# Playwright E2E Test Environment for CI/CD # ========================================== # This configuration is specifically designed for GitHub Actions CI/CD pipelines. # Environment variables are provided via GitHub Secrets and generated dynamically. # # DO NOT USE env_file - CI provides variables via $GITHUB_ENV: # - CHARON_ENCRYPTION_KEY: Generated with openssl rand -base64 32 (ephemeral) # - CHARON_EMERGENCY_TOKEN: From repository secrets (secure) # # Usage in CI: # export CHARON_ENCRYPTION_KEY=$(openssl rand -base64 32) # export CHARON_EMERGENCY_TOKEN="${{ secrets.CHARON_EMERGENCY_TOKEN }}" # docker compose -f .docker/compose/docker-compose.playwright-ci.yml up -d # # Profiles: # # Start with security testing services (CrowdSec) # docker compose -f .docker/compose/docker-compose.playwright-ci.yml --profile security-tests up -d # # # Start with notification testing services (MailHog) # docker compose -f .docker/compose/docker-compose.playwright-ci.yml --profile notification-tests up -d # # The setup API will be available since no users exist in the fresh database. # The auth.setup.ts fixture will create a test admin user automatically. services: # ============================================================================= # Charon Application - Core E2E Testing Service # ============================================================================= charon-app: # CI provides CHARON_E2E_IMAGE_TAG=charon:e2e-test (retagged from shared digest) # Local development uses the default fallback value image: ${CHARON_E2E_IMAGE_TAG:-charon:e2e-test} container_name: charon-playwright restart: "no" # CI generates CHARON_ENCRYPTION_KEY dynamically in GitHub Actions workflow # and passes CHARON_EMERGENCY_TOKEN from GitHub Secrets via $GITHUB_ENV. # No .env file is used in CI as it's gitignored and not available. ports: - "8080:8080" # Management UI (Charon) - "127.0.0.1:2019:2019" # Caddy admin API (IPv4 loopback) - "[::1]:2019:2019" # Caddy admin API (IPv6 loopback) - "2020:2020" # Emergency tier-2 API (all interfaces for E2E tests) - "80:80" # Caddy proxy (all interfaces for E2E tests) - "443:443" # Caddy proxy HTTPS (all interfaces for E2E tests) environment: # Core configuration - CHARON_ENV=test - CHARON_DEBUG=0 - TZ=UTC # E2E testing encryption key - 32 bytes base64 encoded (not for production!) # Encryption key - MUST be provided via environment variable # Generate with: export CHARON_ENCRYPTION_KEY=$(openssl rand -base64 32) - CHARON_ENCRYPTION_KEY=${CHARON_ENCRYPTION_KEY:?CHARON_ENCRYPTION_KEY is required} # Emergency reset token - for break-glass recovery when locked out by ACL # Generate with: openssl rand -hex 32 - CHARON_EMERGENCY_TOKEN=${CHARON_EMERGENCY_TOKEN:-test-emergency-token-for-e2e-32chars} - CHARON_EMERGENCY_SERVER_ENABLED=true - CHARON_SECURITY_TESTS_ENABLED=${CHARON_SECURITY_TESTS_ENABLED:-true} # Emergency server must bind to 0.0.0.0 for Docker port mapping to work # Host binding via compose restricts external access (127.0.0.1:2020:2020) - CHARON_EMERGENCY_BIND=0.0.0.0:2020 # Emergency server Basic Auth (required for E2E tests) - CHARON_EMERGENCY_USERNAME=admin - CHARON_EMERGENCY_PASSWORD=changeme # Server settings - CHARON_HTTP_PORT=8080 - CHARON_DB_PATH=/app/data/charon.db - CHARON_FRONTEND_DIR=/app/frontend/dist # Caddy settings - CHARON_CADDY_ADMIN_API=http://localhost:2019 - CHARON_CADDY_CONFIG_DIR=/app/data/caddy - CHARON_CADDY_BINARY=caddy # ACME settings (staging for E2E tests) - CHARON_ACME_STAGING=true # Security features - disabled by default for faster tests # Enable via profile: --profile security-tests # FEATURE_CERBERUS_ENABLED deprecated - Cerberus enabled by default - CHARON_SECURITY_CROWDSEC_MODE=disabled # SMTP for notification tests (connects to MailHog when profile enabled) - CHARON_SMTP_HOST=mailhog - CHARON_SMTP_PORT=1025 - CHARON_SMTP_AUTH=false volumes: # Named volume for test data persistence during test runs - playwright_data:/app/data - playwright_caddy_data:/data - playwright_caddy_config:/config healthcheck: test: ["CMD", "curl", "-sf", "http://localhost:8080/api/v1/health"] interval: 5s timeout: 3s retries: 12 start_period: 10s networks: - playwright-network # ============================================================================= # CrowdSec - Security Testing Service (Optional Profile) # ============================================================================= crowdsec: image: crowdsecurity/crowdsec:latest@sha256:63b595fef92de1778573b375897a45dd226637ee9a3d3db9f57ac7355c369493 container_name: charon-playwright-crowdsec profiles: - security-tests restart: "no" environment: - COLLECTIONS=crowdsecurity/nginx crowdsecurity/http-cve - BOUNCER_KEY_charon=test-bouncer-key-for-e2e # Disable online features for isolated testing - DISABLE_ONLINE_API=true volumes: - playwright_crowdsec_data:/var/lib/crowdsec/data - playwright_crowdsec_config:/etc/crowdsec healthcheck: test: ["CMD", "cscli", "version"] interval: 10s timeout: 5s retries: 5 start_period: 30s networks: - playwright-network # ============================================================================= # MailHog - Email Testing Service (Optional Profile) # ============================================================================= mailhog: image: mailhog/mailhog:latest@sha256:8d76a3d4ffa32a3661311944007a415332c4bb855657f4f6c57996405c009bea container_name: charon-playwright-mailhog profiles: - notification-tests restart: "no" ports: - "1025:1025" # SMTP server - "8025:8025" # Web UI for viewing emails networks: - playwright-network # ============================================================================= # Named Volumes # ============================================================================= volumes: playwright_data: driver: local playwright_caddy_data: driver: local playwright_caddy_config: driver: local playwright_crowdsec_data: driver: local playwright_crowdsec_config: driver: local # ============================================================================= # Networks # ============================================================================= networks: playwright-network: driver: bridge