chore: add additional tests

.github/workflows/smoke-test-services.yml

@@ -0,0 +1,148 @@
+name: Smoke Test Services
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'on-prem/docker-compose.*.yml'
+      - 'on-prem/templates/**'
+      - 'on-prem/scripts/**'
+      - '.env.example'
+  pull_request:
+    paths:
+      - 'on-prem/docker-compose.*.yml'
+      - 'on-prem/templates/**'
+      - 'on-prem/scripts/**'
+      - '.env.example'
+  workflow_dispatch:
+
+jobs:
+  smoke-test:
+    name: API Smoke Test
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write   # Required for OIDC
+      contents: read    # Required for checkout
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::761136292957:role/GitHubActions-CurrentsDevDocker-ECRPull
+          aws-region: us-east-1
+
+      - name: Login to Currents ECR
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          registries: "513558712013"
+
+      - name: Setup environment
+        working-directory: on-prem
+        run: ./scripts/setup.sh --env-only --force
+
+      - name: Start infrastructure services
+        working-directory: on-prem
+        run: |
+          echo "Starting Redis and MongoDB..."
+          docker compose -f docker-compose.full.yml up -d redis mongodb
+          echo "Waiting for services to initialize..."
+
+      - name: Wait for Redis
+        working-directory: on-prem
+        run: |
+          echo "Waiting for Redis to be ready..."
+          for i in {1..30}; do
+            if docker compose -f docker-compose.full.yml exec -T redis redis-cli ping | grep -q PONG; then
+              echo "✅ Redis is ready"
+              exit 0
+            fi
+            echo "Attempt $i/30 - Redis not ready yet..."
+            sleep 2
+          done
+          echo "❌ Redis failed to start"
+          docker compose -f docker-compose.full.yml logs redis
+          exit 1
+
+      - name: Wait for MongoDB
+        working-directory: on-prem
+        run: |
+          echo "Waiting for MongoDB to be healthy..."
+          for i in {1..60}; do
+            if docker compose -f docker-compose.full.yml exec -T mongodb mongosh --quiet --eval "db.runCommand('ping').ok" localhost:27017 2>/dev/null | grep -q 1; then
+              echo "✅ MongoDB is ready"
+              exit 0
+            fi
+            echo "Attempt $i/60 - MongoDB not ready yet..."
+            sleep 2
+          done
+          echo "❌ MongoDB failed to start"
+          docker compose -f docker-compose.full.yml logs mongodb
+          exit 1
+
+      - name: Start application services
+        working-directory: on-prem
+        run: |
+          echo "Starting Scheduler and API..."
+          docker compose -f docker-compose.full.yml up -d scheduler api
+          echo "Waiting for services to initialize..."
+
+      - name: Wait for API
+        working-directory: on-prem
+        run: |
+          echo "Waiting for API to be ready..."
+          for i in {1..60}; do
+            if curl -sf http://localhost:4000/health > /dev/null 2>&1; then
+              echo "✅ API is ready"
+              exit 0
+            fi
+            echo "Attempt $i/60 - API not ready yet..."
+            sleep 2
+          done
+          echo "❌ API failed to start"
+          docker compose -f docker-compose.full.yml logs api
+          exit 1
+
+      - name: Wait for root user
+        working-directory: on-prem
+        run: |
+          source .env
+          echo "Waiting for root user to be created..."
+          for i in {1..30}; do
+            if docker compose -f docker-compose.full.yml exec -T mongodb mongosh \
+              -u "$MONGODB_USERNAME" -p "$MONGODB_PASSWORD" --authenticationDatabase admin \
+              --quiet --eval "db.getSiblingDB('currents').user.findOne({email: '${ON_PREM_EMAIL:-root@currents.local}'})" 2>/dev/null | grep -q "_id"; then
+              echo "✅ Root user exists"
+              exit 0
+            fi
+            echo "Attempt $i/30 - Root user not created yet..."
+            sleep 2
+          done
+          echo "❌ Root user was not created"
+          docker compose -f docker-compose.full.yml logs api scheduler
+          exit 1
+
+      - name: Seed database
+        id: seed
+        working-directory: on-prem
+        run: |
+          echo "Seeding database with test data..."
+          # Capture the KEY=VALUE output from seed script
+          eval $(./scripts/smoke-test/seed-database.sh)
+          # Export to GitHub Actions output
+          echo "api_key=${API_KEY}" >> $GITHUB_OUTPUT
+          echo "project_id=${PROJECT_ID}" >> $GITHUB_OUTPUT
+
+      - name: Run API smoke test
+        working-directory: on-prem
+        run: |
+          echo "Running API smoke test..."
+          ./scripts/smoke-test/api-test.sh "${{ steps.seed.outputs.api_key }}" "${{ steps.seed.outputs.project_id }}"
+
+      - name: Cleanup
+        if: always()
+        working-directory: on-prem
+        run: |
+          docker compose -f docker-compose.full.yml down -v --remove-orphans

on-prem/docker-compose.database.yml

@@ -26,9 +26,6 @@ services:
       CURRENTS_ENV: onprem
       EMAIL_TRANSPORTER: smtp
     depends_on:
-      clickhouse:
-        condition: service_healthy
-        required: false
       mongodb:
         condition: service_healthy
         required: false
@@ -52,9 +49,6 @@ services:
       CLICKHOUSE_PASSWORD: ${CLICKHOUSE_CURRENTS_PASSWORD}
       EMAIL_TRANSPORTER: smtp
     depends_on:
-      clickhouse:
-        condition: service_healthy
-        required: false
       mongodb:
         condition: service_healthy
         required: false
@@ -73,15 +67,13 @@ services:
       CLICKHOUSE_PASSWORD: ${CLICKHOUSE_CURRENTS_PASSWORD}
       EMAIL_TRANSPORTER: smtp
     depends_on:
-      clickhouse:
-        condition: service_healthy
-        required: false
       mongodb:
         condition: service_healthy
         required: false
       redis:
         condition: service_started
         required: false
+  # Currents services depend on clickhouse
   write-worker:
     image: ${DC_CURRENTS_IMAGE_REPOSITORY:-currents-}writer:${DC_CURRENTS_IMAGE_TAG:-staging}
     restart: unless-stopped
@@ -118,9 +110,6 @@ services:
     volumes:
       - ${DC_SCHEDULER_STARTUP_VOLUME:-./data/startup}:/app/packages/scheduler/dist/.startup
     depends_on:
-      clickhouse:
-        condition: service_healthy
-        required: false
       mongodb:
         condition: service_healthy
         required: false
@@ -138,9 +127,6 @@ services:
       CURRENTS_ENV: onprem
       EMAIL_TRANSPORTER: smtp
     depends_on:
-      clickhouse:
-        condition: service_healthy
-        required: false
       mongodb:
         condition: service_healthy
         required: false

on-prem/docker-compose.full.yml

@@ -27,9 +27,6 @@ services:
       EMAIL_TRANSPORTER: smtp
       FILE_STORAGE_FORCE_PATH_STYLE: "true"
     depends_on:
-      clickhouse:
-        condition: service_healthy
-        required: false
       mongodb:
         condition: service_healthy
         required: false
@@ -54,9 +51,6 @@ services:
       EMAIL_TRANSPORTER: smtp
       FILE_STORAGE_FORCE_PATH_STYLE: "true"
     depends_on:
-      clickhouse:
-        condition: service_healthy
-        required: false
       mongodb:
         condition: service_healthy
         required: false
@@ -76,15 +70,13 @@ services:
       EMAIL_TRANSPORTER: smtp
       FILE_STORAGE_FORCE_PATH_STYLE: "true"
     depends_on:
-      clickhouse:
-        condition: service_healthy
-        required: false
       mongodb:
         condition: service_healthy
         required: false
       redis:
         condition: service_started
         required: false
+  # Currents services depend on clickhouse
   write-worker:
     image: ${DC_CURRENTS_IMAGE_REPOSITORY:-currents-}writer:${DC_CURRENTS_IMAGE_TAG:-staging}
     restart: unless-stopped
@@ -123,9 +115,6 @@ services:
     volumes:
       - ${DC_SCHEDULER_STARTUP_VOLUME:-./data/startup}:/app/packages/scheduler/dist/.startup
     depends_on:
-      clickhouse:
-        condition: service_healthy
-        required: false
       mongodb:
         condition: service_healthy
         required: false
@@ -144,9 +133,6 @@ services:
       EMAIL_TRANSPORTER: smtp
       FILE_STORAGE_FORCE_PATH_STYLE: "true"
     depends_on:
-      clickhouse:
-        condition: service_healthy
-        required: false
       mongodb:
         condition: service_healthy
         required: false

on-prem/docs/container-images.md

@@ -25,7 +25,18 @@ Create an IAM role in your AWS account with the following policy:
         "ecr:GetDownloadUrlForLayer"
       ],
       "Resource": [
-        "arn:aws:ecr:us-east-1:513558712013:repository/currents/on-prem/*"
+        "arn:aws:ecr:us-east-1:513558712013:currents/on-prem/api/*",
+        "arn:aws:ecr:us-east-1:513558712013:repository/currents/on-prem/api",
+        "arn:aws:ecr:us-east-1:513558712013:currents/on-prem/change-streams/*",
+        "arn:aws:ecr:us-east-1:513558712013:repository/currents/on-prem/change-streams",
+        "arn:aws:ecr:us-east-1:513558712013:currents/on-prem/director/*",
+        "arn:aws:ecr:us-east-1:513558712013:repository/currents/on-prem/director",
+        "arn:aws:ecr:us-east-1:513558712013:currents/on-prem/scheduler/*",
+        "arn:aws:ecr:us-east-1:513558712013:repository/currents/on-prem/scheduler",
+        "arn:aws:ecr:us-east-1:513558712013:currents/on-prem/writer/*",
+        "arn:aws:ecr:us-east-1:513558712013:repository/currents/on-prem/writer",
+        "arn:aws:ecr:us-east-1:513558712013:currents/on-prem/webhooks/*",
+        "arn:aws:ecr:us-east-1:513558712013:repository/currents/on-prem/webhooks"
       ]
     }
   ]

on-prem/scripts/setup.sh

@@ -3,6 +3,10 @@
 # Interactive setup script for Currents on-prem
 # Generates a docker-compose file based on your infrastructure choices
 # and sets it as the default docker-compose.yml
+#
+# Usage:
+#   ./setup.sh              # Interactive setup (profile selection + env generation)
+#   ./setup.sh --env-only   # Only generate .env file with secrets (non-interactive)
 
 set -e
 
@@ -16,27 +20,56 @@ BLUE='\033[0;34m'
 YELLOW='\033[1;33m'
 NC='\033[0m' # No Color
 
-echo -e "${BLUE}"
-echo "╔═══════════════════════════════════════════════════════════╗"
-echo "║           Currents On-Prem Setup                          ║"
-echo "╚═══════════════════════════════════════════════════════════╝"
-echo -e "${NC}"
-
-echo "This script will help you generate a docker-compose configuration"
-echo "based on which services you want to run locally vs externally."
-echo ""
+# Parse arguments
+ENV_ONLY=false
+FORCE_REGEN=false
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        --env-only)
+            ENV_ONLY=true
+            shift
+            ;;
+        --force)
+            FORCE_REGEN=true
+            shift
+            ;;
+        -h|--help)
+            echo "Usage: $0 [OPTIONS]"
+            echo ""
+            echo "Options:"
+            echo "  --env-only    Only generate .env file with secrets (non-interactive)"
+            echo "  --force       Force regenerate secrets even if .env exists"
+            echo "  -h, --help    Show this help message"
+            exit 0
+            ;;
+        *)
+            echo "Unknown option: $1"
+            echo "Use --help for usage information"
+            exit 1
+            ;;
+    esac
+done
 
 # =============================================================================
 # Environment file setup
 # =============================================================================
+# Define setup_env_file function first (used by both modes)
 setup_env_file() {
     cd "$ON_PREM_DIR"
 
     if [ -f .env ]; then
         echo -e "${YELLOW}Found existing .env file${NC}"
-        read -p "Regenerate secrets in .env? [y/N]: " regen_secrets
-        if [[ ! $regen_secrets =~ ^[Yy] ]]; then
+        if [ "$FORCE_REGEN" = true ]; then
+            echo "Force regenerating secrets..."
+        elif [ "$ENV_ONLY" = true ]; then
+            # Non-interactive mode: skip if .env exists and --force not set
+            echo "Using existing .env file (use --force to regenerate secrets)"
             return
+        else
+            read -p "Regenerate secrets in .env? [y/N]: " regen_secrets
+            if [[ ! $regen_secrets =~ ^[Yy] ]]; then
+                return
+            fi
         fi
         ENV_FILE=".env"
     else
@@ -106,8 +139,27 @@ setup_env_file() {
 }
 
 # =============================================================================
-# Profile selection
+# Handle --env-only mode
 # =============================================================================
+if [ "$ENV_ONLY" = true ]; then
+    setup_env_file
+    echo -e "${GREEN}✓ Environment setup complete!${NC}"
+    exit 0
+fi
+
+# =============================================================================
+# Interactive mode: Profile selection
+# =============================================================================
+echo -e "${BLUE}"
+echo "╔═══════════════════════════════════════════════════════════╗"
+echo "║           Currents On-Prem Setup                          ║"
+echo "╚═══════════════════════════════════════════════════════════╝"
+echo -e "${NC}"
+
+echo "This script will help you generate a docker-compose configuration"
+echo "based on which services you want to run locally vs externally."
+echo ""
+
 echo -e "${YELLOW}Select a configuration profile:${NC}"
 echo ""
 echo "  1) full      - All services (redis, mongodb, clickhouse, rustfs)"