diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 285c1838..673c0166 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -722,194 +722,3 @@ jobs: echo "- **Commit**: ${{ env.TRIGGER_HEAD_SHA }}" echo "- **Scan Status**: ${{ steps.trivy-scan.outcome == 'success' && '✅ No critical vulnerabilities' || '❌ Vulnerabilities detected' }}" } >> "$GITHUB_STEP_SUMMARY" - - test-image: - name: Test Docker Image - needs: build-and-push - runs-on: ubuntu-latest - if: needs.build-and-push.outputs.skip_build != 'true' && needs.build-and-push.result == 'success' && (github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch') - env: - # Required for security teardown in integration tests - CHARON_EMERGENCY_TOKEN: ${{ secrets.CHARON_EMERGENCY_TOKEN }} - steps: - - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - - name: Normalize image name - run: | - raw="${{ github.repository_owner }}/${{ github.event.repository.name }}" - IMAGE_NAME=$(echo "$raw" | tr '[:upper:]' '[:lower:]') - echo "IMAGE_NAME=${IMAGE_NAME}" >> "$GITHUB_ENV" - - name: Determine image tag - id: tag - run: | - SHORT_SHA="$(echo "${{ env.TRIGGER_HEAD_SHA }}" | cut -c1-7)" - TRIGGER_REF="${{ env.TRIGGER_REF }}" - TRIGGER_EVENT="${{ env.TRIGGER_EVENT }}" - - # For PRs, use the pr-{number}-{short-sha} tag generated by metadata-action - if [[ "${TRIGGER_EVENT}" == "pull_request" ]]; then - PR_NUMBER="${{ env.TRIGGER_PR_NUMBER }}" - TAG="pr-${PR_NUMBER}-${SHORT_SHA}" - echo "tag=${TAG}" >> "$GITHUB_OUTPUT" - echo "ℹ️ Using PR tag: ${TAG}" - else - case "$TRIGGER_REF" in - refs/heads/main) - echo "tag=latest" >> "$GITHUB_OUTPUT" - ;; - refs/heads/development) - echo "tag=dev" >> "$GITHUB_OUTPUT" - ;; - refs/tags/v*) - echo "tag=${TRIGGER_REF#refs/tags/v}" >> "$GITHUB_OUTPUT" - ;; - *) - echo "tag=${SHORT_SHA}" >> "$GITHUB_OUTPUT" - ;; - esac - fi - - - name: Log in to GitHub Container Registry - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Pull Docker image - run: | - IMAGE="${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}" - echo "Pulling image: ${IMAGE}" - - if ! docker pull "${IMAGE}"; then - echo "" - echo "❌ Failed to pull image: ${IMAGE}" - echo "" - echo "📋 Debugging Information:" - echo " Event: ${{ env.TRIGGER_EVENT }}" - echo " PR Number: ${{ env.TRIGGER_PR_NUMBER }}" - echo " Commit SHA: ${{ env.TRIGGER_HEAD_SHA }}" - echo " Tag Generated: ${{ steps.tag.outputs.tag }}" - echo " Registry: ${{ env.GHCR_REGISTRY }}" - echo " Image Name: ${{ env.IMAGE_NAME }}" - echo "" - echo " Verify:" - echo " 1. build-and-push job completed successfully (check job status)" - echo " 2. Tag matches what build-and-push generated (check workflow logs)" - echo " 3. Image was pushed to GHCR (check registry)" - echo "" - exit 1 - fi - - echo "✅ Image pulled successfully: ${IMAGE}" - - name: Verify image before proceeding - run: | - IMAGE="${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}" - - if ! docker image inspect "${IMAGE}" >/dev/null 2>&1; then - echo "❌ ERROR: Image not available after pull" - echo "Image: ${IMAGE}" - docker images - exit 1 - fi - - echo "✅ Image verified: ${IMAGE}" - - - name: Create Docker Network - run: | - NETWORK_NAME="charon-test-net" - - # Remove stale network if it exists - docker network rm "${NETWORK_NAME}" 2>/dev/null || true - - # Create fresh network - if ! docker network create "${NETWORK_NAME}"; then - echo "❌ Failed to create Docker network: ${NETWORK_NAME}" - docker network ls - exit 1 - fi - - echo "✅ Docker network created: ${NETWORK_NAME}" - - - name: Run Upstream Service (whoami) - run: | - docker run -d \ - --name whoami \ - --network charon-test-net \ - traefik/whoami:latest@sha256:200689790a0a0ea48ca45992e0450bc26ccab5307375b41c84dfc4f2475937ab - - - name: Run Charon Container - timeout-minutes: 3 - run: | - docker run -d \ - --name test-container \ - --network charon-test-net \ - -p 8080:8080 \ - -p 80:80 \ - "${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}" - - # Wait for container to be healthy (max 3 minutes) - echo "Waiting for container to start..." - timeout 180s bash -c 'until docker exec test-container curl -sf http://localhost:8080/api/v1/health 2>/dev/null | grep -q "status"; do echo "Waiting..."; sleep 2; done' || { - echo "❌ Container failed to become healthy" - docker logs test-container - exit 1 - } - echo "✅ Container is healthy" - - name: Run Integration Test - timeout-minutes: 5 - run: .github/skills/scripts/skill-runner.sh integration-test-all - - - name: Check container logs - if: always() - run: | - echo "=== Charon Container Logs ===" - docker logs test-container || echo "ERROR: Could not retrieve container logs" - - echo "" - echo "=== Docker Container Status ===" - docker inspect test-container --format='Status: {{.State.Status}}, Exit Code: {{.State.ExitCode}}' || echo "Container not found" - - echo "" - echo "=== CrowdSec Configuration Verification ===" - echo "Checking if /etc/crowdsec/config.yaml is accessible in container:" - docker exec test-container test -f /etc/crowdsec/config.yaml && echo "✓ config.yaml found" || echo "✗ config.yaml NOT found" - - echo "" - echo "Checking CrowdSec symlink:" - docker exec test-container ls -la /etc/ | grep crowdsec || echo "No crowdsec entry in /etc" - - echo "" - echo "Checking /app/data/crowdsec/config/ contents:" - docker exec test-container ls -la /app/data/crowdsec/config/ 2>/dev/null | head -20 || echo "Directory not found or empty" - - echo "" - echo "Checking /etc/crowdsec.dist/ contents:" - docker exec test-container ls -la /etc/crowdsec.dist/ 2>/dev/null | head -20 || echo "Directory not found or empty" - - - name: Stop container - if: always() - run: | - echo "Cleaning up Docker resources..." - - # Stop and remove containers (continue even if they don't exist) - docker stop test-container 2>/dev/null || echo "ℹ️ Container test-container was not running" - docker stop whoami 2>/dev/null || echo "ℹ️ Container whoami was not running" - docker rm test-container 2>/dev/null || echo "ℹ️ Container test-container not found" - docker rm whoami 2>/dev/null || echo "ℹ️ Container whoami not found" - - # Remove network (continue even if it doesn't exist) - docker network rm charon-test-net 2>/dev/null || echo "ℹ️ Network charon-test-net not found" - - echo "✅ Cleanup complete" - - - name: Create test summary - if: always() - run: | - { - echo "## 🧪 Docker Image Test Results" - echo "" - echo "- **Image**: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}" - echo "- **Integration Test**: ${{ job.status == 'success' && '✅ Passed' || '❌ Failed' }}" - } >> "$GITHUB_STEP_SUMMARY"