Skip to content

Commit 219ebc3

Browse files
committed
Another fix to live-test workflow.
1 parent 763d4b5 commit 219ebc3

4 files changed

Lines changed: 55 additions & 78 deletions

File tree

.github/workflows/website-test-live-prod.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ name: Live Site Test (idptools.com)
22

33
# Runs the full Selenium suite against the DEPLOYED PROD site
44
# (https://idptools.com), using a throwaway Keycloak spun up locally (browser
5-
# reaches it at http://keycloak:8080 on the compose network). Same mechanism as
5+
# reaches it at http://localhost:8080 via host networking). Same mechanism as
66
# the test-site live test (docker-compose-live-tests.yml), pointed at prod via
77
# LIVE_DEBUGGER_BASE_URL / LIVE_CONFIG_FILE.
88
#

.github/workflows/website-test-live.yml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,9 @@
11
name: Live Site Test (test.idptools.com)
22

33
# Runs the full Selenium suite against the DEPLOYED test.idptools.com site,
4-
# using a throwaway Keycloak spun up locally (postgres + keycloak on a compose
5-
# network, same stack as the containerized suite). The browser in the tests
6-
# container reaches that Keycloak at http://keycloak:8080 while it drives the
7-
# public HTTPS site. See docker-compose-live-tests.yml.
4+
# using a throwaway Keycloak spun up locally over host networking. The browser
5+
# in the tests container reaches that Keycloak at http://localhost:8080 while it
6+
# drives the public HTTPS site. See docker-compose-live-tests.yml.
87
#
98
# Runs automatically after a successful test-site deploy (post-deploy
109
# verification), plus nightly and on demand.

docker-compose-live-tests.yml

Lines changed: 23 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -1,103 +1,53 @@
11
# Runs the Selenium suite against a DEPLOYED debugger site (default:
22
# https://test.idptools.com) while talking to a throwaway Keycloak spun up
3-
# locally. This is the same stack as docker-compose-run-tests.yml (postgres +
4-
# keycloak + tests on the "keycloak" bridge network) MINUS the containerized
5-
# api/client — the debugger under test is the hosted site instead.
3+
# locally. Same idea as docker-compose-run-tests.yml, but the debugger under
4+
# test is the hosted site instead of a containerized client — only Keycloak and
5+
# the test runner are started here.
66
#
7-
# The browser inside the tests container reaches the local Keycloak at
8-
# http://keycloak:8080 (compose DNS), exactly as the containerized suite does.
9-
# It drives the public HTTPS site and makes its OIDC/OAuth calls to that local
10-
# Keycloak; the suite's Chrome flags (--allow-running-insecure-content +
11-
# private-network overrides) permit the HTTPS-page -> http://keycloak calls.
7+
# HOST NETWORKING is required (not the bridge network the containerized suite
8+
# uses): the browser drives the public HTTPS site and must call the local
9+
# Keycloak from that HTTPS page. Chrome treats http://localhost (loopback) as
10+
# potentially-trustworthy and exempt from mixed-content / private-network
11+
# blocking, but a private-IP host (e.g. a bridge service name) is blocked. So
12+
# both containers share the host network and Keycloak is reached at
13+
# http://localhost:8080 — exactly the scenario remote-run-tests.sh proves.
1214
#
13-
# Keycloak's clients are (re)created at run time by common.sh configureKeycloak
14-
# with redirectUris/webOrigins matching DEBUGGER_BASE_URL, so the deployed
15-
# site's redirect back to <site>/callback validates.
16-
#
17-
# Compose format 2.x for `depends_on: condition: service_healthy` support.
15+
# Readiness: instead of a Docker healthcheck (flaky under host networking), the
16+
# tests container waits for Keycloak itself (docker-run-tests.sh waitForKeycloak).
1817
#
1918
# Override the target via the environment:
2019
# LIVE_DEBUGGER_BASE_URL (default https://test.idptools.com)
2120
# LIVE_CONFIG_FILE (default ./env/test-idptools-com.js)
2221
services:
23-
postgres:
24-
image: postgres:18
25-
volumes:
26-
- postgres_data:/var/lib/postgresql/data
27-
environment:
28-
POSTGRES_USER: keycloak
29-
POSTGRES_PASSWORD: keycloak
30-
POSTGRES_DB: keycloak
31-
# postgres:18 refuses to start on a data dir initialized by an older
32-
# major version. Initialize into a fresh subdirectory of the volume so
33-
# the upgrade starts cleanly (test data is disposable and recreated each
34-
# run); any legacy PG17 files at the volume root are ignored.
35-
PGDATA: /var/lib/postgresql/data/pgdata
36-
healthcheck:
37-
test: pg_isready
38-
interval: 10s
39-
timeout: 60s
40-
retries: 5
41-
start_period: 45s
42-
networks:
43-
- keycloak
44-
4522
keycloak:
4623
image: quay.io/keycloak/keycloak:26.6.4
4724
command: ["start-dev"]
25+
hostname: keycloak
26+
network_mode: "host"
4827
environment:
49-
KC_DB: postgres
50-
KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
51-
KC_DB_USERNAME: keycloak
52-
KC_DB_PASSWORD: keycloak
28+
KC_HTTP_PORT: "8080"
29+
KC_BOOTSTRAP_ADMIN_USERNAME: keycloak
30+
KC_BOOTSTRAP_ADMIN_PASSWORD: keycloak
5331
KEYCLOAK_ADMIN: keycloak
5432
KEYCLOAK_ADMIN_PASSWORD: keycloak
5533
KC_HEALTH_ENABLED: "true"
56-
hostname: keycloak
57-
healthcheck:
58-
test: [
59-
"CMD-SHELL",
60-
"exec 3<>/dev/tcp/localhost/9000; \
61-
echo -en 'GET /health/ready' >&3; \
62-
# Give the server a moment to respond, then search for 'UP'
63-
if timeout 3 cat <&3 | grep -m 1 'UP'; then \
64-
exec 3<&-; exec 3>&-; exit 0; \
65-
else \
66-
exec 3<&-; exec 3>&-; exit 1; \
67-
fi"
68-
]
69-
interval: 10s
70-
timeout: 60s
71-
retries: 5
72-
start_period: 30s
73-
depends_on:
74-
postgres:
75-
condition: service_healthy
76-
networks:
77-
- keycloak
7834

7935
tests:
8036
image: rcbj/test-live
8137
build:
8238
context: .
8339
dockerfile: tests/Dockerfile
40+
network_mode: "host"
8441
environment:
85-
# Target the deployed site; talk to the local Keycloak by service name.
42+
# Target the deployed site; talk to the local Keycloak over loopback.
8643
- DEBUGGER_BASE_URL=${LIVE_DEBUGGER_BASE_URL:-https://test.idptools.com}
87-
- KEYCLOAK_BASE_URL=http://keycloak:8080
88-
- KEYCLOAK_LOCALHOST_BASE_URL=http://keycloak:8080
44+
- KEYCLOAK_BASE_URL=http://localhost:8080
45+
- KEYCLOAK_LOCALHOST_BASE_URL=http://localhost:8080
8946
- CONFIG_FILE=${LIVE_CONFIG_FILE:-./env/test-idptools-com.js}
9047
# Persist the generated report/logs to the host (gitignored).
9148
volumes:
9249
- ./tests/report:/usr/src/app/report
50+
# Start-order only (host networking healthchecks are unreliable); the test
51+
# runner waits for Keycloak to answer before configuring it.
9352
depends_on:
94-
keycloak:
95-
condition: service_healthy
96-
networks:
9753
- keycloak
98-
99-
volumes:
100-
postgres_data:
101-
102-
networks:
103-
keycloak:

docker-run-tests.sh

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,8 +39,36 @@ runReport()
3939
node "${NODEJS_BASE_DIR}/run-report.js"
4040
}
4141

42+
# Poll until Keycloak answers before configuring it. In the fully-containerized
43+
# stack Keycloak is already up (compose depends_on: service_healthy), so this
44+
# returns immediately; in the live-site stack (host networking, no healthcheck
45+
# gate) this is what actually waits for Keycloak to come up.
46+
waitForKeycloak()
47+
{
48+
echo "Waiting for Keycloak at ${KEYCLOAK_LOCALHOST_BASE_URL} ..."
49+
local i=0
50+
local max=60
51+
local code
52+
while [ $i -lt $max ];
53+
do
54+
code=$(curl -s -o /dev/null -w '%{http_code}' \
55+
"${KEYCLOAK_LOCALHOST_BASE_URL}/realms/master/.well-known/openid-configuration" || true)
56+
if [ "${code}" = "200" ];
57+
then
58+
echo "Keycloak is ready."
59+
return 0
60+
fi
61+
i=$((i + 1))
62+
sleep 3
63+
done
64+
echo "ERROR: Keycloak did not become ready at ${KEYCLOAK_LOCALHOST_BASE_URL} within timeout." >&2
65+
exit 1
66+
}
67+
4268
init
4369
check_return_code $?
70+
waitForKeycloak
71+
check_return_code $?
4472
configureKeycloak
4573
check_return_code $?
4674
runReport

0 commit comments

Comments
 (0)