ci(bff): compose wiring, verify-bff live check, mutation baseline (refs #8)
Wire the bff service in compose (Keycloak authority + downstream domain/projection URLs, depends_on domain/projection healthy + keycloak started). run-bff-check.sh verifies the BFF end-to-end against the up stack: 401 without a token, 202 with a real digid token minted via direct grant against keycloak:8080 (host-consistent issuer, ADR-0010), and an anonymous public-safe openbaar register (never a bsn). Wired as verify-bff (Makefile + verify chain + CI step). Stryker baseline for the BFF's pure logic (OpenbaarProjection) at 100% (break 90); Program/HTTP adapters are covered by the endpoint tests + verify-bff. CI uploads the bff mutation report. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -344,6 +344,13 @@ services:
|
||||
context: ../services/bff
|
||||
dockerfile: Dockerfile
|
||||
image: register-referentie/bff:dev
|
||||
environment:
|
||||
# The BFF is the portals' only backend; it validates digid tokens and fans out (ADR-0010).
|
||||
# Keycloak (start-dev) derives the issuer from the request host, so the BFF authority and the
|
||||
# verify token request both use keycloak:8080 to keep the issuer consistent.
|
||||
Keycloak__Authority: http://keycloak:8080/realms/digid
|
||||
Downstream__Domain__BaseUrl: http://domain:8080/
|
||||
Downstream__Projection__BaseUrl: http://projection-api:8080/
|
||||
ports:
|
||||
- "8080:8080"
|
||||
healthcheck:
|
||||
@@ -352,6 +359,13 @@ services:
|
||||
timeout: 3s
|
||||
retries: 5
|
||||
start_period: 10s
|
||||
depends_on:
|
||||
domain:
|
||||
condition: service_healthy
|
||||
projection-api:
|
||||
condition: service_healthy
|
||||
keycloak:
|
||||
condition: service_started
|
||||
networks: [cg]
|
||||
|
||||
# ── Read projection (S-06) ────────────────────────────────────────────────
|
||||
|
||||
Reference in New Issue
Block a user