From c998636651d56196097a06db555d9ccd0f70f73b Mon Sep 17 00:00:00 2001 From: Hans Ott Date: Mon, 6 Oct 2025 20:22:24 +0200 Subject: [PATCH 1/3] Add QA tests workflow --- .github/workflows/Dockerfile.qa | 26 +++++++++++++++++ .github/workflows/qa-tests.yml | 52 +++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 .github/workflows/Dockerfile.qa create mode 100644 .github/workflows/qa-tests.yml diff --git a/.github/workflows/Dockerfile.qa b/.github/workflows/Dockerfile.qa new file mode 100644 index 00000000..56fbb6c6 --- /dev/null +++ b/.github/workflows/Dockerfile.qa @@ -0,0 +1,26 @@ +FROM python:3.13.2 AS builder + +ENV PYTHONUNBUFFERED=1 \ + PYTHONDONTWRITEBYTECODE=1 +WORKDIR /app + +RUN python -m venv .venv + +COPY requirements.txt ./ + +# Copy the dev firewall package +COPY aikido_zen-*.whl ./ + +# === THIS SECTION IS MODIFIED FOR QA STEP === +RUN .venv/bin/pip install -r requirements.txt && \ + .venv/bin/pip uninstall -y aikido-zen && \ + .venv/bin/pip install ./aikido_zen-*.whl +# === END OF MODIFIED SECTION === + +FROM python:3.13.2-slim +WORKDIR /app +RUN apt update && apt install -y gdb procps +COPY --from=builder /app/.venv .venv/ +COPY . . +ENV AIKIDO_BLOCK="1" +CMD ["/app/.venv/bin/gunicorn", "--bind=[::]:8080", "--access-logfile=-", "--workers=4", "wsgi:app"] diff --git a/.github/workflows/qa-tests.yml b/.github/workflows/qa-tests.yml new file mode 100644 index 00000000..fdf7c3e7 --- /dev/null +++ b/.github/workflows/qa-tests.yml @@ -0,0 +1,52 @@ +name: 🧪 QA Tests +permissions: + contents: read +on: + push: {} + workflow_call: {} + +jobs: + qa-tests: + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - name: Checkout firewall-python + uses: actions/checkout@v5 + with: + path: firewall-python + + - name: Checkout zen-demo-python + uses: actions/checkout@v5 + with: + repository: Aikido-demo-apps/zen-demo-python + path: zen-demo-python + ref: dev-testing + submodules: true + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: "3.13" + + - name: Install poetry + run: pip install poetry + + - name: Build firewall-python dev package + run: | + cd firewall-python + make build + + # Move the built wheel to zen-demo-python directory + # poetry build creates both .tar.gz and .whl, we only need the wheel + mv dist/*.whl ../zen-demo-python/ + + - name: Replace Dockerfile with QA version + run: | + cp firewall-python/.github/workflows/Dockerfile.qa zen-demo-python/Dockerfile + + - name: Run Firewall QA Tests + uses: AikidoSec/firewall-tester-action@releases/v1 + with: + dockerfile_path: ./zen-demo-python/Dockerfile + app_port: 8080 + sleep_before_test: 10 From 37fac36717682dbe865d8a6a0756c01e919fa211 Mon Sep 17 00:00:00 2001 From: Hans Ott Date: Mon, 6 Oct 2025 23:07:18 +0200 Subject: [PATCH 2/3] Use qa-test branch for now --- .github/workflows/qa-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qa-tests.yml b/.github/workflows/qa-tests.yml index fdf7c3e7..d4749ae5 100644 --- a/.github/workflows/qa-tests.yml +++ b/.github/workflows/qa-tests.yml @@ -20,7 +20,7 @@ jobs: with: repository: Aikido-demo-apps/zen-demo-python path: zen-demo-python - ref: dev-testing + ref: qa-test submodules: true - name: Set up Python From 8f04c1ce82b5e8e023f90da77c0b23b3d606fa62 Mon Sep 17 00:00:00 2001 From: bitterpanda Date: Wed, 8 Oct 2025 17:24:24 +0200 Subject: [PATCH 3/3] Update .github/workflows/Dockerfile.qa --- .github/workflows/Dockerfile.qa | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Dockerfile.qa b/.github/workflows/Dockerfile.qa index 56fbb6c6..44d179e3 100644 --- a/.github/workflows/Dockerfile.qa +++ b/.github/workflows/Dockerfile.qa @@ -23,4 +23,4 @@ RUN apt update && apt install -y gdb procps COPY --from=builder /app/.venv .venv/ COPY . . ENV AIKIDO_BLOCK="1" -CMD ["/app/.venv/bin/gunicorn", "--bind=[::]:8080", "--access-logfile=-", "--workers=4", "wsgi:app"] +CMD ["/app/.venv/bin/gunicorn", "--bind=[::]:8080", "--access-logfile=-", "--workers=1", "--threads=4", "wsgi:app"]