Fix CI build/deploy/smoke pipeline for the self-hosted qa runner (#3)
All checks were successful
CI / build-and-push (push) Successful in 39s
CI / deploy-qa (push) Successful in 12s
CI / smoke-qa (push) Successful in 18s

## Summary
- Fix a chain of QA CI issues: Docker build/health-check flakiness, NuGet vuln pins, then adds the post-deploy integration + Playwright smoke suite and works through everything needed to make it actually run on the self-hosted `qa` runner (musl/Alpine job container, no node/dotnet/curl preinstalled, docker-outside-of-docker networking).
- Adds a fixed dev/QA seed admin user + fixed Development environment API key so integration tests and e2e specs have a stable target.
- Pins Aspire's `AppHost.cs` ports/credentials to match the docker-compose local dev defaults.
- Adds `tests/api/MicCheck.Api.Tests.Integration` coverage for disabled flags, environment-document bootstrap, identity override precedence, auth login, and unauthorized access; adds a Playwright e2e suite under `src/admin/e2e` (login, nav, context selection, features CRUD/toggle).
- Adds a `smoke-qa` CI job that runs both suites against the just-deployed QA stack, working around: no curl/node/dotnet on the bare runner, musl vs glibc (Playwright browsers run via the official `mcr.microsoft.com/playwright` image instead), and the runner's job-container network isolation (reach the QA stack via the docker bridge gateway IP; `docker cp` instead of a bind mount to get files into the playwright container, since paths don't cross the docker-outside-of-docker boundary).

## Test plan
- [x] Unit tests pass (dotnet test tests/api/MicCheck.Api.Tests.Unit, 243 passed)
- [x] API integration suite passes against the real QA stack in CI
- [x] Playwright e2e suite passes against the real QA stack in CI (verified 3/3 locally against a real dev API + vite server for the flakiest spec)
- [x] Full CI pipeline (build → deploy-qa → smoke-qa) green end to end on the qa runner

Reviewed-on: #3
This commit was merged in pull request #3.
This commit is contained in:
2026-07-04 18:53:05 -07:00
parent e10cba77ed
commit 1556b486d2
39 changed files with 1344 additions and 14 deletions

View File

@@ -0,0 +1,57 @@
using MicCheck.Api.Tests.Integration.Common;
using NUnit.Framework;
namespace MicCheck.Api.Tests.Integration.Flags;
[TestFixture]
public class FlagsApiAuthorizationTests
{
private IntegrationTestSettings settings = null!;
private FlagApiHttpClient client = null!;
[OneTimeSetUp]
public void OneTimeSetUp()
{
settings = IntegrationTestSettings.Load();
client = new FlagApiHttpClient(settings);
}
[OneTimeTearDown]
public void OneTimeTearDown() => client.Dispose();
[Test]
public async Task WhenNoEnvironmentKeyIsProvided_ThenTheFlagsApiReturnsUnauthorized()
{
using var response = await client.SendAsync(
httpFile: "Flags.http",
requestName: "GetFlags",
variables: new Dictionary<string, string>
{
["baseUrl"] = settings.BaseUrl,
["environmentKey"] = string.Empty
});
Assert.That(
(int)response.StatusCode,
Is.EqualTo(401),
$"Expected 401 for a missing environment key, got {(int)response.StatusCode} {response.ReasonPhrase}.");
}
[Test]
public async Task WhenAnUnknownEnvironmentKeyIsProvided_ThenTheFlagsApiReturnsUnauthorized()
{
using var response = await client.SendAsync(
httpFile: "Flags.http",
requestName: "GetFlags",
variables: new Dictionary<string, string>
{
["baseUrl"] = settings.BaseUrl,
["environmentKey"] = $"unknown_{Guid.NewGuid():N}"
});
Assert.That(
(int)response.StatusCode,
Is.EqualTo(401),
$"Expected 401 for an unrecognized environment key, got {(int)response.StatusCode} {response.ReasonPhrase}.");
}
}