test+ci: E2E improvements — dispatch triggers and security test coverage#87
Open
beonde wants to merge 3 commits into
Open
test+ci: E2E improvements — dispatch triggers and security test coverage#87beonde wants to merge 3 commits into
beonde wants to merge 3 commits into
Conversation
After CI passes on a push to main, dispatch a repository_dispatch event to capiscio/capiscio-e2e-tests so cross-product E2E tests run within minutes instead of waiting for the daily 6am cron.
- Implement TestBadgeVerificationExpired: locally-signed badge with past expiry correctly rejected with BADGE_EXPIRED - Implement TestBadgeVerificationRevoked: badge with JTI in mock revocation list correctly rejected with BADGE_REVOKED - Implement TestBadgeVerificationSelfSigned: did:key self-signed badge rejected without AcceptSelfSigned (BADGE_ISSUER_UNTRUSTED), accepted with it - Refactor TestMain to not block all tests when server unavailable; add requireServer(t) helper so server-dependent tests skip gracefully - Add requireServer(t) to all DV, PoP, and data-plane tests that hit the API These security tests run without a live server or Clerk auth, making them suitable for CI and local development.
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR improves the project’s CI and integration testing by (1) dispatching downstream E2E runs after merges to main, and (2) making integration tests more robust by skipping server-dependent tests when the live server isn’t reachable while enabling previously-skipped security verification tests via local signing + a mock registry.
Changes:
- Add a
trigger-e2eCI job that dispatchesrepository_dispatchtocapiscio/capiscio-e2e-testson pushes tomain. - Introduce
requireServer(t)+serverAvailablegating so server-dependent integration tests skip cleanly when the server is down. - Implement three security-focused badge verification integration tests (expired, revoked, self-signed) that run without a live server.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/ci.yml |
Adds a post-test dispatch job to trigger downstream E2E runs on main pushes. |
tests/integration/setup_test.go |
Refactors TestMain to detect server availability and introduces requireServer(t) skip helper. |
tests/integration/data_plane_test.go |
Gates live-server data-plane tests behind requireServer(t). |
tests/integration/dv_order_test.go |
Gates live-server DV tests behind requireServer(t). |
tests/integration/pop_challenge_test.go |
Gates live-server PoP tests behind requireServer(t). |
tests/integration/badge_verification_test.go |
Adds a mock registry and implements three local-signing security verification tests. |
Comment on lines
+37
to
+40
| // Check if server is available (don't block on it) | ||
| if err := waitForServer(apiBaseURL, 30*time.Second); err != nil { | ||
| fmt.Fprintf(os.Stderr, "Server not ready: %v\n", err) | ||
| exitCode = 1 | ||
| fmt.Fprintf(os.Stderr, "Server not ready: %v (server-dependent tests will be skipped)\n", err) | ||
| serverAvailable = false |
|
|
||
| trigger-e2e: | ||
| name: Trigger E2E Tests | ||
| needs: [test] |
Comment on lines
+126
to
+136
| needs: [test] | ||
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Dispatch E2E workflow | ||
| uses: peter-evans/repository-dispatch@v3 | ||
| with: | ||
| token: ${{ secrets.REPO_ACCESS_TOKEN }} | ||
| repository: capiscio/capiscio-e2e-tests | ||
| event-type: upstream-merge | ||
| client-payload: '{"repo": "capiscio-core", "sha": "${{ github.sha }}"}' |
Comment on lines
+25
to
+30
| func (m *mockRegistry) GetPublicKey(ctx context.Context, issuer string) (crypto.PublicKey, error) { | ||
| if key, ok := m.keys[issuer]; ok { | ||
| return key, nil | ||
| } | ||
| return nil, assert.AnError | ||
| } |
…errors - trigger-e2e now depends on [test, lint, protobuf, security] not just [test] - Add github.repository guard so forks without REPO_ACCESS_TOKEN don't fail - Replace assert.AnError with descriptive fmt.Errorf in mock registry
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Consolidated E2E improvement changes (replaces #85 and #86):
trigger-e2ejob usingrepository_dispatchtocapiscio-e2e-testsSupersedes: #85, #86