Back to docs
Recipe

Rolling deployment

Ship Nimbus updates to a fraction of your fleet, validate health, then expand the rollout — all without downtime or manual toggles.

Overview

A rolling deploy gradually replaces old loader instances with a new signed payload. Meridian's CDN serves multiple version slots; the updater respects a rollout-percent flag so only the target cohort fetches the candidate build.

Steps

  1. Stage the candidate. Push the new signed payload to the CDN under a versioned prefix (e.g. /payloads/v2.4.1/).
  2. Set rollout percent. In the Meridian dashboard, set the rollout slider to 10%. The updater will serve the candidate to 10% of clients based on a deterministic hash of their license key.
  3. Monitor health. Watch crash rates, license-check success, and heartbeat pings for the candidate cohort. Keep the window tight — 15 minutes is a good starting point.
  4. Expand or roll back. If metrics are clean, bump to 50%, then 100%. If anomalies appear, drag the slider to 0% — clients revert to the stable payload on their next check-in.

Safety guarantees

  • The loader verifies the Ed25519 signature of every payload before execution — a corrupt or tampered candidate will never run.
  • The offline grace cache retains the last-known-good payload. If the candidate fails to start, the loader falls back without phoning home.
  • Rollout percent is evaluated client-side via HMAC-tagged manifest, so the CDN cannot silently widen the blast radius.

Dashboard controls

The Deployments page exposes a real-time slider, per-cohort metrics, and a one-click rollback button. Every change is audit-logged to Upstash KV so you can reconstruct the rollout timeline later.