Skip to content

Add temporary admin routes to backfill DNS records (#1079) #1670

Add temporary admin routes to backfill DNS records (#1079)

Add temporary admin routes to backfill DNS records (#1079) #1670

Workflow file for this run

---
name: validate
concurrency:
group: validate-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
on:
pull_request:
branches:
- main
push:
branches:
- main
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
# This job detects which parts of the repo have been changed, setting future jobs up for conditional behavior.
detect-changes:
runs-on: ubuntu-latest
env:
IS_CI_AUTOMATION: "yes"
outputs:
src-changed: ${{ steps.check.outputs.src-changed }}
e2e-changed: ${{ steps.check.outputs.e2e-changed }}
iac-changed: ${{ steps.check.outputs.iac-changed }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "22"
- uses: dorny/paths-filter@v3
id: check
with:
filters: |
src-changed:
- 'assets/**'
- 'static/**'
- 'templates/**'
- 'scripts/entry.sh'
- 'Dockerfile'
- 'manage.py'
- 'MANIFEST.in'
- 'package.json'
- 'package-lock.json'
- 'pyproject.toml'
- 'README.md'
- 'src/**'
- 'uv.lock'
- 'vite.config.mjs'
e2e-changed:
- '.github/workflows/validate.yml'
- '.env.example'
- 'config.toml.example'
- 'docker-compose.yml'
- 'Dockerfile.keycloak'
- 'keycloak/**'
- 'test/e2e/**'
iac-changed:
- 'pulumi/**'
validate-accounts:
needs: detect-changes
if: needs.detect-changes.outputs.src-changed == 'true'
runs-on: ubuntu-latest
environment:
name: staging
deployment: false
steps:
- uses: actions/checkout@v4
- name: Start docker-compose
run: docker compose up -d --build -V postgres redis accounts vite-dev
# Manually run this step as it seems to not run correctly sometimes?
- name: Build frontend
run: |
docker compose exec vite-dev bash -c 'npm run build & npm run build-theme'
- name: Accounts lint check
run: |
docker compose exec accounts bash -c 'uv run ruff check'
- name: Test with pytest
run: |
docker compose exec accounts bash -c 'uv run coverage run --source="thunderbird_accounts" manage.py test thunderbird_accounts'
- name: Generate code coverage report
continue-on-error: true
run: |
docker compose exec accounts bash -c 'uv run coverage report'
validate-iac:
needs: detect-changes
if: needs.detect-changes.outputs.iac-changed
runs-on: ubuntu-latest
environment:
name: staging
deployment: false
steps:
- uses: actions/checkout@v4
- name: Ruff formatting/linting checks
uses: chartboost/ruff-action@v1
with:
src: "pulumi"
args: "format --check"
- name: Ruff error checks
uses: chartboost/ruff-action@v1
with:
src: "pulumi"
run-e2e-tests-local:
needs:
- detect-changes
- validate-accounts
if: >-
always() &&
(needs.detect-changes.outputs.src-changed == 'true' || needs.detect-changes.outputs.e2e-changed == 'true') &&
needs.detect-changes.result == 'success' &&
needs.validate-accounts.result != 'failure' &&
needs.validate-accounts.result != 'cancelled'
runs-on: ubuntu-latest
environment:
name: staging
deployment: false
env:
ACCTS_FXA_EMAIL: ${{ secrets.E2E_ACCTS_FXA_EMAIL }}
ACCTS_FXA_PWORD: ${{ secrets.E2E_ACCTS_FXA_PWORD }}
FXA_CLIENT_ID: ${{ secrets.E2E_ACCTS_FXA_CLIENT_ID }}
FXA_SECRET: ${{ secrets.E2E_ACCTS_FXA_SECRET }}
SECRET_KEY: ${{ secrets.E2E_ACCTS_SECRET_KEY }}
LOGIN_CODE_SECRET: ${{ secrets.E2E_ACCTS_LOGIN_CODE_SECRET }}
FXA_ENCRYPT_SECRET: ${{ secrets.E2E_ACCTS_FXA_ENCRYPT_SECRET }}
PADDLE_TOKEN: ${{ secrets.E2E_ACCTS_PADDLE_TOKEN }}
EMAIL_SIGN_UP_ADDRESS: ${{ secrets.E2E_ACCTS_PADDLE_EMAIL_SIGN_UP_ADDRESS }}
PADDLE_API_KEY: ${{ secrets.E2E_ACCTS_PADDLE_API_KEY }}
steps:
- uses: actions/checkout@v4
- name: Resolve `keycloak` host alias to localhost
shell: bash
run: |
# The accounts container's OIDC config redirects users through
# `http://keycloak:8999/...`, which is also where Keycloak issues its
# SSO cookies. Both Firefox (during sign-in) and Node-side fetches in
# the e2e tests (admin API calls) need that hostname to resolve, so
# add the alias the README already documents for local dev.
echo '127.0.0.1 keycloak' | sudo tee -a /etc/hosts
- name: Set up local environment
shell: bash
run: |
cp .env.example .env
mkdir -p mail/etc && cp config.toml.example mail/etc/config.toml
append_env_if_set() {
local key="$1"
local value="${!key}"
if [ -n "$value" ]; then
printf '%s=%s\n' "$key" "$value" >> .env
fi
}
echo >> .env
append_env_if_set FXA_CLIENT_ID
append_env_if_set FXA_SECRET
append_env_if_set SECRET_KEY
append_env_if_set LOGIN_CODE_SECRET
append_env_if_set FXA_ENCRYPT_SECRET
append_env_if_set PADDLE_TOKEN
append_env_if_set PADDLE_API_KEY
- name: Start accounts stack via docker
run: docker compose up -d --build -V
- name: Wait for local services
run: |
curl --retry 30 --retry-all-errors --retry-delay 2 --fail http://localhost:8087/health
curl --retry 30 --retry-all-errors --retry-delay 2 --fail http://localhost:9000/health/ready
- uses: actions/setup-node@v4
with:
node-version: 20
cache: 'npm'
cache-dependency-path: 'test/e2e/package-lock.json'
- name: Install E2E test dependencies
working-directory: test/e2e
run: |
npm ci
npx playwright install --with-deps firefox
- name: Create test plans
run: |
docker compose exec accounts ./manage.py create_plan_for_e2e_test Low ${{ secrets.E2E_ACCTS_PADDLE_PRODUCT_ID_LO }}
docker compose exec accounts ./manage.py create_plan_for_e2e_test Medium ${{ secrets.E2E_ACCTS_PADDLE_PRODUCT_ID_MD }}
docker compose exec accounts ./manage.py create_plan_for_e2e_test High ${{secrets.E2E_ACCTS_PADDLE_PRODUCT_ID_HI }}
- name: Give the e2e test account an active subscription
# The Vue router redirects authenticated users without an active
# subscription to /subscribe, which keeps the MFA tests from reaching
# /manage-mfa. The management command pre-creates the Django User row
# (mozilla-django-oidc only creates it on first sign-in) and attaches
# an ACTIVE Subscription so `User.has_active_subscription` is true.
run: |
docker compose exec accounts ./manage.py create_active_subscription_for_e2e_test admin@example.org
- name: Run E2E tests against local stack
id: e2e
working-directory: test/e2e
run: |
cp .env.dev.example .env
npm run e2e-test
- uses: actions/upload-artifact@v4
if: ${{ always() && !cancelled() }}
with:
name: playwright-report
path: test/e2e/playwright-report/
retention-days: 7