Skip to content

Establish an e2e backend instance locally and in CI/CD #2429

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 16 commits into
base: main
Choose a base branch
from
+141 −3
Draft

Establish an e2e backend instance locally and in CI/CD #2429

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
b5c57b4
Add dockerfile and compose and update makefile
ahmedxgouda Oct 14, 2025
1e9254b
Dump db-data
ahmedxgouda Oct 15, 2025
69092ce
Reorder makefile
ahmedxgouda Oct 15, 2025
4002a19
Dump db-data
ahmedxgouda Oct 15, 2025
0a05fdf
Remove e2e dockerfile
ahmedxgouda Oct 18, 2025
58507cc
Add CI/CD
ahmedxgouda Oct 18, 2025
36258b5
Merge branch 'main' into feature/e2e-backend
ahmedxgouda Oct 18, 2025
4119c73
Apply rabbit's suggestions
ahmedxgouda Oct 18, 2025
0688a77
Add postgres instead of pgvector
ahmedxgouda Oct 18, 2025
a66029c
Remove needs
ahmedxgouda Oct 18, 2025
9846482
Update envs
ahmedxgouda Oct 18, 2025
f8be096
Fix migrations step
ahmedxgouda Oct 18, 2025
fbac331
Add envs to docker
ahmedxgouda Oct 18, 2025
837c665
Remove migrations step
ahmedxgouda Oct 18, 2025
143ce39
Remove --without test from dockerfile
ahmedxgouda Oct 18, 2025
1a42d21
Copy tests in dockerfile and add needs to gh workflow
ahmedxgouda Oct 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 67 additions & 0 deletions .github/workflows/run-ci-cd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,73 @@ jobs:
run: |
docker run -e DJANGO_SETTINGS_MODULE=settings.test --env-file backend/.env.example owasp/nest:test-backend-latest pytest

run-backend-e2e:
name: Run backend end-to-end tests
needs:
- scan-code
- scan-ci-dependencies
runs-on: ubuntu-latest
services:
db:
image: pgvector/pgvector:pg16
env:
POSTGRES_DB: nest_db_e2e
POSTGRES_PASSWORD: nest_user_e2e_password
POSTGRES_USER: nest_user_e2e
options: >-
--health-cmd="pg_isready -U nest_user_e2e -d nest_db_e2e -h localhost -p 5432"
--health-interval=5s
--health-timeout=5s
--health-retries=5
ports:
- 5432:5432
steps:
- name: Check out repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8

- name: Set up Docker buildx
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435

- name: Wait for database to be ready
run: |
until docker exec ${{ job.services.db.id }} pg_isready -U nest_user_e2e -d nest_db_e2e; do
echo "Waiting for database..."
sleep 5
done

- name: Install PostgreSQL client
run: sudo apt-get install -y postgresql-client

- name: Load Postgres data
env:
PGPASSWORD: nest_user_e2e_password
run: |
gunzip -c backend/data/nest-e2e-data.sql.gz | psql -h localhost -U nest_user_e2e -d nest_db_e2e

- name: Build backend e2e test image
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
with:
cache-from: |
type=gha
cache-to: |
type=gha,compression=zstd
context: backend
file: backend/docker/Dockerfile
load: true
platforms: linux/amd64
tags: owasp/nest:test-backend-e2e-latest

- name: Run backend end-to-end tests
run: |
docker run --network host \
-e DJANGO_DB_HOST=localhost \
-e DJANGO_DB_NAME=nest_db_e2e \
-e DJANGO_DB_PASSWORD=nest_user_e2e_password \
-e DJANGO_DB_PORT=5432 \
-e DJANGO_DB_USER=nest_user_e2e \
-e DJANGO_SETTINGS_MODULE=settings.test \
--env-file backend/.env.example owasp/nest:test-backend-e2e-latest pytest

run-frontend-unit-tests:
name: Run frontend unit tests
needs:
Expand Down
20 changes: 20 additions & 0 deletions backend/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,16 @@ exec-backend-command:
exec-backend-command-it:
@docker exec -it nest-backend $(CMD) 2>/dev/null

exec-backend-e2e-command:
@docker exec -it nest-backend-e2e $(CMD)

Comment on lines +30 to +32
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Use non‑TTY exec for CI‑safety.

-t fails on non‑TTY runners; switch to -i.

 exec-backend-e2e-command:
-	@docker exec -it nest-backend-e2e $(CMD)
+	@docker exec -i nest-backend-e2e $(CMD)
 
 exec-db-e2e-command:
-	@docker exec -it nest-db-e2e $(CMD)
+	@docker exec -i nest-db-e2e $(CMD)

If you still need interactive shells locally, add separate *-it variants.

Also applies to: 37-39

🤖 Prompt for AI Agents 
In backend/Makefile around lines 30 to 32 (and similarly lines 37 to 39), the
docker exec targets use -it which breaks on CI non‑TTY runners; remove the -t
flag so they use only -i (e.g. docker exec -i) for CI‑safe execution, and if
interactive local shells are still needed add separate targets with -it suffix
that keep -it for local use.


exec-db-command-it:
@docker exec -it nest-db $(CMD)

exec-db-e2e-command:
@docker exec -it nest-db-e2e $(CMD)

clear-cache:
@CMD="python manage.py clear_cache" $(MAKE) exec-backend-command

Expand All @@ -53,13 +60,18 @@ dump-data:
@CMD="sed -E -i 's/\"email\": *\"([^\"]|\\\")*\"/\"email\": \"\"/g' data/nest.json" $(MAKE) exec-backend-command
@CMD="gzip -f data/nest.json" $(MAKE) exec-backend-command

dump-db-data-e2e:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use consistent naming

Suggested change
dump-db-data-e2e:
dump-data-e2e:

@echo "Dumping Nest e2e data"
@CMD="pg_dumpall -U nest_user_e2e --clean | gzip -9 > backend/data/nest-e2e-data.sql.gz" $(MAKE) exec-db-e2e-command
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's already under the data/

Suggested change
@CMD="pg_dumpall -U nest_user_e2e --clean | gzip -9 > backend/data/nest-e2e-data.sql.gz" $(MAKE) exec-db-e2e-command
@CMD="pg_dumpall -U nest_user_e2e --clean | gzip -9 > backend/data/nest-e2e.sql.gz" $(MAKE) exec-db-e2e-command


Comment on lines +63 to +66
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

db dump is broken (shell metacharacters not interpreted; redirection inside container).

Run the exec pipeline from the host and avoid TTY.

 dump-db-data-e2e:
 	@echo "Dumping Nest e2e data"
-	@CMD="pg_dumpall -U nest_user_e2e --clean | gzip -9 > backend/data/nest-e2e-data.sql.gz" $(MAKE) exec-db-e2e-command
+	@mkdir -p backend/data
+	@docker exec -i nest-db-e2e pg_dumpall -U nest_user_e2e --clean | gzip -9 > backend/data/nest-e2e-data.sql.gz

Notes:

  • No -t to avoid TTY artifacts.
  • No -h so it uses local socket (no password prompt).
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
dump-db-data-e2e:
@echo "Dumping Nest e2e data"
@CMD="pg_dumpall -U nest_user_e2e --clean | gzip -9 > backend/data/nest-e2e-data.sql.gz" $(MAKE) exec-db-e2e-command
dump-db-data-e2e:
@echo "Dumping Nest e2e data"
@mkdir -p backend/data
@docker exec -i nest-db-e2e pg_dumpall -U nest_user_e2e --clean | gzip -9 > backend/data/nest-e2e-data.sql.gz
🤖 Prompt for AI Agents 
In backend/Makefile around lines 63-66, the current target runs the redirection
inside the container (and uses the exec wrapper with a TTY/host options), so
change it to run the pg_dump pipeline from the host and call docker exec without
-t or -h; specifically, invoke docker exec -i <db-container> pg_dumpall -U
nest_user_e2e --clean on the host and pipe that output into gzip -9 >
backend/data/nest-e2e-data.sql.gz (no -t, no -h), replacing the
CMD/exec-db-e2e-command usage so the redirection happens on the host side.

enrich-data: \
github-enrich-issues \
owasp-enrich-chapters \
owasp-enrich-committees \
owasp-enrich-events \
owasp-enrich-projects


generate-sitemap:
@CMD="python manage.py generate_sitemap" $(MAKE) exec-backend-command

Expand All @@ -69,6 +81,10 @@ index-data:
@CMD="python manage.py algolia_update_replicas" $(MAKE) exec-backend-command
@CMD="python manage.py algolia_update_synonyms" $(MAKE) exec-backend-command

load-data-e2e:
@echo "Loading Nest e2e data"
@CMD="python manage.py load_data" $(MAKE) exec-backend-e2e-command

load-data:
@echo "Loading Nest data"
@CMD="python manage.py load_data" $(MAKE) exec-backend-command
Expand Down Expand Up @@ -96,6 +112,10 @@ restore-backup:
@echo "Restoring Nest backup"
@CMD="python manage.py restore_backup" $(MAKE) exec-backend-command

run-backend-e2e:
@DOCKER_BUILDKIT=1 \
docker compose --project-name nest-e2e -f docker-compose/backend.e2e.yaml up --build --remove-orphans

Comment on lines +115 to +118
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

up blocks; run detached and wait on health for CI.

Prevents pipelines from proceeding.

 run-backend-e2e:
 	@DOCKER_BUILDKIT=1 \
-	docker compose --project-name nest-e2e -f docker-compose/backend.e2e.yaml up --build --remove-orphans
+	docker compose --project-name nest-e2e -f docker-compose/backend.e2e.yaml up -d --build --wait --remove-orphans

Requires a backend healthcheck (see compose review).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
run-backend-e2e:
@DOCKER_BUILDKIT=1 \
docker compose --project-name nest-e2e -f docker-compose/backend.e2e.yaml up --build --remove-orphans
run-backend-e2e:
@DOCKER_BUILDKIT=1 \
docker compose --project-name nest-e2e -f docker-compose/backend.e2e.yaml up -d --build --wait --remove-orphans
🤖 Prompt for AI Agents 
In backend/Makefile around lines 115-118, the make target currently brings up
compose in the foreground which blocks CI; change it to start the services
detached and then wait for health: run docker compose --project-name nest-e2e -f
docker-compose/backend.e2e.yaml up --build --detach (or -d) followed by docker
compose --project-name nest-e2e -f docker-compose/backend.e2e.yaml wait
--timeout 300s (or suitable timeout) so the job only proceeds once services are
healthy; also ensure the backend compose file defines a proper healthcheck for
the service(s) so the wait succeeds.

save-backup:
@echo "Saving Nest backup"
@CMD="python manage.py dumpdata --natural-primary --natural-foreign --indent=2" $(MAKE) exec-backend-command > backend/data/backup.json
Expand Down
Binary file added backend/data/nest-e2e-data.sql.gz
View file
Open in desktop
Binary file not shown.
5 changes: 2 additions & 3 deletions backend/docker/Dockerfile
View file
Open in desktop
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The backend image should not contain non-production code

Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,15 @@ USER owasp

COPY --chmod=444 --chown=root:root poetry.lock pyproject.toml ./
RUN --mount=type=cache,target=${POETRY_CACHE_DIR},uid=${OWASP_UID},gid=${OWASP_GID} \
poetry install --no-root --without dev --without test
poetry install --no-root --without dev

COPY apps apps
COPY docker/entrypoint.sh entrypoint.sh
COPY manage.py wsgi.py ./
COPY settings settings
COPY static static
COPY templates templates
COPY tests tests

FROM python:3.13.7-alpine

Expand All @@ -63,5 +64,3 @@ RUN rm -rf /home/owasp/.cache && \
chmod +x /home/owasp/entrypoint.sh

USER owasp

CMD ["/home/owasp/entrypoint.sh"]
50 changes: 50 additions & 0 deletions docker-compose/backend.e2e.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
services:
backend:
container_name: nest-backend-e2e
command: >
sh -c '
python manage.py migrate &&
python manage.py runserver 0.0.0.0:8000
'
build:
context: ../backend
dockerfile: docker/Dockerfile
depends_on:
db:
condition: service_healthy
env_file: ../backend/.env
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

env_file path likely breaks CI; use an example/e2e file or drop it.

CI runners may not have ../backend/.env; compose will fail. Either point to a committed example (or e2e‑specific) env file or rely on explicit environment defaults.

Apply one of:

-    env_file: ../backend/.env
+    # Use a committed example env for e2e
+    env_file: ../backend/.env.example

Or remove and rely on explicit env:

-    env_file: ../backend/.env
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
env_file: ../backend/.env
# Use a committed example env for e2e
env_file: ../backend/.env.example

environment:
DJANGO_DB_HOST: ${DJANGO_DB_HOST:-db}
DJANGO_DB_NAME: ${DJANGO_DB_NAME:-nest_db_e2e}
DJANGO_DB_PASSWORD: ${DJANGO_DB_PASSWORD:-nest_user_e2e_password}
DJANGO_DB_PORT: ${DJANGO_DB_PORT:-5432}
DJANGO_DB_USER: ${DJANGO_DB_USER:-nest_user_e2e}
networks:
- nest-network
ports:
- 8000:8000
db:
container_name: nest-db-e2e
image: pgvector/pgvector:pg16
environment:
POSTGRES_DB: ${DJANGO_DB_NAME:-nest_db_e2e}
POSTGRES_PASSWORD: ${DJANGO_DB_PASSWORD:-nest_user_e2e_password}
POSTGRES_USER: ${DJANGO_DB_USER:-nest_user_e2e}
healthcheck:
interval: 5s
retries: 5
test: [CMD-SHELL, pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB -h localhost -p 5432]
timeout: 5s
networks:
- nest-network
volumes:
- db-e2e-data:/var/lib/postgresql/data
ports:
- 5433:5432


volumes:
db-e2e-data:

networks:
nest-network:
1 change: 1 addition & 0 deletions docker-compose/production.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
services:
production-nest-backend:
container_name: production-nest-backend
entrypoint: /home/owasp/entrypoint.sh
image: owasp/nest:backend-production
env_file: .env.backend
depends_on:
Expand Down
1 change: 1 addition & 0 deletions docker-compose/staging.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
services:
staging-nest-backend:
container_name: staging-nest-backend
entrypoint: /home/owasp/entrypoint.sh
image: owasp/nest:backend-staging
env_file: .env.backend
depends_on:
Expand Down