openova/openova
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity
1e7d1e67c9
openova/.github/workflows/omantel-e2e-handover.yaml
e3mrah 1e7d1e67c9
test(e2e): omantel handover Playwright scaffold for Phase 8 (closes #429) (#432) 
Phase 8 of the omantel handover (#369) needs an automated E2E that proves
DoD: omantel.omani.works runs as a fully self-sufficient Sovereign with
zero contabo dependency post-handover. Today this is a SCAFFOLD — when
Phase 4/6/7 land, dispatching the new workflow against a live omantel is
the entire Phase 8.

Canonical seam (anti-duplication, per memory/feedback_anti_duplication_seam_first.md):
  - tests/e2e/playwright/tests/  ← mirror of sovereign-wizard.spec.ts shape
    (NOT specs/ as the issue body said — actual repo path is tests/)
  - tests/e2e/playwright/playwright.config.ts (BASE_URL handling, retries,
    workers=1, reporter=list) — reused as-is
  - tests/e2e/playwright/tests/_helpers.ts:reachable() — reused for the
    pre-flight skip-when-unreachable pattern
  - .github/workflows/playwright-smoke.yaml — workflow shape (checkout v4,
    setup-node v4, npm install, playwright install --with-deps chromium,
    upload-artifact on failure) — mirrored, NOT duplicated

What ships:
  - tests/e2e/playwright/tests/omantel-handover.spec.ts (NEW, 6 tests):
      1. sovereign Ready + 23/23 blueprints
      2. all bp-* HelmReleases Ready=True
      3. catalyst-platform self-hosts (healthz + dashboard "23 / 23 ready")
      4. vendor-agnostic Object Storage (post-#425 canonical secret name
         flux-system/object-storage — NOT hetzner-object-storage)
      5. dig +trace omantel.omani.works ends at omantel NS, not contabo
      6. zero contabo dependency (omantel /api/healthz keeps returning 200)
    Self-skips when OMANTEL_BASE_URL/OMANTEL_API_BASE/OPERATOR_BEARER unset.

  - .github/workflows/omantel-e2e-handover.yaml (NEW):
    workflow_dispatch ONLY (no schedule cron — per CLAUDE.md "every workflow
    MUST be event-driven, NEVER scheduled"). Inputs let the operator override
    base URLs at dispatch time.

  - docs/omantel-handover-wbs.md:
    new §10 "Phase 8 acceptance criteria (executable DoD)" — 6 bullets 1:1
    with the spec test() blocks; §9 status row added for #429
    (🟢 scaffold-shipped).

Local verification:
  cd tests/e2e/playwright && npm install && \
    npx playwright test --list tests/omantel-handover.spec.ts
  → 6 tests listed cleanly
  npx playwright test tests/omantel-handover.spec.ts
  → 6 skipped (env vars unset, expected)

Out of scope (per #425 / #428 territory split):
  - internal/hetzner/, infra/hetzner/, platform/velero/chart/,
    clusters/.../34-velero.yaml — #425's vendor-agnostic sweep
  - .github/workflows/check-vendor-coupling.yaml — #428's coupling guard

Co-authored-by: hatiyildiz <hatiyildiz@noreply.github.com>
2026-05-01 17:52:18 +04:00

84 lines
3.2 KiB
YAML
Raw Blame History

name: omantel handover E2E (Phase 8 DoD)
# Issue #429 — on-demand E2E that runs the Phase 8 Definition-of-Done suite
# against a live omantel.omani.works Sovereign. Per the master WBS
# (`docs/omantel-handover-wbs.md` §5 Phase 8) this is the final gate proving
# omantel is fully self-sufficient and zero-contabo-dependent.
#
# Trigger model — workflow_dispatch ONLY:
# - This is a SIDE-EFFECT-FREE smoke against a live customer-side cluster;
# we do not want it firing on every push to main. The operator dispatches
# it manually (or another workflow dispatches it via `gh workflow run`)
# once Phase 4/6/7 land and the first omantel run completes.
# - Per CLAUDE.md "Coupled rule — EVERY workflow MUST be event-driven, NEVER
# scheduled": no `schedule:` cron trigger. workflow_dispatch is the
# ad-hoc handle for re-runs against the live target.
#
# What the spec needs (per tests/e2e/playwright/tests/omantel-handover.spec.ts):
# OMANTEL_BASE_URL — console host
# OMANTEL_API_BASE — catalyst-api host
# OPERATOR_BEARER — bootstrap operator JWT (passed via repo secret)
#
# When all three are set the spec runs; when any is unset, the spec self-skips
# (so `npx playwright test --list` works locally without omantel access).
on:
workflow_dispatch:
inputs:
omantel_base_url:
description: 'Sovereign console URL'
required: false
default: 'https://omantel.omani.works'
omantel_api_base:
description: 'Sovereign catalyst-api URL'
required: false
default: 'https://api.omantel.omani.works'
omantel_sovereign_id:
description: 'Sovereign id (matches /api/sovereigns/<id>)'
required: false
default: 'omantel'
fault_inject_probes:
description: 'Number of /api/healthz probes for the zero-contabo-dependency test'
required: false
default: '5'
jobs:
e2e:
name: omantel Phase 8 DoD
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: '22'
- name: Install Playwright dependencies
working-directory: tests/e2e/playwright
run: |
npm install
npx playwright install --with-deps chromium
- name: Run omantel handover Phase 8 DoD
working-directory: tests/e2e/playwright
env:
OMANTEL_BASE_URL: ${{ inputs.omantel_base_url }}
OMANTEL_API_BASE: ${{ inputs.omantel_api_base }}
OMANTEL_SOVEREIGN_ID: ${{ inputs.omantel_sovereign_id }}
# OPERATOR_BEARER is a repo secret — populated by the operator on
# the omantel side (short-lived JWT). The spec self-skips if unset.
OPERATOR_BEARER: ${{ secrets.OPERATOR_BEARER }}
FAULT_INJECT_PROBES: ${{ inputs.fault_inject_probes }}
run: npx playwright test tests/omantel-handover.spec.ts --reporter=list
- name: Upload Playwright report
if: failure()
uses: actions/upload-artifact@v4
with:
name: omantel-handover-playwright-report
path: tests/e2e/playwright/playwright-report/
retention-days: 30
Reference in New Issue View Git Blame Copy Permalink