feat: add NATS local server support to integration test

[abdulwahab-shahzad]

Summary

Add optional NATS server support to the shared integration test workflow (integration-tests.yaml).

A new use_nats boolean input (default false) controls whether a local NATS server is spun up during the test run. When enabled, the workflow:

1. Downloads the nats-server v2.10.18 binary from GitHub releases
2. Starts it on port 4222 with the HTTP monitoring port on 8222
3. Health-checks it via curl http://127.0.0.1:8222/healthz with 5 retries
4. Exposes NATS_URL=nats://127.0.0.1:4222 as an environment variable for the Go server
5. Kills the NATS process in the existing cleanup step alongside the API server and Cloud SQL proxy

Why

Services that use github.com/wanaware/common/nats (e.g. worker-proxy-service) require a live NATS connection at startup. Without a local NATS server in CI, those services fail to boot during integration tests.

This follows the same opt-in pattern already used for Redis (use_redis) and Cloud SQL (use_cloud_sql), keeping the change fully backward-compatible — existing callers like function-integrator are unaffected and require no changes.

QA Report

• No QA report required

Integration Tests

• No integration tests required

Added

• Start Local NATS Server — downloads nats-server v2.10.18, starts on port 4222 with HTTP monitoring on 8222, saves PID to $NATS_SERVER_PID, sets NATS_URL in $GITHUB_ENV
• Ping Local NATS — curl with 5 retries against http://127.0.0.1:8222/healthz to confirm the server is ready before the Go server starts

Edited

• Close App Server & cloud sql proxy — added [ -n "$NATS_SERVER_PID" ] && kill $NATS_SERVER_PID || true to ensure NATS is always cleaned up

Dependencies

Callers that need NATS must opt in explicitly:

use_nats: true
server_env: |
  NATS_URL=nats://127.0.0.1:4222

[github-actions]

Trivy Scan Results

Vulnerabilities Found

Report Summary

┌────────┬──────┬─────────────────┬─────────┐
│ Target │ Type │ Vulnerabilities │ Secrets │
├────────┼──────┼─────────────────┼─────────┤
│   -    │  -   │        -        │    -    │
└────────┴──────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

[Copilot]

Pull request overview

Adds opt-in local NATS server support to the shared GitHub Actions integration test workflow so services that require NATS (e.g., those using github.com/wanaware/common/nats) can start successfully during CI runs.

Changes:

• Introduces a use_nats workflow input (default false) to optionally start a local nats-server during integration tests.
• Downloads and runs nats-server on 4222 with HTTP monitoring on 8222, exports NATS_URL for the test run, and adds a health check.
• Extends the existing cleanup step to terminate the NATS process.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

Trivy Scan Results

Vulnerabilities Found

Report Summary

┌────────┬──────┬─────────────────┬─────────┐
│ Target │ Type │ Vulnerabilities │ Secrets │
├────────┼──────┼─────────────────┼─────────┤
│   -    │  -   │        -        │    -    │
└────────┴──────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

[greptile-apps]

Greptile Summary

This PR adds an opt-in use_nats boolean input to the shared integration-test workflow that downloads nats-server v2.10.18, starts it on ports 4222/8222, health-checks it, and exposes NATS_URL via $GITHUB_ENV — following the same pattern as the existing use_redis option.

• New input + two steps: Start Local NATS Server downloads and launches the binary with nohup, saves the PID, and sets NATS_URL; Ping Local NATS polls /healthz to confirm readiness before the app server is started.
• Cleanup: The existing Close App Server & cloud sql proxy step gains a kill $NATS_SERVER_PID guard, keeping teardown consistent with the other background processes.
• Backward-compatible: use_nats defaults to false, so existing callers are unaffected.

Confidence Score: 5/5

Safe to merge — the change is fully opt-in and does not affect existing callers.

The NATS lifecycle follows the same pattern as the existing Redis integration and is guarded by a default-false flag, so no existing workflows are touched. The two previously-flagged concerns (missing --retry-connrefused and absent checksum verification) are already under review. The only new finding here is a redundant apt-get install without a preceding apt-get update, which would not cause failures on standard GitHub-hosted runners where unzip is pre-installed.

No files require special attention beyond the single changed workflow.

Important Files Changed

Filename	Overview
.github/workflows/integration-tests.yaml	Adds NATS server lifecycle (download, start, health-check, cleanup) gated behind use_nats; health-check curl command is missing --retry-connrefused (noted in previous thread) and binary is downloaded without checksum verification (also noted).

Sequence Diagram

sequenceDiagram
    participant W as Workflow
    participant N as NATS Server
    participant A as App Server

    Note over W: use_nats == true
    W->>N: Download nats-server v2.10.18 binary
    W->>N: "nohup nats-server --port 4222 --http_port 8222 &"
    W->>W: echo NATS_SERVER_PID to $GITHUB_ENV
    W->>W: sleep 2
    W->>W: echo NATS_URL to $GITHUB_ENV
    W->>N: curl --retry 5 /healthz (Ping step)
    N-->>W: 200 OK
    W->>A: Start App Server (inherits NATS_URL from env)
    Note over W,A: Integration tests run
    W->>A: kill $API_PID
    W->>N: kill $NATS_SERVER_PID

Loading

_{Reviews (2): Last reviewed commit: "feat(TMF-2456): AI comments" | Re-trigger Greptile}

[github-actions]

Trivy Scan Results

Vulnerabilities Found

Report Summary

┌────────┬──────┬─────────────────┬─────────┐
│ Target │ Type │ Vulnerabilities │ Secrets │
├────────┼──────┼─────────────────┼─────────┤
│   -    │  -   │        -        │    -    │
└────────┴──────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

[muhammad-tahir-nawaz]

LGTM!