jocke/bilhej
1
0
Fork 0
Code Issues Pull requests 2 Projects Releases 1 Packages Wiki Activity Actions
bilhej/.forgejo/workflows/ci.yml
Joakim Mörling 1f1016a775
Some checks failed
CI / Lint, type check, unit tests, coverage (push) Successful in 1m53s
Details
CI / E2E browser tests (push) Failing after 11s
Details
feat: add isolated E2E browser test pipeline for Forgejo Actions 
Implement per-job Docker-in-Docker (DinD) for E2E tests, giving each
job a completely isolated Docker daemon and network. This prevents
leakage to the host Docker or other containers.

The previous E2E approach failed because:
1. The Forgejo runner's container.docker_host was not set, causing
   the runner itself to try unix:///var/run/docker.sock and crash-loop.
2. The host DinD daemon had isolated networking — job containers
   running docker compose could not resolve 'dind' hostname or access
   host filesystem bind mounts (e.g. .:/app).

New approach — zero bind mounts, all COPY-based images:

- docker/backend.e2e.Dockerfile: multi-stage build from repo root.
  Copies gradlew + settings.gradle + backend/build.gradle to download
  dependencies in a cacheable layer, then copies backend/src and builds
  the bootJar. Runs the JAR directly on startup.

- docker/frontend.e2e.Dockerfile: multi-stage Node build → nginx.
  Reuses existing docker/nginx.conf for /api proxy to backend service.
  No volume mounts, fully self-contained.

- docker/playwright.e2e.Dockerfile: extends official Playwright image.
  Installs deps from package-lock.json, copies e2e tests + config.

- docker-compose.e2e.yml: zero bind mounts. Services depend on each
  other in order: postgres (healthy) → backend → frontend → playwright.
  Playwright waits for backend and frontend via curl loops before
  running tests.

- .forgejo/workflows/ci.yml: E2E job adds a 'dind' service container
  (docker:28-dind, privileged, no TLS). The job sets DOCKER_HOST to
  tcp://dind:2375 so the docker CLI inside the job talks to the
  per-job DinD daemon. The compose file is docker-compose.e2e.yml.

- Runner fix on tocke: added container.docker_host: 'tcp://dind:2375'
  to runner-config.yaml so the runner's own Docker client connects to
  the host DinD container, stopping the crash loop.

Key properties:
- Network isolation: each E2E job gets its own DinD with its own
  container network. No host container visibility.
- No bind mount leakage: all images use COPY instead of volume mounts.
  The per-job DinD has its own filesystem and can't see host paths.
- Deterministic: builds start from clean state every time. Image cache
  exists only within the per-job DinD lifetime.
- Lint-and-test job is untouched and remains green.
2026-05-19 18:07:12 +02:00

88 lines
2.3 KiB
YAML
Raw Blame History

name: CI
on:
push:
branches: [master, develop]
pull_request:
branches: [master, develop]
jobs:
lint-and-test:
name: Lint, type check, unit tests, coverage
runs-on: ubuntu-latest
steps:
- name: Checkout repository
run: |
git init
git remote add origin https://x-access-token:${FORGEJO_TOKEN}@srvr.nu/git/jocke/bilhej.git
git fetch --depth 1 origin ${GITHUB_SHA}
git checkout FETCH_HEAD
- uses: actions/setup-node@v4
with:
node-version: 24
cache: npm
cache-dependency-path: frontend/package-lock.json
- uses: https://github.com/actions/setup-java@v4
with:
distribution: temurin
java-version: 21
- name: Install frontend dependencies
run: npm ci
working-directory: frontend
- name: Lint
run: npm run lint
working-directory: frontend
- name: Type check
run: npx vue-tsc --noEmit
working-directory: frontend
- name: Frontend unit tests
run: npm run test
working-directory: frontend
- name: Backend unit tests
run: ./gradlew :backend:test
- name: Backend coverage
run: ./gradlew :backend:jacocoTestCoverageVerification
- name: Frontend coverage
run: npm run test:coverage
working-directory: frontend
e2e:
name: E2E browser tests
runs-on: ubuntu-latest
services:
dind:
image: docker:28-dind
options: --privileged
env:
DOCKER_TLS_CERTDIR: ""
env:
DOCKER_HOST: tcp://dind:2375
POSTGRES_DB: bilhej
POSTGRES_USER: bilhej
POSTGRES_PASSWORD: test_pw_ci_123
JWT_SECRET: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
STRIPE_SECRET_KEY: sk_test_fake
STRIPE_WEBHOOK_SECRET: whsec_fake
STRIPE_PRICE_ID: price_fake
steps:
- name: Checkout repository
run: |
git init
git remote add origin https://x-access-token:${FORGEJO_TOKEN}@srvr.nu/git/jocke/bilhej.git
git fetch --depth 1 origin ${GITHUB_SHA}
git checkout FETCH_HEAD
- name: Run E2E test stack
run: |
docker compose \
-f docker-compose.e2e.yml \
up --build --abort-on-container-exit --exit-code-from playwright
Reference in a new issue View git blame Copy permalink