Cliff Hill
fdbce98be6
Some checks failed
Tests / Build and Push CICD Image (push) Successful in 49m20s
Tests / TOML Syntax Check (push) Successful in 30s
Tests / Mixed Line Ending Check (push) Successful in 26s
Tests / TOML Formatting Check (push) Successful in 41s
Tests / Ruff Linting (push) Successful in 25s
Tests / Ruff Format Check (push) Successful in 29s
Tests / Pyright Type Check (push) Failing after 37s
Tests / Darglint Docstring Check (push) Successful in 38s
Tests / No Docstring Types Check (push) Successful in 25s
Tests / ESLint Check (push) Successful in 59s
Tests / YAML Syntax Check (push) Successful in 7m5s
Tests / Prettier Format Check (push) Successful in 52s
Tests / Backend Tests (push) Failing after 31s
Tests / TypeScript Type Check (push) Successful in 2m12s
Tests / Backend Doctests (push) Successful in 1m29s
Tests / Integration Tests (push) Has been skipped
Tests / End-to-End Tests (push) Has been skipped
Tests / Frontend Tests (push) Failing after 1m36s
Tests / End of File Check (push) Successful in 9m45s
Tests / TSDoc Lint Check (push) Failing after 13m8s
Tests / Trailing Whitespace Check (push) Failing after 13m13s
Signed-off-by: Cliff Hill <xlorep@darkhelm.org>
416 lines
17 KiB
YAML
416 lines
17 KiB
YAML
name: Tests
|
||
|
||
on:
|
||
push:
|
||
branches: [ main, develop, feature/* ]
|
||
pull_request:
|
||
branches: [ main, develop ]
|
||
|
||
jobs:
|
||
setup:
|
||
name: Build and Push CICD Image
|
||
runs-on: ubuntu-act
|
||
|
||
steps:
|
||
- name: Minimal checkout for Dockerfile
|
||
env:
|
||
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
|
||
run: |
|
||
echo "=== Minimal Repository Checkout for Dockerfile ==="
|
||
|
||
# Set up SSH key securely (temporary file approach)
|
||
if [ -n "${SSH_PRIVATE_KEY}" ]; then
|
||
mkdir -p ~/.ssh
|
||
echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa
|
||
chmod 600 ~/.ssh/id_rsa
|
||
ssh-keyscan -p 2222 dogar.darkhelm.org >> ~/.ssh/known_hosts 2>/dev/null
|
||
fi
|
||
|
||
# Clone just enough to get the Dockerfile
|
||
GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=no" \
|
||
git clone --depth 1 --no-checkout \
|
||
ssh://git@dogar.darkhelm.org:2222/DarkHelm.org/plex-playlist.git .
|
||
|
||
# Checkout only the Dockerfile and dockerignore
|
||
git checkout HEAD -- Dockerfile.cicd .dockerignore
|
||
|
||
# Clean up SSH key for security
|
||
rm -f ~/.ssh/id_rsa
|
||
|
||
echo "✓ Dockerfile.cicd ready for secure build"
|
||
|
||
- name: Build and push CICD image
|
||
env:
|
||
PACKAGE_ACCESS_TOKEN: ${{ secrets.PACKAGE_ACCESS_TOKEN }}
|
||
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
|
||
GITHUB_SHA: ${{ github.sha }}
|
||
REGISTRY_USER: ${{ secrets.REGISTRY_USER || github.actor }}
|
||
run: |
|
||
echo "=== Building CICD Image with Secure Secrets ==="
|
||
|
||
# Create temporary SSH key file for BuildKit secrets
|
||
echo "${SSH_PRIVATE_KEY}" > /tmp/ssh_key
|
||
chmod 600 /tmp/ssh_key
|
||
|
||
# Enable Docker BuildKit for secrets support
|
||
export DOCKER_BUILDKIT=1
|
||
|
||
# Build CICD image using secure BuildKit secrets
|
||
# SSH key is mounted securely and never stored in image layers
|
||
docker build -f Dockerfile.cicd \
|
||
--secret id=ssh_private_key,src=/tmp/ssh_key \
|
||
--build-arg GITHUB_SHA="$GITHUB_SHA" \
|
||
-t cicd:latest .
|
||
|
||
# Clean up temporary SSH key file
|
||
rm -f /tmp/ssh_key
|
||
|
||
# Tag for Gitea container registry
|
||
docker tag cicd:latest dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:latest
|
||
docker tag cicd:latest dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
|
||
# Login to Gitea container registry with enhanced debugging
|
||
echo "Attempting Docker login for user: ${REGISTRY_USER}"
|
||
if echo "${PACKAGE_ACCESS_TOKEN}" | docker login dogar.darkhelm.org -u "${REGISTRY_USER}" --password-stdin; then
|
||
echo "✓ Successfully logged into registry"
|
||
else
|
||
echo "❌ Failed to login to registry"
|
||
echo "Registry URL: dogar.darkhelm.org"
|
||
echo "Username: ${REGISTRY_USER}"
|
||
echo "Token length: ${#PACKAGE_ACCESS_TOKEN}"
|
||
exit 1
|
||
fi
|
||
|
||
# Push to registry
|
||
echo "Pushing images to registry..."
|
||
docker push dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:latest
|
||
docker push dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
|
||
echo "✓ CICD image built and pushed to registry"
|
||
|
||
# Pre-commit style checks - General file formatting
|
||
trailing-whitespace:
|
||
name: Trailing Whitespace Check
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Check trailing whitespace with pre-commit
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace &&
|
||
pre-commit run trailing-whitespace --all-files --show-diff-on-failure
|
||
"
|
||
|
||
end-of-file-fixer:
|
||
name: End of File Check
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Check end of file with pre-commit
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace &&
|
||
pre-commit run end-of-file-fixer --all-files --show-diff-on-failure
|
||
"
|
||
|
||
check-yaml:
|
||
name: YAML Syntax Check
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Check YAML files with pre-commit
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace &&
|
||
pre-commit run check-yaml --all-files --show-diff-on-failure
|
||
"
|
||
|
||
check-toml:
|
||
name: TOML Syntax Check
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Check TOML files with pre-commit
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace &&
|
||
pre-commit run check-toml --all-files --show-diff-on-failure
|
||
"
|
||
|
||
mixed-line-ending:
|
||
name: Mixed Line Ending Check
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Check line endings with pre-commit
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace &&
|
||
pre-commit run mixed-line-ending --all-files --show-diff-on-failure
|
||
"
|
||
|
||
toml-lint:
|
||
name: TOML Formatting Check
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Check TOML formatting with pre-commit
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace &&
|
||
pre-commit run pretty-format-toml --all-files --show-diff-on-failure
|
||
"
|
||
|
||
# Backend Python checks
|
||
ruff-lint:
|
||
name: Ruff Linting
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Run ruff linting with pre-commit
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace &&
|
||
pre-commit run ruff --all-files --show-diff-on-failure
|
||
"
|
||
|
||
ruff-format:
|
||
name: Ruff Format Check
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Check ruff formatting with pre-commit
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace &&
|
||
pre-commit run ruff-format --all-files --show-diff-on-failure
|
||
"
|
||
|
||
pyright:
|
||
name: Pyright Type Check
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Run pyright type checking with pre-commit
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace &&
|
||
pre-commit run pyright --all-files --show-diff-on-failure
|
||
"
|
||
|
||
darglint:
|
||
name: Darglint Docstring Check
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Run darglint docstring linting with pre-commit
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace &&
|
||
pre-commit run darglint --all-files --show-diff-on-failure
|
||
"
|
||
|
||
no-docstring-types:
|
||
name: No Docstring Types Check
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Run no docstring types check with pre-commit
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace &&
|
||
pre-commit run no-docstring-types --all-files --show-diff-on-failure
|
||
"
|
||
|
||
# Frontend checks
|
||
eslint:
|
||
name: ESLint Check
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Run ESLint with pre-commit
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace &&
|
||
pre-commit run eslint --all-files --show-diff-on-failure
|
||
"
|
||
|
||
prettier:
|
||
name: Prettier Format Check
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Check Prettier formatting with pre-commit
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace &&
|
||
pre-commit run prettier --all-files --show-diff-on-failure
|
||
"
|
||
|
||
typescript-check:
|
||
name: TypeScript Type Check
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Run TypeScript type checking with pre-commit
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace &&
|
||
pre-commit run typescript-check --all-files --show-diff-on-failure
|
||
"
|
||
|
||
tsdoc-lint:
|
||
name: TSDoc Lint Check
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Run TSDoc linting with pre-commit
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace &&
|
||
pre-commit run tsdoc-lint --all-files --show-diff-on-failure
|
||
"
|
||
|
||
# Unit tests with coverage
|
||
backend-tests:
|
||
name: Backend Tests
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Run backend tests with coverage
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace/backend &&
|
||
source .venv/bin/activate &&
|
||
uv run pytest -v --tb=short --cov=src --cov-report=term-missing --cov-fail-under=95
|
||
"
|
||
|
||
frontend-tests:
|
||
name: Frontend Tests
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Run frontend tests with coverage
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace/frontend &&
|
||
yarn test:coverage --run --reporter=verbose --coverage.reporter=text --coverage.reporter=text-summary --coverage.thresholds.lines=85 --coverage.thresholds.functions=85 --coverage.thresholds.branches=85 --coverage.thresholds.statements=85
|
||
"
|
||
|
||
# Doctest for backend
|
||
xdoctest:
|
||
name: Backend Doctests
|
||
runs-on: ubuntu-act
|
||
needs: setup
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Run backend doctests
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace/backend &&
|
||
source .venv/bin/activate &&
|
||
echo 'Running doctests...' &&
|
||
if uv run xdoctest src/ --quiet; then
|
||
echo '✓ All doctests passed'
|
||
else
|
||
echo 'ℹ No doctests found or some doctests failed'
|
||
# Don't fail the build for missing doctests, only for failed ones
|
||
if uv run xdoctest src/ --quiet --verbose 2>&1 | grep -q 'FAILED'; then
|
||
exit 1
|
||
fi
|
||
fi
|
||
"
|
||
|
||
# Integration and E2E tests (run after unit tests complete)
|
||
integration-tests:
|
||
name: Integration Tests
|
||
runs-on: ubuntu-act
|
||
needs: [backend-tests, frontend-tests]
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Run integration tests
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace/backend &&
|
||
source .venv/bin/activate &&
|
||
if [ -d 'tests/integration' ]; then
|
||
uv run pytest tests/integration/ -v --tb=short
|
||
else
|
||
echo 'ℹ No integration tests found'
|
||
fi
|
||
"
|
||
|
||
e2e-tests:
|
||
name: End-to-End Tests
|
||
runs-on: ubuntu-act
|
||
needs: [backend-tests, frontend-tests]
|
||
steps:
|
||
- name: Login to Gitea Container Registry
|
||
run: echo "${{ secrets.PACKAGE_ACCESS_TOKEN }}" | docker login dogar.darkhelm.org -u ${{ github.actor }} --password-stdin
|
||
- name: Run E2E tests
|
||
run: |
|
||
docker pull dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest}
|
||
docker run --rm dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd:${GITHUB_SHA:-latest} bash -c "
|
||
cd /workspace/frontend &&
|
||
if [ -d 'tests/e2e' ] || grep -q 'playwright' package.json; then
|
||
yarn test:e2e || echo 'E2E tests failed or not configured yet'
|
||
else
|
||
echo 'ℹ No E2E tests found'
|
||
fi
|
||
"
|