All checks were successful
CICD / Build and Publish CICD Base Image (push) Successful in 6m8s
CICD / Build and Push CICD Image (push) Successful in 23m14s
CICD / Build CICD Image Failure Postmortem (push) Has been skipped
CICD / Backend Tests (push) Successful in 7m10s
CICD / Frontend Tests (push) Successful in 45s
CICD / Backend Doctests (push) Successful in 18s
CICD / Pre-commit Checks (push) Successful in 14m57s
CICD / Source Lanes Failure Postmortem (push) Has been skipped
CICD / CICD Tests Complete (push) Successful in 3s
CICD / Build Backend Base Image (push) Successful in 18s
CICD / Build Integration Tester Image (push) Successful in 1m5s
CICD / Build Backend Main Image (push) Successful in 1m52s
CICD / Build Frontend Base Image (push) Successful in 10m42s
CICD / Build Frontend Main Image (push) Successful in 33s
CICD / Build E2E Tester Image (push) Successful in 32m17s
CICD / Production Images Complete (push) Successful in 5s
CICD / Production Image Failures Postmortem (push) Has been skipped
CICD / Runtime Black-Box Integration Tests (push) Successful in 1m13s
CICD / Integration Tests Failure Postmortem (push) Has been skipped
CICD / End-to-End Tests (push) Successful in 11m23s
CICD / E2E Tests Failure Postmortem (push) Has been skipped
## Summary Hardens CI workflows for self-hosted Gitea runners by stabilizing E2E execution and Renovate behavior across internal/external network paths. Closes #62 ## What Changed ### E2E workflow reliability - Fixed E2E workspace handoff to ensure expected repository contents are present during test execution. - Added stricter preflight checks for required frontend files before running E2E. - Reduced mount/path fragility while preserving runtime image pull and compose flow. ### Renovate workflow hardening - Added internal-first endpoint reachability selection with fallback handling. - Added token preflight checks for repository access. - Added explicit host-rule auth handling for API/git paths. - Added container-level connectivity preflight diagnostics. - Added git URL override aligned with selected endpoint context. - Removed incorrect forced Dogar host-IP pinning that broke HTTPS clone routing. ## Why CI behavior was sensitive to runner networking and Renovate clone/auth interactions. These changes make the workflow deterministic in our runner topology and address recurring CI failures. ## Scope - Workflow logic only (`cicd.yaml`, `renovate.yml`) - No app feature or API behavior changes ## Validation - Workflow YAML validation passed during updates. - Changes were applied and verified iteratively from real failing run diagnostics. Co-authored-by: copilotcoder <copilotcoder@darkhelm.org> Reviewed-on: #73
97 lines
3.1 KiB
Bash
97 lines
3.1 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
|
COMPOSE_FILE="${ROOT_DIR}/compose.ci.integration.yml"
|
|
PROJECT_NAME="${COMPOSE_PROJECT_NAME:-plex-int-local}"
|
|
|
|
export DEPLOYABLE_BACKEND_IMAGE="${DEPLOYABLE_BACKEND_IMAGE:-deployable-backend:local}"
|
|
export DB_PASSWORD="${DB_PASSWORD:-plex_password}"
|
|
export DB_URL="${DB_URL:-postgresql://plex_user:${DB_PASSWORD}@database:5432/plex_playlist}"
|
|
|
|
cleanup() {
|
|
docker compose -p "${PROJECT_NAME}" -f "${COMPOSE_FILE}" down -v --remove-orphans >/dev/null 2>&1 || true
|
|
}
|
|
|
|
trap cleanup EXIT
|
|
|
|
echo "Running runtime integration checks against deployable backend image via compose"
|
|
echo "DEPLOYABLE_BACKEND_IMAGE=${DEPLOYABLE_BACKEND_IMAGE}"
|
|
|
|
docker compose -p "${PROJECT_NAME}" -f "${COMPOSE_FILE}" up -d database backend
|
|
|
|
fetch_backend_endpoint() {
|
|
endpoint_path="$1"
|
|
output_file="$2"
|
|
probe_tmp="$(mktemp)"
|
|
|
|
if ! docker compose -p "${PROJECT_NAME}" -f "${COMPOSE_FILE}" exec -T backend python -c "$(printf '%s\n' \
|
|
'import sys' \
|
|
'import urllib.error' \
|
|
'import urllib.request' \
|
|
'endpoint_path = sys.argv[1]' \
|
|
'url = f"http://127.0.0.1:8000{endpoint_path}"' \
|
|
'try:' \
|
|
' with urllib.request.urlopen(url, timeout=2) as response:' \
|
|
' body = response.read().decode("utf-8", errors="replace")' \
|
|
' print(response.status)' \
|
|
' print(body)' \
|
|
'except urllib.error.HTTPError as err:' \
|
|
' body = err.read().decode("utf-8", errors="replace")' \
|
|
' print(err.code)' \
|
|
' print(body)' \
|
|
'except Exception:' \
|
|
' print("000")' \
|
|
' print("")'
|
|
)" "${endpoint_path}" >"${probe_tmp}" 2>/dev/null
|
|
then
|
|
: >"${output_file}"
|
|
rm -f "${probe_tmp}"
|
|
echo "000"
|
|
return 0
|
|
fi
|
|
|
|
http_code="$(head -n 1 "${probe_tmp}")"
|
|
tail -n +2 "${probe_tmp}" >"${output_file}"
|
|
rm -f "${probe_tmp}"
|
|
echo "${http_code}"
|
|
}
|
|
|
|
backend_ready=false
|
|
for i in $(seq 1 40); do
|
|
backend_running_count="$(docker compose -p "${PROJECT_NAME}" -f "${COMPOSE_FILE}" ps --status running --services backend | wc -l)"
|
|
if [ "${backend_running_count}" -eq 0 ]; then
|
|
echo "❌ Backend container exited before becoming healthy"
|
|
exit 1
|
|
fi
|
|
|
|
health_code="$(fetch_backend_endpoint "/health" /tmp/blackbox-health.json)"
|
|
if [ "${health_code}" = "200" ]; then
|
|
backend_ready=true
|
|
break
|
|
fi
|
|
sleep 2
|
|
done
|
|
|
|
if [ "${backend_ready}" != "true" ]; then
|
|
echo "❌ Backend did not become healthy"
|
|
cat /tmp/blackbox-health.json 2>/dev/null || true
|
|
exit 1
|
|
fi
|
|
|
|
root_code="$(fetch_backend_endpoint "/" /tmp/blackbox-root.json)"
|
|
if [ "${root_code}" != "200" ] || ! grep -q 'Plex Playlist Backend API' /tmp/blackbox-root.json; then
|
|
echo "❌ Root endpoint validation failed"
|
|
cat /tmp/blackbox-root.json 2>/dev/null || true
|
|
exit 1
|
|
fi
|
|
|
|
compatibility_code="$(fetch_backend_endpoint "/compatibility" /tmp/blackbox-compatibility.json)"
|
|
if [ "${compatibility_code}" != "200" ] || ! grep -q '"ok":true' /tmp/blackbox-compatibility.json; then
|
|
echo "❌ Compatibility endpoint validation failed"
|
|
cat /tmp/blackbox-compatibility.json 2>/dev/null || true
|
|
exit 1
|
|
fi
|
|
|
|
echo "✅ Runtime integration checks passed"
|