Fix CI build/deploy/smoke pipeline for the self-hosted qa runner (#3)
## Summary - Fix a chain of QA CI issues: Docker build/health-check flakiness, NuGet vuln pins, then adds the post-deploy integration + Playwright smoke suite and works through everything needed to make it actually run on the self-hosted `qa` runner (musl/Alpine job container, no node/dotnet/curl preinstalled, docker-outside-of-docker networking). - Adds a fixed dev/QA seed admin user + fixed Development environment API key so integration tests and e2e specs have a stable target. - Pins Aspire's `AppHost.cs` ports/credentials to match the docker-compose local dev defaults. - Adds `tests/api/MicCheck.Api.Tests.Integration` coverage for disabled flags, environment-document bootstrap, identity override precedence, auth login, and unauthorized access; adds a Playwright e2e suite under `src/admin/e2e` (login, nav, context selection, features CRUD/toggle). - Adds a `smoke-qa` CI job that runs both suites against the just-deployed QA stack, working around: no curl/node/dotnet on the bare runner, musl vs glibc (Playwright browsers run via the official `mcr.microsoft.com/playwright` image instead), and the runner's job-container network isolation (reach the QA stack via the docker bridge gateway IP; `docker cp` instead of a bind mount to get files into the playwright container, since paths don't cross the docker-outside-of-docker boundary). ## Test plan - [x] Unit tests pass (dotnet test tests/api/MicCheck.Api.Tests.Unit, 243 passed) - [x] API integration suite passes against the real QA stack in CI - [x] Playwright e2e suite passes against the real QA stack in CI (verified 3/3 locally against a real dev API + vite server for the flakiest spec) - [x] Full CI pipeline (build → deploy-qa → smoke-qa) green end to end on the qa runner Reviewed-on: #3
This commit was merged in pull request #3.
This commit is contained in:
@@ -1,8 +1,11 @@
|
||||
name: miccheck-qa
|
||||
|
||||
# Dedicated, network-isolated QA stack. Not connected to the dev compose
|
||||
# stack's network - runs entirely on its own bridge network below, and the
|
||||
# database has no published host port.
|
||||
# stack's network - runs entirely on its own bridge network below. The API has
|
||||
# no published host port; Postgres is bound to DB_BIND_HOST (docker's bridge
|
||||
# gateway IP, computed by deploy-qa.sh) so the smoke-qa CI job - itself a
|
||||
# sibling container on that same default bridge - can seed/inspect data
|
||||
# directly, while it stays unreachable off-box (unlike binding to 0.0.0.0).
|
||||
services:
|
||||
|
||||
db:
|
||||
@@ -11,6 +14,8 @@ services:
|
||||
POSTGRES_DB: miccheck
|
||||
POSTGRES_USER: miccheck
|
||||
POSTGRES_PASSWORD: password
|
||||
ports:
|
||||
- "${DB_BIND_HOST:-127.0.0.1}:55432:5432"
|
||||
volumes:
|
||||
- miccheck-qa-pgdata:/var/lib/postgresql/data
|
||||
networks:
|
||||
@@ -36,7 +41,7 @@ services:
|
||||
db:
|
||||
condition: service_healthy
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "wget -qO- http://localhost:8080/api/v1/health 2>/dev/null || exit 1"]
|
||||
test: ["CMD-SHELL", "curl -fsS http://localhost:8080/health || exit 1"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
|
||||
Reference in New Issue
Block a user