Fix CI build/deploy/smoke pipeline for the self-hosted qa runner (#3)
## Summary - Fix a chain of QA CI issues: Docker build/health-check flakiness, NuGet vuln pins, then adds the post-deploy integration + Playwright smoke suite and works through everything needed to make it actually run on the self-hosted `qa` runner (musl/Alpine job container, no node/dotnet/curl preinstalled, docker-outside-of-docker networking). - Adds a fixed dev/QA seed admin user + fixed Development environment API key so integration tests and e2e specs have a stable target. - Pins Aspire's `AppHost.cs` ports/credentials to match the docker-compose local dev defaults. - Adds `tests/api/MicCheck.Api.Tests.Integration` coverage for disabled flags, environment-document bootstrap, identity override precedence, auth login, and unauthorized access; adds a Playwright e2e suite under `src/admin/e2e` (login, nav, context selection, features CRUD/toggle). - Adds a `smoke-qa` CI job that runs both suites against the just-deployed QA stack, working around: no curl/node/dotnet on the bare runner, musl vs glibc (Playwright browsers run via the official `mcr.microsoft.com/playwright` image instead), and the runner's job-container network isolation (reach the QA stack via the docker bridge gateway IP; `docker cp` instead of a bind mount to get files into the playwright container, since paths don't cross the docker-outside-of-docker boundary). ## Test plan - [x] Unit tests pass (dotnet test tests/api/MicCheck.Api.Tests.Unit, 243 passed) - [x] API integration suite passes against the real QA stack in CI - [x] Playwright e2e suite passes against the real QA stack in CI (verified 3/3 locally against a real dev API + vite server for the flakiest spec) - [x] Full CI pipeline (build → deploy-qa → smoke-qa) green end to end on the qa runner Reviewed-on: #3
This commit was merged in pull request #3.
This commit is contained in:
95
tests/api/MicCheck.Api.Tests.Integration/Auth/AuthTests.cs
Normal file
95
tests/api/MicCheck.Api.Tests.Integration/Auth/AuthTests.cs
Normal file
@@ -0,0 +1,95 @@
|
||||
using System.Text.Json;
|
||||
using MicCheck.Api.Tests.Integration.Common;
|
||||
using NUnit.Framework;
|
||||
|
||||
namespace MicCheck.Api.Tests.Integration.Auth;
|
||||
|
||||
[TestFixture]
|
||||
public class AuthTests
|
||||
{
|
||||
private const string Password = "Integration!Test123";
|
||||
|
||||
private IntegrationTestSettings settings = null!;
|
||||
private TestDatabase db = null!;
|
||||
private FlagApiHttpClient client = null!;
|
||||
private AuthSeed? seed;
|
||||
|
||||
[OneTimeSetUp]
|
||||
public void OneTimeSetUp()
|
||||
{
|
||||
settings = IntegrationTestSettings.Load();
|
||||
db = new TestDatabase(settings.DbConnectionString);
|
||||
client = new FlagApiHttpClient(settings);
|
||||
}
|
||||
|
||||
[OneTimeTearDown]
|
||||
public void OneTimeTearDown() => client.Dispose();
|
||||
|
||||
[SetUp]
|
||||
public async Task SetUp()
|
||||
=> seed = await AuthSeed.InsertAsync(db, testRunTag: "Auth", password: Password);
|
||||
|
||||
[TearDown]
|
||||
public async Task TearDown()
|
||||
{
|
||||
if (seed is not null)
|
||||
{
|
||||
await seed.CleanupAsync(db);
|
||||
seed = null;
|
||||
}
|
||||
}
|
||||
|
||||
[Test]
|
||||
public async Task WhenValidCredentialsAreSubmitted_ThenLoginReturnsAnAccessToken()
|
||||
{
|
||||
var current = seed!;
|
||||
|
||||
using var response = await client.SendAsync(
|
||||
httpFile: "Auth.http",
|
||||
requestName: "Login",
|
||||
variables: new Dictionary<string, string>
|
||||
{
|
||||
["baseUrl"] = settings.BaseUrl,
|
||||
["email"] = current.Email,
|
||||
["password"] = current.Password
|
||||
});
|
||||
|
||||
var body = await response.Content.ReadAsStringAsync();
|
||||
|
||||
Assert.That(
|
||||
response.IsSuccessStatusCode,
|
||||
Is.True,
|
||||
$"POST /api/v1/auth/login returned {(int)response.StatusCode} {response.ReasonPhrase} for a valid seeded user. Body: {body}");
|
||||
|
||||
var login = JsonSerializer.Deserialize<LoginResponseDto>(body, JsonOptions)
|
||||
?? throw new InvalidOperationException("Response body was not the expected login shape.");
|
||||
|
||||
Assert.That(login.AccessToken, Is.Not.Null.And.Not.Empty);
|
||||
Assert.That(login.RefreshToken, Is.Not.Null.And.Not.Empty);
|
||||
}
|
||||
|
||||
[Test]
|
||||
public async Task WhenAnIncorrectPasswordIsSubmitted_ThenLoginIsUnauthorized()
|
||||
{
|
||||
var current = seed!;
|
||||
|
||||
using var response = await client.SendAsync(
|
||||
httpFile: "Auth.http",
|
||||
requestName: "Login",
|
||||
variables: new Dictionary<string, string>
|
||||
{
|
||||
["baseUrl"] = settings.BaseUrl,
|
||||
["email"] = current.Email,
|
||||
["password"] = "definitely-the-wrong-password"
|
||||
});
|
||||
|
||||
Assert.That(
|
||||
(int)response.StatusCode,
|
||||
Is.EqualTo(401),
|
||||
$"Expected 401 for an incorrect password, got {(int)response.StatusCode} {response.ReasonPhrase}.");
|
||||
}
|
||||
|
||||
private static readonly JsonSerializerOptions JsonOptions = new(JsonSerializerDefaults.Web);
|
||||
|
||||
private sealed record LoginResponseDto(string AccessToken, string RefreshToken, DateTime ExpiresAt);
|
||||
}
|
||||
Reference in New Issue
Block a user