marcel/familienarchiv
1
0
Fork 0
Code Issues 118 Pull Requests 2 Actions 4 Packages Projects Releases Wiki Activity

ci(nightly): post-deploy smoke test for /api/admin/import-status #531

New Issue
Closed
opened 2026-05-11 20:13:52 +02:00 by marcel · 0 comments
marcel commented 2026-05-11 20:13:52 +02:00
Owner
Copy Link

Type: CI / smoke test
Priority: P2-medium — production correctness of an admin-only endpoint that no current smoke step exercises
Source: review of #526 by Sara Holt (QA) — comment #8649, finding 2
Parent PR: #526 (mass-import bind mount)

Summary

Add a post-deploy smoke step to nightly.yml (and release.yml) that authenticates as the staging admin, hits GET /api/admin/import-status, asserts HTTP 200, and asserts state is one of {IDLE, RUNNING, DONE, FAILED}.

Context

#526 added structural regression guards (compose-config grep) for the /import bind mount, but didn't add a behavioural smoke check that the mass-import endpoint actually responds correctly after a fresh deploy. The current nightly.yml smoke step only verifies HSTS, Permissions-Policy, and /actuator blocking — nothing exercises an admin-authenticated endpoint.

A future regression that breaks admin auth, or somehow corrupts the MassImportService bean wiring, would not be caught until an operator manually clicks the import card.

Required

  1. Extend the "Smoke test deployed environment" step in .gitea/workflows/nightly.yml with a check against /api/admin/import-status.
  2. The check must:
    • Authenticate as the staging admin (uses STAGING_APP_ADMIN_USERNAME / STAGING_APP_ADMIN_PASSWORD already available as secrets)
    • Hit GET /api/admin/import-status
    • Assert HTTP 200
    • Assert response body has state in {IDLE, RUNNING, DONE, FAILED} (parsed via jq)
  3. Failure must be a hard stop with a clear ::error:: annotation.

Notes

  • Unauthenticated /api/admin/* should return 401/403, not 200 — so the smoke test must include auth. Easiest: Basic Auth header (the SecurityConfig already supports it from #520).
  • This step lands after up -d --wait, which already guarantees backend health, so the auth + endpoint test is meaningful additional coverage rather than redundant.

Acceptance criteria

  • Step added to nightly.yml
  • On the next nightly: step passes and the run log shows the response body
  • Step is also added to release.yml for production (or a follow-up issue tracks that)
  • Failure produces a clear ::error:: annotation in the workflow log

Linked NFRs

  • Reliability: Every prod-reachable admin endpoint MUST have a post-deploy smoke check that authenticates and asserts a structured response.
  • Observability: Smoke failures MUST surface as actionable annotations, not silent step failures.

Definition of Ready

  • Endpoint + assertions specified
  • Auth mechanism + secret names identified
  • Failure semantics defined
  • Acceptance criteria testable

🤖 Generated with Claude Code during /implement on #526

**Type:** CI / smoke test **Priority:** P2-medium — production correctness of an admin-only endpoint that no current smoke step exercises **Source:** review of #526 by Sara Holt (QA) — comment [#8649](https://git.raddatz.cloud/marcel/familienarchiv/pulls/526#issuecomment-8649), finding 2 **Parent PR:** #526 (mass-import bind mount) ## Summary Add a post-deploy smoke step to `nightly.yml` (and `release.yml`) that authenticates as the staging admin, hits `GET /api/admin/import-status`, asserts HTTP 200, and asserts `state` is one of `{IDLE, RUNNING, DONE, FAILED}`. ## Context #526 added structural regression guards (compose-config grep) for the `/import` bind mount, but didn't add a behavioural smoke check that the mass-import endpoint actually responds correctly after a fresh deploy. The current `nightly.yml` smoke step only verifies HSTS, Permissions-Policy, and `/actuator` blocking — nothing exercises an admin-authenticated endpoint. A future regression that breaks admin auth, or somehow corrupts the `MassImportService` bean wiring, would not be caught until an operator manually clicks the import card. ## Required 1. Extend the "Smoke test deployed environment" step in `.gitea/workflows/nightly.yml` with a check against `/api/admin/import-status`. 2. The check must: - Authenticate as the staging admin (uses `STAGING_APP_ADMIN_USERNAME` / `STAGING_APP_ADMIN_PASSWORD` already available as secrets) - Hit `GET /api/admin/import-status` - Assert HTTP 200 - Assert response body has `state` in `{IDLE, RUNNING, DONE, FAILED}` (parsed via `jq`) 3. Failure must be a hard stop with a clear `::error::` annotation. ## Notes - Unauthenticated `/api/admin/*` should return 401/403, not 200 — so the smoke test must include auth. Easiest: Basic Auth header (the SecurityConfig already supports it from #520). - This step lands *after* `up -d --wait`, which already guarantees backend health, so the auth + endpoint test is meaningful additional coverage rather than redundant. ## Acceptance criteria - [ ] Step added to `nightly.yml` - [ ] On the next nightly: step passes and the run log shows the response body - [ ] Step is also added to `release.yml` for production (or a follow-up issue tracks that) - [ ] Failure produces a clear `::error::` annotation in the workflow log ## Linked NFRs - **Reliability:** Every prod-reachable admin endpoint MUST have a post-deploy smoke check that authenticates and asserts a structured response. - **Observability:** Smoke failures MUST surface as actionable annotations, not silent step failures. ## Definition of Ready - [x] Endpoint + assertions specified - [x] Auth mechanism + secret names identified - [x] Failure semantics defined - [x] Acceptance criteria testable 🤖 Generated with [Claude Code](https://claude.com/claude-code) during /implement on #526
marcel added the P2-mediumdevopstest labels 2026-05-11 20:36:41 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
P0-critical
Blocks a core user journey, causes data loss, or is a security/accessibility barrier. Work on this before P1+.
 P1-high
Significant friction on a main user journey; workaround exists but is non-obvious. Next up after P0.
 P2-medium
Noticeable improvement; doesn't block anything; schedule opportunistically.
 P3-later
Cosmetic or parking-lot work; fine to stay open indefinitely.
 audit
Read-only audit / assessment work; produces a report rather than changing code
 bug
Something isn't working
 cleanup
Removal of dead code, vague comments, naming violations, and scratch artifacts
 collaboration
We want to extend the family archive to have more collaboration tools
 conversation
descoped
We will do that later
 devops
documentation
README, ARCHITECTURE, GLOSSARY, CONTRIBUTING, per-domain docs
 epic
Marker for epic-level issues that group multiple child issues
 feature
file-upload
legibility
Codebase Legibility Refactor — preparing the codebase for human evaluation and bus-factor reduction
 notification
person
phase-1: security
Security hygiene — must be done first
 phase-2: container-images
Production-ready multi-stage Docker images
 phase-3: prod-compose
Production compose overlay + Caddy reverse proxy
 phase-4: spring-prod-profile
Spring Boot production configuration profile
 phase-5: backups
Database and object storage backup strategy
 phase-6: deployment-docs
.env.example, DEPLOYMENT.md, runbook
 phase-7: monitoring
Prometheus, Loki, Grafana, Alertmanager
 refactor
Code restructuring without behaviour change
 security
test
ui
UI/UX and accessibility issues
 user
No Label P2-medium devops test
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Jens marcel
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: marcel/familienarchiv#531
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?