Merge pull request #718 from Wikid82/nightly #823
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Cerberus Integration | |
| # Phase 2-3: Build Once, Test Many - Use registry image instead of building | |
| # This workflow now waits for docker-build.yml to complete and pulls the built image | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| image_tag: | |
| description: 'Docker image tag to test (e.g., pr-123-abc1234, latest)' | |
| required: false | |
| type: string | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| # Prevent race conditions when PR is updated mid-test | |
| # Cancels old test runs when new build completes with different SHA | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.workflow_run.event || github.event_name }}-${{ github.event.workflow_run.head_branch || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| cerberus-integration: | |
| name: Cerberus Security Stack Integration | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Build Docker image (Local) | |
| run: | | |
| echo "Building image locally for integration tests..." | |
| docker build -t charon:local . | |
| echo "✅ Successfully built charon:local" | |
| - name: Run Cerberus integration tests | |
| id: cerberus-test | |
| run: | | |
| chmod +x scripts/cerberus_integration.sh | |
| scripts/cerberus_integration.sh 2>&1 | tee cerberus-test-output.txt | |
| exit "${PIPESTATUS[0]}" | |
| - name: Dump Debug Info on Failure | |
| if: failure() | |
| run: | | |
| { | |
| echo "## 🔍 Debug Information" | |
| echo "" | |
| echo "### Container Status" | |
| echo '```' | |
| docker ps -a --filter "name=charon" --filter "name=cerberus" --filter "name=backend" 2>&1 || true | |
| echo '```' | |
| echo "" | |
| echo "### Security Status API" | |
| echo '```json' | |
| curl -s http://localhost:8480/api/v1/security/status 2>/dev/null | head -100 || echo "Could not retrieve security status" | |
| echo '```' | |
| echo "" | |
| echo "### Caddy Admin Config" | |
| echo '```json' | |
| curl -s http://localhost:2319/config 2>/dev/null | head -200 || echo "Could not retrieve Caddy config" | |
| echo '```' | |
| echo "" | |
| echo "### Charon Container Logs (last 100 lines)" | |
| echo '```' | |
| docker logs charon-cerberus-test 2>&1 | tail -100 || echo "No container logs available" | |
| echo '```' | |
| } >> "$GITHUB_STEP_SUMMARY" | |
| - name: Cerberus Integration Summary | |
| if: always() | |
| run: | | |
| { | |
| echo "## 🔱 Cerberus Integration Test Results" | |
| if [ "${{ steps.cerberus-test.outcome }}" == "success" ]; then | |
| echo "✅ **All Cerberus tests passed**" | |
| echo "" | |
| echo "### Test Results:" | |
| echo '```' | |
| grep -E "✓|PASS|TC-[0-9]|=== ALL" cerberus-test-output.txt || echo "See logs for details" | |
| echo '```' | |
| echo "" | |
| echo "### Features Tested:" | |
| echo "- WAF (Coraza) payload inspection" | |
| echo "- Rate limiting enforcement" | |
| echo "- Security handler ordering" | |
| echo "- Legitimate traffic flow" | |
| else | |
| echo "❌ **Cerberus tests failed**" | |
| echo "" | |
| echo "### Failure Details:" | |
| echo '```' | |
| grep -E "✗|FAIL|Error|failed" cerberus-test-output.txt | head -30 || echo "See logs for details" | |
| echo '```' | |
| fi | |
| } >> "$GITHUB_STEP_SUMMARY" | |
| - name: Cleanup | |
| if: always() | |
| run: | | |
| docker rm -f charon-cerberus-test || true | |
| docker rm -f cerberus-backend || true | |
| docker volume rm charon_cerberus_test_data caddy_cerberus_test_data caddy_cerberus_test_config 2>/dev/null || true | |
| docker network rm containers_default || true |