96 lines
4.3 KiB
YAML
96 lines
4.3 KiB
YAML
name: release-verify
|
|
|
|
# Workflow C: run after Jenkins has finished building (operator triggers manually).
|
|
# Smoke-checks that http://flights-ui.devwebzavod.ru is alive and that its /api
|
|
# wiring responds — the e2e suite is intentionally NOT run here (parity gaps
|
|
# against the customer build are tracked separately).
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
verify:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 30
|
|
env:
|
|
TELEGRAM_BOT_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }}
|
|
TELEGRAM_CHAT_ID: ${{ secrets.TELEGRAM_CHAT_ID }}
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Notify start
|
|
if: ${{ env.TELEGRAM_BOT_TOKEN != '' }}
|
|
run: scripts/ci/notify-telegram.sh start release-verify
|
|
|
|
- name: Add hosts entry for customer URL
|
|
# `flights-ui.devwebzavod.ru` has no public DNS — operator hosts
|
|
# resolve it via local /etc/hosts to 46.235.186.67 (the customer's
|
|
# web ingress IP). Mirror that override on the runner so curl can
|
|
# reach the host. Without this, every probe fails with
|
|
# `Could not resolve host`.
|
|
run: echo "46.235.186.67 flights-ui.devwebzavod.ru" | sudo tee -a /etc/hosts
|
|
|
|
- name: Set up SSH tunnel to TIM VPN
|
|
# The customer URL (flights-ui.devwebzavod.ru) is only accessible
|
|
# through the TIM VPN tunnel via webzavod (Ubuntu jump host).
|
|
# Use SSH dynamic port forwarding (-D) to create a SOCKS proxy.
|
|
env:
|
|
SSH_PRIVATE_KEY: ${{ secrets.WEBZAVOD_SSH_KEY }}
|
|
run: |
|
|
# Set up SSH SOCKS tunnel to webzavod (TIM jump host)
|
|
echo "$SSH_PRIVATE_KEY" | base64 -d > /tmp/webzavod_key
|
|
chmod 600 /tmp/webzavod_key
|
|
ssh -Nf -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
|
|
-D 127.0.0.1:1080 \
|
|
-i /tmp/webzavod_key \
|
|
gnezim@192.168.88.58
|
|
echo "SSH SOCKS tunnel established on port 1080"
|
|
|
|
# Wait for SSH tunnel to be ready
|
|
for i in {1..30}; do
|
|
if curl -s -x socks5h://127.0.0.1:1080 http://127.0.0.1:1080 > /dev/null 2>&1; then
|
|
echo "SSH tunnel is ready"
|
|
break
|
|
fi
|
|
sleep 1
|
|
done
|
|
|
|
# Export proxy environment variables for curl
|
|
echo "ALL_PROXY=socks5h://127.0.0.1:1080" >> $GITHUB_ENV
|
|
echo "API_BASE_URL=https://flights.test.aeroflot.ru/api" >> $GITHUB_ENV
|
|
echo "Exported ALL_PROXY and API_BASE_URL"
|
|
|
|
- name: Wait for customer URL
|
|
id: wait_customer
|
|
run: scripts/ci/wait-for-url.sh http://flights-ui.devwebzavod.ru/ru-ru/onlineboard 60 5
|
|
|
|
- name: Diagnose customer URL reachability
|
|
id: customer_diag
|
|
# Mirrors ci-deploy's tunnel-reachability probe but against the
|
|
# customer URL — proves /api wiring is intact post-Jenkins. The
|
|
# upstream WAF blocks the default curl UA, so every probe needs a
|
|
# browser-like User-Agent.
|
|
run: |
|
|
UA='Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120 Safari/537.36'
|
|
echo "--- /api/health ---"
|
|
curl -sSI -A "$UA" --max-time 10 http://flights-ui.devwebzavod.ru/api/health | head -10 || true
|
|
echo "--- /api/dictionary/1/world_regions (expect JSON, ~5KB) ---"
|
|
curl -sS -A "$UA" --max-time 10 \
|
|
-w "\n[size=%{size_download} time=%{time_total}s code=%{http_code}]\n" \
|
|
http://flights-ui.devwebzavod.ru/api/dictionary/1/world_regions | head -c 400; echo
|
|
echo "--- second hit on the same dict (expect HIT if nginx caches) ---"
|
|
curl -sSI -A "$UA" --max-time 10 \
|
|
http://flights-ui.devwebzavod.ru/api/dictionary/1/world_regions | grep -iE "^HTTP|x-cache|x-envoy" || true
|
|
echo "--- Full response from /ru-ru/onlineboard (for debugging 503) ---"
|
|
curl -s -A "$UA" --max-time 10 http://flights-ui.devwebzavod.ru/ru-ru/onlineboard | head -30 || true
|
|
|
|
- name: Notify (success)
|
|
if: success() && env.TELEGRAM_BOT_TOKEN != ''
|
|
run: scripts/ci/notify-telegram.sh ok release-verify "customer URL reachable + /api responsive"
|
|
|
|
- name: Notify (failure)
|
|
if: failure() && env.TELEGRAM_BOT_TOKEN != ''
|
|
run: scripts/ci/notify-telegram.sh fail release-verify "customer URL probe failed — see Gitea run"
|