← Back to Blog

February 2025: Portal improvements, deploy fixes, and GitHub Actions

Quantlix Team

We've shipped several improvements to the portal, deployment workflow, and CI/CD. Here's what's new.

Deployment details: Policies tab

The Policies tab under deployment details now updates correctly. We fixed two issues:

**Tab sync with URL** — The active tab (Overview, Contract, Policies, Budget, Audit) is now synced with the URL. You can share a direct link to a specific tab, and the selection persists on refresh.

**Policy configuration display** — The Policies tab now shows the full policy config from `pipeline_lock.policies` (actions, budget, preprocess_integrity, coercion). If your deployment uses the legacy format with `pipeline_lock.actions` at the top level, that's shown too. After applying an enforcement pack, the Policies tab reflects the updated config immediately.

Production deploy script

The `deploy-prod.sh` script now includes:

- **Cluster connectivity check** — Before applying manifests, the script verifies that `kubectl` can reach your cluster. If not, it exits with clear instructions to set `KUBECONFIG`.

- **`--validate=false`** — Skips OpenAPI schema validation during `kubectl apply`, which avoids "failed to download openapi" errors when validation can't reach the API server.

Make sure `KUBECONFIG` points to your cluster before running the deploy script:

export KUBECONFIG=$(pwd)/infra/terraform/kubeconfig.yaml
./scripts/deploy-prod.sh

GitHub Actions: checkout and workflow scope

**Checkout action** — We pinned `actions/checkout` to a commit SHA (`f43a0e5ff2bd294095638e18286ca9a3d1956744`) instead of a tag. This avoids "repository or version not found" errors in some environments.

**Workflow scope** — When pushing workflow files (e.g. `.github/workflows/*.yml`) with a Personal Access Token, GitHub requires the `workflow` scope. If you see "refusing to allow a Personal Access Token to create or update workflow without workflow scope", add the `workflow` scope to your PAT in GitHub Settings → Developer settings → Personal access tokens.

Favicon

The portal favicon now uses `favicon.png` from the public folder. Browsers and bookmarks will show the updated icon.