Skip to content

ci: run UI + API tests against the built runtime container#19

Merged
hoobio merged 2 commits into
mainfrom
ci/test-against-container
May 23, 2026
Merged

ci: run UI + API tests against the built runtime container#19
hoobio merged 2 commits into
mainfrom
ci/test-against-container

Conversation

@hoobio
Copy link
Copy Markdown
Owner

@hoobio hoobio commented May 23, 2026

Summary

  • Switches the ui-tests and api-tests CI jobs to download the build-${run_id} artefact, docker load image.tar, and run Playwright + Bruno against the same runtime container the publish step would push.
  • Drops the redundant pnpm run build rerun and the node packages/api/dist/server.js spawn in those two jobs.
  • test-pdt composite action grows an image-tar-path input that drives the load + run + healthcheck flow. The legacy node-spawn path is kept for direct callers. Container logs are uploaded as an artefact on failure for easier debugging.

Why

Today Dockerfile-specific regressions (base image swap, missing env var, wrong WORKDIR, port binding, file ownership) only surface in pdt-prod after release-please has already cut the tag. Running PR tests against the actual image closes that gap with no extra build cost - the image tar already exists from the build job.

Test plan

  • CI: lint, typecheck, unit tests still green
  • CI: ui-tests runs Playwright local project against the container on :8090
  • CI: api-tests runs Bruno local env against the container on :8090
  • CI: sbom-scan still loads the same image tar without conflict
  • On failure, container.log is uploaded as an artefact

@hoobio
ci: 👷 run UI + API tests against the built runtime container
6e9da09 
Drops the redundant rebuild + `node packages/api/dist/server.js` spawn
in the `ui-tests` and `api-tests` jobs. They now download the
`build-${run_id}` artefact, `docker load image.tar`, and start the same
image the publish step would push - so Dockerfile-specific regressions
(base image swap, missing env var, wrong WORKDIR, port binding) get
caught before release-please cuts a tag instead of only by `pdt-prod`.

`test-pdt` gets a new `image-tar-path` input that drives the
load + run + healthcheck flow; the legacy node-spawn path is kept for
direct callers. Container logs are captured on failure.
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 23, 2026

Coverage summary

package statements branches functions lines
api 75.13% 53.42% 87.17% 76%
schemas 100% 100% 100% 100%
web 59.36% 41.01% 64.23% 62%

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 23, 2026

✅ CodeQL Security Scan

🎉 No security alerts found.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 23, 2026
edited
Loading

✅ Dependency-Track scan (site@pr-19)

🎉 No findings.

Gate: fails on critical or worse.

Components (135 total)

Type Count
library 129
file 3
application 1
container 1
operating-system 1
Full component list
Name Version Type Licenses
node 24.16.0 application
hoobi-portfolio-build 26336517760 container
/work `` file
/work/.github/workflows/ci.yml `` file
/work/.github/workflows/pr-title-check.yml `` file
./operations/pipelines/build-bundle UNKNOWN library
./operations/pipelines/deploy-bicep UNKNOWN library
./operations/pipelines/dt-findings-to-blob UNKNOWN library
./operations/pipelines/install-deps UNKNOWN library
./operations/pipelines/test-pdt UNKNOWN library
@fastify/accept-negotiator 2.0.1 library MIT
@fastify/ajv-compiler 4.0.5 library MIT
@fastify/error 4.2.0 library MIT
@fastify/fast-json-stringify-compiler 5.0.3 library MIT
@fastify/forwarded 3.0.1 library MIT
@fastify/merge-json-schemas 0.2.1 library MIT
@fastify/proxy-addr 5.1.0 library MIT
@fastify/send 4.1.0 library MIT
@fastify/static 9.1.3 library MIT
@fastify/swagger 9.7.0 library MIT
@fastify/swagger-ui 5.2.6 library MIT
@hoobi-portfolio/api 0.1.0 library
@hoobi-portfolio/schemas 0.1.0 library
@lukeed/ms 2.0.2 library MIT
@pinojs/redact 0.4.0 library MIT
abstract-logging 2.0.1 library MIT
actions/attest-build-provenance v4 library
actions/attest-sbom v4 library
actions/checkout v6 library
actions/create-github-app-token v3 library
actions/download-artifact v8 library
actions/upload-artifact v7 library
ajv 8.20.0 library MIT
ajv-formats 3.0.1 library MIT
amannn/action-semantic-pull-request v6 library
atomic-sleep 1.0.0 library MIT
avvio 9.2.0 library MIT
azure/login v3 library
balanced-match 4.0.4 library MIT
base-files 13.8+deb13u5 library GPL-2.0-or-later, GPL, verbatim
base-files 13.8+deb13u5 library GPL-2.0-or-later, GPL, verbatim
benchmark 1.0.0 library ISC
benchmarks 1.0.0 library
brace-expansion 5.0.6 library MIT
ca-certificates 20250419 library GPL-2.0-only, GPL-2.0-or-later, MPL-2.0
ca-certificates 20250419 library GPL-2.0-only, GPL-2.0-or-later, MPL-2.0
content-disposition 1.1.0 library MIT
cookie 1.1.1 library MIT
debug 4.4.3 library MIT
depd 2.0.0 library MIT
dequal 2.0.3 library MIT
docker/build-push-action v7 library
docker/login-action v4 library
docker/setup-buildx-action v4 library
escape-html 1.0.3 library MIT
fast-decode-uri-component 1.0.1 library MIT
fast-deep-equal 3.1.3 library MIT
fast-json-stringify 6.4.0 library MIT
fast-querystring 1.1.2 library MIT
fast-uri 3.1.2 library BSD-3-Clause
fastify 5.8.5 library MIT
fastify-plugin 5.1.0 library MIT
fastify-type-provider-zod 6.1.0 library MIT
fastq 1.20.1 library ISC
find-my-way 9.6.0 library MIT
gcc-14-base 14.2.0-19 library GFDL-1.2-only, GPL-3.0-only, Artistic, GPL, LGPL
gcc-14-base 14.2.0-19 library GFDL-1.2-only, GPL-3.0-only, Artistic, GPL, LGPL
github/codeql-action/analyze v4 library
github/codeql-action/init v4 library
glob 13.0.6 library BlueOak-1.0.0
hoobio/pipeline-tools/pipeline/github/job/upload-sbom-to-dependency-track v2.3.0 library
hoobio/pipeline-tools/pipeline/github/step/build-cyclonedx-sbom v2.3.0 library
hoobio/pipeline-tools/pipeline/github/step/dt-findings-pr-gate v2.3.0 library
hoobio/pipeline-tools/pipeline/github/step/release-please v2.3.0 library
http-errors 2.0.1 library MIT
inherits 2.0.4 library ISC
ipaddr.js 2.4.0 library MIT
json-schema-ref-resolver 3.0.0 library MIT
json-schema-resolver 3.0.0 library MIT
json-schema-traverse 1.0.0 library MIT
libc6 2.41-12+deb13u3 library BSD-2-Clause, BSL-1.0, FSFAP, GPL-2.0-only, GPL-2.0-or-later, GPL-3.0-only, GPL-3.0-or-later, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-3.0-only, LGPL-3.0-or-later, SunPro, Unicode-DFS-2016, BSD-3-clause-Berkeley, BSD-3-clause-Carnegie, BSD-3-clause-Oracle, BSD-3-clause-WIDE, BSD-like-Spencer, CORE-MATH, Carnegie, DEC, GPL-2+-with-link-exception, IBM, Inner-Net, LGPL-2.1+-with-link-exception, MIT-like-Lord, PCRE, Univ-Coimbra, public-domain
libc6 2.41-12+deb13u3 library BSD-2-Clause, BSL-1.0, FSFAP, GPL-2.0-only, GPL-2.0-or-later, GPL-3.0-only, GPL-3.0-or-later, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-3.0-only, LGPL-3.0-or-later, SunPro, Unicode-DFS-2016, BSD-3-clause-Berkeley, BSD-3-clause-Carnegie, BSD-3-clause-Oracle, BSD-3-clause-WIDE, BSD-like-Spencer, CORE-MATH, Carnegie, DEC, GPL-2+-with-link-exception, IBM, Inner-Net, LGPL-2.1+-with-link-exception, MIT-like-Lord, PCRE, Univ-Coimbra, public-domain
libgcc-s1 14.2.0-19 library GFDL-1.2-only, GPL-3.0-only, Artistic, GPL, LGPL
libgcc-s1 14.2.0-19 library GFDL-1.2-only, GPL-3.0-only, Artistic, GPL, LGPL
libgomp1 14.2.0-19 library GFDL-1.2-only, GPL-3.0-only, Artistic, GPL, LGPL
libgomp1 14.2.0-19 library GFDL-1.2-only, GPL-3.0-only, Artistic, GPL, LGPL
libreadline8t64 8.2-6 library GPL-2.0-only, GPL-2.0-or-later, GPL-3.0-only, GPL-3.0-or-later, GFDL, GFDL-NIV-1.3+, ISC-no-attribution
libreadline8t64 8.2-6 library GPL-2.0-only, GPL-2.0-or-later, GPL-3.0-only, GPL-3.0-or-later, GFDL, GFDL-NIV-1.3+, ISC-no-attribution
libssl3t64 3.5.6-1~deb13u1 library Apache-2.0, GPL-1.0-only, GPL-1.0-or-later, Artistic
libssl3t64 3.5.6-1~deb13u1 library Apache-2.0, GPL-1.0-only, GPL-1.0-or-later, Artistic
libstdc++6 14.2.0-19 library GFDL-1.2-only, GPL-3.0-only, Artistic, GPL, LGPL
libstdc++6 14.2.0-19 library GFDL-1.2-only, GPL-3.0-only, Artistic, GPL, LGPL
light-my-request 6.6.0 library BSD-3-Clause
lru-cache 11.5.0 library BlueOak-1.0.0
mime 3.0.0 library MIT
minimatch 10.2.5 library BlueOak-1.0.0
minipass 7.1.3 library BlueOak-1.0.0
ms 2.1.3 library MIT
netbase 6.5 library GPL-2.0-only
netbase 6.5 library GPL-2.0-only
on-exit-leak-free 2.1.2 library MIT
openapi-types 12.1.3 library MIT
openssl-provider-legacy 3.5.6-1~deb13u1 library Apache-2.0, GPL-1.0-only, GPL-1.0-or-later, Artistic
openssl-provider-legacy 3.5.6-1~deb13u1 library Apache-2.0, GPL-1.0-only, GPL-1.0-or-later, Artistic
path-scurry 2.0.2 library BlueOak-1.0.0
pino 10.3.1 library MIT
pino-abstract-transport 3.0.0 library MIT
pino-std-serializers 7.1.0 library MIT
process-warning 4.0.1 library MIT
process-warning 5.0.0 library MIT
quick-format-unescaped 4.0.4 library MIT
real-require 0.2.0 library MIT
real-require 1.0.0 library MIT
require-from-string 2.0.2 library MIT
ret 0.5.0 library MIT
reusify 1.1.0 library MIT
rfdc 1.4.1 library MIT
safe-regex2 5.1.1 library MIT
safe-stable-stringify 2.5.0 library MIT
secure-json-parse 4.1.0 library BSD-3-Clause
semver 7.8.1 library ISC
set-cookie-parser 2.7.2 library MIT
setprototypeof 1.2.0 library ISC
sonic-boom 4.2.1 library MIT
split2 4.2.0 library ISC
statuses 2.0.2 library MIT
thread-stream 4.2.0 library MIT
toad-cache 3.7.1 library MIT
toidentifier 1.0.1 library MIT
transport 0.0.1 library
tzdata 2026b-0+deb13u1 library public-domain
tzdata 2026b-0+deb13u1 library public-domain
yaml 2.9.0 library ISC
zod 4.4.3 library MIT
debian 13 operating-system

📎 Full HTML report: see the dt-findings artifact in this workflow run.

@hoobio hoobio merged commit 7beae75 into main May 23, 2026
6 checks passed
@hoobio hoobio deleted the ci/test-against-container branch May 23, 2026 15:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hoobio