA cred response but ignored `port`, so `--pgwire-port` (default 5432) was silently used. Both now read `creds["port"]` with the CLI flag as the local-dev fallback.
22+
23+
### Notes
24+
25+
- Chart version **0.3.37** tracks appVersion `0.10.27`.
26+
- Single ARM64 Docker image (`aarch64-linux-0.10.27`) plus `x64-linux-0.10.27`, both built on AWS EC2 (Graviton 2 / Intel Xeon).
27+
828
## [0.10.26] - 2026-04-28
929

1030
Re-release of 0.10.25. The `0.10.25` images on Docker Hub were built

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ See [GitHub releases](https://github.com/boilingdata/boilstream/releases) for th
4444
# Apple Silicon under Docker.
4545
# linux-x64 Linux x86_64
4646
# windows-x64 Windows
47-
# Replace {VERSION} with the latest release (see GitHub releases above, e.g. 0.10.26)
47+
# Replace {VERSION} with the latest release (see GitHub releases above, e.g. 0.10.27)
4848
curl -L -o boilstream https://www.boilstream.com/binaries/darwin-aarch64/boilstream-{VERSION}
4949
curl -L -o boilstream-admin https://www.boilstream.com/binaries/darwin-aarch64/boilstream-admin-{VERSION}
5050
chmod +x boilstream boilstream-admin

charts/boilstream/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,8 @@ description: |
66
support. Each pod participates in S3-based leader election and serves
77
per-user catalogs; failed pods are recovered from S3 backups.
88
type: application
9-
version: 0.3.36
10-
appVersion: "0.10.26"
9+
version: 0.3.37
10+
appVersion: "0.10.27"
1111
kubeVersion: ">=1.27.0"
1212
keywords:
1313
- streaming

charts/boilstream/values-hetzner-example.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
# helm install boilstream ./charts/boilstream \
1313
# -f charts/boilstream/values-hetzner-example.yaml \
1414
# --set image.repository=<your-cfcr-tenant>.europe.registry.cloudfleet.dev/boilstream \
15-
# --set image.tag=aarch64-linux-0.10.26 \
15+
# --set image.tag=aarch64-linux-0.10.27 \
1616
# --set superadmin.existingSecret=boilstream-superadmin
1717

1818
replicas: 2 # 2 nodes, 1 pod each
@@ -26,7 +26,7 @@ image:
2626
# SHA3 / SHA512 paths. There is no separate "-generic-" variant — this
2727
# is the only ARM64 image we publish.
2828
repository: docker.io/boilinginsights/boilstream
29-
tag: aarch64-linux-0.10.26
29+
tag: aarch64-linux-0.10.27
3030
pullPolicy: IfNotPresent
3131
pullSecrets: [] # Docker Hub is public; no pull secret needed
3232

0 commit comments

Comments
 (0)