chore: fix login integration (#10318)

# Which Problems Are Solved Login integration tests are not executed in the pipeline # How the Problems Are Solved The login integration tests are fixed and added as a pipeline workflow. It tests against the built login docker image. On pipeline failures, developers are guided on how to fix them using a dev container configured for this purpose. # Additional Changes - email domains are replaced by example.com. In case the tests were accidentally run against a cloud instance, it wouldn't cause bounces. - pnpm is upgraded, because the --filter argument doesn't work for the install command on the old version. - The login Dockerfile is optimized for docker image builds # Additional Changes From Review for https://github.com/zitadel/zitadel/pull/10305 These changes were requested from @peintnermax - The base dev container starts without any services besides the database and the dev container itself - CONTRIBUTING.md is restructured - To reproduce pipeline checks, only the devcontainer CLI and Docker are needed. This is described in the CONTRIBUTING.md - The convenience npm script "generate" is added # Additional Context - Follow-up for PR https://github.com/zitadel/zitadel/pull/10305 - Base for https://github.com/zitadel/zitadel/issues/10277
2025-08-11 17:27:31 +00:00 · 2025-08-05 17:59:30 +02:00
parent 30175041c1
commit e210d0a16a
52 changed files with 11019 additions and 1746 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -102,6 +102,12 @@ jobs:
      login_build_image_name: "ghcr.io/zitadel/zitadel-login-build"
      node_version: "20"

+  login-integration-test:
+    uses: ./.github/workflows/login-integration-test.yml
+    needs: [login-container]
+    with:
+      login_build_image: ${{ needs.login-container.outputs.login_build_image }}
+
  e2e:
    uses: ./.github/workflows/e2e.yml
    needs: [compile]
@@ -121,6 +127,7 @@ jobs:
        lint,
        container,
        login-container,
+        login-integration-test,
        e2e,
      ]
    if: ${{ github.event_name == 'workflow_dispatch' }}
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -53,14 +53,21 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v4
+      - name: Install Dev Container CLI
+        run: npm install -g @devcontainers/cli@0.80.0
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
-      - name: Run lint and unit tests in dev container
-        uses: devcontainers/ci@v0.3
-        with:
-          push: never
-          configFile: .devcontainer/turbo-lint-unit/devcontainer.json
-          runCmd: echo "Successfully ran lint and unit tests in dev container postStartCommand"
+      - name: Lint and Unit Test All JavaScript Code
+        run: npm run devcontainer:lint-unit
+      - name: Fix Failures
+        if: failure()
+        run: |
+          echo "Reproduce this check locally:"
+          echo "npm run devcontainer:lint-unit"
+          echo "If you have pnpm installed, most linting errors can be fixed automatically:"
+          echo "pnpm turbo lint:fix"
+          echo "In other cases, you can open the dev container called \"Turbo Lint and Unit Tests\"."
+          echo "You will have the same environment as the pipeline check as well as some guidance on how to fix the errors."

  core:
    name: core
--- a/.github/workflows/login-container.yml
+++ b/.github/workflows/login-container.yml
@@ -12,8 +12,8 @@ on:
        type: string
    outputs:
      login_build_image:
-          description: 'The full image tag of the standalone login image'
-          value: '${{ inputs.login_build_image_name }}:${{ github.sha }}'
+        description: 'The full image tag of the standalone login image'
+        value: ${{ inputs.login_build_image_name }}:${{ github.sha }}

 permissions:
  packages: write
@@ -30,6 +30,8 @@ jobs:
    runs-on: ubuntu-latest
    permissions:
      packages: write
+    outputs:
+      login_build_image: ${{ steps.short-sha.outputs.login_build_image }}
    steps:
      - uses: actions/checkout@v4
      - name: Login meta
@@ -41,7 +43,7 @@ jobs:
          annotations: |
            manifest:org.opencontainers.image.licenses=MIT
          tags: |
-            type=sha,prefix=,suffix=,format=long
+            type=sha,prefix=,format=long
      - name: Login to Docker registry
        uses: docker/login-action@v3
        with:
@@ -49,6 +51,7 @@ jobs:
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
+        id: setup-buildx
        uses: docker/setup-buildx-action@v3
      - name: Bake login multi-arch
        uses: docker/bake-action@v6
@@ -58,13 +61,9 @@ jobs:
          source: .
          push: true
          provenance: true
-          sbom: true
          targets: login-standalone
-          set: |
-            *.cache-from=type=gha
-            *.cache-to=type=gha,mode=max
          files: |
            ./apps/login/docker-bake.hcl
-            ./apps/login/docker-bake-release.hcl
+            ${{ github.event_name == 'workflow_dispatch' && './apps/login/docker-bake-release.hcl' || '' }}
            ./docker-bake.hcl
            cwd://${{ steps.login-meta.outputs.bake-file }}
--- a/.github/workflows/login-integration-test.yml
+++ b/.github/workflows/login-integration-test.yml
@@ -0,0 +1,58 @@
+name: Integration test core
+
+on: 
+  workflow_call: 
+    inputs:
+      login_build_image:
+        required: true
+        type: string
+
+permissions:
+  packages: write
+
+jobs:
+  login-integration-test:
+    name: login-integration-test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install Dev Container CLI
+        run: npm install -g @devcontainers/cli@0.80.0
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Pull Login Build Image
+        run: docker compose --file .devcontainer/login-integration/docker-compose.yaml pull
+        env:
+          LOGIN_TAG: ${{ inputs.login_build_image }}
+      - name: Run Integration Tests against the Login and a Mocked Zitadel API
+        run: npm run devcontainer:integration:login
+        env:
+          LOGIN_TAG: ${{ inputs.login_build_image }}
+          DOCKER_BUILDKIT: 1
+      - name: Fix Failures
+        if: failure()
+        run: |
+          echo "Reproduce this check locally:"
+          echo "LOGIN_TAG=${{ inputs.login_build_image }} npm run devcontainer:integration:login"
+          echo "To fix the failures, open the dev container called \"Login Integration Tests\"."
+          echo "You will have the same environment as the pipeline check as well as some guidance on how to fix the errors."
+      - name: Show Compose Status
+        if: failure()
+        run: docker compose --file .devcontainer/base/docker-compose.yaml --file .devcontainer/login-integration-ci/docker-compose.yaml ps
+      - name: Print Config
+        if: failure()
+        run: COMPOSE_BAKE=1 docker compose --file  .devcontainer/base/docker-compose.yaml --file .devcontainer/login-integration-ci/docker-compose.yaml config login-integration
+        env:
+          LOGIN_TAG: ${{ inputs.login_build_image }}
+      - name: Show Container Logs
+        if: failure()
+        run: docker compose --file .devcontainer/base/docker-compose.yaml --file .devcontainer/login-integration-ci/docker-compose.yaml logs --timestamps --no-color --tail 100 login-integration
+      - name: Inspect All Failed Containers
+        if: failure()
+        run: |
+          docker ps -a --filter "status=exited" --filter "status=created" --format "table {{.ID}}\t{{.Names}}\t{{.Status}}\t{{.Image}}"
+          for container in $(docker ps -a --filter "status=exited" --filter "status=created" -q); do
+            echo "Inspecting container $container"
+            docker inspect $container || true
+          done