Skip to content

E2E parity: exercise deploy/promote/scan/workflow on GitLab and Jenkins#16

Merged
jeanjerome merged 2 commits into
mainfrom
test/jenkins-e2e-parity
Jun 4, 2026
Merged

E2E parity: exercise deploy/promote/scan/workflow on GitLab and Jenkins#16
jeanjerome merged 2 commits into
mainfrom
test/jenkins-e2e-parity

Conversation

@jeanjerome

@jeanjerome jeanjerome commented Jun 4, 2026

Copy link
Copy Markdown
Member

Summary

Harden the E2E suites so the deploy, promote, CVE-gating and trunk-based
triggering paths are actually exercised on both orchestrators -- the
coverage that lets the companion brik PR's three execution-model fixes be
validated end to end rather than as no-ops.

test: exercise real deploy and promote paths in GitLab E2E

  • node-deploy-gitops triggers on branch:main so the trunk-based staging
    env (gated on branch=='main') runs a real GitOps deploy; assert the
    ArgoCD app reaches Synced + Healthy.
  • assert.promote_succeeded reads the promote outcome + release_ref from
    this run's aggregate-report.json (run-specific, stale-proof) instead
    of querying registry state.
  • Shared e2e.argocd.assert_synced helper; GitLab suite routed through it.
  • node-plan-tag: Dockerfile + package/publish/release docker config, pinned
    to safe planner mode so promote is not impact-skipped.
  • node-deploy-gitops-rollback: decoupled from the workflow profile
    (explicit when=tag) so it runs on its tag triggers.

test: add Jenkins E2E parity for deploy, promote, scan and workflow

  • Five scenarios re-added mirroring GitLab: node-deploy-gitops,
    node-deploy-rollback, node-plan-tag, node-full-cve, workflow-trunk-main/tag.
  • node-deploy-gitops runs in branch context (excluded from the BRIK_TAG
    case) with BRIK_WITH_DEPLOY + BRIK_WITH_PACKAGE so the staging gitops env
    fires and the published image exists for the ArgoCD sync.
  • BRIK_WITH_PACKAGE declared in pre_register_params so the package
    opt-in propagates to the build (it was silently dropped, masking a
    partial false-green where ArgoCD rode on pre-existing image state).
  • node-full-cve pipelineJob added to the Jenkins CasC config.

Test plan

  • bash -n + shellcheck clean on all edited E2E scripts
  • GitLab: validated via real job traces (gitops staging deploy, promote
    retag with auth)
  • Jenkins --all: 8/8 PASS, each high-value scenario verified against
    the real job console:
    - node-deploy-gitops: --with-package --with-deploy, image pushed to
    Nexus, staging gitops in branch context, ArgoCD Synced + Healthy, no
    --namespace error
    - node-plan-tag: promote retags candidate->released with two registry
    logins (per-zone auth)
    - node-full-cve: scan fails on CVE-2026-45149 (GHSA), build FAILURE
    - node-deploy-rollback: image v0.1.0 -> v0.2.0 -> rollback v0.1.0
    - workflow-trunk-main/tag: Multibranch builds on branch and tag

Note

Adding the node-full-cve CasC job to a running Jenkins requires
docker restart brik-jenkins (job-dsl writes config.xml) followed by
POST /reload (loads the item); a cold briklab init seeds it during the
initial CasC apply.

jeanjerome added 2 commits June 4, 2026 14:31
@jeanjerome
test: exercise real deploy and promote paths in GitLab E2E
5133d5d 
The gitops deploy and registry promote stages were only ever run as
no-ops in E2E, so namespace forwarding, profile merging and promote
auth were never actually validated end to end.

- Trigger node-deploy-gitops on branch:main so the trunk-based staging
  env (gated on branch=='main') runs a real GitOps deploy, and assert
  the ArgoCD app reaches Synced + Healthy.
- Add assert.promote_succeeded, which reads the promote stage outcome
  and release_ref from this run's aggregate-report.json (run-specific,
  stale-proof) instead of querying registry state.
- Add a shared e2e.argocd.assert_synced helper and route the GitLab
  suite through it.
- node-plan-tag: add Dockerfile + package/publish/release docker config
  and pin the planner to safe mode so promote is not impact-skipped.
- node-deploy-gitops-rollback: decouple from the workflow profile with
  an explicit when=tag condition so it runs on its tag triggers.
- Bump node-deploy-gitops base image to node:22-alpine.
@jeanjerome
test: add Jenkins E2E parity for deploy, promote, scan and workflow
e4d4a91 
The Jenkins suite only ran two happy-path scenarios, so the deploy,
promote, CVE-gating and trunk-based triggering paths (which run in the
same isolated Alpine runner containers as GitLab) were never exercised
on Jenkins.

- Re-add five scenarios mirroring GitLab: node-deploy-gitops,
  node-deploy-rollback, node-plan-tag, node-full-cve and
  workflow-trunk-main/tag.
- node-deploy-gitops runs in branch context (excluded from the BRIK_TAG
  case) so its staging gitops env fires, with BRIK_WITH_DEPLOY and
  BRIK_WITH_PACKAGE so the published image exists for the ArgoCD sync;
  assert the sync via the shared helper.
- Wire E2E_ASSERT_PROMOTE -> assert.promote_succeeded for node-plan-tag.
- Declare BRIK_WITH_PACKAGE in pre_register_params so the package opt-in
  actually propagates to the build (it was silently dropped before).
- Add a node-full-cve pipelineJob to the Jenkins CasC config.
- Update the E2E coverage matrix.
@jeanjerome jeanjerome merged commit ed78839 into main Jun 4, 2026
2 checks passed
@jeanjerome jeanjerome deleted the test/jenkins-e2e-parity branch June 4, 2026 12:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jeanjerome