chore: clean .gitignore cache

.docker/compose/docker-compose.playwright.yml

@@ -0,0 +1,139 @@
+# Playwright E2E Test Environment
+# ================================
+# This configuration is specifically designed for Playwright E2E testing,
+# both for local development and CI/CD pipelines.
+#
+# Usage:
+#   # Start basic E2E environment
+#   docker compose -f .docker/compose/docker-compose.playwright.yml up -d
+#
+#   # Start with security testing services (CrowdSec)
+#   docker compose -f .docker/compose/docker-compose.playwright.yml --profile security-tests up -d
+#
+#   # Start with notification testing services (MailHog)
+#   docker compose -f .docker/compose/docker-compose.playwright.yml --profile notification-tests up -d
+#
+#   # Start with all optional services
+#   docker compose -f .docker/compose/docker-compose.playwright.yml --profile security-tests --profile notification-tests up -d
+#
+# The setup API will be available since no users exist in the fresh database.
+# The auth.setup.ts fixture will create a test admin user automatically.
+
+services:
+  # =============================================================================
+  # Charon Application - Core E2E Testing Service
+  # =============================================================================
+  charon-app:
+    build:
+      context: ../..
+      dockerfile: Dockerfile
+    container_name: charon-playwright
+    restart: "no"
+    ports:
+      - "8080:8080"    # Management UI (Charon)
+    environment:
+      # Core configuration
+      - CHARON_ENV=test
+      - CHARON_DEBUG=0
+      - TZ=UTC
+      # E2E testing encryption key - 32 bytes base64 encoded (not for production!)
+      # Encryption key - MUST be provided via environment variable
+      # Generate with: export CHARON_ENCRYPTION_KEY=$(openssl rand -base64 32)
+      - CHARON_ENCRYPTION_KEY=${CHARON_ENCRYPTION_KEY:?CHARON_ENCRYPTION_KEY is required}
+      # Emergency reset token - for break-glass recovery when locked out by ACL
+      # Generate with: openssl rand -hex 32
+      - CHARON_EMERGENCY_TOKEN=${CHARON_EMERGENCY_TOKEN:-test-emergency-token-for-e2e-32chars}
+      # Server settings
+      - CHARON_HTTP_PORT=8080
+      - CHARON_DB_PATH=/app/data/charon.db
+      - CHARON_FRONTEND_DIR=/app/frontend/dist
+      # Caddy settings
+      - CHARON_CADDY_ADMIN_API=http://localhost:2019
+      - CHARON_CADDY_CONFIG_DIR=/app/data/caddy
+      - CHARON_CADDY_BINARY=caddy
+      # ACME settings (staging for E2E tests)
+      - CHARON_ACME_STAGING=true
+      # Security features - disabled by default for faster tests
+      # Enable via profile: --profile security-tests
+      # FEATURE_CERBERUS_ENABLED deprecated - Cerberus enabled by default
+      - CHARON_SECURITY_CROWDSEC_MODE=disabled
+      # SMTP for notification tests (connects to MailHog when profile enabled)
+      - CHARON_SMTP_HOST=mailhog
+      - CHARON_SMTP_PORT=1025
+      - CHARON_SMTP_AUTH=false
+    volumes:
+      # Named volume for test data persistence during test runs
+      - playwright_data:/app/data
+      - playwright_caddy_data:/data
+      - playwright_caddy_config:/config
+    healthcheck:
+      test: ["CMD", "curl", "-sf", "http://localhost:8080/api/v1/health"]
+      interval: 5s
+      timeout: 3s
+      retries: 12
+      start_period: 10s
+    networks:
+      - playwright-network
+
+  # =============================================================================
+  # CrowdSec - Security Testing Service (Optional Profile)
+  # =============================================================================
+  crowdsec:
+    image: crowdsecurity/crowdsec:latest
+    container_name: charon-playwright-crowdsec
+    profiles:
+      - security-tests
+    restart: "no"
+    environment:
+      - COLLECTIONS=crowdsecurity/nginx crowdsecurity/http-cve
+      - BOUNCER_KEY_charon=test-bouncer-key-for-e2e
+      # Disable online features for isolated testing
+      - DISABLE_ONLINE_API=true
+    volumes:
+      - playwright_crowdsec_data:/var/lib/crowdsec/data
+      - playwright_crowdsec_config:/etc/crowdsec
+    healthcheck:
+      test: ["CMD", "cscli", "version"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+    networks:
+      - playwright-network
+
+  # =============================================================================
+  # MailHog - Email Testing Service (Optional Profile)
+  # =============================================================================
+  mailhog:
+    image: mailhog/mailhog:latest
+    container_name: charon-playwright-mailhog
+    profiles:
+      - notification-tests
+    restart: "no"
+    ports:
+      - "1025:1025"    # SMTP server
+      - "8025:8025"    # Web UI for viewing emails
+    networks:
+      - playwright-network
+
+# =============================================================================
+# Named Volumes
+# =============================================================================
+volumes:
+  playwright_data:
+    driver: local
+  playwright_caddy_data:
+    driver: local
+  playwright_caddy_config:
+    driver: local
+  playwright_crowdsec_data:
+    driver: local
+  playwright_crowdsec_config:
+    driver: local
+
+# =============================================================================
+# Networks
+# =============================================================================
+networks:
+  playwright-network:
+    driver: bridge