fix(ci): add maintenance rollback safety net + emergency recovery workflow

zxxma · zxxma · commit b8fc93d74b85 · 2026-02-28T16:41:40.000+01:00
- deploy-prod.yml: rollback maintenance on migration failure (if: failure())
- deploy-staging.yml: same rollback safety net
- NEW emergency-clear-maintenance.yml: one-click workflow_dispatch to clear stuck maintenance mode
- CHANGELOG: document 2026-02-28 production outage and fix
diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
@@ -62,8 +62,22 @@ jobs:
           fi
 
       - name: Migrate DB
+        id: migrate
         run: TURSO_TOKEN=${{ secrets.PROD_TURSO_TOKEN }} atlas migrate apply --dir "file://migrations" --env prod
 
+      - name: Rollback maintenance on migration failure
+        if: failure() && steps.migrate.outcome == 'failure'
+        uses: appleboy/ssh-action@v1
+        with:
+          host: 62.210.92.144
+          username: root
+          key: ${{ secrets.PROD_SSH_KEY }}
+          script: |
+            set -xe
+            cd zenao
+            git restore prod.backend.docker-compose.yml
+            docker compose -f prod.backend.docker-compose.yml up -d --build backend
+
       - name: Upgrade backend
         uses: appleboy/ssh-action@v1
         with:
diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml
@@ -62,7 +62,22 @@ jobs:
           fi
 
       - name: Migrate DB
+        id: migrate
         run: TURSO_TOKEN=${{ secrets.STAGING_TURSO_TOKEN }} atlas migrate apply --dir "file://migrations" --env staging
+
+      - name: Rollback maintenance on migration failure
+        if: failure() && steps.migrate.outcome == 'failure'
+        uses: appleboy/ssh-action@v1
+        with:
+          host: 51.159.98.163
+          username: root
+          key: ${{ secrets.STAGING_SSH_KEY }}
+          script: |
+            set -xe
+            cd zenao
+            git restore staging.docker-compose.yml
+            docker compose -f staging.docker-compose.yml up -d --build backend
+
       - name: Upgrade services
         uses: appleboy/ssh-action@v1
         with:
diff --git a/.github/workflows/emergency-clear-maintenance.yml b/.github/workflows/emergency-clear-maintenance.yml
@@ -0,0 +1,55 @@
+name: Emergency Clear Maintenance
+
+on:
+  workflow_dispatch:
+    inputs:
+      target:
+        description: "Target environment"
+        required: true
+        default: "prod"
+        type: choice
+        options:
+          - prod
+          - staging
+
+jobs:
+  clear-maintenance:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Clear maintenance mode (prod)
+        if: inputs.target == 'prod'
+        uses: appleboy/ssh-action@v1
+        with:
+          host: 62.210.92.144
+          username: root
+          key: ${{ secrets.PROD_SSH_KEY }}
+          script: |
+            set -xe
+            cd zenao
+            echo "=== Before restore ==="
+            grep -n "maintenance\|command" prod.backend.docker-compose.yml || true
+            git restore prod.backend.docker-compose.yml
+            echo "=== After restore ==="
+            grep -n "maintenance\|command" prod.backend.docker-compose.yml || true
+            docker compose -f prod.backend.docker-compose.yml up -d --build backend
+            sleep 10
+            docker logs backend --tail 10
+
+      - name: Clear maintenance mode (staging)
+        if: inputs.target == 'staging'
+        uses: appleboy/ssh-action@v1
+        with:
+          host: 51.159.98.163
+          username: root
+          key: ${{ secrets.STAGING_SSH_KEY }}
+          script: |
+            set -xe
+            cd zenao
+            echo "=== Before restore ==="
+            grep -n "maintenance\|command" staging.docker-compose.yml || true
+            git restore staging.docker-compose.yml
+            echo "=== After restore ==="
+            grep -n "maintenance\|command" staging.docker-compose.yml || true
+            docker compose -f staging.docker-compose.yml up -d --build backend
+            sleep 10
+            docker logs backend --tail 10
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
 ---
 
+## [Unreleased] — Production Incident Fix & Deploy Hardening
+
+### Fixed
+- **Production outage (2026-02-28)**: Backend stuck in `--maintenance` mode after deploy #22523329085 failed at migration step — `git restore` in "Upgrade backend" never ran, leaving all RPC endpoints returning `CodeUnavailable`
+- **Deploy workflow safety net**: Added "Rollback maintenance on migration failure" step to both `deploy-prod.yml` and `deploy-staging.yml` — if migration fails, `git restore` + container rebuild runs automatically via `if: failure()`
+- **Emergency recovery workflow**: New `emergency-clear-maintenance.yml` — one-click workflow_dispatch to clear stuck maintenance mode on prod or staging via SSH
+
+---
+
 ## [Unreleased] — Repository Hygiene Sprint
 
 ### Security
