-
Notifications
You must be signed in to change notification settings - Fork 0
297 lines (260 loc) · 9.93 KB
/
backend-ci.yml
File metadata and controls
297 lines (260 loc) · 9.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
name: Backend CI
on:
push:
branches: [main, dev]
paths:
- 'backend/**'
- 'docker-compose.yaml'
- 'docker-bake.hcl'
- '.github/workflows/backend-ci.yml'
pull_request:
branches: [main, dev]
paths:
- 'backend/**'
- 'docker-compose.yaml'
- 'docker-bake.hcl'
- '.github/workflows/backend-ci.yml'
workflow_dispatch:
# Pin image versions for cache key consistency
env:
MONGO_IMAGE: mongo:8.0
REDIS_IMAGE: redis:7-alpine
ZOOKEEPER_IMAGE: confluentinc/cp-zookeeper:7.5.0
KAFKA_IMAGE: confluentinc/cp-kafka:7.5.0
SCHEMA_REGISTRY_IMAGE: confluentinc/cp-schema-registry:7.5.0
jobs:
unit:
name: Unit Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up uv
uses: astral-sh/setup-uv@v7
with:
enable-cache: true
cache-dependency-glob: "backend/uv.lock"
- name: Install Python dependencies
run: |
cd backend
uv python install 3.12
uv sync --frozen
- name: Run unit tests
timeout-minutes: 5
run: |
cd backend
uv run pytest tests/unit -v -rs \
--cov=app \
--cov-report=xml --cov-report=term
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
if: always()
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: backend/coverage.xml
flags: backend-unit
name: backend-unit-coverage
fail_ci_if_error: false
verbose: true
integration:
name: Integration Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Cache and load Docker images
uses: ./.github/actions/docker-cache
with:
images: ${{ env.MONGO_IMAGE }} ${{ env.REDIS_IMAGE }} ${{ env.ZOOKEEPER_IMAGE }} ${{ env.KAFKA_IMAGE }} ${{ env.SCHEMA_REGISTRY_IMAGE }}
- name: Set up uv
uses: astral-sh/setup-uv@v7
with:
enable-cache: true
cache-dependency-glob: "backend/uv.lock"
- name: Install Python dependencies
run: |
cd backend
uv python install 3.12
uv sync --frozen
- name: Start infrastructure services
env:
KAFKA_HEAP_OPTS: "-Xms256M -Xmx512M"
run: |
# Start only infra services (no workers, no build)
docker compose up -d --wait --wait-timeout 180 \
mongo redis zookeeper-certgen zookeeper kafka schema-registry
docker compose ps
- name: Create Kafka topics
timeout-minutes: 2
env:
KAFKA_BOOTSTRAP_SERVERS: localhost:9092
KAFKA_TOPIC_PREFIX: "ci.${{ github.run_id }}."
run: |
cd backend
uv run python -m scripts.create_topics
- name: Run integration tests
timeout-minutes: 10
env:
MONGO_ROOT_USER: root
MONGO_ROOT_PASSWORD: rootpassword
MONGODB_HOST: 127.0.0.1
MONGODB_PORT: 27017
MONGODB_URL: mongodb://root:rootpassword@127.0.0.1:27017/?authSource=admin
KAFKA_BOOTSTRAP_SERVERS: localhost:9092
KAFKA_TOPIC_PREFIX: "ci.${{ github.run_id }}."
SCHEMA_REGISTRY_URL: http://localhost:8081
REDIS_HOST: localhost
REDIS_PORT: 6379
SCHEMA_SUBJECT_PREFIX: "ci.${{ github.run_id }}."
run: |
cd backend
uv run pytest tests/integration -v -rs \
--cov=app \
--cov-report=xml --cov-report=term
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
if: always()
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: backend/coverage.xml
flags: backend-integration
name: backend-integration-coverage
fail_ci_if_error: false
verbose: true
- name: Collect logs
if: failure()
run: |
mkdir -p logs
docker compose logs > logs/docker-compose.log 2>&1
docker compose logs kafka > logs/kafka.log 2>&1
docker compose logs schema-registry > logs/schema-registry.log 2>&1
- name: Upload logs
if: failure()
uses: actions/upload-artifact@v6
with:
name: integration-logs
path: logs/
e2e:
name: E2E Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
# Cache third-party images (mongo, redis, kafka, etc.)
- name: Cache and load Docker images
uses: ./.github/actions/docker-cache
with:
images: ${{ env.MONGO_IMAGE }} ${{ env.REDIS_IMAGE }} ${{ env.ZOOKEEPER_IMAGE }} ${{ env.KAFKA_IMAGE }} ${{ env.SCHEMA_REGISTRY_IMAGE }}
# Set up Docker Buildx for bake action (use latest for GHA cache v2 support)
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: latest
# Build all backend images using bake with GitHub Actions cache
- name: Build images with cache
uses: docker/bake-action@v6
with:
files: docker-bake.hcl
targets: backend-e2e
load: true
set: |
*.cache-from=type=gha
*.cache-to=type=gha,mode=max
- name: Prune Docker build cache
run: docker builder prune -af
- name: Set up uv
uses: astral-sh/setup-uv@v7
with:
enable-cache: true
cache-dependency-glob: "backend/uv.lock"
- name: Install Python dependencies
run: |
cd backend
uv python install 3.12
uv sync --frozen
# Setup K3s before starting services (workers need kubeconfig)
- name: Setup Kubernetes (k3s)
run: |
curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--disable=traefik --tls-san host.docker.internal" sh -
mkdir -p /home/runner/.kube
sudo k3s kubectl config view --raw > /home/runner/.kube/config
sudo chmod 600 /home/runner/.kube/config
export KUBECONFIG=/home/runner/.kube/config
timeout 90 bash -c 'until sudo k3s kubectl cluster-info; do sleep 5; done'
kubectl create namespace integr8scode --dry-run=client -o yaml | kubectl apply -f -
# Create kubeconfig for containers: use kubectl config view which is more reliable
sudo k3s kubectl config view --raw | sed 's/127.0.0.1/host.docker.internal/g' > backend/kubeconfig.yaml
# Verify the kubeconfig is valid
echo "=== Verifying kubeconfig ==="
grep -q "current-context" backend/kubeconfig.yaml && echo "OK: current-context found" || (echo "ERROR: current-context missing"; cat backend/kubeconfig.yaml; exit 1)
grep -q "host.docker.internal" backend/kubeconfig.yaml && echo "OK: host.docker.internal found" || (echo "ERROR: host.docker.internal missing"; exit 1)
# Start all services (images already built by bake)
- name: Start services
env:
MONGO_ROOT_USER: root
MONGO_ROOT_PASSWORD: rootpassword
ENABLE_TRACING: "false"
KAFKA_HEAP_OPTS: "-Xms256M -Xmx512M"
run: |
# Start cert generation first (backend needs certs)
docker compose up -d --no-build shared-ca
docker compose up -d --no-build cert-generator
# Wait for certs to be generated
timeout 60 bash -c 'until [ -f backend/certs/server.key ]; do sleep 2; done'
echo "Certificates generated"
# Start infra
docker compose up -d --no-build --wait --wait-timeout 180 \
mongo redis zookeeper-certgen zookeeper kafka schema-registry
# Start backend and workers (Docker Compose handles init job dependencies via service_completed_successfully)
docker compose up -d --no-build --wait --wait-timeout 180 \
backend coordinator saga-orchestrator k8s-worker pod-monitor result-processor
docker compose ps
- name: Run E2E tests
timeout-minutes: 10
env:
MONGO_ROOT_USER: root
MONGO_ROOT_PASSWORD: rootpassword
MONGODB_URL: mongodb://root:rootpassword@127.0.0.1:27017/?authSource=admin
KAFKA_BOOTSTRAP_SERVERS: localhost:9092
KAFKA_TOPIC_PREFIX: ""
SCHEMA_REGISTRY_URL: http://localhost:8081
REDIS_HOST: localhost
REDIS_PORT: 6379
SCHEMA_SUBJECT_PREFIX: ""
KUBECONFIG: /home/runner/.kube/config
K8S_NAMESPACE: integr8scode
# Tests connect to backend running in container (HTTPS)
BACKEND_URL: https://localhost:443
# Trust self-signed certs
REQUESTS_CA_BUNDLE: ""
CURL_CA_BUNDLE: ""
run: |
cd backend
uv run pytest tests/e2e -v -rs \
--cov=app \
--cov-report=xml --cov-report=term
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
if: always()
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: backend/coverage.xml
flags: backend-e2e
name: backend-e2e-coverage
fail_ci_if_error: false
verbose: true
- name: Collect logs
if: failure()
run: |
mkdir -p logs
docker compose logs > logs/docker-compose.log 2>&1
docker compose logs backend > logs/backend.log 2>&1
docker compose logs saga-orchestrator > logs/saga-orchestrator.log 2>&1
docker compose logs k8s-worker > logs/k8s-worker.log 2>&1
docker compose logs pod-monitor > logs/pod-monitor.log 2>&1
kubectl get events --sort-by='.metadata.creationTimestamp' -A > logs/k8s-events.log 2>&1 || true
kubectl describe pods -A > logs/k8s-describe-pods.log 2>&1 || true
kubectl logs -l app=executor -n integr8scode --tail=100 > logs/executor-pods.log 2>&1 || true
- name: Upload logs
if: failure()
uses: actions/upload-artifact@v6
with:
name: e2e-logs
path: logs/