ci(bff): compose wiring, verify-bff live check, mutation baseline (refs #8)
Wire the bff service in compose (Keycloak authority + downstream domain/projection URLs, depends_on domain/projection healthy + keycloak started). run-bff-check.sh verifies the BFF end-to-end against the up stack: 401 without a token, 202 with a real digid token minted via direct grant against keycloak:8080 (host-consistent issuer, ADR-0010), and an anonymous public-safe openbaar register (never a bsn). Wired as verify-bff (Makefile + verify chain + CI step). Stryker baseline for the BFF's pure logic (OpenbaarProjection) at 100% (break 90); Program/HTTP adapters are covered by the endpoint tests + verify-bff. CI uploads the bff mutation report. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -79,6 +79,13 @@ jobs:
|
||||
name: domain-mutation-report
|
||||
path: services/domain/StrykerOutput/**/reports/mutation-report.html
|
||||
if-no-files-found: warn
|
||||
- uses: https://github.com/actions/upload-artifact@v3
|
||||
if: always()
|
||||
continue-on-error: true
|
||||
with:
|
||||
name: bff-mutation-report
|
||||
path: services/bff/StrykerOutput/**/reports/mutation-report.html
|
||||
if-no-files-found: warn
|
||||
|
||||
# One stage for every check that needs the live stack. On the single self-hosted
|
||||
# runner jobs run sequentially, so booting OpenZaak once (instead of once per job)
|
||||
@@ -101,6 +108,8 @@ jobs:
|
||||
run: make verify-projection
|
||||
- name: Domain → Flowable → ACL → OpenZaak
|
||||
run: make verify-domain
|
||||
- name: BFF → Keycloak + domain + projection
|
||||
run: make verify-bff
|
||||
# Log dump must precede teardown (which removes the containers).
|
||||
- name: Dump container logs on failure
|
||||
if: failure()
|
||||
|
||||
Reference in New Issue
Block a user