test(ci): add compose bucket-bootstrap idempotency job
The create-buckets service in docker-compose.prod.yml runs on every `docker compose up` (one-shot, restart=no). A re-deploy that fails because the user/bucket/policy already exists would block the whole nightly/release pipeline — and the only way to find out today is to run a second deploy. This job runs the bootstrap twice against a throwaway minio stack and asserts both invocations exit 0. Caught at PR time, not at the third nightly deploy at 02:00. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Marcel
@@ -146,4 +146,52 @@ jobs:
|
|||||||
out=$(fail2ban-regex /tmp/sample.log infra/fail2ban/filter.d/familienarchiv-auth.conf)
|
out=$(fail2ban-regex /tmp/sample.log infra/fail2ban/filter.d/familienarchiv-auth.conf)
|
||||||
echo "$out"
|
echo "$out"
|
||||||
echo "$out" | grep -qE '0 matched' \
|
echo "$out" | grep -qE '0 matched' \
|
||||||
|| { echo "expected 0 matches for /api/auth/login 200"; exit 1; }
|
|| { echo "expected 0 matches for /api/auth/login 200"; exit 1; }
|
||||||
|
|
||||||
|
# ─── Compose Bucket-Bootstrap Idempotency ─────────────────────────────────────
|
||||||
|
# docker-compose.prod.yml's create-buckets service runs on every
|
||||||
|
# `docker compose up` (one-shot, no restart). Must be idempotent — a
|
||||||
|
# re-deploy must not fail just because the bucket / user / policy
|
||||||
|
# already exists. Validated by running create-buckets twice against a
|
||||||
|
# throwaway minio stack and asserting both invocations exit 0.
|
||||||
|
compose-idempotency:
|
||||||
|
name: Compose Bucket Idempotency
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Write stub env file
|
||||||
|
run: |
|
||||||
|
cat > .env.test <<'EOF'
|
||||||
|
TAG=test
|
||||||
|
PORT_BACKEND=18080
|
||||||
|
PORT_FRONTEND=13000
|
||||||
|
APP_DOMAIN=localhost
|
||||||
|
POSTGRES_PASSWORD=stub
|
||||||
|
MINIO_PASSWORD=stubrootpassword
|
||||||
|
MINIO_APP_PASSWORD=stubapppassword
|
||||||
|
OCR_TRAINING_TOKEN=stub
|
||||||
|
APP_ADMIN_USERNAME=admin@local
|
||||||
|
APP_ADMIN_PASSWORD=stub
|
||||||
|
MAIL_HOST=mailpit
|
||||||
|
MAIL_PORT=1025
|
||||||
|
APP_MAIL_FROM=noreply@local
|
||||||
|
EOF
|
||||||
|
|
||||||
|
- name: Bring up minio
|
||||||
|
run: |
|
||||||
|
docker compose -f docker-compose.prod.yml -p test-idem --env-file .env.test up -d --wait minio
|
||||||
|
|
||||||
|
- name: First create-buckets run
|
||||||
|
run: |
|
||||||
|
docker compose -f docker-compose.prod.yml -p test-idem --env-file .env.test run --rm create-buckets
|
||||||
|
|
||||||
|
- name: Second create-buckets run (idempotency check)
|
||||||
|
run: |
|
||||||
|
docker compose -f docker-compose.prod.yml -p test-idem --env-file .env.test run --rm create-buckets
|
||||||
|
|
||||||
|
- name: Teardown
|
||||||
|
if: always()
|
||||||
|
run: |
|
||||||
|
docker compose -f docker-compose.prod.yml -p test-idem --env-file .env.test down -v
|
||||||
|
rm -f .env.test
|
||||||
Reference in New Issue
Block a user