Files
plex-playlist/docs/DEPLOYABLE_RUNTIME_CONTRACT.md
Xlorep DarkHelm 1f6cafa1bc
Some checks failed
CICD Start / Sanity and Base Decision (push) Failing after 11m34s
Renovate Dependency Updates / Renovate Dependencies (push) Failing after 10m12s
TASK: Replace integration lane with post-build backend runtime black-box tests (#72)
## Summary

Replace the existing source-context integration lane with backend runtime black-box integration checks that run against started deployable containers.

This change wires deployable backend image references (both commit tag and immutable digest) from the build workflow into the tests workflow, then validates runtime behavior over network endpoints.

## Why

Integration confidence should come from testing running service artifacts, not only source-mounted or in-process execution.

## What Changed

- Build workflow now:
  - Publishes deployable backend image tag reference and digest reference
  - Exposes both as job outputs
  - Passes both references into CICD Tests dispatch inputs

- CICD Tests workflow now:
  - Accepts deployable backend tag and digest inputs
  - Propagates these through setup outputs
  - Replaces previous integration lane behavior with runtime black-box execution:
    - Starts isolated Docker network
    - Starts Postgres container
    - Starts backend container from digest-pinned deployable image
    - Enforces tag-to-digest consistency before running checks
    - Runs endpoint checks against live container:
      - GET /
      - GET /compatibility
      - GET /health
    - Captures backend/db logs and container state on failure
    - Cleans up containers and network via trap

- Documentation updated:
  - Runtime contract enforcement section now includes runtime black-box integration checks
  - CI success summary now reflects runtime integration lane behavior

## Scope

Included:
- Backend runtime black-box integration replacement for the existing integration lane
- Digest + tag identity enforcement
- Failure diagnostics for triage

Out of scope:
- Frontend runtime smoke checks
- E2E lane redesign

## Acceptance Criteria Mapping

- Integration tests execute against runtime container endpoints: 
- Integration lane consumes built image references (not source-mounted execution): 
- Failures surface service logs and test logs for triage: 

## Verification

- Workflow files pass local validation checks
- Pre-commit hooks pass on committed changes
- Branch pushed and ready for PR review

## Related

- Issue: #61
- Dependency context: #66

Co-authored-by: copilotcoder <copilotcoder@darkhelm.org>
Reviewed-on: #72
2026-07-05 22:48:57 -04:00

6.4 KiB

Deployable Runtime Image Contract

Purpose

Define the minimum deployable runtime contract for backend and frontend images. This document is the canonical source for what must be present, what must not be present, and what behavior deployment environments can rely on.

This contract supports issue PP-58 and establishes a baseline for future automation work under epic #66.

Scope

Included:

  • Backend deployable runtime image requirements.
  • Frontend deployable runtime image requirements.
  • Runtime entrypoint, ports, health behavior, startup behavior, and environment contracts.
  • Explicitly disallowed non-runtime tooling classes in deployable images.

Excluded:

  • CI workflow rewiring.
  • Test execution redesign.
  • New runtime hardening implementations not required to define contract.

Backend Runtime Contract

Runtime Artifact Definition

  • Container build source: Dockerfile.backend.
  • Runtime base image: python:3.14-slim.
  • Runtime process: uvicorn backend.main:app --app-dir /app/src --host 0.0.0.0 --port 8000.
  • Exposed runtime port: 8000.

Required Runtime Dependencies

The runtime artifact must include versions compatible with:

  • fastapi==0.120.2
  • psycopg==3.2.12
  • sqlalchemy==2.0.44
  • uvicorn==0.38.0

The lockfile in backend/uv.lock is the dependency source of truth.

Required Runtime Environment Contract

  • DATABASE_URL is required.
    • Accepted form: postgresql://... or SQLAlchemy async form.
    • Runtime normalization to async psycopg dialect is performed in backend/src/backend/database.py.
  • BACKEND_REQUIRED_PYTHON is optional and defaults to 3.14.

Backend Health and Startup Behavior

  • Startup must fail fast if runtime policy checks fail.
    • Source: backend/src/backend/main.py lifecycle (lifespan) validation.
  • Health endpoint contract:
    • GET /health returns 200 with {"status":"healthy","database":"connected"} when database probe succeeds.
    • GET /health returns 503 with {"status":"unhealthy","database":"disconnected"} when probe fails.
  • Compatibility diagnostics endpoint:
    • GET /compatibility reports policy and package compatibility status.

Backend Runtime Checklist

  • Runtime image built from Dockerfile.backend.
  • Runtime process is uvicorn serving backend.main:app with app dir /app/src on 0.0.0.0:8000.
  • DATABASE_URL is set in deployment runtime.
  • GET /health behavior matches contract.
  • Startup fails on runtime policy mismatch.
  • Deployable artifact excludes CI-only and test-only tooling classes.

Frontend Runtime Contract

Frontend Runtime Artifact Definition

  • Container build source: Dockerfile.frontend (target production).
  • Runtime base image: nginx:alpine.
  • Runtime process: nginx -g "daemon off;".
  • Exposed runtime port: 80.
  • Runtime artifact payload: static assets from /app/dist copied to /usr/share/nginx/html.

Frontend Runtime Entry and Routing Contract

  • Nginx configuration source: frontend/nginx.conf.
  • SPA routing behavior must use fallback to index.html for unknown routes.
  • API requests under /api/ are proxied to backend service endpoint http://backend:8000/ in compose deployments.

Frontend Health and Startup Behavior

  • Startup expectation: nginx process starts and serves static assets on port 80.
  • Runtime health expectation for deployment checks:
    • GET / should return 200 and serve frontend entry document.
  • API proxy readiness is dependent on backend runtime availability.

Frontend Runtime Environment Contract

  • No required runtime environment variables are defined for nginx static serving.
  • Build-time frontend mode is production-oriented and not part of runtime env contract.

Frontend Runtime Checklist

  • Runtime image built from Dockerfile.frontend production target.
  • Runtime process is nginx serving on port 80.
  • SPA route fallback behavior is present.
  • /api/ proxy behavior aligns with backend service wiring.
  • Deployable artifact excludes CI-only and test-only tooling classes.

Disallowed Tooling Classes in Deployable Runtime Images

Deployable runtime artifacts must not include tooling classes that are only needed for CI, validation, or local development workflows.

Disallowed classes:

  • Linters and formatters (example: ruff, eslint, prettier).
  • Type checking and static analysis tooling (example: pyright, vue-tsc).
  • Test frameworks and test drivers (example: pytest, vitest, playwright).
  • Browser test binaries and CI runner helper tools.
  • Build-only package managers and build toolchains not needed at runtime.

Note:

  • Multi-stage builds may use these tools in build stages.
  • These tools must not be required by or present in final deployable runtime image layers.

Acceptance Criteria Traceability (PP-58)

  1. Backend runtime requirements are documented and approved.
    • Covered by: "Backend Runtime Contract" and backend checklist.
  2. Frontend runtime requirements are documented and approved.
    • Covered by: "Frontend Runtime Contract" and frontend checklist.
  3. Runtime contracts include health endpoint expectations and startup behavior.
    • Covered by: backend health/startup section and frontend health/startup section.
  4. Non-runtime tool classes are explicitly excluded from deployable image definition.
    • Covered by: "Disallowed Tooling Classes in Deployable Runtime Images".

Enforcement Hooks

Current enforcement implemented in CI:

  • Dockerfile target boundary checks:
    • Script: scripts/check-dockerfile-boundaries.sh
    • Workflow: .gitea/workflows/docker-build-main.yaml
  • Deployable runtime image purity checks:
    • Script: scripts/verify-deployable-image-purity.sh
    • Workflow: .gitea/workflows/docker-build-main.yaml
    • Checks include binary presence and profile-specific package metadata probes to detect CI/development tooling leakage.
  • Runtime black-box integration checks against deployed backend container:
    • Workflow: .gitea/workflows/cicd-tests.yaml (integration-tests job)
    • Inputs: deployable backend commit tag reference and immutable digest reference from main build dispatch.
    • Assertions: digest/tag consistency and live endpoint behavior for /, /compatibility, and /health on started runtime containers.

Future follow-up automation under epic #66 may expand this with:

  • Contract tests that assert documented health/startup behavior.
  • Additional policy checks for drift detection and broader runtime compliance.