Skip to main content
HomeBlogEngineering
● Engineering

Planning database upgrades without marketing the drill

A play-by-play of the scripts, rollback checks, rehearsal notes, and the evidence we want before calling an upgrade zero-downtime.

TS
Tobias Strauss
Infra lead
10 min read

Zero-downtime is a marketing word for an engineering claim that's almost never actually tested. Most upgrades succeed because they didn't surface the case the rollback was designed for. The opposite story — the upgrade hit the case and the rollback worked — is rarer and worth more.

The pieces that have to exist before you call something zero-downtime

  1. A migration runbook reviewed by someone other than the author.
  2. A rollback script that's been executed end-to-end against a production-shaped snapshot.
  3. A pre-flight script that verifies the assumed schema state before the migration runs.
  4. A canary path that lets a small percentage of traffic hit the new code before the cutover, with explicit success criteria.
  5. An evidence-collection step that writes the state before, during, and after the migration to a separate audit log.

What we've learned from doing it badly

Skip step 3 and the migration silently no-ops on a row your code thought existed. Skip step 5 and the post-mortem becomes archeology. The expensive lesson, every time, is that the runbook is the rehearsal — if it hasn't been run on a snapshot, it hasn't been written.

About PipSync

PipSync is a signal-to-execution routing platform. We do not provide investment advice, do not recommend signal sources, and do not hold client funds. Trading leveraged products involves substantial risk of loss. Read the Trust Center →

← All articlesHave feedback on this post? Get in touch →

More from the blog

Markets

Gold in 2026: every driver of the multi-year rally, ranked by durability

A long-form breakdown of why gold sits at fresh all-time highs, which drivers are structural, which are cyclical, and what would need to break for the rally to reverse. Built for traders making sizing decisions, not headline chasers.

Markets

Bitcoin's 2026 cycle, mechanically: ETF flow, on-chain supply, and the next leg

A long-form breakdown of how this Bitcoin cycle is actually different from 2017 and 2021, with the on-chain and flow data behind each claim. Built for traders sizing exposure into the back-half of the cycle.

Trading

Surviving a prop-firm challenge in 2026: rule changes, payout patterns, and what actually works

Prop firms have changed dramatically since 2023. Tightened rules, payout caps, broader instrument restrictions. A long-form breakdown of what passing — and getting paid — actually requires now.

The pip drop — weekly.

One well-edited email every Friday: the most interesting post on PipSync, one trade that caught our eye, and a link to what the team is reading. No hype, unsubscribe in one click.

4,180 subscribers · 48% open rate · zero tracking pixels