SMOODEV-1792: add PR-checks CI (construct typecheck + helm lint/render/kubeconform)#2
Merged
Merged
Conversation
…r/kubeconform)
The release workflow deliberately skips typechecking the SST constructs (they need
`sst install` for the ambient sst/$util/aws globals). This adds the proper gate
on every PR + push to main:
- constructs: pnpm install + sst install (creds-free, generates .sst/platform
ambient types) + tsc --noEmit
- helm-chart: helm lint + render smoke (defaults + a consumer overlay) +
kubeconform schema validation (skips the ExternalSecret CRD)
Self-tests on this PR. Hardens the chart/construct work shipped under SMOODEV-1790.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
brentrager
added a commit
that referenced
this pull request
Jun 11, 2026
…(0.1.5) (#4) Stage C Phase 1 dogfood #2: the construct forwarded the VIEWER Host (allViewerAndWhitelistCloudFront) to the origin, but an EKS ALB Ingress routes by a fixed origin host (`host: web-origin.example.com`). So CloudFront sent `Host: web-next.smoo.ai`, matched no Ingress rule, and the ALB returned 404. (The live apex works only because sst.aws.Router rewrites Host to the origin.) Default the dynamic behavior to the AWS-managed `Managed-AllViewerExceptHostHeader` policy — forwards all cookies/auth/qs but NOT Host, so CloudFront sends the origin's host and the ALB routes correctly. Add `forwardViewerHost?: boolean` (default false) to opt back into viewer-host forwarding for host-agnostic origins. Also fixes the same 404 the Phase 2 apex swap would have hit. Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a PR-checks workflow for @smooai/deploy — the gate the release workflow explicitly defers.
Jobs:
pnpm install→pnpm sst install(creds-free; generates the.sst/platformambientsst/$util/awstypes the constructs reference) →tsc --noEmit.helm lint+ render smoke (defaults + a representative consumer overlay) +kubeconformschema validation (skips theExternalSecretCRD).Verified locally: constructs typecheck clean, chart renders all 8 resources (
--output-dir), helm lint clean. Self-tests on this PR. Hardens the chart enhancements (hpa.behavior,revisionHistoryLimit, PDB policy) + the cdk8s.Helm dogfood shipped under SMOODEV-1790.🤖 Generated with Claude Code