mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-14 15:41:09 +02:00
774852ba2d
Part of the 8-Doppel-Cutover (2026-05-08, plan
~/.claude/plans/floating-swinging-flurry.md):
- docker-compose.{macmini,dev,test}.yml: build context for
mana-{auth,credits,media,llm,notify} switched to ../mana/services/...
so the Mac Mini stack pulls platform services from the platform repo
(sibling clone), not from services/ in this monorepo.
- .npmrc + apps/api/{Dockerfile,package.json}: @mana/media-client now
resolved from Verdaccio (npm.mana.how, ^0.1.0) instead of as a
workspace COPY from services/mana-media/packages/client. Build-arg
NPM_TOKEN flows through .npmrc for pnpm install auth. Required
before services/mana-media/ can be deleted.
- .github/workflows/{ci,cd-macmini,daily-tests}.yml: removed the
detect-/build-/test-jobs that targeted services/mana-{auth,credits,
notify,media}/. Those services build out of the platform repo now —
CI for them belongs in mana/-repo (open). cd-macmini's
workflow_dispatch can still rebuild any of them on demand;
auto-detect on path-change is gone for these five.
- scripts/{mac-mini/push-schemas.sh,run-integration-tests.sh}:
rewritten to look in ../mana/ for the platform services.
- package.json dev:{auth,credits,notify,media}: paths point at
../mana/services/... so local dev still works post-cutover.
What this commit does NOT do: delete services/mana-{auth,credits,...}
from this repo. That waits for Phase 7 once the Mac Mini stack has
booted cleanly from the new build paths.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
166 lines
5.6 KiB
YAML
166 lines
5.6 KiB
YAML
# Integration test stack for the auth/credentials/encryption-vault flow.
|
|
#
|
|
# Spins up the minimum stack needed to register, verify, log in, and
|
|
# exercise the encryption-vault: postgres + redis + mailpit (fake SMTP)
|
|
# + mana-auth + mana-notify. No mana-credits, mana-sync, mana-media etc.
|
|
# — those are not on the auth-flow critical path and would just slow
|
|
# down the build.
|
|
#
|
|
# Ports are offset from docker-compose.dev.yml so this stack can run
|
|
# alongside a normal dev environment. Everything is bound to 127.0.0.1
|
|
# so it's only reachable from the same machine.
|
|
#
|
|
# Usage:
|
|
# ./scripts/run-integration-tests.sh
|
|
#
|
|
# Or manually:
|
|
# docker compose -f docker-compose.test.yml up -d --build
|
|
# docker compose -f docker-compose.test.yml down -v
|
|
#
|
|
# The compose project is namespaced as `mana-test` so the containers,
|
|
# network and volumes don't collide with the dev stack.
|
|
name: mana-test
|
|
|
|
services:
|
|
postgres:
|
|
image: postgres:16-alpine
|
|
container_name: mana-test-postgres
|
|
environment:
|
|
POSTGRES_DB: mana_platform
|
|
POSTGRES_USER: mana
|
|
POSTGRES_PASSWORD: testpassword
|
|
volumes:
|
|
- ./docker/init-db:/docker-entrypoint-initdb.d:ro
|
|
ports:
|
|
- "127.0.0.1:5443:5432"
|
|
networks:
|
|
- mana-test
|
|
healthcheck:
|
|
# pg_isready alone reports healthy while the docker-entrypoint init
|
|
# scripts are still running on a unix socket — TCP connections from
|
|
# other containers then race-fail with "connection refused". Run a
|
|
# real query against the actual platform DB so we only flip healthy
|
|
# once postgres is genuinely accepting external TCP traffic.
|
|
test: ["CMD-SHELL", "PGPASSWORD=testpassword psql -h localhost -U mana -d mana_platform -tAc 'SELECT 1' >/dev/null"]
|
|
interval: 2s
|
|
timeout: 3s
|
|
retries: 30
|
|
start_period: 5s
|
|
|
|
redis:
|
|
image: redis:7-alpine
|
|
container_name: mana-test-redis
|
|
command: redis-server --requirepass testpassword --maxmemory 64mb
|
|
ports:
|
|
- "127.0.0.1:6390:6379"
|
|
networks:
|
|
- mana-test
|
|
healthcheck:
|
|
test: ["CMD", "redis-cli", "-a", "testpassword", "ping"]
|
|
interval: 2s
|
|
timeout: 3s
|
|
retries: 10
|
|
|
|
# Fake SMTP server. Captures every outbound email and exposes them
|
|
# via a REST API on :8025 (also a web UI on the same port). Tests
|
|
# poll the API to find the verification email.
|
|
mailpit:
|
|
image: axllent/mailpit:latest
|
|
container_name: mana-test-mailpit
|
|
environment:
|
|
MP_SMTP_AUTH_ACCEPT_ANY: "1"
|
|
MP_SMTP_AUTH_ALLOW_INSECURE: "1"
|
|
ports:
|
|
- "127.0.0.1:1026:1025" # SMTP
|
|
- "127.0.0.1:8026:8025" # HTTP API + Web UI
|
|
networks:
|
|
- mana-test
|
|
healthcheck:
|
|
test: ["CMD", "wget", "-q", "--spider", "http://localhost:8025/api/v1/info"]
|
|
interval: 2s
|
|
timeout: 3s
|
|
retries: 10
|
|
|
|
mana-auth:
|
|
build:
|
|
context: ../mana
|
|
dockerfile: services/mana-auth/Dockerfile
|
|
container_name: mana-test-mana-auth
|
|
environment:
|
|
NODE_ENV: production # exercise the prod KEK validation path
|
|
PORT: 3001
|
|
DATABASE_URL: postgresql://mana:testpassword@postgres:5432/mana_platform
|
|
# BASE_URL must be reachable from INSIDE the container — the validate
|
|
# endpoint fetches its own JWKS via this URL, and the JWT iss claim
|
|
# uses it. The test rewrites email verify URLs from `mana-auth:3001`
|
|
# to the host-bound port before following them.
|
|
BASE_URL: http://mana-auth:3001
|
|
COOKIE_DOMAIN: localhost
|
|
BETTER_AUTH_SECRET: test-secret-not-for-production
|
|
MANA_AUTH_KEK: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= # 32 zero bytes, test only
|
|
MANA_NOTIFY_URL: http://mana-notify:3013
|
|
MANA_SERVICE_KEY: test-service-key
|
|
MANA_CREDITS_URL: http://localhost:9 # unreachable, .catch() swallows it
|
|
MANA_SUBSCRIPTIONS_URL: http://localhost:9
|
|
CORS_ORIGINS: http://localhost:5173,http://localhost:3091
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
ports:
|
|
- "127.0.0.1:3091:3001"
|
|
networks:
|
|
- mana-test
|
|
healthcheck:
|
|
test: ["CMD", "bun", "-e", "fetch('http://127.0.0.1:3001/health').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"]
|
|
interval: 3s
|
|
timeout: 3s
|
|
retries: 20
|
|
start_period: 10s
|
|
|
|
mana-notify:
|
|
build:
|
|
context: ../mana
|
|
dockerfile: services/mana-notify/Dockerfile
|
|
container_name: mana-test-mana-notify
|
|
# mana-notify pings the database once at startup and exits on
|
|
# failure. If postgres is mid-restart at exactly that millisecond
|
|
# we want compose to bring it back up rather than declare the
|
|
# whole stack dead.
|
|
restart: on-failure:5
|
|
environment:
|
|
PORT: 3013
|
|
DATABASE_URL: postgresql://mana:testpassword@postgres:5432/mana_platform?sslmode=disable
|
|
REDIS_HOST: redis
|
|
REDIS_PORT: 6379
|
|
REDIS_PASSWORD: testpassword
|
|
SERVICE_KEY: test-service-key
|
|
MANA_AUTH_URL: http://mana-auth:3001
|
|
SMTP_HOST: mailpit
|
|
SMTP_PORT: 1025
|
|
SMTP_USER: test
|
|
SMTP_PASSWORD: test
|
|
SMTP_FROM: "Mana Test <noreply@test.local>"
|
|
SMTP_INSECURE_TLS: "true"
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
redis:
|
|
condition: service_healthy
|
|
mailpit:
|
|
condition: service_healthy
|
|
ports:
|
|
- "127.0.0.1:3092:3013"
|
|
networks:
|
|
- mana-test
|
|
healthcheck:
|
|
# Override the Dockerfile's port-3040 healthcheck — mana-notify
|
|
# actually binds to the PORT env var (3013 here).
|
|
test: ["CMD", "wget", "-q", "--spider", "http://localhost:3013/health"]
|
|
interval: 3s
|
|
timeout: 3s
|
|
retries: 20
|
|
start_period: 5s
|
|
|
|
networks:
|
|
mana-test:
|
|
driver: bridge
|