snapshot: preserve reliability hardening and Workdock identity pass

2026-03-27 00:28:34 +01:00
parent 811bcd8745
commit 8553482ddd
39 changed files with 1393 additions and 320 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -4,8 +4,12 @@ on:
  push:
  pull_request:

+concurrency:
+  group: ci-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
-  django-tests:
+  python-validation:
    runs-on: ubuntu-latest

    services:
@@ -59,11 +63,80 @@ jobs:
      - name: Install dependencies
        run: pip install -r requirements.txt

+      - name: Install gettext
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y gettext
+
      - name: Django system check
        run: python manage.py check

      - name: Migration drift check
        run: python manage.py makemigrations --check --dry-run

+      - name: Compile translations
+        run: django-admin compilemessages
+
+      - name: Collect static assets
+        run: python manage.py collectstatic --noinput
+
      - name: Run tests
        run: python manage.py test workflows.tests -v 2
+
+  docker-release-gate:
+    runs-on: ubuntu-latest
+    needs: python-validation
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Prepare environment file
+        run: cp .env.example .env
+
+      - name: Build and start stack
+        run: docker compose up -d --build db redis mailhog web worker
+
+      - name: Wait for web health
+        run: |
+          for i in $(seq 1 30); do
+            if curl --fail --silent --show-error --max-time 5 http://127.0.0.1:8088/healthz/ >/dev/null; then
+              exit 0
+            fi
+            sleep 2
+          done
+          echo "web health check did not become ready in time" >&2
+          exit 1
+
+      - name: Django system check in container
+        run: docker compose exec -T web python manage.py check
+
+      - name: Backup verification gate
+        run: docker compose exec -T web python manage.py verify_latest_backup --create-if-missing
+
+      - name: Staging smoke gate
+        run: docker compose exec -T web python manage.py run_staging_e2e_check --cleanup --email-check none --skip-nextcloud
+
+      - name: Upload generated PDFs
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: staging-pdfs
+          path: backend/media/pdfs/
+          if-no-files-found: ignore
+
+      - name: Upload docker logs on failure
+        if: failure()
+        run: docker compose logs --no-color web worker db redis mailhog > docker-compose-ci.log
+
+      - name: Publish docker logs
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: docker-compose-ci-logs
+          path: docker-compose-ci.log
+          if-no-files-found: ignore
+
+      - name: Stop stack
+        if: always()
+        run: docker compose down -v