feat: isolate connector deps via MCP subprocess architecture #8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Helm chart | |
| on: | |
| push: | |
| branches: [main] | |
| paths: | |
| - "helm/**" | |
| - "docker/Dockerfile" | |
| pull_request: | |
| branches: [main] | |
| paths: | |
| - "helm/**" | |
| - "docker/Dockerfile" | |
| jobs: | |
| helm-chart: | |
| name: Lint & validate | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Helm | |
| uses: azure/setup-helm@v4 | |
| with: | |
| version: v3.18.0 | |
| - name: Lint chart | |
| run: helm lint helm/analytics-agent/ | |
| - name: Render templates | |
| run: | | |
| helm template test-release helm/analytics-agent/ \ | |
| --set image.repository=analytics-agent \ | |
| --set image.tag=test \ | |
| > /tmp/rendered.yaml | |
| - name: Verify port consistency (Dockerfile EXPOSE vs Helm targetPort) | |
| run: | | |
| DOCKERFILE_PORT=$(grep '^EXPOSE' docker/Dockerfile | awk '{print $2}') | |
| HELM_PORT=$(grep 'targetPort:' helm/analytics-agent/values.yaml | awk '{print $2}') | |
| echo "Dockerfile EXPOSE: $DOCKERFILE_PORT" | |
| echo "Helm targetPort: $HELM_PORT" | |
| [ "$DOCKERFILE_PORT" = "$HELM_PORT" ] || \ | |
| { echo "ERROR: port mismatch — update helm/analytics-agent/values.yaml"; exit 1; } | |
| - name: Verify hook ordering (SA and Secret weight < bootstrap Job weight) | |
| run: | | |
| pip install -q pyyaml | |
| python3 - <<'PYEOF' | |
| import sys, yaml | |
| docs = list(yaml.safe_load_all(open("/tmp/rendered.yaml"))) | |
| hooks = {} | |
| for doc in docs: | |
| if not doc: | |
| continue | |
| ann = (doc.get("metadata") or {}).get("annotations") or {} | |
| if "pre-install" in ann.get("helm.sh/hook", ""): | |
| hooks[doc["kind"]] = int(ann.get("helm.sh/hook-weight", 0)) | |
| print("Hook weights:", hooks) | |
| sa, secret, job = hooks.get("ServiceAccount"), hooks.get("Secret"), hooks.get("Job") | |
| assert sa is not None, "ServiceAccount must be a hook" | |
| assert secret is not None, "Secret must be a hook" | |
| assert job is not None, "bootstrap Job must be a hook" | |
| assert sa < job, f"ServiceAccount weight ({sa}) must be < Job ({job})" | |
| assert secret < job, f"Secret weight ({secret}) must be < Job ({job})" | |
| print("Hook ordering OK") | |
| PYEOF | |
| helm-install: | |
| name: Integration test — helm install | |
| runs-on: ubuntu-latest | |
| needs: helm-chart | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create kind cluster | |
| uses: helm/kind-action@v1 | |
| with: | |
| cluster_name: kind | |
| wait: 60s | |
| - name: Install Helm | |
| uses: azure/setup-helm@v4 | |
| with: | |
| version: v3.18.0 | |
| - name: Build image | |
| run: docker build -f docker/Dockerfile -t analytics-agent:test . | |
| - name: Load image into kind | |
| run: kind load docker-image analytics-agent:test | |
| - name: Start Postgres | |
| run: | | |
| kubectl run postgres \ | |
| --image=postgres:15 \ | |
| --env=POSTGRES_PASSWORD=secret \ | |
| --env=POSTGRES_DB=analytics \ | |
| --env=POSTGRES_USER=analytics | |
| kubectl expose pod postgres --port=5432 | |
| kubectl wait --for=condition=Ready pod/postgres --timeout=60s | |
| - name: Helm install | |
| run: | | |
| helm install aa-test helm/analytics-agent/ \ | |
| --set image.repository=analytics-agent \ | |
| --set image.tag=test \ | |
| --set image.pullPolicy=Never \ | |
| --set "config.env.DATABASE_URL=postgresql+asyncpg://analytics:secret@postgres:5432/analytics" \ | |
| --set "config.env.ENCRYPTION_KEY=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa=" \ | |
| --timeout=120s | |
| - name: Wait for deployment rollout | |
| run: kubectl rollout status deployment/aa-test-analytics-agent --timeout=120s | |
| - name: Verify /health endpoint | |
| run: | | |
| kubectl port-forward svc/aa-test-analytics-agent 8080:80 & | |
| sleep 3 | |
| curl -sf http://localhost:8080/health | |
| echo "" | |
| curl -sf http://localhost:8080/api/engines |