WIP

Author: lamppu

Diff for: .env.example

@@ -13,13 +13,6 @@ DATABASE_URL=
 # API URL
 NEXT_PUBLIC_API_URL=http://localhost:5000/api/
 
-##########################################################################
-# Compulsory when running Playwright tests:
-##########################################################################
-# E2E test user credentials
-E2E_USER_USERNAME=
-E2E_USER_PASSWORD=
-
 ##########################################################################
 # Compulsory in production (aka when NODE_ENV=production):
 ##########################################################################
@@ -122,3 +115,11 @@ WEB_CONCURRENCY= # default 1
 
 # Refetch interval used to refresh session (seconds)
 REFETCH_INTERVAL= # default 60
+
+##################################
+#   Special for Docker Compose
+##################################
+
+# This determines the issuer of the JWT token. In the Playwright tests, and when using the 
+# API in the Docker container locally, this should be set to "http://keycloak:8080".
+KC_HOSTNAME= # by default resolves to http://localhost:8083

Diff for: .github/workflows/playwright.yml

@@ -17,17 +17,10 @@ jobs:
         environment: test-environment
         env:
             DATABASE_URL: ${{ vars.DATABASE_URL }}
-            E2E_USER_USERNAME: ${{ secrets.E2E_USER_USERNAME }}
-            E2E_USER_PASSWORD: ${{ secrets.E2E_USER_PASSWORD }}
-            KEYCLOAK_URL: ${{ vars.KEYCLOAK_URL }}
-            KEYCLOAK_REALM: ${{ secrets.KEYCLOAK_REALM }}
-            KEYCLOAK_CLIENT_ID_UI: ${{ secrets.KEYCLOAK_CLIENT_ID_UI }}
-            KEYCLOAK_CLIENT_SECRET_UI: ${{ secrets.KEYCLOAK_CLIENT_SECRET_UI }}
-            KEYCLOAK_CLIENT_ID_API: ${{ secrets.KEYCLOAK_CLIENT_ID_API }}
-            KEYCLOAK_CLIENT_SECRET_API: ${{ secrets.KEYCLOAK_CLIENT_SECRET_API }}
             NEXTAUTH_URL: http://localhost:3000
             NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }}
             NEXT_PUBLIC_API_URL: http://localhost:3001/api/
+            KC_HOSTNAME: http://keycloak:8080
         steps:
             - uses: actions/checkout@v4
             - uses: actions/setup-node@v4

Diff for: README.md

@@ -42,8 +42,6 @@ To run this project you will need Node.js, npm and Docker installed.
 
     ```shell
     DATABASE_URL=postgres://postgres:postgres@localhost:5432/postgres
-    E2E_USER_USERNAME=
-    E2E_USER_PASSWORD=
     ```
 
     See [.env.example](https://github.com/doubleopen-project/dos/blob/main/.env.example) file for other non-compulsory configurable variables.

Diff for: apps/api/playwright.config.ts

@@ -19,7 +19,7 @@ export default defineConfig({
 
     testDir: "./tests/e2e",
     /* Run tests in files in parallel */
-    fullyParallel: true,
+    //fullyParallel: true,
     /* Fail the build on CI if you accidentally left test.only in the source code. */
     forbidOnly: !!process.env.CI,
     /* Retry on CI only */

Diff for: apps/api/tests/e2e/api.spec.ts

@@ -11,25 +11,21 @@ import {
 import test, { expect } from "@playwright/test";
 import { Zodios, ZodiosInstance } from "@zodios/core";
 import AdmZip from "adm-zip";
+import { authConfig } from "common-helpers";
 import { getPresignedPutUrl, S3Client } from "s3-helpers";
 import { dosAPI, userAPI } from "validation-helpers";
 
 /**
  * Construct Zodios callers for the API endpoints to easily call them in the tests.
  */
 
-const server = process.env.KEYCLOAK_URL;
-const realm = process.env.KEYCLOAK_REALM;
-const clientId = process.env.KEYCLOAK_CLIENT_ID_API;
-const clientSecret = process.env.KEYCLOAK_CLIENT_SECRET_API;
-const username = process.env.E2E_USER_USERNAME;
-const password = process.env.E2E_USER_PASSWORD;
-
-if (!server || !realm || !clientId || !clientSecret || !username || !password) {
-    throw new Error(
-        "KEYCLOAK_URL, KEYCLOAK_REALM, KEYCLOAK_CLIENT_ID_API, KEYCLOAK_CLIENT_SECRET_API, E2E_USER_USERNAME and E2E_USER_PASSWORD environment variables must be set",
-    );
-}
+const server = authConfig.url;
+const realm = authConfig.realm;
+const clientId = authConfig.clientIdUI;
+const clientSecret = authConfig.clientSecretUI;
+const username = "test-user";
+const password = "test-user";
+const apiPort = process.env.PORT || "3001";
 
 const s3Client = S3Client(
     process.env.NODE_ENV !== "production",
@@ -72,13 +68,17 @@ test.describe("API lets authenticated users to", () => {
         const body = await result.json();
         keycloakToken = (body as { access_token: string }).access_token;
 
-        userZodios = new Zodios("http://localhost:3001/api/user/", userAPI, {
-            axiosConfig: {
-                headers: {
-                    Authorization: `Bearer ${keycloakToken}`,
+        userZodios = new Zodios(
+            `http://localhost:${apiPort}/api/user`,
+            userAPI,
+            {
+                axiosConfig: {
+                    headers: {
+                        Authorization: `Bearer ${keycloakToken}`,
+                    },
                 },
             },
-        });
+        );
 
         const userToken = await userZodios.put("/token", undefined, {
             headers: {
@@ -88,7 +88,7 @@ test.describe("API lets authenticated users to", () => {
 
         dosToken = userToken.token;
 
-        dosZodios = new Zodios("http://localhost:3001/api/", dosAPI, {
+        dosZodios = new Zodios(`http://localhost:${apiPort}/api/`, dosAPI, {
             axiosConfig: {
                 headers: {
                     Authorization: `Bearer ${dosToken}`,

Diff for: apps/clearance_ui/tests/e2e/global.setup.ts

@@ -6,11 +6,6 @@ import { expect, test as setup } from "@playwright/test";
 import { STORAGE_STATE } from "../../playwright.config";
 
 setup("logs in", async ({ page }) => {
-    if (!process.env.E2E_USER_USERNAME || !process.env.E2E_USER_PASSWORD) {
-        throw new Error(
-            "E2E_USER_USERNAME and E2E_USER_PASSWORD environment variables must be set",
-        );
-    }
     // Clear old session cookie from the browser
     await page.goto("/api/auth/signout");
 
@@ -24,8 +19,8 @@ setup("logs in", async ({ page }) => {
     await page.click("button:has-text('Sign in with Keycloak')");
 
     // Fill the login form
-    await page.fill("#username", process.env.E2E_USER_USERNAME);
-    await page.fill("#password", process.env.E2E_USER_PASSWORD);
+    await page.fill("#username", "test-user");
+    await page.fill("#password", "test-user");
 
     // Submit login form
     await page.click('button[type="submit"]');

Diff for: docker-compose.yml

@@ -85,6 +85,7 @@ services:
         environment:
             - KC_BOOTSTRAP_ADMIN_USERNAME=keycloak-admin
             - KC_BOOTSTRAP_ADMIN_PASSWORD=keycloak-admin
+            - KC_HOSTNAME=$KC_HOSTNAME # Set this to http://keycloak:8080 when using API in docker-compose
         healthcheck:
             test: timeout 10s bash -c ':> /dev/tcp/localhost/8080'
             interval: 10s
@@ -112,10 +113,7 @@ services:
             - 3001:3001
         environment:
             - DATABASE_URL=postgresql://postgres:postgres@postgres:5432/postgres
-            - KEYCLOAK_URL=$KEYCLOAK_URL
-            - KEYCLOAK_REALM=$KEYCLOAK_REALM
-            - KEYCLOAK_CLIENT_ID_API=$KEYCLOAK_CLIENT_ID_API
-            - KEYCLOAK_CLIENT_SECRET_API=$KEYCLOAK_CLIENT_SECRET_API
+            - KEYCLOAK_URL=http://keycloak:8080
             - ALLOWED_ORIGINS=http://localhost:3002,http://localhost:3000
             - SPACES_ENDPOINT=http://minio:9000
             - REDIS_URL=redis://redis:6379
@@ -138,6 +136,12 @@ services:
             minio:
                 condition: service_healthy
                 required: true
+            keycloak:
+                condition: service_healthy
+                required: true
+            terraform:
+                condition: service_completed_successfully
+                required: true
 
     scanner-worker:
         build:
@@ -158,13 +162,7 @@ services:
         environment:
             - NEXTAUTH_URL=http://localhost:3002
             - NEXTAUTH_SECRET=$NEXTAUTH_SECRET
-            - KEYCLOAK_URL=$KEYCLOAK_URL
-            - KEYCLOAK_CLIENT_ID_UI=$KEYCLOAK_CLIENT_ID_UI
-            - KEYCLOAK_CLIENT_ID_API=$KEYCLOAK_CLIENT_ID_API
-            - KEYCLOAK_CLIENT_SECRET_UI=$KEYCLOAK_CLIENT_SECRET_UI
-            - KEYCLOAK_REALM=dos-dev
-        ports:
-            - 3002:3000
+            - KEYCLOAK_URL=http://keycloak:8080
 
 volumes:
     db-data:

Diff for: turbo.json

@@ -11,8 +11,6 @@
         "DB_RETRY_INTERVAL",
         "DEBUG",
         "DL_CONCURRENCY",
-        "E2E_USER_USERNAME",
-        "E2E_USER_PASSWORD",
         "KEYCLOAK_CLIENT_ID_API",
         "KEYCLOAK_CLIENT_ID_UI",
         "KEYCLOAK_CLIENT_SECRET_API",