fix(ci): resolve E2E test failures - emergency server ports and deterministic ACL disable
This commit is contained in:
GitHub Actions
@@ -15,8 +15,11 @@ services:
|
||||
container_name: charon-e2e
|
||||
restart: "no"
|
||||
ports:
|
||||
- "8080:8080" # Management UI (Charon)
|
||||
- "2020:2020" # Emergency server (DO NOT expose publicly in production!)
|
||||
- "8080:8080" # Management UI (Charon)
|
||||
- "127.0.0.1:2019:2019" # Caddy admin API (read-only status; keep loopback only)
|
||||
- "[::1]:2019:2019" # Caddy admin API (IPv6 loopback)
|
||||
- "127.0.0.1:2020:2020" # Emergency tier-2 break-glass API (loopback only)
|
||||
- "[::1]:2020:2020" # Emergency tier-2 break-glass API (IPv6 loopback)
|
||||
environment:
|
||||
- CHARON_ENV=e2e # Enable lenient rate limiting (50 attempts/min) for E2E tests
|
||||
- CHARON_DEBUG=0
|
||||
|
||||
@@ -31,7 +31,11 @@ services:
|
||||
container_name: charon-playwright
|
||||
restart: "no"
|
||||
ports:
|
||||
- "8080:8080" # Management UI (Charon)
|
||||
- "8080:8080" # Management UI (Charon)
|
||||
- "127.0.0.1:2019:2019" # Caddy admin API (IPv4 loopback)
|
||||
- "[::1]:2019:2019" # Caddy admin API (IPv6 loopback)
|
||||
- "127.0.0.1:2020:2020" # Emergency tier-2 API (IPv4 loopback)
|
||||
- "[::1]:2020:2020" # Emergency tier-2 API (IPv6 loopback)
|
||||
environment:
|
||||
# Core configuration
|
||||
- CHARON_ENV=test
|
||||
@@ -44,6 +48,13 @@ services:
|
||||
# Emergency reset token - for break-glass recovery when locked out by ACL
|
||||
# Generate with: openssl rand -hex 32
|
||||
- CHARON_EMERGENCY_TOKEN=${CHARON_EMERGENCY_TOKEN:-test-emergency-token-for-e2e-32chars}
|
||||
- CHARON_EMERGENCY_SERVER_ENABLED=true
|
||||
# Emergency server must bind to 0.0.0.0 for Docker port mapping to work
|
||||
# Host binding via compose restricts external access (127.0.0.1:2020:2020)
|
||||
- CHARON_EMERGENCY_BIND=0.0.0.0:2020
|
||||
# Emergency server Basic Auth (required for E2E tests)
|
||||
- CHARON_EMERGENCY_USERNAME=admin
|
||||
- CHARON_EMERGENCY_PASSWORD=changeme
|
||||
# Server settings
|
||||
- CHARON_HTTP_PORT=8080
|
||||
- CHARON_DB_PATH=/app/data/charon.db
|
||||
|
||||
@@ -10,7 +10,7 @@ services:
|
||||
- "8080:8080" # Management UI (Charon)
|
||||
# Emergency server port - ONLY expose via SSH tunnel or VPN for security
|
||||
# Uncomment ONLY if you need localhost access on host machine:
|
||||
# - "127.0.0.1:2019:2019" # Emergency server (localhost-only)
|
||||
# - "127.0.0.1:2020:2020" # Emergency server Tier-2 (localhost-only, avoids Caddy's 2019)
|
||||
environment:
|
||||
- CHARON_ENV=production # CHARON_ preferred; CPM_ values still supported
|
||||
- TZ=UTC # Set timezone (e.g., America/New_York)
|
||||
@@ -22,7 +22,7 @@ services:
|
||||
# - CHARON_EMERGENCY_TOKEN=${CHARON_EMERGENCY_TOKEN} # Store in secrets manager
|
||||
# Tier 2: Emergency server on separate port (bypasses Caddy/CrowdSec entirely)
|
||||
# - CHARON_EMERGENCY_SERVER_ENABLED=false # Disabled by default
|
||||
# - CHARON_EMERGENCY_BIND=127.0.0.1:2019 # Localhost only
|
||||
# - CHARON_EMERGENCY_BIND=127.0.0.1:2020 # Localhost only (port 2020 avoids Caddy admin API)
|
||||
# - CHARON_EMERGENCY_USERNAME=admin
|
||||
# - CHARON_EMERGENCY_PASSWORD=${EMERGENCY_PASSWORD} # Store in secrets manager
|
||||
- CHARON_HTTP_PORT=8080
|
||||
|
||||
Reference in New Issue
Block a user