Add TLS E2E job running in parallel with existing E2E#201
Merged
Conversation
Integrates the TLS end-to-end path into CI so regressions in the TLS transport (mysql-haskell TLS negotiation, cert volume mounting, require_secure_transport=ON handling) are caught before merge. The existing run-tls.sh already handles cert generation, compose startup, test 15, and teardown, so the CI job simply invokes it with STAGING=prebuilt to reuse binaries from the build job. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #201 +/- ##
==========================================
+ Coverage 97.13% 97.14% +0.01%
==========================================
Files 50 50
Lines 8035 8066 +31
==========================================
+ Hits 7805 7836 +31
Misses 230 230 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Add SKIP_TEARDOWN=1 handling to run-tls.sh mirroring run-all.sh, and set it in the CI job so the "Dump logs on failure" step can actually read puremyhad/mysql container logs before teardown. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
openssl genrsa creates the output with 0600 permissions. Linux bind mounts preserve the host UID, so the mysql user (uid 999) inside the mysql:8.4 container could not read server-key.pem owned by the CI runner user, causing: "SSL error: Unable to get private key from /etc/mysql/tls/server-key.pem". Relaxing to 0644 is safe here because these are self-signed certificates generated fresh for each test run. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
e2e-tlsjob to.github/workflows/ci.ymlthat runs in parallel with the existinge2ejob afterbuildcompletes.e2e/run-tls.sh(which already handles cert generation, TLS compose overlay, test 15 execution, and teardown) withSTAGING=prebuiltso it reuses the binaries produced bybuild.e2ejob shape: x86_64 + aarch64 matrix, PR/main-only trigger, Docker Hub login, failure log dump, and explicit teardown. Coverage collection is intentionally omitted to keep the codecov upload path in the standarde2ejob unchanged.Test plan
build→ (e2e∥e2e-tls) executing in parallel and both passing.e2e-tlslog shows cert generation, TLS compose stack starting, and test 15 assertions (@@ssl_canon-empty, cluster Healthy underrequire_secure_transport=ON) passing.Dump logs on failurestep surfaces puremyhad / mysql-* logs (optional).🤖 Generated with Claude Code