infra-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
09e99a09c6
molecule-core/tests/harness/seed.sh
Hongming Wang f13d2b2b7b feat(tests): add production-shape local harness (Phase 1) 
The harness brings up the SaaS tenant topology on localhost using the
SAME workspace-server/Dockerfile.tenant image that ships to production.
Tests run against http://harness-tenant.localhost:8080 and exercise the
same code path a real tenant takes:

  client
    → cf-proxy   (nginx; CF tunnel + LB header rewrites)
    → tenant     (Dockerfile.tenant — combined platform + canvas)
    → cp-stub    (minimal Go CP stand-in for /cp/* paths)
    → postgres + redis

Why this exists: bugs that survive `go run ./cmd/server` and ship to
prod almost always live in env-gated middleware (TenantGuard, /cp/*
proxy, canvas proxy), header rewrites, or the strict-auth / live-token
mode. The harness activates ALL of them locally so #2395 + #2397-class
bugs can be reproduced before deploy.

Phase 1 surface:
  - cp-stub/main.go: minimal CP stand-in. /cp/auth/me, redeploy-fleet,
    /__stub/{peers,mode,state} for replay scripts. Catch-all returns
    501 with a clear message when a new CP route appears.
  - cf-proxy/nginx.conf: rewrites Host to <slug>.localhost, injects
    X-Forwarded-*, disables buffering to mirror CF tunnel streaming
    semantics.
  - compose.yml: one service per topology layer; tenant builds from
    the actual production Dockerfile.tenant.
  - up.sh / down.sh / seed.sh: lifecycle scripts.
  - replays/peer-discovery-404.sh: reproduces #2397 + asserts the
    diagnostic helper from PR #2399 surfaces "404" + "registered".
  - replays/buildinfo-stale-image.sh: reproduces #2395 + asserts
    /buildinfo wire shape + GIT_SHA injection from PR #2398.
  - README.md: topology, quickstart, what the harness does NOT cover.

Phases 2-3 (separate PRs):
  - Phase 2: convert tests/e2e/test_api.sh to target the harness URL
    instead of localhost; make harness-based replays a required CI gate.
  - Phase 3: config-coherence lint that diffs harness env list against
    production CP's env list, fails CI on drift.

Verification:
  - cp-stub builds (go build ./...).
  - cp-stub responds to all stubbed endpoints (smoke-tested locally).
  - compose.yml passes `docker compose config --quiet`.
  - All shell scripts pass `bash -n` syntax check.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-30 11:22:46 -07:00

66 lines
2.2 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Seed the harness with two registered workspaces so peer-discovery
# replay scripts have something to discover.
#
# - "alpha" parent (tier 0)
# - "beta" child of alpha (tier 1)
#
# Both register via the platform's /registry/register endpoint, which
# is what real workspaces do at boot. The platform then has them in its
# DB; tool_list_peers from inside alpha can resolve beta as a peer.
set -euo pipefail
HERE="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$HERE"
BASE="${BASE:-http://harness-tenant.localhost:8080}"
ADMIN="harness-admin-token"
ORG="harness-org"
curl_admin() {
curl -sS -H "Authorization: Bearer $ADMIN" \
-H "X-Molecule-Org-Id: $ORG" \
-H "Content-Type: application/json" "$@"
}
echo "[seed] confirming tenant is reachable via cf-proxy..."
HEALTH=$(curl -sS "$BASE/health" || echo "")
if [ -z "$HEALTH" ]; then
echo "[seed] FAILED: $BASE/health unreachable. Did ./up.sh complete? Did you add"
echo " 127.0.0.1 harness-tenant.localhost to /etc/hosts?"
exit 1
fi
echo "[seed] $HEALTH"
echo "[seed] confirming /buildinfo returns the harness GIT_SHA..."
BUILD=$(curl -sS "$BASE/buildinfo" || echo "")
echo "[seed] $BUILD"
# Mint a fresh admin-call workspace ID for the parent. Platform's
# /admin/workspaces/:id/test-token mints a per-workspace bearer; the
# replay scripts use it to call the workspace-scoped routes.
echo "[seed] creating workspace 'alpha' (parent)..."
ALPHA_ID=$(uuidgen | tr '[:upper:]' '[:lower:]')
curl_admin -X POST "$BASE/workspaces" \
-d "{\"id\":\"$ALPHA_ID\",\"name\":\"alpha\",\"tier\":0,\"runtime\":\"langgraph\"}" \
>/dev/null
echo "[seed] alpha id=$ALPHA_ID"
echo "[seed] creating workspace 'beta' (child of alpha)..."
BETA_ID=$(uuidgen | tr '[:upper:]' '[:lower:]')
curl_admin -X POST "$BASE/workspaces" \
-d "{\"id\":\"$BETA_ID\",\"name\":\"beta\",\"tier\":1,\"parent_id\":\"$ALPHA_ID\",\"runtime\":\"langgraph\"}" \
>/dev/null
echo "[seed] beta id=$BETA_ID"
# Stash IDs so replay scripts pick them up.
{
echo "ALPHA_ID=$ALPHA_ID"
echo "BETA_ID=$BETA_ID"
} > "$HERE/.seed.env"
echo ""
echo "[seed] done. IDs persisted to tests/harness/.seed.env"
echo "[seed] ALPHA_ID=$ALPHA_ID"
echo "[seed] BETA_ID=$BETA_ID"
View Git Blame Copy Permalink