Existing coverage was one integration test and zero e2e tests. Adds the thin, high-value integration/e2e layer unit tests can't reach (real Postgres wire contract, real browser flows) and wires it as a post-deploy smoke gate. - Seed a deterministic dev/QA admin user and fixed Development env key so HTTP-only tests can authenticate without per-run registration. - Expand the API integration suite: disabled-flag, unauthorized access, environment-document bootstrap, identity-override precedence, and auth login scenarios, reusing the existing black-box HTTP+Npgsql harness. - Add a Playwright suite for the admin SPA: login, nav, project/environment context selection, and feature create/toggle, against the real API. - Bind QA Postgres to 127.0.0.1 for direct seeding, add smoke-qa.sh and an ensure_node() bootstrap (the qa runner has no Node today), and wire a new smoke-qa CI job after deploy-qa.
74 lines
2.4 KiB
YAML
74 lines
2.4 KiB
YAML
# CI/CD pipeline for MicCheck. Read by both Gitea Actions and GitHub Actions
|
|
# (both look under .github/workflows/). Every non-checkout step just invokes a
|
|
# bash script under scripts/ci/, so the entire pipeline is reproducible by
|
|
# running the same scripts locally - no marketplace build/test/push actions.
|
|
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: [main, build-runner-fix]
|
|
|
|
jobs:
|
|
build-and-push:
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
REGISTRY: ${{ secrets.REGISTRY }}
|
|
REGISTRY_OWNER: ${{ secrets.REGISTRY_OWNER }}
|
|
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
|
|
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Build
|
|
run: ./scripts/ci/build.sh
|
|
|
|
- name: Test
|
|
run: ./scripts/ci/test.sh
|
|
|
|
- name: Build Docker images
|
|
run: ./scripts/ci/docker-build.sh
|
|
|
|
- name: Push Docker images
|
|
run: ./scripts/ci/docker-push.sh
|
|
|
|
deploy-qa:
|
|
needs: build-and-push
|
|
runs-on: [self-hosted, qa]
|
|
env:
|
|
REGISTRY: ${{ secrets.REGISTRY }}
|
|
REGISTRY_OWNER: ${{ secrets.REGISTRY_OWNER }}
|
|
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
|
|
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
|
JWT_SECRET_KEY: ${{ secrets.JWT_SECRET_KEY }}
|
|
QA_ADMIN_PORT: ${{ vars.QA_ADMIN_PORT }}
|
|
steps:
|
|
# actions/checkout@v4 is a Node-based action; this runner has no node
|
|
# in PATH, so checkout plain git instead of via marketplace action.
|
|
- name: Checkout
|
|
run: |
|
|
git init -q .
|
|
git remote add origin "${{ github.server_url }}/${{ github.repository }}.git"
|
|
git -c http.extraheader="AUTHORIZATION: bearer ${{ github.token }}" fetch --depth=1 origin "${{ github.sha }}"
|
|
git checkout -q FETCH_HEAD
|
|
|
|
- name: Deploy to QA
|
|
run: ./scripts/ci/deploy-qa.sh
|
|
|
|
smoke-qa:
|
|
needs: deploy-qa
|
|
runs-on: [self-hosted, qa]
|
|
env:
|
|
QA_ADMIN_PORT: ${{ vars.QA_ADMIN_PORT }}
|
|
steps:
|
|
# actions/checkout@v4 is a Node-based action; this runner has no node
|
|
# in PATH, so checkout plain git instead of via marketplace action.
|
|
- name: Checkout
|
|
run: |
|
|
git init -q .
|
|
git remote add origin "${{ github.server_url }}/${{ github.repository }}.git"
|
|
git -c http.extraheader="AUTHORIZATION: bearer ${{ github.token }}" fetch --depth=1 origin "${{ github.sha }}"
|
|
git checkout -q FETCH_HEAD
|
|
|
|
- name: Smoke test QA deployment
|
|
run: ./scripts/ci/smoke-qa.sh
|