Sprint 1 RC#5
Merged
Merged
Conversation
Four items surfaced during today's deploy testing that don't block the v1 tag but want to be findable next time: - §Housekeeping: script-mode discipline. New scripts/*.sh need chmod +x committed as mode 100755. Today's chart-behavior.sh permission-denied burned debug time on a fresh Mac checkout. - §Housekeeping: Python upgrade coordination. .python-version, the Dockerfile's builder FROM, and distroless's bundled Python must agree. The ARG pattern centralizes the *string* but not the underlying coupling. - §Sprint 3 Housekeeping: image-tag SHA discipline. Today's :dev tag mutation required helm uninstall + make deploy-local because helm saw an unchanged manifest. ArgoCD reconciliation + content-addressed image refs fix this naturally. - §Sprint 3 Housekeeping: wire make smoke-test into post-deploy verification. Script already exits non-zero on failure; it's gate-ready when CI grows a deployed cluster (ArgoCD post-sync, kind-in-CI). Plus a chart README callout (§MUST override): the empty-string defaults aren't placeholders to fill in, they're the schema's rejection trigger. Tooling that runs against bare defaults must pass placeholders; scripts/check-chart-behavior.sh is the canonical pattern.
Both halves of ADR-0011's contract enforcement now run in CI: - chart-schema (uv, jsonschema): validates values.schema.json is well-formed and exercises known-good / known-bad inputs through the schema validator. - chart-behavior (helm): runs helm lint + 3× helm template (1 known- good, 2 known-bad) to verify helm itself rejects const-pinned and required-field violations at template/install time. Closes both [SPRINT-1-CLEANUP] markers in the Makefile that were waiting for the corresponding ci.yml steps. azure/setup-helm pinned by SHA per ADR-0012 (v5.0.0). Dependabot tracks it automatically via the existing github-actions package-ecosystem config (counter bumped 4 → 5 in the comment). Chart enforcement now matches the local make deploy-local gate: any chart change that breaks the schema or its enforcement fails CI before landing on main.
CI's setup-uv step had no version: input, defaulting to whatever the action shipped with at run time. Dockerfiles pinned at :0.5 (stale — local install is 0.11.8). Picked one floor — 0.11 — and applied it to all four sites: both workflow files (reusable + GridStream caller's chart-schema job) and both Dockerfiles (prod + dev). Convention documented in CONTRIBUTING.md 'Tool version pinning': major.minor floor allows automatic patch updates while keeping breaking bumps explicit. Same string resolves the same way in GHA version: inputs and Docker :tag references — drift between the two is the failure mode this prevents. Closes the CI/local drift gap that would otherwise produce subtle 'works on my machine' diffs as uv evolves.
GHA's expression parser scans the entire workflow file for ${{ ... }}
syntax and validates it regardless of whether the expression is meant
as documentation or evaluation. The image-name input description used
':${{ github.sha }}' to illustrate what the build step concatenates,
but inside workflow_call.inputs the github context isn't available, so
the expression failed parsing and invalidated the whole file.
Replaced with ':<commit-sha>' placeholder. The actual github.sha
reference in the build step is unchanged (step-level context is fine).
GHA flagged Node 20 deprecation on today's CI run: forced switch to Node 24 on June 2, 2026; full removal Sept 16. Several SHA-pinned actions (checkout, setup-uv, docker/*) are still on Node 20. Existing weekly Dependabot cadence already watches them, so this is a tickler for sprint-review visibility, not new work.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pre-tag verification — do not merge until v1.0.0 is tagged.