Files
plex-playlist/scripts/run-ci-integration-compose.sh
Xlorep DarkHelm f3698b095b
All checks were successful
CICD / Build and Publish CICD Base Image (push) Successful in 6m8s
CICD / Build and Push CICD Image (push) Successful in 23m14s
CICD / Build CICD Image Failure Postmortem (push) Has been skipped
CICD / Backend Tests (push) Successful in 7m10s
CICD / Frontend Tests (push) Successful in 45s
CICD / Backend Doctests (push) Successful in 18s
CICD / Pre-commit Checks (push) Successful in 14m57s
CICD / Source Lanes Failure Postmortem (push) Has been skipped
CICD / CICD Tests Complete (push) Successful in 3s
CICD / Build Backend Base Image (push) Successful in 18s
CICD / Build Integration Tester Image (push) Successful in 1m5s
CICD / Build Backend Main Image (push) Successful in 1m52s
CICD / Build Frontend Base Image (push) Successful in 10m42s
CICD / Build Frontend Main Image (push) Successful in 33s
CICD / Build E2E Tester Image (push) Successful in 32m17s
CICD / Production Images Complete (push) Successful in 5s
CICD / Production Image Failures Postmortem (push) Has been skipped
CICD / Runtime Black-Box Integration Tests (push) Successful in 1m13s
CICD / Integration Tests Failure Postmortem (push) Has been skipped
CICD / End-to-End Tests (push) Successful in 11m23s
CICD / E2E Tests Failure Postmortem (push) Has been skipped
Stabilize self-hosted CI workflows and resolve issue #62 (#73)
## Summary

Hardens CI workflows for self-hosted Gitea runners by stabilizing E2E execution and Renovate behavior across internal/external network paths.

Closes #62

## What Changed

### E2E workflow reliability
- Fixed E2E workspace handoff to ensure expected repository contents are present during test execution.
- Added stricter preflight checks for required frontend files before running E2E.
- Reduced mount/path fragility while preserving runtime image pull and compose flow.

### Renovate workflow hardening
- Added internal-first endpoint reachability selection with fallback handling.
- Added token preflight checks for repository access.
- Added explicit host-rule auth handling for API/git paths.
- Added container-level connectivity preflight diagnostics.
- Added git URL override aligned with selected endpoint context.
- Removed incorrect forced Dogar host-IP pinning that broke HTTPS clone routing.

## Why

CI behavior was sensitive to runner networking and Renovate clone/auth interactions. These changes make the workflow deterministic in our runner topology and address recurring CI failures.

## Scope

- Workflow logic only (`cicd.yaml`, `renovate.yml`)
- No app feature or API behavior changes

## Validation

- Workflow YAML validation passed during updates.
- Changes were applied and verified iteratively from real failing run diagnostics.

Co-authored-by: copilotcoder <copilotcoder@darkhelm.org>
Reviewed-on: #73
2026-07-13 11:16:16 -04:00

97 lines
3.1 KiB
Bash

#!/usr/bin/env bash
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
COMPOSE_FILE="${ROOT_DIR}/compose.ci.integration.yml"
PROJECT_NAME="${COMPOSE_PROJECT_NAME:-plex-int-local}"
export DEPLOYABLE_BACKEND_IMAGE="${DEPLOYABLE_BACKEND_IMAGE:-deployable-backend:local}"
export DB_PASSWORD="${DB_PASSWORD:-plex_password}"
export DB_URL="${DB_URL:-postgresql://plex_user:${DB_PASSWORD}@database:5432/plex_playlist}"
cleanup() {
docker compose -p "${PROJECT_NAME}" -f "${COMPOSE_FILE}" down -v --remove-orphans >/dev/null 2>&1 || true
}
trap cleanup EXIT
echo "Running runtime integration checks against deployable backend image via compose"
echo "DEPLOYABLE_BACKEND_IMAGE=${DEPLOYABLE_BACKEND_IMAGE}"
docker compose -p "${PROJECT_NAME}" -f "${COMPOSE_FILE}" up -d database backend
fetch_backend_endpoint() {
endpoint_path="$1"
output_file="$2"
probe_tmp="$(mktemp)"
if ! docker compose -p "${PROJECT_NAME}" -f "${COMPOSE_FILE}" exec -T backend python -c "$(printf '%s\n' \
'import sys' \
'import urllib.error' \
'import urllib.request' \
'endpoint_path = sys.argv[1]' \
'url = f"http://127.0.0.1:8000{endpoint_path}"' \
'try:' \
' with urllib.request.urlopen(url, timeout=2) as response:' \
' body = response.read().decode("utf-8", errors="replace")' \
' print(response.status)' \
' print(body)' \
'except urllib.error.HTTPError as err:' \
' body = err.read().decode("utf-8", errors="replace")' \
' print(err.code)' \
' print(body)' \
'except Exception:' \
' print("000")' \
' print("")'
)" "${endpoint_path}" >"${probe_tmp}" 2>/dev/null
then
: >"${output_file}"
rm -f "${probe_tmp}"
echo "000"
return 0
fi
http_code="$(head -n 1 "${probe_tmp}")"
tail -n +2 "${probe_tmp}" >"${output_file}"
rm -f "${probe_tmp}"
echo "${http_code}"
}
backend_ready=false
for i in $(seq 1 40); do
backend_running_count="$(docker compose -p "${PROJECT_NAME}" -f "${COMPOSE_FILE}" ps --status running --services backend | wc -l)"
if [ "${backend_running_count}" -eq 0 ]; then
echo "❌ Backend container exited before becoming healthy"
exit 1
fi
health_code="$(fetch_backend_endpoint "/health" /tmp/blackbox-health.json)"
if [ "${health_code}" = "200" ]; then
backend_ready=true
break
fi
sleep 2
done
if [ "${backend_ready}" != "true" ]; then
echo "❌ Backend did not become healthy"
cat /tmp/blackbox-health.json 2>/dev/null || true
exit 1
fi
root_code="$(fetch_backend_endpoint "/" /tmp/blackbox-root.json)"
if [ "${root_code}" != "200" ] || ! grep -q 'Plex Playlist Backend API' /tmp/blackbox-root.json; then
echo "❌ Root endpoint validation failed"
cat /tmp/blackbox-root.json 2>/dev/null || true
exit 1
fi
compatibility_code="$(fetch_backend_endpoint "/compatibility" /tmp/blackbox-compatibility.json)"
if [ "${compatibility_code}" != "200" ] || ! grep -q '"ok":true' /tmp/blackbox-compatibility.json; then
echo "❌ Compatibility endpoint validation failed"
cat /tmp/blackbox-compatibility.json 2>/dev/null || true
exit 1
fi
echo "✅ Runtime integration checks passed"