generated from coulomb/repo-seed
ci: harden inter-hub production smoke gate
Some checks failed
Build and Deploy / build-push-deploy (push) Failing after 4m4s
Some checks failed
Build and Deploy / build-push-deploy (push) Failing after 4m4s
This commit is contained in:
@@ -79,3 +79,14 @@ jobs:
|
|||||||
| grep -q "inter-hub" && echo "Landing page OK"
|
| grep -q "inter-hub" && echo "Landing page OK"
|
||||||
curl -s https://hub.coulomb.social/api/v2/widgets \
|
curl -s https://hub.coulomb.social/api/v2/widgets \
|
||||||
-o /dev/null -w "%{http_code}" | grep -q "401" && echo "API auth gate OK"
|
-o /dev/null -w "%{http_code}" | grep -q "401" && echo "API auth gate OK"
|
||||||
|
HUBS_STATUS=$(curl -s https://hub.coulomb.social/api/v2/hubs \
|
||||||
|
-o /dev/null -w "%{http_code}")
|
||||||
|
test "${HUBS_STATUS}" = "401" \
|
||||||
|
&& echo "Hub bootstrap auth gate OK" \
|
||||||
|
|| { echo "Expected /api/v2/hubs to return 401, got ${HUBS_STATUS}" >&2; exit 1; }
|
||||||
|
OPENAPI=$(curl -fsS https://hub.coulomb.social/api/v2/openapi.json)
|
||||||
|
for path in /hubs /hub-capability-manifests /api-consumers /policy-scopes; do
|
||||||
|
grep -q "\"${path}\"" <<< "${OPENAPI}" \
|
||||||
|
&& echo "OpenAPI path present: ${path}" \
|
||||||
|
|| { echo "OpenAPI path missing: ${path}" >&2; exit 1; }
|
||||||
|
done
|
||||||
|
|||||||
@@ -392,6 +392,13 @@ workplans, `.custodian-brief.md`, `app.toml`, `.sops.yaml`, and
|
|||||||
`deploy/railiance/**` so State Hub consistency/doc-only commits do not consume a
|
`deploy/railiance/**` so State Hub consistency/doc-only commits do not consume a
|
||||||
haskelseed build/deploy cycle.
|
haskelseed build/deploy cycle.
|
||||||
|
|
||||||
|
**Bootstrap-gate deploy note (2026-06-14):** Hardened the deployment workflow
|
||||||
|
smoke test so a production rollout only passes when `/api/v2/hubs` returns the
|
||||||
|
expected unauthenticated `401` and OpenAPI exposes `/hubs`,
|
||||||
|
`/hub-capability-manifests`, `/api-consumers`, and `/policy-scopes`. This
|
||||||
|
directly protects the ops-hub bootstrap gate instead of only checking the
|
||||||
|
landing page and generic widget auth gate.
|
||||||
|
|
||||||
### R8 — Staged deployment and smoke test
|
### R8 — Staged deployment and smoke test
|
||||||
|
|
||||||
```task
|
```task
|
||||||
|
|||||||
Reference in New Issue
Block a user