## Summary - Fix a chain of QA CI issues: Docker build/health-check flakiness, NuGet vuln pins, then adds the post-deploy integration + Playwright smoke suite and works through everything needed to make it actually run on the self-hosted `qa` runner (musl/Alpine job container, no node/dotnet/curl preinstalled, docker-outside-of-docker networking). - Adds a fixed dev/QA seed admin user + fixed Development environment API key so integration tests and e2e specs have a stable target. - Pins Aspire's `AppHost.cs` ports/credentials to match the docker-compose local dev defaults. - Adds `tests/api/MicCheck.Api.Tests.Integration` coverage for disabled flags, environment-document bootstrap, identity override precedence, auth login, and unauthorized access; adds a Playwright e2e suite under `src/admin/e2e` (login, nav, context selection, features CRUD/toggle). - Adds a `smoke-qa` CI job that runs both suites against the just-deployed QA stack, working around: no curl/node/dotnet on the bare runner, musl vs glibc (Playwright browsers run via the official `mcr.microsoft.com/playwright` image instead), and the runner's job-container network isolation (reach the QA stack via the docker bridge gateway IP; `docker cp` instead of a bind mount to get files into the playwright container, since paths don't cross the docker-outside-of-docker boundary). ## Test plan - [x] Unit tests pass (dotnet test tests/api/MicCheck.Api.Tests.Unit, 243 passed) - [x] API integration suite passes against the real QA stack in CI - [x] Playwright e2e suite passes against the real QA stack in CI (verified 3/3 locally against a real dev API + vite server for the flakiest spec) - [x] Full CI pipeline (build → deploy-qa → smoke-qa) green end to end on the qa runner Reviewed-on: #3
92 lines
3.3 KiB
C#
92 lines
3.3 KiB
C#
using MicCheck.Api.Data;
|
|
using MicCheck.Api.Organizations;
|
|
using MicCheck.Api.Users;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.EntityFrameworkCore;
|
|
using NUnit.Framework;
|
|
|
|
namespace MicCheck.Api.Tests.Unit.Data;
|
|
|
|
[TestFixture]
|
|
public class DatabaseSeederTests
|
|
{
|
|
private MicCheckDbContext _db = null!;
|
|
private DatabaseSeeder _seeder = null!;
|
|
|
|
[SetUp]
|
|
public void SetUp()
|
|
{
|
|
var options = new DbContextOptionsBuilder<MicCheckDbContext>()
|
|
.UseInMemoryDatabase(Guid.NewGuid().ToString())
|
|
.Options;
|
|
_db = new MicCheckDbContext(options);
|
|
_seeder = new DatabaseSeeder(_db, new PasswordHasher<User>());
|
|
}
|
|
|
|
[TearDown]
|
|
public void TearDown() => _db.Dispose();
|
|
|
|
[Test]
|
|
public async Task WhenTheDatabaseIsEmpty_ThenSeedingCreatesADeterministicAdminUser()
|
|
{
|
|
await _seeder.SeedAsync();
|
|
|
|
var admin = await _db.Users.SingleOrDefaultAsync(u => u.Email == DatabaseSeeder.SeedAdminEmail);
|
|
|
|
Assert.That(admin, Is.Not.Null);
|
|
Assert.That(admin!.IsActive, Is.True);
|
|
}
|
|
|
|
[Test]
|
|
public async Task WhenTheDatabaseIsEmpty_ThenTheSeededAdminPasswordVerifiesAgainstTheKnownCredential()
|
|
{
|
|
await _seeder.SeedAsync();
|
|
|
|
var admin = await _db.Users.SingleAsync(u => u.Email == DatabaseSeeder.SeedAdminEmail);
|
|
var hasher = new PasswordHasher<User>();
|
|
|
|
var result = hasher.VerifyHashedPassword(admin, admin.PasswordHash, DatabaseSeeder.SeedAdminPassword);
|
|
|
|
Assert.That(result, Is.Not.EqualTo(PasswordVerificationResult.Failed));
|
|
}
|
|
|
|
[Test]
|
|
public async Task WhenTheDatabaseIsEmpty_ThenTheSeededAdminIsAnAdminOfTheDefaultOrganization()
|
|
{
|
|
await _seeder.SeedAsync();
|
|
|
|
var organization = await _db.Organizations.SingleAsync(o => o.Name == "Default");
|
|
var admin = await _db.Users.SingleAsync(u => u.Email == DatabaseSeeder.SeedAdminEmail);
|
|
var membership = await _db.OrganizationUsers
|
|
.SingleAsync(ou => ou.OrganizationId == organization.Id && ou.UserId == admin.Id);
|
|
|
|
Assert.That(membership.Role, Is.EqualTo(OrganizationRole.Admin));
|
|
Assert.That(membership.IsPrimary, Is.True);
|
|
}
|
|
|
|
[Test]
|
|
public async Task WhenTheDatabaseIsEmpty_ThenTheSeededDevelopmentEnvironmentHasTheFixedApiKey()
|
|
{
|
|
await _seeder.SeedAsync();
|
|
|
|
var development = await _db.Environments.SingleAsync(e => e.Name == "Development");
|
|
var staging = await _db.Environments.SingleAsync(e => e.Name == "Staging");
|
|
var production = await _db.Environments.SingleAsync(e => e.Name == "Production");
|
|
|
|
Assert.That(development.ApiKey, Is.EqualTo(DatabaseSeeder.SeedDevelopmentEnvironmentKey));
|
|
Assert.That(staging.ApiKey, Is.Not.EqualTo(DatabaseSeeder.SeedDevelopmentEnvironmentKey));
|
|
Assert.That(production.ApiKey, Is.Not.EqualTo(DatabaseSeeder.SeedDevelopmentEnvironmentKey));
|
|
}
|
|
|
|
[Test]
|
|
public async Task WhenSeedingRunsTwice_ThenItDoesNotCreateDuplicateOrganizationsOrUsers()
|
|
{
|
|
await _seeder.SeedAsync();
|
|
await _seeder.SeedAsync();
|
|
|
|
Assert.That(await _db.Organizations.CountAsync(), Is.EqualTo(1));
|
|
Assert.That(await _db.Users.CountAsync(u => u.Email == DatabaseSeeder.SeedAdminEmail), Is.EqualTo(1));
|
|
Assert.That(await _db.Environments.CountAsync(), Is.EqualTo(3));
|
|
}
|
|
}
|