## Summary - Fix a chain of QA CI issues: Docker build/health-check flakiness, NuGet vuln pins, then adds the post-deploy integration + Playwright smoke suite and works through everything needed to make it actually run on the self-hosted `qa` runner (musl/Alpine job container, no node/dotnet/curl preinstalled, docker-outside-of-docker networking). - Adds a fixed dev/QA seed admin user + fixed Development environment API key so integration tests and e2e specs have a stable target. - Pins Aspire's `AppHost.cs` ports/credentials to match the docker-compose local dev defaults. - Adds `tests/api/MicCheck.Api.Tests.Integration` coverage for disabled flags, environment-document bootstrap, identity override precedence, auth login, and unauthorized access; adds a Playwright e2e suite under `src/admin/e2e` (login, nav, context selection, features CRUD/toggle). - Adds a `smoke-qa` CI job that runs both suites against the just-deployed QA stack, working around: no curl/node/dotnet on the bare runner, musl vs glibc (Playwright browsers run via the official `mcr.microsoft.com/playwright` image instead), and the runner's job-container network isolation (reach the QA stack via the docker bridge gateway IP; `docker cp` instead of a bind mount to get files into the playwright container, since paths don't cross the docker-outside-of-docker boundary). ## Test plan - [x] Unit tests pass (dotnet test tests/api/MicCheck.Api.Tests.Unit, 243 passed) - [x] API integration suite passes against the real QA stack in CI - [x] Playwright e2e suite passes against the real QA stack in CI (verified 3/3 locally against a real dev API + vite server for the flakiest spec) - [x] Full CI pipeline (build → deploy-qa → smoke-qa) green end to end on the qa runner Reviewed-on: #3
74 lines
2.4 KiB
YAML
74 lines
2.4 KiB
YAML
# CI/CD pipeline for MicCheck. Read by both Gitea Actions and GitHub Actions
|
|
# (both look under .github/workflows/). Every non-checkout step just invokes a
|
|
# bash script under scripts/ci/, so the entire pipeline is reproducible by
|
|
# running the same scripts locally - no marketplace build/test/push actions.
|
|
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: [main, build-runner-fix]
|
|
|
|
jobs:
|
|
build-and-push:
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
REGISTRY: ${{ secrets.REGISTRY }}
|
|
REGISTRY_OWNER: ${{ secrets.REGISTRY_OWNER }}
|
|
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
|
|
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Build
|
|
run: ./scripts/ci/build.sh
|
|
|
|
- name: Test
|
|
run: ./scripts/ci/test.sh
|
|
|
|
- name: Build Docker images
|
|
run: ./scripts/ci/docker-build.sh
|
|
|
|
- name: Push Docker images
|
|
run: ./scripts/ci/docker-push.sh
|
|
|
|
deploy-qa:
|
|
needs: build-and-push
|
|
runs-on: [self-hosted, qa]
|
|
env:
|
|
REGISTRY: ${{ secrets.REGISTRY }}
|
|
REGISTRY_OWNER: ${{ secrets.REGISTRY_OWNER }}
|
|
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
|
|
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
|
JWT_SECRET_KEY: ${{ secrets.JWT_SECRET_KEY }}
|
|
QA_ADMIN_PORT: ${{ vars.QA_ADMIN_PORT }}
|
|
steps:
|
|
# actions/checkout@v4 is a Node-based action; this runner has no node
|
|
# in PATH, so checkout plain git instead of via marketplace action.
|
|
- name: Checkout
|
|
run: |
|
|
git init -q .
|
|
git remote add origin "${{ github.server_url }}/${{ github.repository }}.git"
|
|
git -c http.extraheader="AUTHORIZATION: bearer ${{ github.token }}" fetch --depth=1 origin "${{ github.sha }}"
|
|
git checkout -q FETCH_HEAD
|
|
|
|
- name: Deploy to QA
|
|
run: ./scripts/ci/deploy-qa.sh
|
|
|
|
smoke-qa:
|
|
needs: deploy-qa
|
|
runs-on: [self-hosted, qa]
|
|
env:
|
|
QA_ADMIN_PORT: ${{ vars.QA_ADMIN_PORT }}
|
|
steps:
|
|
# actions/checkout@v4 is a Node-based action; this runner has no node
|
|
# in PATH, so checkout plain git instead of via marketplace action.
|
|
- name: Checkout
|
|
run: |
|
|
git init -q .
|
|
git remote add origin "${{ github.server_url }}/${{ github.repository }}.git"
|
|
git -c http.extraheader="AUTHORIZATION: bearer ${{ github.token }}" fetch --depth=1 origin "${{ github.sha }}"
|
|
git checkout -q FETCH_HEAD
|
|
|
|
- name: Smoke test QA deployment
|
|
run: ./scripts/ci/smoke-qa.sh
|