jocke/bilhej
1
0
Fork 0
Code Issues Pull requests 2 Projects Releases 1 Packages Wiki Activity Actions

fix: use host Docker socket with isolated E2E network
Some checks failed
CI / Lint, type check, unit tests, coverage (push) Successful in 11m41s
Details
CI / E2E browser tests (push) Failing after 45s
Details

Browse source 
The per-job DinD approach failed because Forgejo Runner's service container
DNS resolution does not work when the runner itself uses DinD
(container.docker_host: tcp://dind:2375). The job container could not resolve
the 'dind' service hostname, causing docker compose to fail immediately.

New approach:

- Runner now uses container.docker_host: 'automount' which mounts the host
  Docker socket into job containers. The runner runs as root (user: 0:0)
  to access /var/run/docker.sock.

- E2E job no longer uses a 'dind' service. docker compose runs directly
  against the host Docker daemon inside the job container.

- docker-compose.e2e.yml gets a custom 'e2e' bridge network. All E2E
  containers (postgres, backend, frontend, playwright) attach only to this
  network, isolating them from other host containers (Nextcloud, Jellyfin,
  etc.). They can still reach the internet for vehicle lookup and npm.

Tradeoff: job containers can see other containers via docker ps, but they
are on an isolated network. For a single-user home server, this is the
simplest reliable configuration.
This commit is contained in:
Joakim Mörling 2026-05-19 18:17:01 +02:00
parent 1f1016a775
commit 5abb5bc2e9
2 changed files with 12 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.forgejo/workflows/ci.yml
View file

@ -58,14 +58,7 @@ jobs:
e2e:
name: E2E browser tests
runs-on: ubuntu-latest
services:
dind:
image: docker:28-dind
options: --privileged
env:
DOCKER_TLS_CERTDIR: ""
env:
DOCKER_HOST: tcp://dind:2375
POSTGRES_DB: bilhej
POSTGRES_USER: bilhej
POSTGRES_PASSWORD: test_pw_ci_123

12
docker-compose.e2e.yml
View file

@ -1,3 +1,7 @@
networks:
e2e:
driver: bridge
services:
postgres:
image: postgres:16
@ -6,6 +10,8 @@ services:
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
networks:
- e2e
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
interval: 5s
@ -26,6 +32,8 @@ services:
STRIPE_SECRET_KEY: ${STRIPE_SECRET_KEY}
STRIPE_WEBHOOK_SECRET: ${STRIPE_WEBHOOK_SECRET}
STRIPE_PRICE_ID: ${STRIPE_PRICE_ID}
networks:
- e2e
depends_on:
postgres:
condition: service_healthy
@ -35,6 +43,8 @@ services:
dockerfile: docker/frontend.e2e.Dockerfile
context: .
container_name: bilhej-frontend-e2e
networks:
- e2e
depends_on:
- backend
@ -46,6 +56,8 @@ services:
ipc: host
environment:
PLAYWRIGHT_BASE_URL: http://frontend
networks:
- e2e
depends_on:
- frontend
command: >-