From 6791572f73010eff0bb64d56b16a57370d80ebc2 Mon Sep 17 00:00:00 2001 From: Dmitriy Myakotin <75628188+MDI74@users.noreply.github.com> Date: Thu, 15 Jan 2026 15:31:50 +0500 Subject: [PATCH 01/22] ci: #35: migrate workflow for deploy to prod and run e2e tests from items-api to sync and use the actual version --- .devcontainer/devcontainer.json | 4 +- .dockerignore | 42 +++- .../.reusable-docker-build-and-push.yml | 197 ++++++++++++++++++ .../.reusable-e2e-tests-against-prod.yml | 32 +++ .../workflows/deploy-to-prod-from-default.yml | 43 ++++ .github/workflows/docker-build-and-push.yml | 57 ----- .../workflows/e2e-tests-on-pull-request.yml | 76 +++++++ .../karate-tests-on-pull-request.yml | 99 --------- .github/workflows/prod-docker-publish.yml | 45 ---- .../workflows/unit-tests-on-pull-request.yml | 7 +- docker-compose.yml | 6 +- e2e/documents-get-employees.feature | 8 +- 12 files changed, 402 insertions(+), 214 deletions(-) create mode 100644 .github/workflows/.reusable-docker-build-and-push.yml create mode 100644 .github/workflows/.reusable-e2e-tests-against-prod.yml create mode 100644 .github/workflows/deploy-to-prod-from-default.yml delete mode 100644 .github/workflows/docker-build-and-push.yml create mode 100644 .github/workflows/e2e-tests-on-pull-request.yml delete mode 100644 .github/workflows/karate-tests-on-pull-request.yml delete mode 100644 .github/workflows/prod-docker-publish.yml diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index cb7d5f1..d5d6666 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -20,8 +20,8 @@ } }, "containerEnv": { - "AUTH_API_ROOT_URL": "http://localhost:8504/api", - "API_ROOT_URL": "http://localhost:6504", + "AUTH_API_ROOT_URL": "http://localhost:8504/api/auth", + "API_ROOT_URL": "http://localhost:6504/api/documents", "SHOULD_USE_FAKE_EXTERNAL_DEPENDENCIES": "true" } } \ No newline at end of file diff --git a/.dockerignore b/.dockerignore index 90c8f65..919ecd9 100644 --- a/.dockerignore +++ b/.dockerignore @@ -23,4 +23,44 @@ **/values.dev.yaml LICENSE README.md -target/ \ No newline at end of file +!**/.gitignore +!.git/HEAD +!.git/config +!.git/packed-refs +!.git/refs/heads/** + +# we don't need tests and their related code in production +**/*Tests.cs +**/*TestsRelated.cs + +**/bin/* +**/obj/* +**/.vs/* +**/.vscode/* +**.user +**.http + +**/appsettings.** +# need to include these files for tests execution in docker compose even though these maigh not be used in prod +!**/appsettings.json +!**/appsettings.MockForPullRequest.json + +**/Dockerfile +**/lib/* + +.devcontainer/ +.github/ +target/ +ci/ +e2e/ + +.dockerignore +.editorconfig +.gitattributes +.gitignore +docker-compose.yml +LICENSE +pgAdmin.json +README.md +release.config.cjs +release.rules.cjs diff --git a/.github/workflows/.reusable-docker-build-and-push.yml b/.github/workflows/.reusable-docker-build-and-push.yml new file mode 100644 index 0000000..7bf1c59 --- /dev/null +++ b/.github/workflows/.reusable-docker-build-and-push.yml @@ -0,0 +1,197 @@ +name: Publish Docker image + +# !!! NEVER add on push when there is on workflow_call +# if you do that the workflow can run multiple times +# for instance if you re-use this docker build workflow for prod deployment and for local-env in PR +# it will build the docker image it twice +# if you build => deploy => run e2e against prod it will build the image 3 times! +on: + # to allow to wait for a docker image to be published to proceed in another workflow + workflow_call: + +jobs: + build-amd64: + runs-on: ubuntu-24.04 + steps: + - name: Check out the repo + uses: actions/checkout@v4 + + # this is needed to address this issue according to the comment https://github.com/devcontainers/ci/issues/271#issuecomment-2301764487 + # otherwise our TourmalineCore org name cannot be used in docker image names, only tourmalinecore + - name: Add Registry Image Env Var With Lowercase Organization and Repo Name + run: | + echo "REGISTRY_IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + + - name: Prepare + run: | + platform=linux/amd64 + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY_IMAGE }} + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and push by digest + id: build + uses: docker/build-push-action@v6 + with: + platforms: linux/amd64 + context: . + file: ./Api/Dockerfile + build-args: | + EXCLUDE_UNIT_TESTS_FROM_BUILD=true + labels: ${{ steps.meta.outputs.labels }} + tags: ${{ env.REGISTRY_IMAGE }} + outputs: type=image,push-by-digest=true,name-canonical=true,push=true + + - name: Export digest + run: | + mkdir -p ${{ runner.temp }}/digests + digest="${{ steps.build.outputs.digest }}" + touch "${{ runner.temp }}/digests/${digest#sha256:}" + + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: ${{ runner.temp }}/digests/* + if-no-files-found: error + retention-days: 1 + + build-arm64: + runs-on: ubuntu-24.04-arm + steps: + - name: Check out the repo + uses: actions/checkout@v4 + + # this is needed to address this issue according to the comment https://github.com/devcontainers/ci/issues/271#issuecomment-2301764487 + # otherwise our TourmalineCore org name cannot be used in docker image names, only tourmalinecore + - name: Add Registry Image Env Var With Lowercase Organization and Repo Name + run: | + echo "REGISTRY_IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + + - name: Prepare + run: | + platform=linux/arm64 + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY_IMAGE }} + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and push by digest + id: build + uses: docker/build-push-action@v6 + with: + platforms: linux/arm64 + context: . + file: ./Api/Dockerfile + build-args: | + EXCLUDE_UNIT_TESTS_FROM_BUILD=true + labels: ${{ steps.meta.outputs.labels }} + tags: ${{ env.REGISTRY_IMAGE }} + outputs: type=image,push-by-digest=true,name-canonical=true,push=true + + - name: Export digest + run: | + mkdir -p ${{ runner.temp }}/digests + digest="${{ steps.build.outputs.digest }}" + touch "${{ runner.temp }}/digests/${digest#sha256:}" + + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: ${{ runner.temp }}/digests/* + if-no-files-found: error + retention-days: 1 + merge: + runs-on: ubuntu-24.04 + needs: + - build-amd64 + - build-arm64 + steps: + # this is needed to address this issue according to the comment https://github.com/devcontainers/ci/issues/271#issuecomment-2301764487 + # otherwise our TourmalineCore org name cannot be used in docker image names, only tourmalinecore + - name: Add Registry Image Env Var With Lowercase Organization and Repo Name + run: | + echo "REGISTRY_IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: ${{ runner.temp }}/digests + pattern: digests-* + merge-multiple: true + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Check out the repo + uses: actions/checkout@v4 + + - name: Add SEMVER_VERSION Env Var with Value from __version File + run: | + echo "SEMVER_VERSION=$(cat __version)" >>${GITHUB_ENV} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY_IMAGE }} + tags: | + # minimal (short sha) + type=sha + # full length sha + type=sha,format=long + # SemVer human readable version + type=raw,value=${{ env.SEMVER_VERSION }} + # set latest tag for default branch + # https://github.com/docker/metadata-action/issues/171 explains how to tag latest only on default branch + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }} + env: + # https://github.com/docker/metadata-action/issues/283 + # without this flag it won't tag the image using the commit SHA + # for non push events like pull_request ones it requires this :( + DOCKER_METADATA_PR_HEAD_SHA: true + + - name: Create manifest list and push + working-directory: ${{ runner.temp }}/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} \ No newline at end of file diff --git a/.github/workflows/.reusable-e2e-tests-against-prod.yml b/.github/workflows/.reusable-e2e-tests-against-prod.yml new file mode 100644 index 0000000..e6ea7b0 --- /dev/null +++ b/.github/workflows/.reusable-e2e-tests-against-prod.yml @@ -0,0 +1,32 @@ +name: E2E Tests Against Prod + +on: + workflow_call: + +jobs: + e2e-test-against-prod: + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'temurin' + + - name: Download Karate JAR + run: | + curl -L https://github.com/karatelabs/karate/releases/download/v1.5.1/karate-1.5.1.jar -o karate.jar + + - name: Run E2E Tests Against Prod Env + run: | + # Learn more about '> /dev/null 2>&1': https://stackoverflow.com/a/42919998 + # In essence it merges output and error streams and doesn't show errors in the terminal to avoid leakage of secrets in the pipeline + java -jar karate.jar . > /dev/null 2>&1 + env: + "AUTH_FIRST_TENANT_LOGIN_WITH_ALL_PERMISSIONS": ${{ secrets.INNER_CIRCLE_PROD_AUTH_FIRST_TENANT_LOGIN_WITH_ALL_PERMISSIONS }} + "AUTH_FIRST_TENANT_PASSWORD_WITH_ALL_PERMISSIONS": ${{ secrets.INNER_CIRCLE_PROD_AUTH_FIRST_TENANT_PASSWORD_WITH_ALL_PERMISSIONS }} + "AUTH_API_ROOT_URL": ${{ secrets.INNER_CIRCLE_PROD_AUTH_API_ROOT_URL }} + "API_ROOT_URL": ${{ secrets.INNER_CIRCLE_PROD_DOCUMENTS_API_ROOT_URL }} + "SHOULD_USE_FAKE_EXTERNAL_DEPENDENCIES": "false" \ No newline at end of file diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml new file mode 100644 index 0000000..a3d227d --- /dev/null +++ b/.github/workflows/deploy-to-prod-from-default.yml @@ -0,0 +1,43 @@ +name: Deploy to Prod + +on: + push: + branches: + - master + +jobs: + docker-build-and-push: + uses: ./.github/workflows/.reusable-docker-build-and-push.yml + + deploy-to-prod: + needs: [docker-build-and-push] + runs-on: ubuntu-24.04 + steps: + - name: Check out the repo + uses: actions/checkout@v4 + + - name: Create default global .kube/config file + run: | + cd $HOME + mkdir .kube + echo "${{ secrets.INNER_CIRCLE_PROD_KUBECONFIG }}" > .kube/config + + - name: Deploy + uses: helmfile/helmfile-action@v1.9.0 + with: + helmfile-version: 'v0.164.0' + helm-version: 'v3.18.0' + helmfile-args: > + apply --suppress-diff --namespace ${{ secrets.INNER_CIRCLE_PROD_NAMESPACE }} -f ci/helmfile.yaml + --state-values-set image.tag=sha-${{ github.sha }} + --state-values-set ingress.hostname=${{ secrets.INNER_CIRCLE_PROD_HOSTNAME }} + --state-values-set extraSecretEnvVars.ConnectionStrings__DefaultConnection=${{ secrets.INNER_CIRCLE_PROD_DOCUMENTS_DB_CONNECTION_STRING }} + --state-values-set extraSecretEnvVars.AuthenticationOptions__PublicSigningKey=${{ secrets.INNER_CIRCLE_PROD_PUBLIC_SIGNING_KEY }} + --state-values-set extraSecretEnvVars.ExternalDepsUrls__EmployeesApiRootUrl=${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_API_ROOT_URL }} + --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderServiceUrl=${{ secrets.INNER_CIRCLE_PROD_EMAIL_SENDER_SERVICE_URL }} + helmfile-auto-init: "false" + + run-e2e-tests: + uses: ./.github/workflows/.reusable-e2e-tests-against-prod.yml + needs: [deploy-to-prod] + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml deleted file mode 100644 index e39b85d..0000000 --- a/.github/workflows/docker-build-and-push.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: Publish Docker image - -on: - push: - branches: - - master - - feature/* - # to allow to wait for a docker image to be published to proceed in another workflow - workflow_call: - -jobs: - push_to_registry: - name: Push Docker image to Git Registry - runs-on: ubuntu-22.04 - permissions: - packages: write - contents: read - attestations: write - steps: - - name: Check out the repo - uses: actions/checkout@v4 - # multi-platform build configured using this https://docs.docker.com/build/ci/github-actions/multi-platform/ - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Log in to GitHub Container Registry - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 - with: - images: ghcr.io/tourmalinecore/${{ github.event.repository.name }} - tags: | - # minimal (short sha) - type=sha - # full length sha - type=sha,format=long - # set latest tag for default branch - # https://github.com/docker/metadata-action/issues/171 explains how to tag latest only on default branch - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }} - - - name: Build and push Docker image - id: push - uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 - with: - context: . - file: ./Api/Dockerfile - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64,linux/arm64 \ No newline at end of file diff --git a/.github/workflows/e2e-tests-on-pull-request.yml b/.github/workflows/e2e-tests-on-pull-request.yml new file mode 100644 index 0000000..7d26989 --- /dev/null +++ b/.github/workflows/e2e-tests-on-pull-request.yml @@ -0,0 +1,76 @@ +name: E2E Tests in PR + +on: + pull_request: + types: [opened, synchronize, reopened] + +jobs: + # this is needed to wait for the new docker image to be build and published to the registry + # so that we can use the image to run the service of the needed commit related version as part of local-env + # the idea is taken from here https://stackoverflow.com/a/71489231 + docker-build-and-push: + uses: ./.github/workflows/.reusable-docker-build-and-push.yml + + e2e-test-against-local-env: + runs-on: ubuntu-24.04 + needs: [docker-build-and-push] + steps: + - name: Checkout local-env + uses: actions/checkout@v4 + with: + repository: TourmalineCore/inner-circle-local-env + + - name: Deploy Local Env to Kind k8s + uses: devcontainers/ci@v0.3 + with: + cacheFrom: ghcr.io/tourmalinecore/inner-circle-local-env-devcontainer + runCmd: | + # we need to override "latest" image tag of ui inside local-env to run e2e against the current commit ui version and not against latest from master + # We tried to use yq to change the image tag, but in the values files for helmfile we have non-yaml code that yq can`t parse or ignore + # so for that reason we use Stream EDitor which can find needed string using regular expressions and change it to a new value + # The -i flag is needed to write new image tag directly to values file + sed -i "0,/tag:.*/s//tag: \"sha-${{ github.event.pull_request.head.sha }}\"/" deploy/values-documents-api.yaml.gotmpl + + # we need to override "latest" ref of service chart inside local-env to run tests against the current commit service chart version and not against latest from master + sed -i "0,/git+https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git?ref=.*/s//git+https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git?ref=${{ github.event.pull_request.head.sha }}/" deploy/helmfile.yaml + + sed -i "0,/git::https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git@\/ci\/values.yaml?ref=.*/s//git::https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git@\/ci\/values.yaml?ref=${{ github.event.pull_request.head.sha }}/" deploy/helmfile.yaml + + kind create cluster --name inner-circle --config kind-local-config.yaml --kubeconfig ./.inner-circle-cluster-kubeconfig + # we need to properly expose KUBECONFIG as an absolute path, pwd prints current working directory path + export KUBECONFIG=$(pwd)/.inner-circle-cluster-kubeconfig + + helmfile --environment local --namespace local -f deploy/helmfile.yaml apply + push: never + + - name: Check out the repo + uses: actions/checkout@v4 + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'temurin' + + - name: Download Karate JAR + run: | + curl -L https://github.com/karatelabs/karate/releases/download/v1.5.1/karate-1.5.1.jar -o karate.jar + + - name: Run E2E Tests Against Local Env + run: | + java -jar karate.jar . + env: + "AUTH_FIRST_TENANT_LOGIN_WITH_ALL_PERMISSIONS": "malfoy@tourmalinecore.com" + "AUTH_FIRST_TENANT_PASSWORD_WITH_ALL_PERMISSIONS": "Serpens1!" + "AUTH_API_ROOT_URL": "http://localhost:30090/api/auth" + "API_ROOT_URL": "http://localhost:30090/api/documents" + "SHOULD_USE_FAKE_EXTERNAL_DEPENDENCIES": "false" + + e2e-karate-tests-in-docker-compose: + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + - name: Run service via docker-compose and run Karate-tests + run: | + # The option --exit-code-from ensures that the command's exit code exactly matches the exit code of the specified service. + docker compose --profile MockForPullRequest up --exit-code-from inner-circle-documents-api-karate-tests \ No newline at end of file diff --git a/.github/workflows/karate-tests-on-pull-request.yml b/.github/workflows/karate-tests-on-pull-request.yml deleted file mode 100644 index 6b67932..0000000 --- a/.github/workflows/karate-tests-on-pull-request.yml +++ /dev/null @@ -1,99 +0,0 @@ -name: E2E Tests - -on: - push: - branches: - - feature/* - -jobs: - # this is needed to wait for the new docker image to be build and published to the registry - # so that we can use the image to run ui of the needed commit related version as part of local-env - # the idea is taken from here https://stackoverflow.com/a/71489231 - push_to_registry: - uses: ./.github/workflows/docker-build-and-push.yml - # without this it cannot login to the registry - secrets: inherit - - e2e-test-without-local-env: - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@v4 - - name: Run service via docker-compose and run Karate-tests - # Hide credentials and token from logs, get the number of failed and passed tests - # Find text with 'failed' and 'passed' in logs from karate-testing container - run: | - LOGS=$(docker compose --profile MockForPullRequest up --abort-on-container-exit) - FILTERED_LOGS=$(echo "$LOGS" | sed -E 's/"login":"[^"]*"/"login":"****"/g' \ - | sed -E 's/"password":"[^"]*"/"password":"****"/g' \ - | sed -E 's/"accessToken":[^,}]*"[^"]*"/"accessToken":"****"/g' \ - | sed -E 's/"Authorization":"[^"]*"/"Authorization":"****"/g' \ - | sed -E 's/"X-DEBUG-TOKEN":[^,}]*"[^"]*"/"X-DEBUG-TOKEN":"****"/g' \ - | sed -E 's/accessToken":\{[^}]*\}/accessToken":{"value":"****"}/g' \ - | sed -E 's/X-DEBUG-TOKEN: [^ ]*/X-DEBUG-TOKEN: ****/g') - echo "$FILTERED_LOGS" - FAILED=$(echo "$FILTERED_LOGS" | grep -oP 'failed: *\K\d+') - PASSED=$(echo "$FILTERED_LOGS" | grep -oP 'passed: *\K\d+') - echo "Failed tests: $FAILED" - echo "Passed tests: $PASSED" - if [ "$FAILED" -gt 0 ]; then - echo "Failed tests found! Failing the pipeline..." - exit 1 - fi - if [ "$PASSED" -eq 0 ]; then - echo "No tests passed! Failing the pipeline..." - exit 1 - fi - - e2e-test-with-local-env: - name: Run karate tests in local env - runs-on: ubuntu-22.04 - needs: [push_to_registry] - steps: - - name: Checkout local-env - uses: actions/checkout@v4 - with: - repository: TourmalineCore/inner-circle-local-env - - - name: Deploy Local Env to Kind k8s - uses: devcontainers/ci@v0.3 - with: - runCmd: | - # we need to override "latest" image tag of ui inside local-env to run e2e against the current commit ui version and not against latest from master - # We tried to use yq to change the image tag, but in the values files for helmfile we have non-yaml code that yq can`t parse or ignore - # so for that reason we use Stream EDitor which can find needed string using regular expressions and change it to a new value - # The -i flag is needed to write new image tag directly to values file - sed -i "0,/tag:.*/s//tag: \"sha-${{ github.sha }}\"/" deploy/values-documents-api.yaml.gotmpl - - # we need to override "latest" ref of service chart inside local-env to run tests against the current commit service chart version and not against latest from master - sed -i "0,/git+https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git?ref=.*/s//git+https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git?ref=${{ github.sha }}/" deploy/helmfile.yaml - - sed -i "0,/git::https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git@\/Api\/ci\/values.yaml?ref=.*/s//git::https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git@\/Api\/ci\/values.yaml?ref=${{ github.sha }}/" deploy/helmfile.yaml - - kind create cluster --name inner-circle --config kind-local-config.yaml --kubeconfig ./.inner-circle-cluster-kubeconfig - # we need to properly expose KUBECONFIG as an absolute path, pwd prints current working directory path - export KUBECONFIG=$(pwd)/.inner-circle-cluster-kubeconfig - - helmfile --environment local --namespace local -f deploy/helmfile.yaml apply - push: never - - - name: Checkout api - uses: actions/checkout@v4 - - - name: Set up JDK 17 - uses: actions/setup-java@v3 - with: - java-version: '17' - distribution: 'temurin' - - - name: Download Karate JAR - run: | - curl -L https://github.com/karatelabs/karate/releases/download/v1.5.1/karate-1.5.1.jar -o karate.jar - - - name: Run Karate Tests - run: | - java -jar karate.jar . - env: - AUTH_API_ROOT_URL: "http://localhost:30090/api" - API_ROOT_URL: "http://localhost:30090" - AUTH_LOGIN: "ceo@tourmalinecore.com" - AUTH_PASSWORD: "cEoPa$$wo1d" \ No newline at end of file diff --git a/.github/workflows/prod-docker-publish.yml b/.github/workflows/prod-docker-publish.yml deleted file mode 100644 index 42be3de..0000000 --- a/.github/workflows/prod-docker-publish.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: Deploy to Prod - -on: - push: - branches: - - master - -jobs: - # this is needed to wait for the new docker image to be build and published to the registry - # so that we can use the image to run ui of the needed commit related version as part of local-env - # the idea is taken from here https://stackoverflow.com/a/71489231 - push_to_registry: - uses: ./.github/workflows/docker-build-and-push.yml - # without this it cannot login to the registry - secrets: inherit - - deploy-to-prod: - name: Deploy service to k8s for prod environment - needs: [push_to_registry] - runs-on: ubuntu-22.04 - steps: - - name: Check out the repo - uses: actions/checkout@v4 - - - name: Create default global .kube/config file - run: | - cd $HOME - mkdir .kube - echo "${{ secrets.KUBECONFIG }}" > .kube/config - - - name: Deploy - uses: helmfile/helmfile-action@v1.9.0 - with: - helmfile-version: 'v0.164.0' - helm-version: 'v3.18.0' - helmfile-args: > - apply --suppress-diff --namespace dev-inner-circle -f Api/ci/helmfile.yaml - --state-values-set image.tag=sha-${{ github.sha }} - --state-values-set ingress.enabled=true - --state-values-set ingress.hostname=${{ secrets.HOST }} - --state-values-set extraSecretEnvVars.ConnectionStrings__DefaultConnection=${{ secrets.POSTGRESQL_CONNECTION_STRING }} - --state-values-set extraSecretEnvVars.AuthenticationOptions__PublicSigningKey=${{ secrets.PUBLIC_SIGNING_KEY }} - --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmployeesServiceUrl=${{ secrets.EMPLOYEES_SERVICE_URL }} - --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderServiceUrl=${{ secrets.EMAIL_SENDER_SERVICE_URL }} - helmfile-auto-init: "false" \ No newline at end of file diff --git a/.github/workflows/unit-tests-on-pull-request.yml b/.github/workflows/unit-tests-on-pull-request.yml index 5018e60..9a68c30 100644 --- a/.github/workflows/unit-tests-on-pull-request.yml +++ b/.github/workflows/unit-tests-on-pull-request.yml @@ -1,14 +1,13 @@ name: Unit Tests on: - push: - branches: - - feature/* + pull_request: + types: [opened, synchronize, reopened] jobs: unit-tests: name: Run unit tests - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@v4 diff --git a/docker-compose.yml b/docker-compose.yml index 8a29cba..6bbe646 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -81,9 +81,11 @@ services: volumes: - .:/karate environment: + AUTH_FIRST_TENANT_LOGIN_WITH_ALL_PERMISSIONS: "first-tenant-login-with-all-permissions" + AUTH_FIRST_TENANT_PASSWORD_WITH_ALL_PERMISSIONS: "first-tenant-password-with-all-permissions" # here the port is 1080 because it needs to be an internal port, not an external which is 8504 in this case - AUTH_API_ROOT_URL: "http://inner-circle-documents-api-mock-server:1080/api" - API_ROOT_URL: "http://inner-circle-documents-api" + AUTH_API_ROOT_URL: "http://inner-circle-documents-api-mock-server:1080/api/auth" + API_ROOT_URL: "http://inner-circle-documents-api/api/documents" SHOULD_USE_FAKE_EXTERNAL_DEPENDENCIES: "true" networks: - inner-circle-documents-api-network diff --git a/e2e/documents-get-employees.feature b/e2e/documents-get-employees.feature index a3d183a..5029a03 100644 --- a/e2e/documents-get-employees.feature +++ b/e2e/documents-get-employees.feature @@ -10,12 +10,12 @@ Scenario: Get Employees * def jsUtils = read('./js-utils.js') * def authApiRootUrl = jsUtils().getEnvVariable('AUTH_API_ROOT_URL') * def apiRootUrl = jsUtils().getEnvVariable('API_ROOT_URL') - * def authLogin = jsUtils().getEnvVariable('AUTH_LOGIN') - * def authPassword = jsUtils().getEnvVariable('AUTH_PASSWORD') + * def authLogin = jsUtils().getEnvVariable('AUTH_FIRST_TENANT_LOGIN_WITH_ALL_PERMISSIONS') + * def authPassword = jsUtils().getEnvVariable('AUTH_FIRST_TENANT_PASSWORD_WITH_ALL_PERMISSIONS') # Authentication Given url authApiRootUrl - And path '/auth/login' + And path '/login' And request """ { @@ -32,7 +32,7 @@ Scenario: Get Employees # Get Employees Given url apiRootUrl - And path '/api/documents/getEmployees' + And path '/getEmployees' When method GET Then status 200 And match response.employees contains From 37881242d8d409b56b60a870f132478ca42a227f Mon Sep 17 00:00:00 2001 From: Dmitriy Myakotin <75628188+MDI74@users.noreply.github.com> Date: Thu, 15 Jan 2026 15:34:25 +0500 Subject: [PATCH 02/22] fix: #35: fix path to js-utils.js in KarateDockerfile --- e2e/KarateDockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/KarateDockerfile b/e2e/KarateDockerfile index 748b5d5..56fa8ca 100644 --- a/e2e/KarateDockerfile +++ b/e2e/KarateDockerfile @@ -6,6 +6,6 @@ RUN apt-get install -y unzip RUN curl -o /karate.jar -L 'https://github.com/intuit/karate/releases/download/v1.5.1/karate-1.5.1.jar' -COPY ./e2e/js-utils.js . +COPY ./js-utils.js . ENTRYPOINT ["java", "-jar", "karate.jar"] From 881897925fb4e720e40239917864eb2c3db2e8a4 Mon Sep 17 00:00:00 2001 From: Dmitriy Myakotin <75628188+MDI74@users.noreply.github.com> Date: Thu, 15 Jan 2026 15:41:24 +0500 Subject: [PATCH 03/22] fix: #35: try fix run e2e tests in docker in pipeline --- docker-compose.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 6bbe646..d7bf99d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -67,8 +67,8 @@ services: profiles: - MockForPullRequest build: - dockerfile: ./e2e/KarateDockerfile - context: . + dockerfile: ./KarateDockerfile + context: ./e2e # service_started is not what we need, we need deps to be healthy and ready, this needs to be implemented in api and mock-server first depends_on: inner-circle-documents-api: @@ -79,7 +79,9 @@ services: restart: on-failure:2 command: ["karate", "/karate"] volumes: - - .:/karate + # similar to mock-server volumes we need to support both runs: from Dev Container and from OS + - ${LOCAL_WORKSPACE_FOLDER:-.}:/karate + environment: AUTH_FIRST_TENANT_LOGIN_WITH_ALL_PERMISSIONS: "first-tenant-login-with-all-permissions" AUTH_FIRST_TENANT_PASSWORD_WITH_ALL_PERMISSIONS: "first-tenant-password-with-all-permissions" From 4d4e47c01db4b665904eed1aefe8af47e37f4ccf Mon Sep 17 00:00:00 2001 From: Dmitriy Myakotin <75628188+MDI74@users.noreply.github.com> Date: Thu, 15 Jan 2026 16:29:21 +0500 Subject: [PATCH 04/22] refactor: #35: add body with login to auth/login in mock-serve --- e2e/mock-server-initialization.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/e2e/mock-server-initialization.json b/e2e/mock-server-initialization.json index 5675022..2c4de84 100644 --- a/e2e/mock-server-initialization.json +++ b/e2e/mock-server-initialization.json @@ -2,7 +2,10 @@ { "httpRequest": { "method": "POST", - "path": "/api/auth/login" + "path": "/api/auth/login", + "body": { + "login": "first-tenant-login-with-all-permissions" + } }, "httpResponse": { "statusCode": 200, From 210375bca4836fe1121613f5b600b202166a3fcc Mon Sep 17 00:00:00 2001 From: Dmitriy Myakotin <75628188+MDI74@users.noreply.github.com> Date: Thu, 15 Jan 2026 16:42:16 +0500 Subject: [PATCH 05/22] feat: #35: add LOCAL_WORKSPACE_FOLDER to mock-server-init volumes --- docker-compose.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index d7bf99d..6f79598 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -55,7 +55,8 @@ services: ports: - 8504:1080 volumes: - - ./e2e/mock-server-initialization.json:/config/mock-server-initialization.json + # this is needed so that we can spin it up from within Dev Container where LOCAL_WORKSPACE_FOLDER is defined and from a simple OS terminal of the repo root + - ${LOCAL_WORKSPACE_FOLDER:-.}/e2e/mock-server-initialization.json:/config/mock-server-initialization.json environment: SERVER_PORT: 1080 MOCKSERVER_INITIALIZATION_JSON_PATH: /config/mock-server-initialization.json From 5ec89a6840158e7816abd11b87c2eaaf5a0bb2ed Mon Sep 17 00:00:00 2001 From: Dmitriy Myakotin <75628188+MDI74@users.noreply.github.com> Date: Fri, 16 Jan 2026 08:57:12 +0500 Subject: [PATCH 06/22] fix: #35: rename EmailSenderServiceUr to EmailSenderApiRootUrl and EmployeesServiceUrl to EmployeesApiRootUrl --- .github/workflows/deploy-to-prod-from-default.yml | 2 +- Api/appsettings.MockForDevelopment.json | 4 ++-- Api/appsettings.MockForPullRequest.json | 4 ++-- Api/ci/helmfile.yaml | 4 ++-- Application/InnerCircleHttpClient.cs | 4 ++-- Application/Services/Options/InnerCircleServiceUrl.cs | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml index a3d227d..5382d0b 100644 --- a/.github/workflows/deploy-to-prod-from-default.yml +++ b/.github/workflows/deploy-to-prod-from-default.yml @@ -34,7 +34,7 @@ jobs: --state-values-set extraSecretEnvVars.ConnectionStrings__DefaultConnection=${{ secrets.INNER_CIRCLE_PROD_DOCUMENTS_DB_CONNECTION_STRING }} --state-values-set extraSecretEnvVars.AuthenticationOptions__PublicSigningKey=${{ secrets.INNER_CIRCLE_PROD_PUBLIC_SIGNING_KEY }} --state-values-set extraSecretEnvVars.ExternalDepsUrls__EmployeesApiRootUrl=${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_API_ROOT_URL }} - --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderServiceUrl=${{ secrets.INNER_CIRCLE_PROD_EMAIL_SENDER_SERVICE_URL }} + --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderApiRootUrl=${{ secrets.INNER_CIRCLE_PROD_EMAIL_SENDER_API_ROOT_URL }} helmfile-auto-init: "false" run-e2e-tests: diff --git a/Api/appsettings.MockForDevelopment.json b/Api/appsettings.MockForDevelopment.json index 766727f..258d059 100644 --- a/Api/appsettings.MockForDevelopment.json +++ b/Api/appsettings.MockForDevelopment.json @@ -3,8 +3,8 @@ "DefaultConnection": "Host=localhost;port=7504;Database=inner-circle-documents-api-db;Username=postgres;Password=postgres" }, "InnerCircleServiceUrls": { - "EmployeesServiceUrl": "http://localhost:5006", - "EmailSenderServiceUrl": "http://localhost:5005/api" + "EmployeesApiRootUrl": "http://localhost:5006", + "EmailSenderApiRootUrl": "http://localhost:5005/api" }, "AuthenticationOptions": { "PublicSigningKey": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz+luHwhsNo4aQxYNCkaxcqL/HUcqWG1zz3pCpbyW5nbgxoo+Xw0jwAqVeRlrWHZf0WszbPObyCpmGVifyj6n0PSp5Np7431zjUhRUkxwyNSyVE5BWw5aJLyLB5EF9HH39CqtxdtWmYuLzhBS5fZT4tyR4xlQffNTxylg7xZgLfunUDRuLxdqR0JO3sjebgogrDVvHj3sif46uitipeTfUyCtqBG/JngPkMbDMNRkTH6QXnXfLgpX5Lr21O4PZPIBwCXzPCTCDMgbXHLvAzdlqgVYJcLf9xXPtVkPGOv8y+hbSTAyCNLViOLKKm2a2W4bPiElDIDwbtbHesj8zHPlpP5Q7QMtT168UxetgUeKsr5kfpxtLpE/QO4GkkqTA6rV7PQKrCTY0B5V8ZD8Ir/hlOKk8jxGe9NLui+8rLnnwJUZErT7Swp9yQL1eed2YtdrcR3q5eOE8+2pkzwjbEoFuIQidDKOghrZOwf6j217fme/xE+aEP0OPv5z07kJr2torh7tUefrVerT4Krj5LVl4DgdlkHAuILWOaYdSoLnRrsrfFa9Y1alM2D/juH9+YtaR/YjNWOhdZNMNyoDT08SbgE81ZbKmVgLGaWFLcMn/LBD6DBeRb5dRx12QZnv0jGJLVVgjTe9EqrjVF92ahGRljDIGjNzEI2f2syc0/qKS4sCAwEAAQ==", diff --git a/Api/appsettings.MockForPullRequest.json b/Api/appsettings.MockForPullRequest.json index afe19a8..728a993 100644 --- a/Api/appsettings.MockForPullRequest.json +++ b/Api/appsettings.MockForPullRequest.json @@ -3,8 +3,8 @@ "DefaultConnection": "Host=inner-circle-documents-api-db;port=5432;Database=inner-circle-documents-api-db;Username=postgres;Password=postgres" }, "InnerCircleServiceUrls": { - "EmployeesServiceUrl": "http://inner-circle-documents-api-mock-server:1080", - "EmailSenderServiceUrl": "http://inner-circle-documents-api-mock-server:1080/api" + "EmployeesApiRootUrl": "http://inner-circle-documents-api-mock-server:1080", + "EmailSenderApiRootUrl": "http://inner-circle-documents-api-mock-server:1080/api" }, "AuthenticationOptions": { "PublicSigningKey": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz+luHwhsNo4aQxYNCkaxcqL/HUcqWG1zz3pCpbyW5nbgxoo+Xw0jwAqVeRlrWHZf0WszbPObyCpmGVifyj6n0PSp5Np7431zjUhRUkxwyNSyVE5BWw5aJLyLB5EF9HH39CqtxdtWmYuLzhBS5fZT4tyR4xlQffNTxylg7xZgLfunUDRuLxdqR0JO3sjebgogrDVvHj3sif46uitipeTfUyCtqBG/JngPkMbDMNRkTH6QXnXfLgpX5Lr21O4PZPIBwCXzPCTCDMgbXHLvAzdlqgVYJcLf9xXPtVkPGOv8y+hbSTAyCNLViOLKKm2a2W4bPiElDIDwbtbHesj8zHPlpP5Q7QMtT168UxetgUeKsr5kfpxtLpE/QO4GkkqTA6rV7PQKrCTY0B5V8ZD8Ir/hlOKk8jxGe9NLui+8rLnnwJUZErT7Swp9yQL1eed2YtdrcR3q5eOE8+2pkzwjbEoFuIQidDKOghrZOwf6j217fme/xE+aEP0OPv5z07kJr2torh7tUefrVerT4Krj5LVl4DgdlkHAuILWOaYdSoLnRrsrfFa9Y1alM2D/juH9+YtaR/YjNWOhdZNMNyoDT08SbgE81ZbKmVgLGaWFLcMn/LBD6DBeRb5dRx12QZnv0jGJLVVgjTe9EqrjVF92ahGRljDIGjNzEI2f2syc0/qKS4sCAwEAAQ==", diff --git a/Api/ci/helmfile.yaml b/Api/ci/helmfile.yaml index 3b2e993..aff1f94 100644 --- a/Api/ci/helmfile.yaml +++ b/Api/ci/helmfile.yaml @@ -18,6 +18,6 @@ releases: - extraSecretEnvVars: ConnectionStrings__DefaultConnection: "{{ .StateValues.extraSecretEnvVars.ConnectionStrings__DefaultConnection }}" AuthenticationOptions__PublicSigningKey: "{{ .StateValues.extraSecretEnvVars.AuthenticationOptions__PublicSigningKey }}" - InnerCircleServiceUrls__EmployeesServiceUrl: "{{ .StateValues.extraSecretEnvVars.InnerCircleServiceUrls__EmployeesServiceUrl }}" - InnerCircleServiceUrls__EmailSenderServiceUrl: "{{ .StateValues.extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderServiceUrl }}" + InnerCircleServiceUrls__EmployeesApiRootUrl: "{{ .StateValues.extraSecretEnvVars.InnerCircleServiceUrls__EmployeesApiRootUrl }}" + InnerCircleServiceUrls__EmailSenderApiRootUrl: "{{ .StateValues.extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderApiRootUrl }}" \ No newline at end of file diff --git a/Application/InnerCircleHttpClient.cs b/Application/InnerCircleHttpClient.cs index ec85e36..4a81412 100644 --- a/Application/InnerCircleHttpClient.cs +++ b/Application/InnerCircleHttpClient.cs @@ -28,7 +28,7 @@ IHttpContextAccessor httpContextAccessor public async Task> GetEmployeesAsync() { - var link = $"{_urls.EmployeesServiceUrl}/internal/get-employees"; + var link = $"{_urls.EmployeesApiRootUrl}/internal/get-employees"; var headerName = _authOptions.IsDebugTokenEnabled ? "X-DEBUG-TOKEN" @@ -62,7 +62,7 @@ public async Task SendMailingPayslips(List payslips, List Date: Fri, 16 Jan 2026 09:09:25 +0500 Subject: [PATCH 07/22] Revert "fix: #35: rename EmailSenderServiceUr to EmailSenderApiRootUrl and EmployeesServiceUrl to EmployeesApiRootUrl" This reverts commit 5ec89a6840158e7816abd11b87c2eaaf5a0bb2ed. --- .github/workflows/deploy-to-prod-from-default.yml | 2 +- Api/appsettings.MockForDevelopment.json | 4 ++-- Api/appsettings.MockForPullRequest.json | 4 ++-- Api/ci/helmfile.yaml | 4 ++-- Application/InnerCircleHttpClient.cs | 4 ++-- Application/Services/Options/InnerCircleServiceUrl.cs | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml index 5382d0b..a3d227d 100644 --- a/.github/workflows/deploy-to-prod-from-default.yml +++ b/.github/workflows/deploy-to-prod-from-default.yml @@ -34,7 +34,7 @@ jobs: --state-values-set extraSecretEnvVars.ConnectionStrings__DefaultConnection=${{ secrets.INNER_CIRCLE_PROD_DOCUMENTS_DB_CONNECTION_STRING }} --state-values-set extraSecretEnvVars.AuthenticationOptions__PublicSigningKey=${{ secrets.INNER_CIRCLE_PROD_PUBLIC_SIGNING_KEY }} --state-values-set extraSecretEnvVars.ExternalDepsUrls__EmployeesApiRootUrl=${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_API_ROOT_URL }} - --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderApiRootUrl=${{ secrets.INNER_CIRCLE_PROD_EMAIL_SENDER_API_ROOT_URL }} + --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderServiceUrl=${{ secrets.INNER_CIRCLE_PROD_EMAIL_SENDER_SERVICE_URL }} helmfile-auto-init: "false" run-e2e-tests: diff --git a/Api/appsettings.MockForDevelopment.json b/Api/appsettings.MockForDevelopment.json index 258d059..766727f 100644 --- a/Api/appsettings.MockForDevelopment.json +++ b/Api/appsettings.MockForDevelopment.json @@ -3,8 +3,8 @@ "DefaultConnection": "Host=localhost;port=7504;Database=inner-circle-documents-api-db;Username=postgres;Password=postgres" }, "InnerCircleServiceUrls": { - "EmployeesApiRootUrl": "http://localhost:5006", - "EmailSenderApiRootUrl": "http://localhost:5005/api" + "EmployeesServiceUrl": "http://localhost:5006", + "EmailSenderServiceUrl": "http://localhost:5005/api" }, "AuthenticationOptions": { "PublicSigningKey": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz+luHwhsNo4aQxYNCkaxcqL/HUcqWG1zz3pCpbyW5nbgxoo+Xw0jwAqVeRlrWHZf0WszbPObyCpmGVifyj6n0PSp5Np7431zjUhRUkxwyNSyVE5BWw5aJLyLB5EF9HH39CqtxdtWmYuLzhBS5fZT4tyR4xlQffNTxylg7xZgLfunUDRuLxdqR0JO3sjebgogrDVvHj3sif46uitipeTfUyCtqBG/JngPkMbDMNRkTH6QXnXfLgpX5Lr21O4PZPIBwCXzPCTCDMgbXHLvAzdlqgVYJcLf9xXPtVkPGOv8y+hbSTAyCNLViOLKKm2a2W4bPiElDIDwbtbHesj8zHPlpP5Q7QMtT168UxetgUeKsr5kfpxtLpE/QO4GkkqTA6rV7PQKrCTY0B5V8ZD8Ir/hlOKk8jxGe9NLui+8rLnnwJUZErT7Swp9yQL1eed2YtdrcR3q5eOE8+2pkzwjbEoFuIQidDKOghrZOwf6j217fme/xE+aEP0OPv5z07kJr2torh7tUefrVerT4Krj5LVl4DgdlkHAuILWOaYdSoLnRrsrfFa9Y1alM2D/juH9+YtaR/YjNWOhdZNMNyoDT08SbgE81ZbKmVgLGaWFLcMn/LBD6DBeRb5dRx12QZnv0jGJLVVgjTe9EqrjVF92ahGRljDIGjNzEI2f2syc0/qKS4sCAwEAAQ==", diff --git a/Api/appsettings.MockForPullRequest.json b/Api/appsettings.MockForPullRequest.json index 728a993..afe19a8 100644 --- a/Api/appsettings.MockForPullRequest.json +++ b/Api/appsettings.MockForPullRequest.json @@ -3,8 +3,8 @@ "DefaultConnection": "Host=inner-circle-documents-api-db;port=5432;Database=inner-circle-documents-api-db;Username=postgres;Password=postgres" }, "InnerCircleServiceUrls": { - "EmployeesApiRootUrl": "http://inner-circle-documents-api-mock-server:1080", - "EmailSenderApiRootUrl": "http://inner-circle-documents-api-mock-server:1080/api" + "EmployeesServiceUrl": "http://inner-circle-documents-api-mock-server:1080", + "EmailSenderServiceUrl": "http://inner-circle-documents-api-mock-server:1080/api" }, "AuthenticationOptions": { "PublicSigningKey": "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz+luHwhsNo4aQxYNCkaxcqL/HUcqWG1zz3pCpbyW5nbgxoo+Xw0jwAqVeRlrWHZf0WszbPObyCpmGVifyj6n0PSp5Np7431zjUhRUkxwyNSyVE5BWw5aJLyLB5EF9HH39CqtxdtWmYuLzhBS5fZT4tyR4xlQffNTxylg7xZgLfunUDRuLxdqR0JO3sjebgogrDVvHj3sif46uitipeTfUyCtqBG/JngPkMbDMNRkTH6QXnXfLgpX5Lr21O4PZPIBwCXzPCTCDMgbXHLvAzdlqgVYJcLf9xXPtVkPGOv8y+hbSTAyCNLViOLKKm2a2W4bPiElDIDwbtbHesj8zHPlpP5Q7QMtT168UxetgUeKsr5kfpxtLpE/QO4GkkqTA6rV7PQKrCTY0B5V8ZD8Ir/hlOKk8jxGe9NLui+8rLnnwJUZErT7Swp9yQL1eed2YtdrcR3q5eOE8+2pkzwjbEoFuIQidDKOghrZOwf6j217fme/xE+aEP0OPv5z07kJr2torh7tUefrVerT4Krj5LVl4DgdlkHAuILWOaYdSoLnRrsrfFa9Y1alM2D/juH9+YtaR/YjNWOhdZNMNyoDT08SbgE81ZbKmVgLGaWFLcMn/LBD6DBeRb5dRx12QZnv0jGJLVVgjTe9EqrjVF92ahGRljDIGjNzEI2f2syc0/qKS4sCAwEAAQ==", diff --git a/Api/ci/helmfile.yaml b/Api/ci/helmfile.yaml index aff1f94..3b2e993 100644 --- a/Api/ci/helmfile.yaml +++ b/Api/ci/helmfile.yaml @@ -18,6 +18,6 @@ releases: - extraSecretEnvVars: ConnectionStrings__DefaultConnection: "{{ .StateValues.extraSecretEnvVars.ConnectionStrings__DefaultConnection }}" AuthenticationOptions__PublicSigningKey: "{{ .StateValues.extraSecretEnvVars.AuthenticationOptions__PublicSigningKey }}" - InnerCircleServiceUrls__EmployeesApiRootUrl: "{{ .StateValues.extraSecretEnvVars.InnerCircleServiceUrls__EmployeesApiRootUrl }}" - InnerCircleServiceUrls__EmailSenderApiRootUrl: "{{ .StateValues.extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderApiRootUrl }}" + InnerCircleServiceUrls__EmployeesServiceUrl: "{{ .StateValues.extraSecretEnvVars.InnerCircleServiceUrls__EmployeesServiceUrl }}" + InnerCircleServiceUrls__EmailSenderServiceUrl: "{{ .StateValues.extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderServiceUrl }}" \ No newline at end of file diff --git a/Application/InnerCircleHttpClient.cs b/Application/InnerCircleHttpClient.cs index 4a81412..ec85e36 100644 --- a/Application/InnerCircleHttpClient.cs +++ b/Application/InnerCircleHttpClient.cs @@ -28,7 +28,7 @@ IHttpContextAccessor httpContextAccessor public async Task> GetEmployeesAsync() { - var link = $"{_urls.EmployeesApiRootUrl}/internal/get-employees"; + var link = $"{_urls.EmployeesServiceUrl}/internal/get-employees"; var headerName = _authOptions.IsDebugTokenEnabled ? "X-DEBUG-TOKEN" @@ -62,7 +62,7 @@ public async Task SendMailingPayslips(List payslips, List Date: Fri, 16 Jan 2026 09:10:53 +0500 Subject: [PATCH 08/22] ci: #35: rename INNER_CIRCLE_PROD_EMAIL_SENDER_SERVICE_URL to INNER_CIRCLE_PROD_EMAIL_SENDER_API_ROOT_URL --- .github/workflows/deploy-to-prod-from-default.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml index a3d227d..5783e55 100644 --- a/.github/workflows/deploy-to-prod-from-default.yml +++ b/.github/workflows/deploy-to-prod-from-default.yml @@ -34,7 +34,7 @@ jobs: --state-values-set extraSecretEnvVars.ConnectionStrings__DefaultConnection=${{ secrets.INNER_CIRCLE_PROD_DOCUMENTS_DB_CONNECTION_STRING }} --state-values-set extraSecretEnvVars.AuthenticationOptions__PublicSigningKey=${{ secrets.INNER_CIRCLE_PROD_PUBLIC_SIGNING_KEY }} --state-values-set extraSecretEnvVars.ExternalDepsUrls__EmployeesApiRootUrl=${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_API_ROOT_URL }} - --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderServiceUrl=${{ secrets.INNER_CIRCLE_PROD_EMAIL_SENDER_SERVICE_URL }} + --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderServiceUrl=${{ secrets.INNER_CIRCLE_PROD_EMAIL_SENDER_API_ROOT_URL }} helmfile-auto-init: "false" run-e2e-tests: From 15dc1c48d14b776a694ea43f69f151acda070cda Mon Sep 17 00:00:00 2001 From: Dmitriy Myakotin <75628188+MDI74@users.noreply.github.com> Date: Fri, 16 Jan 2026 09:28:12 +0500 Subject: [PATCH 09/22] fix: #35: fix path to ci --- .github/workflows/deploy-to-prod-from-default.yml | 2 +- .github/workflows/e2e-tests-on-pull-request.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml index 5783e55..fdfc61b 100644 --- a/.github/workflows/deploy-to-prod-from-default.yml +++ b/.github/workflows/deploy-to-prod-from-default.yml @@ -28,7 +28,7 @@ jobs: helmfile-version: 'v0.164.0' helm-version: 'v3.18.0' helmfile-args: > - apply --suppress-diff --namespace ${{ secrets.INNER_CIRCLE_PROD_NAMESPACE }} -f ci/helmfile.yaml + apply --suppress-diff --namespace ${{ secrets.INNER_CIRCLE_PROD_NAMESPACE }} -f Api/ci/helmfile.yaml --state-values-set image.tag=sha-${{ github.sha }} --state-values-set ingress.hostname=${{ secrets.INNER_CIRCLE_PROD_HOSTNAME }} --state-values-set extraSecretEnvVars.ConnectionStrings__DefaultConnection=${{ secrets.INNER_CIRCLE_PROD_DOCUMENTS_DB_CONNECTION_STRING }} diff --git a/.github/workflows/e2e-tests-on-pull-request.yml b/.github/workflows/e2e-tests-on-pull-request.yml index 7d26989..75baad4 100644 --- a/.github/workflows/e2e-tests-on-pull-request.yml +++ b/.github/workflows/e2e-tests-on-pull-request.yml @@ -34,7 +34,7 @@ jobs: # we need to override "latest" ref of service chart inside local-env to run tests against the current commit service chart version and not against latest from master sed -i "0,/git+https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git?ref=.*/s//git+https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git?ref=${{ github.event.pull_request.head.sha }}/" deploy/helmfile.yaml - sed -i "0,/git::https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git@\/ci\/values.yaml?ref=.*/s//git::https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git@\/ci\/values.yaml?ref=${{ github.event.pull_request.head.sha }}/" deploy/helmfile.yaml + sed -i "0,/git::https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git@\/Api/ci\/values.yaml?ref=.*/s//git::https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git@\/Api/ci\/values.yaml?ref=${{ github.event.pull_request.head.sha }}/" deploy/helmfile.yaml kind create cluster --name inner-circle --config kind-local-config.yaml --kubeconfig ./.inner-circle-cluster-kubeconfig # we need to properly expose KUBECONFIG as an absolute path, pwd prints current working directory path From d209981285aed63e09792dcf780e6a38fc16e86e Mon Sep 17 00:00:00 2001 From: Dmitriy Myakotin <75628188+MDI74@users.noreply.github.com> Date: Fri, 16 Jan 2026 09:39:04 +0500 Subject: [PATCH 10/22] fix: #35: fix path to ci --- .github/workflows/e2e-tests-on-pull-request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e-tests-on-pull-request.yml b/.github/workflows/e2e-tests-on-pull-request.yml index 75baad4..3fae268 100644 --- a/.github/workflows/e2e-tests-on-pull-request.yml +++ b/.github/workflows/e2e-tests-on-pull-request.yml @@ -34,7 +34,7 @@ jobs: # we need to override "latest" ref of service chart inside local-env to run tests against the current commit service chart version and not against latest from master sed -i "0,/git+https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git?ref=.*/s//git+https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git?ref=${{ github.event.pull_request.head.sha }}/" deploy/helmfile.yaml - sed -i "0,/git::https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git@\/Api/ci\/values.yaml?ref=.*/s//git::https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git@\/Api/ci\/values.yaml?ref=${{ github.event.pull_request.head.sha }}/" deploy/helmfile.yaml + sed -i "0,/git::https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git@\/Api\/ci\/values.yaml?ref=.*/s//git::https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git@\/Api\/ci\/values.yaml?ref=${{ github.event.pull_request.head.sha }}/" deploy/helmfile.yaml kind create cluster --name inner-circle --config kind-local-config.yaml --kubeconfig ./.inner-circle-cluster-kubeconfig # we need to properly expose KUBECONFIG as an absolute path, pwd prints current working directory path From 74547575db93142455d6cdd1f11a7cc885bd0727 Mon Sep 17 00:00:00 2001 From: Dmitriy Myakotin <75628188+MDI74@users.noreply.github.com> Date: Fri, 16 Jan 2026 14:51:24 +0500 Subject: [PATCH 11/22] fix: #35: add necessary env variable to devcontainer --- .devcontainer/devcontainer.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index d5d6666..01cac26 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -20,6 +20,8 @@ } }, "containerEnv": { + "AUTH_FIRST_TENANT_LOGIN_WITH_ALL_PERMISSIONS": "first-tenant-login-with-all-permissions", + "AUTH_FIRST_TENANT_PASSWORD_WITH_ALL_PERMISSIONS": "first-tenant-password-with-all-permissions", "AUTH_API_ROOT_URL": "http://localhost:8504/api/auth", "API_ROOT_URL": "http://localhost:6504/api/documents", "SHOULD_USE_FAKE_EXTERNAL_DEPENDENCIES": "true" From 0341ebc8ced3b839a9329935256ee410511e1ae6 Mon Sep 17 00:00:00 2001 From: Dmitriy Myakotin <75628188+MDI74@users.noreply.github.com> Date: Mon, 19 Jan 2026 16:54:53 +0500 Subject: [PATCH 12/22] fix: #35: fix deploy to prod workflow --- .github/workflows/deploy-to-prod-from-default.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml index fdfc61b..c01bb9e 100644 --- a/.github/workflows/deploy-to-prod-from-default.yml +++ b/.github/workflows/deploy-to-prod-from-default.yml @@ -33,7 +33,7 @@ jobs: --state-values-set ingress.hostname=${{ secrets.INNER_CIRCLE_PROD_HOSTNAME }} --state-values-set extraSecretEnvVars.ConnectionStrings__DefaultConnection=${{ secrets.INNER_CIRCLE_PROD_DOCUMENTS_DB_CONNECTION_STRING }} --state-values-set extraSecretEnvVars.AuthenticationOptions__PublicSigningKey=${{ secrets.INNER_CIRCLE_PROD_PUBLIC_SIGNING_KEY }} - --state-values-set extraSecretEnvVars.ExternalDepsUrls__EmployeesApiRootUrl=${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_API_ROOT_URL }} + --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmployeesApiRootUrl=${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_API_ROOT_URL }} --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderServiceUrl=${{ secrets.INNER_CIRCLE_PROD_EMAIL_SENDER_API_ROOT_URL }} helmfile-auto-init: "false" From 75a16febb4aaa01ae9ff07363fab6174aaa5a93e Mon Sep 17 00:00:00 2001 From: Maxim Rychkov <81160491+Yam1x@users.noreply.github.com> Date: Wed, 28 Jan 2026 09:12:02 +0500 Subject: [PATCH 13/22] ci: use mirror for bitnami repo --- Api/ci/helmfile.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Api/ci/helmfile.yaml b/Api/ci/helmfile.yaml index 3b2e993..73d6f3d 100644 --- a/Api/ci/helmfile.yaml +++ b/Api/ci/helmfile.yaml @@ -1,6 +1,6 @@ repositories: - name: bitnami - url: https://charts.bitnami.com/bitnami + url: https://mirror.yandex.ru/helm/charts.bitnami.com releases: - name: documents-api @@ -20,4 +20,4 @@ releases: AuthenticationOptions__PublicSigningKey: "{{ .StateValues.extraSecretEnvVars.AuthenticationOptions__PublicSigningKey }}" InnerCircleServiceUrls__EmployeesServiceUrl: "{{ .StateValues.extraSecretEnvVars.InnerCircleServiceUrls__EmployeesServiceUrl }}" InnerCircleServiceUrls__EmailSenderServiceUrl: "{{ .StateValues.extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderServiceUrl }}" - \ No newline at end of file + From f5e7deb12719a1c040cf5a9dc67aac0f922b9e08 Mon Sep 17 00:00:00 2001 From: Maxim Rychkov <81160491+Yam1x@users.noreply.github.com> Date: Wed, 28 Jan 2026 09:19:45 +0500 Subject: [PATCH 14/22] ci: use native installed helmfile at self-hosted runner to deploy from own runner and hide logs --- .../workflows/deploy-to-prod-from-default.yml | 34 +++++++------------ 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml index c01bb9e..e4bf6b9 100644 --- a/.github/workflows/deploy-to-prod-from-default.yml +++ b/.github/workflows/deploy-to-prod-from-default.yml @@ -11,33 +11,25 @@ jobs: deploy-to-prod: needs: [docker-build-and-push] - runs-on: ubuntu-24.04 + runs-on: self-hosted steps: - name: Check out the repo uses: actions/checkout@v4 - - name: Create default global .kube/config file - run: | - cd $HOME - mkdir .kube - echo "${{ secrets.INNER_CIRCLE_PROD_KUBECONFIG }}" > .kube/config - - name: Deploy - uses: helmfile/helmfile-action@v1.9.0 - with: - helmfile-version: 'v0.164.0' - helm-version: 'v3.18.0' - helmfile-args: > - apply --suppress-diff --namespace ${{ secrets.INNER_CIRCLE_PROD_NAMESPACE }} -f Api/ci/helmfile.yaml - --state-values-set image.tag=sha-${{ github.sha }} - --state-values-set ingress.hostname=${{ secrets.INNER_CIRCLE_PROD_HOSTNAME }} - --state-values-set extraSecretEnvVars.ConnectionStrings__DefaultConnection=${{ secrets.INNER_CIRCLE_PROD_DOCUMENTS_DB_CONNECTION_STRING }} - --state-values-set extraSecretEnvVars.AuthenticationOptions__PublicSigningKey=${{ secrets.INNER_CIRCLE_PROD_PUBLIC_SIGNING_KEY }} - --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmployeesApiRootUrl=${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_API_ROOT_URL }} - --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderServiceUrl=${{ secrets.INNER_CIRCLE_PROD_EMAIL_SENDER_API_ROOT_URL }} - helmfile-auto-init: "false" + env: + # DB Connection String var is used as env to properly process spec symbols + INNER_CIRCLE_PROD_DOCUMENTS_DB_CONNECTION_STRING: ${{ secrets.INNER_CIRCLE_PROD_DOCUMENTS_DB_CONNECTION_STRING }} + run: | + helmfile cache cleanup && helmfile apply --suppress-diff --namespace "${{ secrets.INNER_CIRCLE_PROD_NAMESPACE }}" -f Api/ci/helmfile.yaml \ + --state-values-set image.tag="sha-${{ github.sha }}" \ + --state-values-set ingress.hostname="${{ secrets.INNER_CIRCLE_PROD_HOSTNAME }}" \ + --state-values-set extraSecretEnvVars.ConnectionStrings__DefaultConnection="$INNER_CIRCLE_PROD_DOCUMENTS_DB_CONNECTION_STRING" \ + --state-values-set extraSecretEnvVars.AuthenticationOptions__PublicSigningKey="${{ secrets.INNER_CIRCLE_PROD_PUBLIC_SIGNING_KEY }}" \ + --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmployeesApiRootUrl="${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_API_ROOT_URL }}" \ + --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderServiceUrl="${{ secrets.INNER_CIRCLE_PROD_EMAIL_SENDER_API_ROOT_URL }}" > /dev/null 2>&1 run-e2e-tests: uses: ./.github/workflows/.reusable-e2e-tests-against-prod.yml needs: [deploy-to-prod] - secrets: inherit \ No newline at end of file + secrets: inherit From 642a49ac62c5d26980439933db21dd8a1979023b Mon Sep 17 00:00:00 2001 From: Maxim Rychkov <81160491+Yam1x@users.noreply.github.com> Date: Wed, 28 Jan 2026 09:20:45 +0500 Subject: [PATCH 15/22] test: deploy from feature --- .github/workflows/deploy-to-prod-from-default.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml index e4bf6b9..21f677e 100644 --- a/.github/workflows/deploy-to-prod-from-default.yml +++ b/.github/workflows/deploy-to-prod-from-default.yml @@ -4,7 +4,7 @@ on: push: branches: - master - + - feature/** jobs: docker-build-and-push: uses: ./.github/workflows/.reusable-docker-build-and-push.yml From e191f0dc5681e315615bb5b5a8615d91a2e3c7d7 Mon Sep 17 00:00:00 2001 From: Maxim Rychkov <81160491+Yam1x@users.noreply.github.com> Date: Wed, 28 Jan 2026 09:32:10 +0500 Subject: [PATCH 16/22] test: add log file --- .github/workflows/deploy-to-prod-from-default.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml index 21f677e..4f23de8 100644 --- a/.github/workflows/deploy-to-prod-from-default.yml +++ b/.github/workflows/deploy-to-prod-from-default.yml @@ -27,7 +27,7 @@ jobs: --state-values-set extraSecretEnvVars.ConnectionStrings__DefaultConnection="$INNER_CIRCLE_PROD_DOCUMENTS_DB_CONNECTION_STRING" \ --state-values-set extraSecretEnvVars.AuthenticationOptions__PublicSigningKey="${{ secrets.INNER_CIRCLE_PROD_PUBLIC_SIGNING_KEY }}" \ --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmployeesApiRootUrl="${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_API_ROOT_URL }}" \ - --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderServiceUrl="${{ secrets.INNER_CIRCLE_PROD_EMAIL_SENDER_API_ROOT_URL }}" > /dev/null 2>&1 + --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderServiceUrl="${{ secrets.INNER_CIRCLE_PROD_EMAIL_SENDER_API_ROOT_URL }}" > ~/latest-documents-api.log 2>&1 run-e2e-tests: uses: ./.github/workflows/.reusable-e2e-tests-against-prod.yml From 377a852288f7edf5f39cc5adb53055595c21f065 Mon Sep 17 00:00:00 2001 From: Maxim Rychkov <81160491+Yam1x@users.noreply.github.com> Date: Wed, 28 Jan 2026 09:53:26 +0500 Subject: [PATCH 17/22] ci: return old EmployeesServiceUrl var --- .github/workflows/deploy-to-prod-from-default.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml index 4f23de8..d758c1a 100644 --- a/.github/workflows/deploy-to-prod-from-default.yml +++ b/.github/workflows/deploy-to-prod-from-default.yml @@ -26,7 +26,7 @@ jobs: --state-values-set ingress.hostname="${{ secrets.INNER_CIRCLE_PROD_HOSTNAME }}" \ --state-values-set extraSecretEnvVars.ConnectionStrings__DefaultConnection="$INNER_CIRCLE_PROD_DOCUMENTS_DB_CONNECTION_STRING" \ --state-values-set extraSecretEnvVars.AuthenticationOptions__PublicSigningKey="${{ secrets.INNER_CIRCLE_PROD_PUBLIC_SIGNING_KEY }}" \ - --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmployeesApiRootUrl="${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_API_ROOT_URL }}" \ + --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmployeesServiceUrl="${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_API_ROOT_URL }}" \ --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderServiceUrl="${{ secrets.INNER_CIRCLE_PROD_EMAIL_SENDER_API_ROOT_URL }}" > ~/latest-documents-api.log 2>&1 run-e2e-tests: From 6e375facf36fec7a6624ac940791fa9ec3e0d15f Mon Sep 17 00:00:00 2001 From: Maxim Rychkov <81160491+Yam1x@users.noreply.github.com> Date: Wed, 28 Jan 2026 10:22:14 +0500 Subject: [PATCH 18/22] test: add log file --- .github/workflows/.reusable-e2e-tests-against-prod.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/.reusable-e2e-tests-against-prod.yml b/.github/workflows/.reusable-e2e-tests-against-prod.yml index e6ea7b0..4eefce6 100644 --- a/.github/workflows/.reusable-e2e-tests-against-prod.yml +++ b/.github/workflows/.reusable-e2e-tests-against-prod.yml @@ -5,7 +5,7 @@ on: jobs: e2e-test-against-prod: - runs-on: ubuntu-24.04 + runs-on: self-hosted steps: - uses: actions/checkout@v4 @@ -23,10 +23,10 @@ jobs: run: | # Learn more about '> /dev/null 2>&1': https://stackoverflow.com/a/42919998 # In essence it merges output and error streams and doesn't show errors in the terminal to avoid leakage of secrets in the pipeline - java -jar karate.jar . > /dev/null 2>&1 + java -jar karate.jar . > ~/latest-documents-api-e2e.log 2>&1 env: "AUTH_FIRST_TENANT_LOGIN_WITH_ALL_PERMISSIONS": ${{ secrets.INNER_CIRCLE_PROD_AUTH_FIRST_TENANT_LOGIN_WITH_ALL_PERMISSIONS }} "AUTH_FIRST_TENANT_PASSWORD_WITH_ALL_PERMISSIONS": ${{ secrets.INNER_CIRCLE_PROD_AUTH_FIRST_TENANT_PASSWORD_WITH_ALL_PERMISSIONS }} "AUTH_API_ROOT_URL": ${{ secrets.INNER_CIRCLE_PROD_AUTH_API_ROOT_URL }} "API_ROOT_URL": ${{ secrets.INNER_CIRCLE_PROD_DOCUMENTS_API_ROOT_URL }} - "SHOULD_USE_FAKE_EXTERNAL_DEPENDENCIES": "false" \ No newline at end of file + "SHOULD_USE_FAKE_EXTERNAL_DEPENDENCIES": "false" From c656f78fe7ed0dd004af74f8aba32e9ea31780f4 Mon Sep 17 00:00:00 2001 From: Maxim Rychkov Date: Wed, 28 Jan 2026 11:21:47 +0500 Subject: [PATCH 19/22] Revert "test: add log file" This reverts commit 6e375facf36fec7a6624ac940791fa9ec3e0d15f. --- .github/workflows/.reusable-e2e-tests-against-prod.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/.reusable-e2e-tests-against-prod.yml b/.github/workflows/.reusable-e2e-tests-against-prod.yml index 4eefce6..e6ea7b0 100644 --- a/.github/workflows/.reusable-e2e-tests-against-prod.yml +++ b/.github/workflows/.reusable-e2e-tests-against-prod.yml @@ -5,7 +5,7 @@ on: jobs: e2e-test-against-prod: - runs-on: self-hosted + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 @@ -23,10 +23,10 @@ jobs: run: | # Learn more about '> /dev/null 2>&1': https://stackoverflow.com/a/42919998 # In essence it merges output and error streams and doesn't show errors in the terminal to avoid leakage of secrets in the pipeline - java -jar karate.jar . > ~/latest-documents-api-e2e.log 2>&1 + java -jar karate.jar . > /dev/null 2>&1 env: "AUTH_FIRST_TENANT_LOGIN_WITH_ALL_PERMISSIONS": ${{ secrets.INNER_CIRCLE_PROD_AUTH_FIRST_TENANT_LOGIN_WITH_ALL_PERMISSIONS }} "AUTH_FIRST_TENANT_PASSWORD_WITH_ALL_PERMISSIONS": ${{ secrets.INNER_CIRCLE_PROD_AUTH_FIRST_TENANT_PASSWORD_WITH_ALL_PERMISSIONS }} "AUTH_API_ROOT_URL": ${{ secrets.INNER_CIRCLE_PROD_AUTH_API_ROOT_URL }} "API_ROOT_URL": ${{ secrets.INNER_CIRCLE_PROD_DOCUMENTS_API_ROOT_URL }} - "SHOULD_USE_FAKE_EXTERNAL_DEPENDENCIES": "false" + "SHOULD_USE_FAKE_EXTERNAL_DEPENDENCIES": "false" \ No newline at end of file From 3b884502cfb162ba44dfbe0cbbcaaedcef85a28f Mon Sep 17 00:00:00 2001 From: Maxim Rychkov Date: Wed, 28 Jan 2026 11:23:44 +0500 Subject: [PATCH 20/22] Revert "test: add log file" This reverts commit e191f0dc5681e315615bb5b5a8615d91a2e3c7d7. # Conflicts: # .github/workflows/deploy-to-prod-from-default.yml --- .github/workflows/deploy-to-prod-from-default.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml index d758c1a..1cfb9fb 100644 --- a/.github/workflows/deploy-to-prod-from-default.yml +++ b/.github/workflows/deploy-to-prod-from-default.yml @@ -27,7 +27,7 @@ jobs: --state-values-set extraSecretEnvVars.ConnectionStrings__DefaultConnection="$INNER_CIRCLE_PROD_DOCUMENTS_DB_CONNECTION_STRING" \ --state-values-set extraSecretEnvVars.AuthenticationOptions__PublicSigningKey="${{ secrets.INNER_CIRCLE_PROD_PUBLIC_SIGNING_KEY }}" \ --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmployeesServiceUrl="${{ secrets.INNER_CIRCLE_PROD_EMPLOYEES_API_ROOT_URL }}" \ - --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderServiceUrl="${{ secrets.INNER_CIRCLE_PROD_EMAIL_SENDER_API_ROOT_URL }}" > ~/latest-documents-api.log 2>&1 + --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmailSenderServiceUrl="${{ secrets.INNER_CIRCLE_PROD_EMAIL_SENDER_API_ROOT_URL }}" > /dev/null 2>&1 run-e2e-tests: uses: ./.github/workflows/.reusable-e2e-tests-against-prod.yml From 372d0bd01e2cc42553f305f00afb8eb5c110d558 Mon Sep 17 00:00:00 2001 From: Maxim Rychkov Date: Wed, 28 Jan 2026 11:24:13 +0500 Subject: [PATCH 21/22] Revert "test: deploy from feature" This reverts commit 642a49ac62c5d26980439933db21dd8a1979023b. --- .github/workflows/deploy-to-prod-from-default.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml index 1cfb9fb..5de9378 100644 --- a/.github/workflows/deploy-to-prod-from-default.yml +++ b/.github/workflows/deploy-to-prod-from-default.yml @@ -4,7 +4,7 @@ on: push: branches: - master - - feature/** + jobs: docker-build-and-push: uses: ./.github/workflows/.reusable-docker-build-and-push.yml From f71916d4fc07f9734ce404098a76cead06b32250 Mon Sep 17 00:00:00 2001 From: Maxim Rychkov Date: Fri, 30 Jan 2026 11:32:38 +0500 Subject: [PATCH 22/22] ci: remove semver --- .../.reusable-docker-build-and-push.yml | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/.github/workflows/.reusable-docker-build-and-push.yml b/.github/workflows/.reusable-docker-build-and-push.yml index 7bf1c59..2d32c99 100644 --- a/.github/workflows/.reusable-docker-build-and-push.yml +++ b/.github/workflows/.reusable-docker-build-and-push.yml @@ -21,12 +21,10 @@ jobs: - name: Add Registry Image Env Var With Lowercase Organization and Repo Name run: | echo "REGISTRY_IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} - - name: Prepare run: | platform=linux/amd64 echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - - name: Docker meta id: meta uses: docker/metadata-action@v5 @@ -61,7 +59,6 @@ jobs: mkdir -p ${{ runner.temp }}/digests digest="${{ steps.build.outputs.digest }}" touch "${{ runner.temp }}/digests/${digest#sha256:}" - - name: Upload digest uses: actions/upload-artifact@v4 with: @@ -81,12 +78,10 @@ jobs: - name: Add Registry Image Env Var With Lowercase Organization and Repo Name run: | echo "REGISTRY_IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} - - name: Prepare run: | platform=linux/arm64 echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - - name: Docker meta id: meta uses: docker/metadata-action@v5 @@ -121,7 +116,6 @@ jobs: mkdir -p ${{ runner.temp }}/digests digest="${{ steps.build.outputs.digest }}" touch "${{ runner.temp }}/digests/${digest#sha256:}" - - name: Upload digest uses: actions/upload-artifact@v4 with: @@ -140,7 +134,6 @@ jobs: - name: Add Registry Image Env Var With Lowercase Organization and Repo Name run: | echo "REGISTRY_IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} - - name: Download digests uses: actions/download-artifact@v4 with: @@ -158,13 +151,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Check out the repo - uses: actions/checkout@v4 - - - name: Add SEMVER_VERSION Env Var with Value from __version File - run: | - echo "SEMVER_VERSION=$(cat __version)" >>${GITHUB_ENV} - - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@v5 @@ -175,8 +161,6 @@ jobs: type=sha # full length sha type=sha,format=long - # SemVer human readable version - type=raw,value=${{ env.SEMVER_VERSION }} # set latest tag for default branch # https://github.com/docker/metadata-action/issues/171 explains how to tag latest only on default branch type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }} @@ -191,7 +175,6 @@ jobs: run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) - - name: Inspect image run: | docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} \ No newline at end of file