56 lines
2.5 KiB
YAML
56 lines
2.5 KiB
YAML
# Docker Compose for E2E Testing
|
|
#
|
|
# This configuration runs Charon with a fresh, isolated database specifically for
|
|
# Playwright E2E tests. Use this to ensure tests start with a clean state.
|
|
#
|
|
# Usage:
|
|
# docker compose -f .docker/compose/docker-compose.e2e.yml up -d
|
|
#
|
|
# The setup API will be available since no users exist in the fresh database.
|
|
# The auth.setup.ts fixture will create a test admin user automatically.
|
|
|
|
services:
|
|
charon-e2e:
|
|
image: charon:local
|
|
container_name: charon-e2e
|
|
restart: "no"
|
|
ports:
|
|
- "8080:8080" # Management UI (Charon)
|
|
- "127.0.0.1:2019:2019" # Caddy admin API (read-only status; keep loopback only)
|
|
- "[::1]:2019:2019" # Caddy admin API (IPv6 loopback)
|
|
- "127.0.0.1:2020:2020" # Emergency tier-2 break-glass API (loopback only)
|
|
- "[::1]:2020:2020" # Emergency tier-2 break-glass API (IPv6 loopback)
|
|
environment:
|
|
- CHARON_ENV=e2e # Enable lenient rate limiting (50 attempts/min) for E2E tests
|
|
- CHARON_DEBUG=0
|
|
- TZ=UTC
|
|
# Encryption key - MUST be provided via environment variable
|
|
# Generate with: export CHARON_ENCRYPTION_KEY=$(openssl rand -base64 32)
|
|
- CHARON_ENCRYPTION_KEY=${CHARON_ENCRYPTION_KEY:?CHARON_ENCRYPTION_KEY is required}
|
|
# Emergency reset token - for break-glass recovery when locked out by ACL
|
|
# Generate with: openssl rand -hex 32
|
|
- CHARON_EMERGENCY_TOKEN=${CHARON_EMERGENCY_TOKEN:-test-emergency-token-for-e2e-32chars}
|
|
# Emergency server (Tier 2 break glass) - separate port bypassing all security
|
|
- CHARON_EMERGENCY_SERVER_ENABLED=true
|
|
- CHARON_EMERGENCY_BIND=0.0.0.0:2020 # Bind to all interfaces in container (avoid Caddy's 2019)
|
|
- CHARON_EMERGENCY_USERNAME=admin
|
|
- CHARON_EMERGENCY_PASSWORD=${CHARON_EMERGENCY_PASSWORD:-changeme}
|
|
- CHARON_HTTP_PORT=8080
|
|
- CHARON_DB_PATH=/app/data/charon.db
|
|
- CHARON_FRONTEND_DIR=/app/frontend/dist
|
|
- CHARON_CADDY_ADMIN_API=http://localhost:2019
|
|
- CHARON_CADDY_CONFIG_DIR=/app/data/caddy
|
|
- CHARON_CADDY_BINARY=caddy
|
|
- CHARON_ACME_STAGING=true
|
|
# FEATURE_CERBERUS_ENABLED deprecated - Cerberus enabled by default
|
|
tmpfs:
|
|
# True tmpfs for E2E test data - fresh on every run, in-memory only
|
|
# mode=1777 allows any user to write (container runs as non-root)
|
|
- /app/data:size=100M,mode=1777
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "curl -fsS http://localhost:8080/api/v1/health || exit 1"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 10
|
|
start_period: 10s
|