mirror of
https://github.com/azaion/gps-denied-onboard.git
synced 2026-06-22 12:11:13 +00:00
[autodev] Update Jetson test environment and satellite-provider integration
ci/woodpecker/push/02-build-push Pipeline failed
ci/woodpecker/push/02-build-push Pipeline failed
- Added `.env.test` to `.gitignore` to exclude test environment variables. - Enhanced `docker-compose.test.jetson.yml` to include the real satellite-provider .NET service and its PostgreSQL database, replacing the mock service. - Updated test execution policy to mandate all tests run exclusively on Jetson hardware, deprecating the previous two-tier model. - Revised documentation in `_docs/LESSONS.md`, `_docs/02_document/tests/environment.md`, and `_docs/04_deploy/ci_cd_pipeline.md` to reflect the new testing strategy and environment setup. - Improved `run-tests-jetson.sh` script to ensure proper environment variable handling and satellite-provider integration. This commit aligns the testing framework with production environments, enhancing reliability and coverage.
This commit is contained in:
Oleksandr Bezdieniezhnykh
@@ -137,6 +137,36 @@ Need ≥ 30 GB free on `/var/lib/docker`. Swap should be at least 4 GB
|
||||
|
||||
## Running the harness
|
||||
|
||||
### Pre-flight (one-time, then on JWT secret rotation)
|
||||
|
||||
AZ-688 added the real `../satellite-provider` .NET service to the Jetson
|
||||
compose graph. Two extra setup steps before the first run:
|
||||
|
||||
```bash
|
||||
# 1. Sibling repo must be checked out alongside gps-denied-onboard/.
|
||||
# The harness rsyncs both repos to the Jetson; the relative `../satellite-provider`
|
||||
# path in docker-compose.test.jetson.yml resolves identically on Mac and Jetson.
|
||||
ls ../satellite-provider/SatelliteProvider.sln # sanity check
|
||||
|
||||
# 2. Copy the env template and fill in the dev JWT secret. .env.test is
|
||||
# gitignored; the script refuses to start if it's missing or if any
|
||||
# of JWT_SECRET / JWT_ISSUER / JWT_AUDIENCE are unset.
|
||||
cp .env.test.example .env.test
|
||||
# Generate a fresh dev secret (≥32 bytes for HMAC-SHA256):
|
||||
openssl rand -hex 32
|
||||
# Paste into JWT_SECRET=… in .env.test. The same secret is later used by
|
||||
# AZ-690 (dev JWT minting helper) to sign tokens that this same provider
|
||||
# validates. Issuer/audience defaults are pre-filled.
|
||||
```
|
||||
|
||||
The dev TLS cert (`../satellite-provider/certs/{api.pfx,api.crt,api.key}`)
|
||||
is regenerated on demand by `scripts/ensure-dev-cert.sh`, which
|
||||
`run-tests-jetson.sh` calls automatically. The cert is self-signed,
|
||||
gitignored in both repos, and pinned to SAN `api`/`satellite-provider`/
|
||||
`localhost`/`127.0.0.1` — see the script for the openssl recipe.
|
||||
|
||||
### Run
|
||||
|
||||
From the developer Mac, repo root:
|
||||
|
||||
```bash
|
||||
@@ -145,11 +175,18 @@ bash scripts/run-tests-jetson.sh
|
||||
|
||||
What happens:
|
||||
|
||||
1. `rsync` source → `jetson-e2e:~/gps-denied-onboard/` (excludes `.git`,
|
||||
1. Load `.env.test` (fail-fast if missing / JWT vars unset / `JWT_SECRET` < 32 bytes).
|
||||
2. `scripts/ensure-dev-cert.sh` on the Mac — idempotent dev TLS cert generation
|
||||
into `../satellite-provider/certs/`.
|
||||
3. `rsync` source → `jetson-e2e:~/gps-denied-onboard/` (excludes `.git`,
|
||||
`__pycache__`, build artefacts; LFS pointers transfer as text).
|
||||
2. `ssh jetson-e2e docker compose -f docker-compose.test.jetson.yml build e2e-runner`
|
||||
3. `ssh jetson-e2e docker compose ... up --abort-on-container-exit --exit-code-from e2e-runner`
|
||||
4. stdout / stderr stream to the Mac terminal; exit code propagates.
|
||||
4. `rsync` `../satellite-provider/` → `jetson-e2e:~/satellite-provider/`
|
||||
(sibling of `gps-denied-onboard/` so the compose path resolves).
|
||||
5. `ssh jetson-e2e docker compose ... build e2e-runner satellite-provider`
|
||||
(env vars exported through the heredoc so the upstream compose's
|
||||
`${JWT_SECRET}` interpolation resolves on the Jetson side).
|
||||
6. `ssh jetson-e2e docker compose ... up --abort-on-container-exit --exit-code-from e2e-runner`.
|
||||
7. stdout / stderr stream to the Mac terminal; exit code propagates.
|
||||
|
||||
Override the alias or remote dir if your setup differs:
|
||||
|
||||
@@ -158,6 +195,11 @@ JETSON_SSH_ALIAS=other-host JETSON_REMOTE_DIR=~/somewhere/else \
|
||||
bash scripts/run-tests-jetson.sh
|
||||
```
|
||||
|
||||
`JETSON_REMOTE_DIR` MUST be a path whose parent directory is writable —
|
||||
the harness places `satellite-provider/` next to it. With the default
|
||||
`~/gps-denied-onboard`, the satellite-provider lands at
|
||||
`~/satellite-provider/` on the Jetson.
|
||||
|
||||
## Smoke vs. Reality Gate split — at a glance
|
||||
|
||||
| Test category | Marker | Colima (Tier-1) | Jetson (Tier-2) |
|
||||
@@ -190,7 +232,14 @@ JETSON_SSH_ALIAS=other-host JETSON_REMOTE_DIR=~/somewhere/else \
|
||||
## Related Jira
|
||||
|
||||
* AZ-615 — this harness (Jetson runner story)
|
||||
* AZ-616 — replace `mock-sat` with real `../satellite-provider` service
|
||||
* AZ-616 — umbrella: replace `mock-sat` with real `../satellite-provider` service
|
||||
* AZ-688 — Compose-include real satellite-provider + Postgres (this doc)
|
||||
* AZ-689 — Seed Derkachi-bbox fixture tile set for hermetic e2e
|
||||
* AZ-690 — Long-lived dev JWT minting helper
|
||||
* AZ-691 — Python `SatelliteProviderClient`
|
||||
* AZ-692 — Wire client into composition root; retire `mock-sat`
|
||||
* AZ-693 — Docs: client contract + test env + containerization
|
||||
* AZ-694 — AC-8 unskip + diagnose (sibling Story, not a subtask)
|
||||
* AZ-617 — mark heavy ACs with `tier2` (already applied; this story
|
||||
documents and verifies the auto-skip)
|
||||
* AZ-614 — tlog time-base mismatch (currently blocks the heavy ACs
|
||||
|
||||
Reference in New Issue
Block a user