Skip to content

ci: add Docker custom-password test to build-docker and build-docker-alpine jobs#634

Merged
vharseko merged 2 commits intocopilot/update-dockerfile-cddl-headerfrom
copilot/add-docker-test-custom-password
Apr 10, 2026
Merged

ci: add Docker custom-password test to build-docker and build-docker-alpine jobs#634
vharseko merged 2 commits intocopilot/update-dockerfile-cddl-headerfrom
copilot/add-docker-test-custom-password

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 10, 2026
edited
Loading

PR #633 removes ENV ROOT_PASSWORD="password" from both Dockerfiles and relies on ${ROOT_PASSWORD:-password} shell fallback in HEALTHCHECK. The existing "Docker test" steps only exercise the default-password path; there was no coverage for containers started with -e ROOT_PASSWORD=<custom>.

Changes

  • build-docker job — new step Docker test custom password after the existing Docker test:

    • Starts a container with -e ROOT_PASSWORD=custom_password (--memory=512m, name test_custom)
    • Waits for healthy status (validates HEALTHCHECK resolves the env var correctly)
    • Runs ldapsearch --bindPassword custom_password to confirm the server accepted the custom credential

  • build-docker-alpine job — identical step for the -alpine image (--memory=1g)

- name: Docker test custom password
  shell: bash
  run: |
    docker run --rm -it -d --memory="512m" -e ROOT_PASSWORD=custom_password --name=test_custom localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}
    timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test_custom | grep -q \"healthy\"; do sleep 10; done'
    docker exec test_custom 'sh' '-c' '/opt/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword custom_password --useSsl --trustAll --baseDN "dc=example,dc=com" --searchScope base "(objectClass=*)" 1.1'
    docker kill test_custom

Container name test_custom is distinct from the existing test to avoid naming conflicts within the same job.

Original prompt

Context

PR #633 removes ENV ROOT_PASSWORD="password" from both Dockerfiles and changes the HEALTHCHECK to use ${ROOT_PASSWORD:-password} shell parameter expansion. The existing "Docker test" steps in build.yml only test the default case (no -e ROOT_PASSWORD passed, so the fallback password is used).

We need to add a new test step after each existing "Docker test" step to verify that Docker containers work correctly when a custom password is passed via -e ROOT_PASSWORD=<custom>.

Required Changes in .github/workflows/build.yml

1. In build-docker job — add a new step after the existing "Docker test" step (after line 356 docker kill test):

      - name: Docker test custom password
        shell: bash
        run: |
          docker run --rm -it -d --memory="512m" -e ROOT_PASSWORD=custom_password --name=test_custom localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}
          timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test_custom | grep -q \"healthy\"; do sleep 10; done'
          docker exec test_custom 'sh' '-c' '/opt/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword custom_password --useSsl --trustAll --baseDN "dc=example,dc=com" --searchScope base "(objectClass=*)" 1.1'
          docker kill test_custom

2. In build-docker-alpine job — add a new step after the existing "Docker test" step (after line 421 docker kill test):

      - name: Docker test custom password
        shell: bash
        run: |
          docker run --rm -it -d --memory="1g" -e ROOT_PASSWORD=custom_password --name=test_custom localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}-alpine
          timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test_custom | grep -q \"healthy\"; do sleep 10; done'
          docker exec test_custom 'sh' '-c' '/opt/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword custom_password --useSsl --trustAll --baseDN "dc=example,dc=com" --searchScope base "(objectClass=*)" 1.1'
          docker kill test_custom

Key points

  • The container name must be different from the existing test (test_custom vs test) to avoid conflicts.
  • Use the same --memory limit as the corresponding existing test (512m for default, 1g for alpine).
  • The custom password custom_password is passed via -e ROOT_PASSWORD=custom_password and used in --bindPassword custom_password.
  • The healthcheck should become healthy because the HEALTHCHECK in the Dockerfile now uses ${ROOT_PASSWORD:-password} which will resolve to custom_password when set.
  • The ldapsearch verifies that the server actually accepts the custom password.
  • Make changes on the branch copilot/update-dockerfile-cddl-header which is the head branch of PR Remove ENV ROOT_PASSWORD from Dockerfiles, fix HEALTHCHECK default, add CDDL headers #633.

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: необходимо добавить проверку в build.yml аналогичную "Docker test" для случая установки своего пароля

Assistant:

Let me first look at the current build workflow and the existing Docker test to understand the structure.

Assistant: Now let me look at the existing "Docker test" steps more closely and the run.sh to understand how ROOT_PASSWORD is used:

Assistant: Now I understand the full picture. Let me look at the PR branch to see the current state of the Dockerfiles and the build.yml there:

Assistant: Теперь я понимаю контекст. В PR #633 удалён ENV ROOT_PASSWORD из Dockerfile, и HEALTHCHECK теперь использует ${ROOT_PASSWORD:-password}. Нужно добавить в build.yml дополнительный Docker-тест, аналогичный существующему "Docker test", но с передачей кастомного пароля через -e ROOT_PASSWORD=..., чтобы проверить, что контейнер работает корректно и с пользовательским паролем.

Посмотрю, как выглядит текущий "Docker test" для обоих образов (default и alpine) целиком:

Assistant: Понял задачу. Сейчас в build.yml есть шаги "Docker test" для обоих образов (default и alpine), но они тестируют только случай запуска без передачи -e ROOT_PASSWORD=... (используется дефолтный пароль password).

Поскольку PR #633 убирает ENV ROOT_PASSWORD из Dockerfile и полагается на ${ROOT_PASSWORD:-password} в HEALTHCHECK, нужно добавить проверку, что Docker-образ корректно работает и при установке пользовательского пароля через -e ROOT_PASSWORD=....

Добавлю соответствующие шаги "Docker test custom password" в оба job-а (build-docker и build-docker-alpine).

Assistant: I'm waiting for your approval to run the coding agent that will add the "Docker test custom password" steps to build.yml on the PR branch — please accept or reject the tool call to continue.

This pull request was created from Copilot chat.

Copilot AI changed the title [WIP] Add test for Docker with custom ROOT_PASSWORD ci: add Docker custom-password test to build-docker and build-docker-alpine jobs Apr 10, 2026
Copilot AI requested a review from vharseko April 10, 2026 13:39
@vharseko vharseko marked this pull request as ready for review April 10, 2026 16:12
@vharseko vharseko merged commit 704a5d7 into copilot/update-dockerfile-cddl-header Apr 10, 2026
15 of 17 checks passed
@vharseko vharseko deleted the copilot/add-docker-test-custom-password branch April 10, 2026 16:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vharseko vharseko Awaiting requested review from vharseko

Assignees

@vharseko vharseko

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vharseko