Problem
The pr.yaml workflow runs E2E tests directly from source via Tilt. The tag.yaml workflow builds the Docker image and runs E2E against it — but only on tag push. A regression in the Dockerfile (broken build, missing runtime dependency, wrong base image) is not caught until a release tag is pushed.
Fix
Add a job to pr.yaml that builds the Docker image and runs a smoke test (e.g., health-check endpoint) against the built image:
- name: Build Docker image
uses: docker/build-push-action@v5
with:
context: .
push: false
tags: oidc-server-mock:pr-test
- name: Smoke test Docker image
run: |
docker run -d --name oidc-test -p 8080:8080 oidc-server-mock:pr-test
sleep 5
curl -f http://localhost:8080/health
docker rm -f oidc-test
References
Identified during linting/CI audit — see advisory session 2026-05-16.
Problem
The
pr.yamlworkflow runs E2E tests directly from source via Tilt. Thetag.yamlworkflow builds the Docker image and runs E2E against it — but only on tag push. A regression in theDockerfile(broken build, missing runtime dependency, wrong base image) is not caught until a release tag is pushed.Fix
Add a job to
pr.yamlthat builds the Docker image and runs a smoke test (e.g., health-check endpoint) against the built image:References
Identified during linting/CI audit — see advisory session 2026-05-16.