fix(ci): get the test suite green — provision Postgres, track migrations, harden JWT secret#4
Merged
Merged
Conversation
Tests were starting their own Testcontainers Postgres container, which failed or connected to an un-migrated DB in GitHub Actions. Make the shared PostgresContainerFixture respect ConnectionStrings__PreceptDb when present, so CI uses the action-setup-postgres service. - PostgresContainerFixture falls back to Testcontainers locally - Per-class isolated databases are still created on the chosen server - Workflow sets the env var only for the test step
The Migrations/ folder was gitignored, so the migration classes never reached GitHub. In CI the fresh checkout compiled Precept.Api with zero Migration classes, so MigrateAsync() found nothing to apply and silently no-op'd — leaving every per-test-class database schemaless. All 52 DB-backed tests failed with 42P01 "relation does not exist" (unit) or 503 Service Unavailable (integration). Remove the Migrations/ ignore rule and commit the existing migrations so CI provisions the schema the same way local runs do. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Previously a missing or short JwtSettings:SecretKey surfaced only as an obscure error on the first token-signing request. Validate at startup that the key is present and at least 32 bytes (256 bits, the HMAC-SHA256 minimum), throwing a clear InvalidOperationException at boot otherwise. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Gets the CI test suite passing. Before this branch, all 52 DB-backed tests failed with
42P01: relation "AspNetUsers"/"RefreshTokens" does not exist(unit) and503 Service Unavailable(integration).Root cause
Two layered problems:
Migrations/folder was listed in.gitignore, so the EF Core migration classes were never committed. In CI the fresh checkout compiledPrecept.Apiwith zeroMigrationclasses, soMigrateAsync()found nothing to apply and silently no-op'd — leaving every per-test-class database schemaless. It passed locally only because the migration files exist in the working tree on disk.Changes
fix(ci): use CI-provisioned Postgres for test database— the sharedPostgresContainerFixturenow respectsConnectionStrings__PreceptDbwhen set, so CI uses theaction-setup-postgresservice and falls back to Testcontainers locally. Per-class isolated databases are still created on the chosen server.fix(ci): track EF Core migrations in git— remove theMigrations/ignore rule and commit the existing migrations so CI provisions the schema the same way local runs do.fix(security): fail fast when JWT signing key is missing or too weak— validateJwtSettings:SecretKeyat startup (present, ≥32 bytes for HMAC-SHA256) so a misconfigured deploy throws a clear error at boot instead of an obscure failure on the first token-signing request.Verification
dotnet build(Release) clean, 0 warnings.Follow-up (not in this PR)
forgot-password(AuthController.cs:366) generates a reset token but has no email provider wired up — password reset is a no-op in production until one is added.🤖 Generated with Claude Code