glinrdock/.github/workflows/smoke.yml at main · glincker/glinrdock · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
name: Smoke Tests

on:
  release:
    types: [published]

permissions:
  contents: read

jobs:
  assets-check:
    name: Verify Release Assets
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: List release assets
        env:
          GH_TOKEN: ${{ github.token }}
        run: |
          echo "Release: ${{ github.event.release.tag_name }}"
          echo "Listing release assets..."
          gh release view "${{ github.event.release.tag_name }}" --repo "${{ github.repository }}" --json assets --jq '.assets[] | .name'

      - name: Download SHA256SUMS
        env:
          GH_TOKEN: ${{ github.token }}
        run: |
          echo "Downloading SHA256SUMS file..."
          gh release download "${{ github.event.release.tag_name }}" \
            --repo "${{ github.repository }}" \
            --pattern "SHA256SUMS*" \
            --dir ./checksums

      - name: Verify checksums exist
        run: |
          echo "Checking SHA256SUMS file..."
          if [ ! -f ./checksums/SHA256SUMS ]; then
            echo "ERROR: SHA256SUMS file not found in release assets"
            exit 1
          fi

          echo "SHA256SUMS content:"
          cat ./checksums/SHA256SUMS

          # Verify the file has content
          if [ ! -s ./checksums/SHA256SUMS ]; then
            echo "ERROR: SHA256SUMS file is empty"
            exit 1
          fi

          echo "✅ SHA256SUMS file verified"

      - name: Download and verify binary checksums
        env:
          GH_TOKEN: ${{ github.token }}
        run: |
          cd ./checksums

          # Download Linux AMD64 binary for verification
          echo "Downloading sample binary for checksum verification..."
          gh release download "${{ github.event.release.tag_name }}" \
            --repo "${{ github.repository }}" \
            --pattern "*linux_amd64*" \
            --skip-existing || echo "No linux_amd64 binary found, skipping binary verification"

          # If we have binaries, verify their checksums
          if ls *linux_amd64* 1> /dev/null 2>&1; then
            echo "Verifying checksums..."
            sha256sum -c SHA256SUMS --ignore-missing
            echo "✅ Binary checksums verified"
          else
            echo "ℹ️ No binaries found to verify, checking SHA256SUMS format only"
            # Just verify the SHA256SUMS file has the expected format
            if grep -q "^[a-f0-9]\{64\}  " SHA256SUMS; then
              echo "✅ SHA256SUMS format is valid"
            else
              echo "ERROR: SHA256SUMS format appears invalid"
              exit 1
            fi
          fi

  container-smoke:
    name: Container Smoke Test
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: read
    steps:
      - name: Set up QEMU
        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1

      - name: Log in to Container Registry
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Pull and run container
        run: |
          IMAGE="ghcr.io/${{ github.repository_owner }}/glinrdock:${{ github.event.release.tag_name }}"
          echo "Testing container image: $IMAGE"

          # Pull the image
          docker pull "$IMAGE"

          # Run container in background
          docker run --rm -d \
            --name glinrdock-smoke-test \
            -p 18080:8080 \
            -e ADMIN_TOKEN="smoke-test-token" \
            --tmpfs /tmp:size=100M,mode=1777 \
            "$IMAGE"

          echo "Container started, waiting for startup..."
          sleep 5

      - name: Test health endpoint
        run: |
          echo "Testing health endpoint..."

          # Poll health endpoint for up to 30 seconds
          timeout=30
          elapsed=0
          success=false

          while [ $elapsed -lt $timeout ]; do
            if curl -f -s http://localhost:18080/v1/health > /dev/null; then
              echo "✅ Health check passed after ${elapsed}s"
              success=true
              break
            fi

            echo "Health check failed, retrying in 2s... (${elapsed}s/${timeout}s)"
            sleep 2
            elapsed=$((elapsed + 2))
          done

          if [ "$success" = false ]; then
            echo "ERROR: Health check failed after ${timeout}s"
            echo "Container logs:"
            docker logs glinrdock-smoke-test
            exit 1
          fi

      - name: Test health endpoint response
        run: |
          echo "Testing health endpoint response format..."

          response=$(curl -s http://localhost:18080/v1/health)
          echo "Health response: $response"

          # Basic validation that we get some response
          if [ -z "$response" ]; then
            echo "ERROR: Empty response from health endpoint"
            exit 1
          fi

          echo "✅ Health endpoint responding correctly"

      - name: Cleanup
        if: always()
        run: |
          echo "Cleaning up container..."
          docker stop glinrdock-smoke-test 2>/dev/null || true
          docker rm glinrdock-smoke-test 2>/dev/null || true