mirror of
https://github.com/ether/etherpad-lite.git
synced 2026-07-18 00:57:55 +00:00
* test(docker): admin save persists across container restart (#7819) The OP reports the symptom on the official Docker image specifically. Adds two layers of coverage to docker.yml's build-test job, driven from inside a container started against the same TEST_TAG the existing test-container step uses: 1. New mocha spec adminSettings_7819.ts under tests/container/specs/api — authenticates against /admin, opens the /settings socket, saves an augmented JSON with an ep_oauth-shaped top-level block, and asserts the next load reply contains the marker. Intentionally leaves the marker on disk so the workflow can inspect it. 2. docker.yml now `docker exec test grep`s for the marker after test-container, then `docker restart`s the container, waits for the health probe, and re-greps. Both checks must pass — the first proves the socket-driven save actually touched the file inside the container layer; the second proves an in-place restart doesn't reset it. A recreate (docker rm + docker run) would wipe the file, but that's expected (image layer) and out of scope. Container is started with `-e ADMIN_PASSWORD=changeme1` so the existing settings.json.docker provisions the admin user; pad.js doesn't touch /admin so the existing API specs are unaffected. test-container timeout bumped 5s → 30s to cover socket connect + save round-trip, and the mocha discovery extension list now includes `ts` so the new spec is picked up. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(docker): authenticate via /admin-auth/ POST, surface auth/load failures fast (#7819) CI failed on #7821 with a generic 20s mocha timeout because the spec hit GET /admin/ to grab a session cookie. webaccess.ts only treats paths starting with /admin-auth as requireAdmin — and the container runs with REQUIRE_AUTHENTICATION=false (default), so GET /admin/ never issued a Basic challenge and Set-Cookie was empty. The socket then connected unauthenticated, adminsettings.ts's connection handler returned early without binding any listeners, and the load() promise hung until mocha killed the test with no useful diagnostic. Switch to POST /admin-auth/ (always-requireAdmin, regardless of settings.requireAuthentication). Assert a 2xx with at least one Set-Cookie before proceeding. Add an 8s timeout + meaningful error message to load() so the "session was not admin" failure mode reports immediately instead of burning the suite budget. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(docker): replace splice with hand-built payload (#7819) Last CI failed because the splice-after-last-} approach landed a comma between an existing trailing-comma-before-comment and the close brace of settings.json.docker, producing `, /* … */, "ep_oauth"` — invalid JSON. settings.json.docker uses jsonc `/* */` and `//` comments and a trailing-comma-before-comment-before-close shape that's annoying to patch from the test side, and the existing isJSONClean has zero backend coverage so the splice is going through Etherpad's lenient write path anyway. Switch to a hand-built minimal-but-viable settings document containing the ep_oauth block. Three properties hold: - We're testing the WRITE path, not the synthesis path. Whatever bytes we send, the next `load` must return verbatim. - The post-save document must survive `docker restart` (the next step in docker.yml) — minimal-but-viable means port/users/dbType are present so Etherpad boots back up and HEALTHCHECK passes. - The next `load` reply must equal the bytes we saved (`reply.results === augmented`) — stronger than `.includes()`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
49111f2fc9
commit
abda0485d3
3 changed files with 193 additions and 2 deletions
36
.github/workflows/docker.yml
vendored
36
.github/workflows/docker.yml
vendored
|
|
@ -66,7 +66,13 @@ jobs:
|
|||
name: Test
|
||||
working-directory: etherpad
|
||||
run: |
|
||||
docker run --rm -d -p 9001:9001 --name test ${{ env.TEST_TAG }}
|
||||
# ADMIN_PASSWORD provisions settings.json.docker's admin user so
|
||||
# the adminSettings_7819 container spec can authenticate against
|
||||
# /admin and the /settings socket. pad.js doesn't touch /admin
|
||||
# so the existing API specs are unaffected.
|
||||
docker run --rm -d -p 9001:9001 \
|
||||
-e ADMIN_PASSWORD=changeme1 \
|
||||
--name test ${{ env.TEST_TAG }}
|
||||
./bin/installDeps.sh
|
||||
docker logs -f test &
|
||||
while true; do
|
||||
|
|
@ -79,6 +85,34 @@ jobs:
|
|||
esac
|
||||
done
|
||||
(cd src && pnpm run test-container)
|
||||
# Regression for #7819. adminSettings_7819.ts saves a marker via
|
||||
# the admin /settings socket and intentionally leaves it on
|
||||
# disk. We assert here that the save actually hit the file
|
||||
# (mocha only sees the next `load` reply — this catches a
|
||||
# scenario where the load is served from cache and the file
|
||||
# never actually changed).
|
||||
docker exec test grep -q persist-marker-7819 /opt/etherpad-lite/settings.json || {
|
||||
echo "[#7819] socket-driven save did NOT reach /opt/etherpad-lite/settings.json on disk"
|
||||
docker exec test cat /opt/etherpad-lite/settings.json | head -50
|
||||
exit 1
|
||||
}
|
||||
# Now prove the on-disk file survives an in-place container
|
||||
# restart. This is the scenario a docker-compose user with
|
||||
# `restart: always` hits on every host reboot.
|
||||
docker restart test >/dev/null
|
||||
for i in $(seq 1 60); do
|
||||
status=$(docker container inspect -f '{{.State.Health.Status}}' test 2>/dev/null) || { docker logs test; exit 1; }
|
||||
case ${status} in
|
||||
healthy) break;;
|
||||
starting) sleep 2;;
|
||||
*) docker logs test; exit 1;;
|
||||
esac
|
||||
done
|
||||
docker exec test grep -q persist-marker-7819 /opt/etherpad-lite/settings.json || {
|
||||
echo "[#7819 REGRESSION] settings.json was reset on docker restart — ep_oauth block vanished"
|
||||
docker logs test
|
||||
exit 1
|
||||
}
|
||||
docker rm -f test
|
||||
git clean -dxf .
|
||||
-
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue