A “new version of Sourcegraph Managed Services Platform (MSP)” refers to a new version of the sg msp toolchain, which ships in sourcegraph/sg GitHub releases. This toolchain implements the CDKTF-based Terraform infrastructure manifest generation that is used to provision infrastructure for MSP services - see MSP technical details.

When the Core Services team upgrades to a new version of sg msp in sourcegraph/managed-services, we also automatically regenerate infrastructure manifests for services to match the expected output of the new version’s sg msp generate. This effectively deploys any infrastructure changes that come in the new version, so they are handled and monitored with care to minimise impact across the MSP fleet.

This document describes the change management process for MSP updates used by the team.

Rolling out upgrades

Rollouts of platform upgrades are handled in stages, grouped by Environment categories. When a new sg version is released, our upgrade automation will create PRs on sourcegraph/managed-services to deploy the new release to each environment category by updating Pinned versions (sg lockfiles).

These PRs are to be merged to test, then internal, then external (according to the expectations outlined in Environment categories) to perform a staged rollout. If issues arise at any point, the rollout is not continued, and we may revert the rollout if needed.

Additional testing environments are also available for testing changes before they get rolled out more broadly - see MSP development guide.

Environment categories

Each MSP environment is asked to declare a category in their service specification that indicates the level of stability required for the service. In order of least-expected-stability to highest-expected-stability (see Environment categories), we roll out changes to categories in the following order:

  1. test
  2. internal
  3. external

We leverage the stated category in MSP platform rollout decisions (Rolling out upgrades), so assigning the right category is very important for service operators.

Pinned versions (sg lockfiles)

In sourcegraph/managed-services, each category in Environment categories has a corresponding “lockfile” dictating the version of sg to be used to generate infrastructure for environments of that category: