-
Notifications
You must be signed in to change notification settings - Fork 2
chore: add integration test to validate docker-compose #18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| name: Docker Compose Integration | ||
|
|
||
| on: | ||
| pull_request: | ||
| branches: [ main ] | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| docker-compose-integration: | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🟠 Code VulnerabilityWorkflow depends on a GitHub actions pinned by tag instead of a hash. (...read more)Pin GitHub Actions by commit hash to ensure supply chain security. Using a branch ( - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 |
||
|
|
||
| - name: Start services | ||
| run: docker compose up -d | ||
|
|
||
| - name: Wait for services to be healthy | ||
| run: | | ||
| echo "Waiting for all services to be healthy..." | ||
| # Wait for services with health checks to be healthy (4 services) and all services to be up | ||
| timeout 300 bash -c 'until [ $(docker compose ps --format "{{.Health}}" | grep -c "healthy") -ge 4 ] && [ $(docker compose ps --format "{{.Status}}" | grep -c "Up") -ge 5 ]; do sleep 5; done' | ||
| docker compose ps | ||
|
|
||
| - name: Test dashboard endpoints | ||
| run: | | ||
| curl -f http://localhost:8081/dashboard/ || exit 1 | ||
| curl -f http://localhost:8082 || exit 1 | ||
|
|
||
| - name: Test API endpoints | ||
| run: | | ||
| # Test sticker award API with sample user data | ||
| curl -f -X GET "http://localhost:8080/api/award/v1/users/user-001/stickers" || exit 1 | ||
| # TODO! | ||
| # curl -f -X GET "http://localhost:8080/api/users/v1/health" || exit 1 | ||
|
|
||
| - name: Show service logs on failure | ||
| if: failure() | ||
| run: | | ||
| echo "=== Docker Compose Services Status ===" | ||
| docker compose ps | ||
| echo "=== Traefik Logs ===" | ||
| docker compose logs traefik | ||
| echo "=== Sticker Award Logs ===" | ||
| docker compose logs sticker-award | ||
| echo "=== User Management Logs ===" | ||
| docker compose logs user-management | ||
| echo "=== Database Logs ===" | ||
| docker compose logs sticker-award-db | ||
| docker compose logs user-management-db | ||
|
|
||
| - name: Cleanup | ||
| if: always() | ||
| run: docker compose down -v | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🟠 Code Vulnerability
No explicit permissions set for at the workflow level (...read more)
Default permissions for the
GITHUB_TOKENare expected to be restricted (contents:read,metadata:read, andpackages:read).Your repository may require a different setup, so consider defining permissions for each job following the least privilege principle to restrict the impact of a possible compromise.
You can find the list of all possible permissions in Workflow syntax for GitHub Actions - GitHub Docs. They can be defined at the job or the workflow level.