steve
82931684eb
CI / Test (server-http) (pull_request) Successful in 21s
CI / Test (rest) (pull_request) Successful in 23s
CI / Test (store) (pull_request) Successful in 36s
CI / Lint (pull_request) Successful in 27s
CI / Build (windows/amd64) (pull_request) Successful in 26s
CI / Build (linux/arm64) (pull_request) Successful in 23s
CI / Build (linux/amd64) (pull_request) Successful in 1m24s
e2e / Playwright vs docker-compose (pull_request) Failing after 2m52s
P5-01 — Documentation site under docs/book/ rendered with mdBook
(downloaded via Makefile, same static-binary pattern as Tailwind).
Structured chapters: getting started, concepts, operations,
security, reference. `make docs` / `make docs-watch`. Generated
output gitignored.
P5-02 — CONTRIBUTING.md rewritten from placeholder to a full
guide. CODE_OF_CONDUCT.md adapted from Contributor Covenant for a
single-maintainer project. .gitea/issue_template/{bug,feature}.md
and PULL_REQUEST_TEMPLATE.md.
P5-04 — Six README screenshots captured live from a fresh server
bootstrap (login, empty dashboard, add-host, alerts, settings,
audit log). README rewritten to centre the screenshot grid and
link out to the docs site.
P5-05 — SECURITY.md with disclosure policy (3-day ack, 30-day
default window), scope in/out, threat-model summary, operator
hardening checklist. Mirrored as a docs-site chapter.
P5-06 — End-to-end test harness. e2e/compose.e2e.yml brings up
server + sibling Linux agent (alpine + restic) + restic/rest-server.
Agent uses announce-and-approve so Playwright can drive the full
operator flow: bootstrap → login → accept pending → backup →
verify terminal status. Second spec scrapes /metrics to assert
the P6-04 endpoint surface. .gitea/workflows/e2e.yml runs on every
PR; local how-to in docs/e2e.md.
43 lines
1.5 KiB
Docker
43 lines
1.5 KiB
Docker
# Build a Linux container that runs the restic-manager agent against a
|
|
# sibling rest-server in the e2e compose stack. Used only by tests
|
|
# (e2e/compose.e2e.yml + .gitea/workflows/e2e.yml).
|
|
#
|
|
# Two stages:
|
|
# 1. golang:alpine to build the agent binary.
|
|
# 2. alpine:3.20 with the `restic` package + the built binary.
|
|
#
|
|
# Pinning by digest is intentional for CI reproducibility.
|
|
|
|
FROM golang:1.25-alpine AS build
|
|
WORKDIR /src
|
|
|
|
ENV CGO_ENABLED=0 \
|
|
GOFLAGS="-trimpath"
|
|
|
|
COPY go.mod go.sum* ./
|
|
RUN go mod download
|
|
|
|
COPY . .
|
|
ARG VERSION=e2e
|
|
RUN go build -ldflags="-s -w -X gitea.dcglab.co.uk/steve/restic-manager/internal/version.Version=${VERSION}" \
|
|
-o /out/restic-manager-agent ./cmd/agent
|
|
|
|
FROM alpine:3.20
|
|
RUN apk add --no-cache restic ca-certificates curl
|
|
COPY --from=build /out/restic-manager-agent /usr/local/bin/restic-manager-agent
|
|
|
|
# Agents normally run as root because backup paths often need it. The
|
|
# e2e fixture only backs up paths under /data which we own, so this
|
|
# container would tolerate a non-root user — but staying root keeps
|
|
# parity with the production install.
|
|
USER root
|
|
|
|
# The agent needs a writable directory for its config + secrets store.
|
|
RUN mkdir -p /etc/restic-manager /var/lib/restic-manager-agent
|
|
ENV RM_AGENT_CONFIG=/etc/restic-manager/agent.yaml
|
|
|
|
# The compose entrypoint sets the announce URL via env.
|
|
COPY e2e/agent-entrypoint.sh /usr/local/bin/entrypoint.sh
|
|
RUN chmod +x /usr/local/bin/entrypoint.sh
|
|
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
|