akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity
Files
a41cfaae10a2e9425c2b70be41366641014e6baa
Charon/.docker/compose/docker-compose.playwright.yml
GitHub Actions 978f698570 fix(security): remove hardcoded encryption keys from docker compose files 
Replace hardcoded CHARON_ENCRYPTION_KEY with environment variable
substitution using Docker Compose required variable syntax.

docker-compose.playwright.yml: use ${CHARON_ENCRYPTION_KEY:?...}
docker-compose.e2e.yml: use ${CHARON_ENCRYPTION_KEY:?...}
e2e-tests.yml: add ephemeral key generation per CI run
.env.test.example: document the requirement prominently
Security: The old key exists in git history and must never be used
in production. Each CI run now generates a unique ephemeral key.

Refs: OWASP A02:2021 - Cryptographic Failures
2026-01-25 03:50:12 +00:00

137 lines
4.9 KiB
YAML
Raw Blame History

# Playwright E2E Test Environment
# ================================
# This configuration is specifically designed for Playwright E2E testing,
# both for local development and CI/CD pipelines.
#
# Usage:
# # Start basic E2E environment
# docker compose -f .docker/compose/docker-compose.playwright.yml up -d
#
# # Start with security testing services (CrowdSec)
# docker compose -f .docker/compose/docker-compose.playwright.yml --profile security-tests up -d
#
# # Start with notification testing services (MailHog)
# docker compose -f .docker/compose/docker-compose.playwright.yml --profile notification-tests up -d
#
# # Start with all optional services
# docker compose -f .docker/compose/docker-compose.playwright.yml --profile security-tests --profile notification-tests up -d
#
# The setup API will be available since no users exist in the fresh database.
# The auth.setup.ts fixture will create a test admin user automatically.
services:
# =============================================================================
# Charon Application - Core E2E Testing Service
# =============================================================================
charon-app:
build:
context: ../..
dockerfile: Dockerfile
container_name: charon-playwright
restart: "no"
ports:
- "8080:8080" # Management UI (Charon)
environment:
# Core configuration
- CHARON_ENV=test
- CHARON_DEBUG=0
- TZ=UTC
# E2E testing encryption key - 32 bytes base64 encoded (not for production!)
# Encryption key - MUST be provided via environment variable
# Generate with: export CHARON_ENCRYPTION_KEY=$(openssl rand -base64 32)
- CHARON_ENCRYPTION_KEY=${CHARON_ENCRYPTION_KEY:?CHARON_ENCRYPTION_KEY is required}
# Server settings
- CHARON_HTTP_PORT=8080
- CHARON_DB_PATH=/app/data/charon.db
- CHARON_FRONTEND_DIR=/app/frontend/dist
# Caddy settings
- CHARON_CADDY_ADMIN_API=http://localhost:2019
- CHARON_CADDY_CONFIG_DIR=/app/data/caddy
- CHARON_CADDY_BINARY=caddy
# ACME settings (staging for E2E tests)
- CHARON_ACME_STAGING=true
# Security features - disabled by default for faster tests
# Enable via profile: --profile security-tests
# FEATURE_CERBERUS_ENABLED deprecated - Cerberus enabled by default
- CHARON_SECURITY_CROWDSEC_MODE=disabled
# SMTP for notification tests (connects to MailHog when profile enabled)
- CHARON_SMTP_HOST=mailhog
- CHARON_SMTP_PORT=1025
- CHARON_SMTP_AUTH=false
volumes:
# Named volume for test data persistence during test runs
- playwright_data:/app/data
- playwright_caddy_data:/data
- playwright_caddy_config:/config
healthcheck:
test: ["CMD", "curl", "-sf", "http://localhost:8080/api/v1/health"]
interval: 5s
timeout: 3s
retries: 12
start_period: 10s
networks:
- playwright-network
# =============================================================================
# CrowdSec - Security Testing Service (Optional Profile)
# =============================================================================
crowdsec:
image: crowdsecurity/crowdsec:latest
container_name: charon-playwright-crowdsec
profiles:
- security-tests
restart: "no"
environment:
- COLLECTIONS=crowdsecurity/nginx crowdsecurity/http-cve
- BOUNCER_KEY_charon=test-bouncer-key-for-e2e
# Disable online features for isolated testing
- DISABLE_ONLINE_API=true
volumes:
- playwright_crowdsec_data:/var/lib/crowdsec/data
- playwright_crowdsec_config:/etc/crowdsec
healthcheck:
test: ["CMD", "cscli", "version"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
networks:
- playwright-network
# =============================================================================
# MailHog - Email Testing Service (Optional Profile)
# =============================================================================
mailhog:
image: mailhog/mailhog:latest
container_name: charon-playwright-mailhog
profiles:
- notification-tests
restart: "no"
ports:
- "1025:1025" # SMTP server
- "8025:8025" # Web UI for viewing emails
networks:
- playwright-network
# =============================================================================
# Named Volumes
# =============================================================================
volumes:
playwright_data:
driver: local
playwright_caddy_data:
driver: local
playwright_caddy_config:
driver: local
playwright_crowdsec_data:
driver: local
playwright_crowdsec_config:
driver: local
# =============================================================================
# Networks
# =============================================================================
networks:
playwright-network:
driver: bridge
Reference in New Issue View Git Blame Copy Permalink