Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Fix testcontainers cleanup #2023

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 20 commits into from
May 6, 2025
Merged

Fix testcontainers cleanup #2023

merged 20 commits into from
May 6, 2025

Conversation

nicktrn
Copy link
Collaborator

@nicktrn nicktrn commented May 2, 2025
edited
Loading

Turns out there were a few issues:

  • Not all engine quits were awaited, so connections could persist and throw errors after stopping redis
  • Container shutdown was never awaited as no timeout was set (testcontainers requirement)
  • If there were errors during redis container setup, those container could persist and not be cleaned up. This was causing cascading failures as this meant we couldn't clean up the networks either. Additionally, we'd also run out of available networks thanks to the default docker daemon network pool sizes.
  • The main issue with all this was that having IPv6 enabled meant container.getPort() may return a random port if it differed from the IPv4 mapping.

Bit of a rabbit hole, but we now also have:

  • The latest testcontainers packages
  • Much better logs if something goes wrong

Summary by CodeRabbit

  • New Features

    • Introduced detailed structured logging for container setup and cleanup, including resource metadata and timing, to enhance test diagnostics.
    • Added utilities to collect Docker diagnostics, such as network and container relationships, for improved troubleshooting in CI environments.

  • Bug Fixes

    • Improved test reliability by ensuring all asynchronous engine shutdowns are properly awaited during test cleanup, preventing premature test completion and resource leaks.

  • Chores

    • Updated development dependencies and TypeScript configuration for stricter type checking and improved developer experience.
    • Enhanced CI workflow to disable IPv6 and configure Docker networking for more robust test execution environments.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented May 2, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: dcb62f5

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented May 2, 2025
edited
Loading

Walkthrough

This set of changes introduces enhanced logging, diagnostics, and stricter TypeScript checks for test container lifecycle management. The core test container utilities are refactored to provide detailed, structured logs and metadata for setup and cleanup phases, with new modules for logging and Docker diagnostics. Test files in the run engine package are updated to properly await asynchronous engine shutdowns, ensuring correct resource cleanup. The GitHub Actions workflow is updated to configure Docker networking and disable IPv6 before running unit tests. Additionally, dependency versions are updated and stricter TypeScript options are enabled.

Changes

File(s) Change Summary
.github/workflows/unit-tests.yml Adds steps to disable IPv6, configure Docker address pools, and restart Docker before running unit tests.
internal-packages/testcontainers/package.json Updates devDependencies for testcontainers packages (@testcontainers/postgresql, @testcontainers/redis, testcontainers) from ^10.13.1 to ^10.25.0 and adds std-env as a new devDependency at ^3.9.0.
internal-packages/testcontainers/tsconfig.json Enables "noUncheckedIndexedAccess": true for stricter TypeScript checks.
internal-packages/testcontainers/src/index.ts Refactors resource setup and cleanup for network, postgres container, redis container, prisma client, and electric container to include structured logging, metadata tracking, and centralized cleanup logic. Updates function signatures to accept a TaskContext parameter for test metadata. Uses new utilities logSetup, logCleanup, withContainerSetup, and useContainer to unify lifecycle management and logging.
internal-packages/testcontainers/src/utils.ts Refactors createRedisContainer and verifyRedisConnection with improved error handling and debug logging. Introduces new utilities withContainerSetup and useContainer to manage container lifecycle with structured logging, metadata collection, and cleanup management including timeouts.
internal-packages/testcontainers/src/logs.ts Adds new logging utilities for resource setup and cleanup phases with detailed metadata and timing. Includes functions logSetup, logCleanup, getContainerMetadata, and getTaskMetadata. Cleanup logging gathers Docker diagnostics on errors or long durations, outputting structured JSON logs only in CI environments.
internal-packages/testcontainers/src/docker.ts Introduces a new module to interact with Docker CLI via tinyexec for diagnostics. Provides functions getDockerNetworkAttachments, getDockerContainerNetworks, and getDockerDiagnostics to retrieve Docker networks, containers, and their relationships with error handling and logging. Defines types for Docker resources and their network attachments.
internal-packages/run-engine/src/engine/tests/attemptFailures.test.ts
batchTrigger.test.ts
batchTriggerAndWait.test.ts
cancelling.test.ts
checkpoints.test.ts
delays.test.ts
dequeuing.test.ts
pendingVersion.test.ts
priority.test.ts
trigger.test.ts
triggerAndWait.test.ts
ttl.test.ts
waitpoints.test.ts		 Updates all listed test files to properly await the asynchronous engine.quit() method in their finally blocks, ensuring correct asynchronous resource cleanup and test finalization. No other logic or control flow changes were made.

Sequence Diagram(s)

sequenceDiagram
    participant TestRunner
    participant TestContainerUtils
    participant Docker
    participant Logger

    TestRunner->>TestContainerUtils: Setup resource (with TaskContext)
    TestContainerUtils->>Logger: logSetup(resource, metadata)
    TestContainerUtils->>Docker: Start container / network
    Docker-->>TestContainerUtils: Container/Network started
    TestContainerUtils->>Logger: logSetup complete

    TestRunner->>TestContainerUtils: Use resource
    TestContainerUtils->>Logger: log usage metadata

    TestRunner->>TestContainerUtils: Cleanup resource
    TestContainerUtils->>Logger: logCleanup(resource, promise, metadata)
    TestContainerUtils->>Docker: Stop container / network
    Docker-->>TestContainerUtils: Container/Network stopped
    TestContainerUtils->>Logger: logCleanup complete (with diagnostics if needed)
Loading

Suggested reviewers

  • ericallam

Poem

🐇
Logs and Docker, now in tune,
Awaiting engines, cleanup soon!
Metadata hops along,
In CI, our logs are strong.
Stricter types and networks set,
Testing flows with no regret.
—A rabbit with a logging mindset

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7439b32 and dcb62f5.

📒 Files selected for processing (1)
  • apps/webapp/tsconfig.check.json (1 hunks)
✅ Files skipped from review due to trivial changes (1)
  • apps/webapp/tsconfig.check.json
⏰ Context from checks skipped due to timeout of 90000ms (7)
  • GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - pnpm)
  • GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - npm)
  • GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - pnpm)
  • GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - npm)
  • GitHub Check: units / 🧪 Unit Tests
  • GitHub Check: typecheck / typecheck
  • GitHub Check: Analyze (javascript-typescript)

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed May 2, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
internal-packages/testcontainers/src/index.ts (1)

73-73: Fix empty object pattern.

There's an empty object pattern {} in the function parameters which is unnecessary.

-const network = async ({}, use: Use<StartedNetwork>) => {
+const network = async (_: {}, use: Use<StartedNetwork>) => {

or

-const network = async ({}, use: Use<StartedNetwork>) => {
+const network = async (_, use: Use<StartedNetwork>) => {
🧰 Tools
🪛 Biome (1.9.4)

[error] 73-73: Unexpected empty object pattern.

(lint/correctness/noEmptyPattern)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 15816e9 and 68eb755.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (2)
  • internal-packages/testcontainers/package.json (1 hunks)
  • internal-packages/testcontainers/src/index.ts (5 hunks)
🧰 Additional context used
🪛 Biome (1.9.4)
internal-packages/testcontainers/src/index.ts

[error] 73-73: Unexpected empty object pattern.

(lint/correctness/noEmptyPattern)

⏰ Context from checks skipped due to timeout of 90000ms (7)
  • GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - pnpm)
  • GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - npm)
  • GitHub Check: typecheck / typecheck
  • GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - pnpm)
  • GitHub Check: units / 🧪 Unit Tests
  • GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - npm)
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (7)
internal-packages/testcontainers/package.json (1)

13-14: Version bump for testcontainers dependencies looks good.

The update of testcontainers-related packages from ^10.13.1 to ^10.25.0 aligns with the PR's goal of fixing testcontainers cleanup. This minor version update likely includes improvements to container management and cleanup mechanisms.

Also applies to: 16-16

internal-packages/testcontainers/src/index.ts (6)

34-71: Well-designed cleanup logging mechanism.

This new implementation significantly improves the observability of container cleanup operations. The logCleanup function provides:

  • Detailed timing information (start, end, duration)
  • Cleanup order tracking
  • Concurrency detection
  • Structured error handling
  • JSON-formatted logs for easier parsing

This will be valuable for diagnosing test container issues, especially in CI environments.

78-82: Good refactoring of network cleanup.

The network cleanup now uses the central logging mechanism, providing consistency with other resource cleanups.

95-97: Appropriate timeout increase for container stopping.

Increasing the container stop timeout from the default to 30 seconds is a good practice. This gives containers more time to shut down gracefully, potentially preventing issues in subsequent tests caused by lingering containers.

119-121: Good application of logCleanup to the Prisma client.

Consistently applying the same logging pattern to database disconnection will help track database-related cleanup issues.

140-142: Consistent timeout for Redis container.

The 30-second timeout for Redis container is consistent with other containers, ensuring a standardized approach to cleanup.

194-196: Electric container cleanup matches other containers.

The electric container cleanup now follows the same pattern as other containers with the standardized 30-second timeout.

coderabbitai[bot]
coderabbitai bot reviewed May 2, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🔭 Outside diff range comments (1)
.github/workflows/testcontainers.yml (1)

1-78: 💡 Verification agent

🧩 Analysis chain

Well-structured parallel testing workflow with Docker configuration

This new workflow efficiently runs tests in parallel with 20 matrix runs, which should significantly improve test execution time. The Docker address pool configuration matches the one added to the unit-tests workflow, ensuring consistent container networking.

A few recommendations:

  1. Add GitHub token permissions to limit the scope of the workflow
  2. Fix the trailing spaces in the YAML file for better code quality

Add a permissions block to limit token scope:

name: "🐳 Testcontainers"

on:
  workflow_call:
  workflow_dispatch:
  push:

+permissions:
+  contents: read

jobs:
  unitTests:
    name: "🧪 Unit Tests (run ${{ matrix.run }})"

And fix trailing spaces on lines 72 and 75:

          SESSION_SECRET: "secret"
          MAGIC_LINK_SECRET: "secret"
          ENCRYPTION_KEY: "secret"
-      
+
      - name: 🧪 Run Package Unit Tests
        run: pnpm run test:packages
-      
+
      - name: 🧪 Run Internal Unit Tests

🌐 Web query:

Best practices for GitHub Actions token permissions

💡 Result:

Best Practices for GitHub Actions Token Permissions

GitHub Actions provides an automated token (GITHUB_TOKEN) that grants permissions to access resources within your repository. Managing these permissions properly is crucial for maintaining security in your CI/CD workflows. Here are the best practices for handling GitHub Actions token permissions:

Follow the Principle of Least Privilege

The most fundamental best practice is to restrict GITHUB_TOKEN permissions to only what's absolutely necessary for each workflow:

  1. Set read-only permissions by default at the repository or organization level[4][6]
  2. Explicitly define permissions needed for specific jobs or workflows[5]
  3. Avoid using the default permissions which might be overly permissive[7]

For example, if your workflow only needs to read repository contents, you should explicitly set:

permissions:
  contents: read

Configure Default Settings at Organization Level

For enterprises and organizations, the most effective approach to implement least privilege is to:

  1. Configure "Read repository contents and package permissions" as the default workflow permissions at the organization level[4]
  2. This ensures all GitHub Actions workflows have only read permissions for contents and packages by default
  3. Individual workflows can then request additional permissions as needed[6]

Use Job-Specific Permissions

When different jobs within a workflow need different permission levels, set them at the job level rather than the workflow level:

jobs:
  read-only-job:
    permissions:
      contents: read
    runs-on: ubuntu-latest
    steps:
      # Steps that only need to read content
      
  deployment-job:
    permissions:
      contents: write
      deployments: write
    runs-on: ubuntu-latest
    steps:
      # Steps that need to write content or create deployments

This approach ensures each job has only the permissions it specifically requires[5].

Be Cautious with Third-Party Actions

When using actions created by third parties, it's particularly important to restrict permissions:

  1. Limit the GITHUB_TOKEN permissions when using third-party actions[5]
  2. Consider using a more restrictive set of permissions for workflows that include third-party code[7]

For example:

permissions:
  actions: none
  checks: read
  contents: read

Avoid Using Personal Access Tokens When Possible

The GITHUB_TOKEN is preferable to personal access tokens (PATs) in most cases because:

  1. It's automatically created and expired for each job[1]
  2. It has built-in scope limitations to the repository where the workflow runs[2]
  3. It's easier to audit and manage across an organization[4]

When you do need a PAT, create fine-grained tokens with limited repository access and specific permissions[8].

Implement Additional Security Controls

Beyond permission settings, consider these additional security controls:

  1. Use the StepSecurity Harden-Runner to restrict egress network traffic and implement runtime security controls[4]
  2. Monitor workflow runs for unexpected permission usage or suspicious activities
  3. Set expiration for any tokens that you create manually[8]

Monitor and Audit Token Usage

Regularly review:

  • The permissions being used in your workflows
  • The build logs of workflow runs (look at the 'Set up job' step to check GITHUB_TOKEN permissions)[4]
  • Any changes to workflows that might modify permission scopes

By implementing these best practices, you can significantly reduce the security risks associated with GitHub Actions workflows while ensuring they have the necessary permissions to function properly.

Citations:

🏁 Script executed:

#!/bin/bash
# Check for trailing whitespace in the workflow file
rg -n '\s+$' .github/workflows/testcontainers.yml || true

Length of output: 71

Add least-privileged GitHub token permissions and remove trailing whitespace

To follow the principle of least privilege, explicitly scope GITHUB_TOKEN to only read repository contents, and clean up trailing spaces in the workflow file:

• File: .github/workflows/testcontainers.yml
– Insert a permissions block immediately after the on: section:

 name: "🐳 Testcontainers"

 on:
   workflow_call:
   workflow_dispatch:
   push:

+permissions:
+  contents: read

 jobs:
   unitTests:
     …

– Remove the two trailing-space lines detected (lines 72 and 75):

         ENCRYPTION_KEY: "secret"
-      
+
     - name: 🧪 Run Package Unit Tests
       run: pnpm run test:packages
-      
+
     - name: 🧪 Run Internal Unit Tests
🧰 Tools
🪛 Checkov (3.2.334)

[MEDIUM] 67-68: Basic Auth Credentials

(CKV_SECRET_4)

🪛 YAMLlint (1.35.1)

[error] 72-72: trailing spaces

(trailing-spaces)

[error] 75-75: trailing spaces

(trailing-spaces)

🪛 GitHub Check: CodeQL

[warning] 10-77: Workflow does not contain permissions
Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {{contents: read}}

🧹 Nitpick comments (1)
internal-packages/testcontainers/src/index.ts (1)

73-73: Fix empty object pattern

The empty object pattern {} should be replaced with a named parameter or removed for clarity.

-const network = async ({}, use: Use<StartedNetwork>) => {
+const network = async (_: {}, use: Use<StartedNetwork>) => {
🧰 Tools
🪛 Biome (1.9.4)

[error] 73-73: Unexpected empty object pattern.

(lint/correctness/noEmptyPattern)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 68eb755 and 5595852.

📒 Files selected for processing (3)
  • .github/workflows/testcontainers.yml (1 hunks)
  • .github/workflows/unit-tests.yml (1 hunks)
  • internal-packages/testcontainers/src/index.ts (5 hunks)
🧰 Additional context used
🪛 Checkov (3.2.334)
.github/workflows/testcontainers.yml

[MEDIUM] 67-68: Basic Auth Credentials

(CKV_SECRET_4)

🪛 YAMLlint (1.35.1)
.github/workflows/testcontainers.yml

[error] 72-72: trailing spaces

(trailing-spaces)

[error] 75-75: trailing spaces

(trailing-spaces)

🪛 GitHub Check: CodeQL
.github/workflows/testcontainers.yml

[warning] 10-77: Workflow does not contain permissions
Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {{contents: read}}

🪛 Biome (1.9.4)
internal-packages/testcontainers/src/index.ts

[error] 73-73: Unexpected empty object pattern.

(lint/correctness/noEmptyPattern)

⏰ Context from checks skipped due to timeout of 90000ms (27)
  • GitHub Check: 🧪 Unit Tests (run 20)
  • GitHub Check: 🧪 Unit Tests (run 19)
  • GitHub Check: 🧪 Unit Tests (run 18)
  • GitHub Check: 🧪 Unit Tests (run 17)
  • GitHub Check: 🧪 Unit Tests (run 16)
  • GitHub Check: 🧪 Unit Tests (run 15)
  • GitHub Check: 🧪 Unit Tests (run 14)
  • GitHub Check: 🧪 Unit Tests (run 13)
  • GitHub Check: 🧪 Unit Tests (run 12)
  • GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - pnpm)
  • GitHub Check: 🧪 Unit Tests (run 11)
  • GitHub Check: 🧪 Unit Tests (run 10)
  • GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - npm)
  • GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - pnpm)
  • GitHub Check: 🧪 Unit Tests (run 9)
  • GitHub Check: 🧪 Unit Tests (run 8)
  • GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - npm)
  • GitHub Check: 🧪 Unit Tests (run 7)
  • GitHub Check: units / 🧪 Unit Tests
  • GitHub Check: typecheck / typecheck
  • GitHub Check: 🧪 Unit Tests (run 6)
  • GitHub Check: 🧪 Unit Tests (run 5)
  • GitHub Check: Analyze (javascript-typescript)
  • GitHub Check: 🧪 Unit Tests (run 4)
  • GitHub Check: 🧪 Unit Tests (run 3)
  • GitHub Check: 🧪 Unit Tests (run 2)
  • GitHub Check: 🧪 Unit Tests (run 1)
🔇 Additional comments (5)
.github/workflows/unit-tests.yml (1)

11-27: Docker configuration enhances testing reliability

Adding this Docker address pool configuration is a good way to prevent network address conflicts when running containers during tests. This approach helps ensure consistent test environments and reduces potential flaky tests due to networking issues.

Consider adding a brief comment explaining why this configuration is necessary for better context for future developers.

internal-packages/testcontainers/src/index.ts (4)

34-71: Great improvement to resource cleanup logging and error handling

The new logCleanup function is an excellent addition that addresses several important aspects of container cleanup:

  1. Structured JSON logging provides consistent format for analyzing cleanup patterns
  2. Tracking cleanup order and parallelism helps understand resource disposal sequence
  3. Error handling ensures cleanup failures are logged but don't interrupt the process
  4. Timing information helps identify slow cleanups that might need optimization

The implementation is thorough and well-documented.

79-79: Improved network cleanup with centralized error handling

The network cleanup now uses the logCleanup function, which provides consistent error handling and logging. This is an improvement over the previous implementation.

93-93: Increased container stop timeout improves cleanup reliability

Increasing the container stop timeout from 10 to 30 seconds is a good change that gives containers more time to shut down gracefully. This helps prevent potential issues with lingering containers and improves test stability.

Also applies to: 134-134, 186-186

115-115: Enhanced Prisma client cleanup

Using logCleanup for Prisma client disconnection provides consistent error handling and logging, aligning with the overall cleanup strategy improvements in this PR.

coderabbitai[bot]
coderabbitai bot reviewed May 3, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (1)
.github/workflows/testcontainers.yml (1)

3-7: ⚠️ Potential issue

Add explicit permissions to restrict GITHUB_TOKEN

The workflow doesn't specify permissions for the GITHUB_TOKEN, which is a security best practice to limit permissions to only what's needed.

Add a permissions block to restrict token access:

on:
  workflow_call:
  workflow_dispatch:
  push:

+permissions:
+  contents: read

jobs:
🧹 Nitpick comments (3)
.github/workflows/testcontainers.yml (2)

64-72: Consider using environment secrets for database credentials

While hardcoded credentials are acceptable for local test databases, consider using GitHub secrets for consistency with your other secrets.

Also, remove the trailing space at line 72.

  - name: 🧪 Run Webapp Unit Tests
    run: pnpm run test:webapp
    env:
      DATABASE_URL: postgresql://postgres:postgres@localhost:5432/postgres
      DIRECT_URL: postgresql://postgres:postgres@localhost:5432/postgres
      SESSION_SECRET: "secret"
      MAGIC_LINK_SECRET: "secret"
      ENCRYPTION_KEY: "secret"
-     
+
🧰 Tools
🪛 Checkov (3.2.334)

[MEDIUM] 67-68: Basic Auth Credentials

(CKV_SECRET_4)

🪛 YAMLlint (1.35.1)

[error] 72-72: trailing spaces

(trailing-spaces)

73-75: Remove trailing space

Remove the trailing space at line 75.

  - name: 🧪 Run Package Unit Tests
    run: pnpm run test:packages
-   
+
🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 75-75: trailing spaces

(trailing-spaces)

internal-packages/testcontainers/src/index.ts (1)

221-221: Fix the empty object pattern in function parameter

There's an empty object pattern in the network function parameter that should be properly typed.

-const network = async ({}, use: Use<StartedNetwork>) => {
+const network = async ({}: Record<string, never>, use: Use<StartedNetwork>) => {
🧰 Tools
🪛 Biome (1.9.4)

[error] 221-221: Unexpected empty object pattern.

(lint/correctness/noEmptyPattern)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5595852 and 9a53fed.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (17)
  • .github/workflows/testcontainers.yml (1 hunks)
  • .github/workflows/unit-tests.yml (1 hunks)
  • internal-packages/run-engine/src/engine/tests/attemptFailures.test.ts (6 hunks)
  • internal-packages/run-engine/src/engine/tests/batchTrigger.test.ts (1 hunks)
  • internal-packages/run-engine/src/engine/tests/batchTriggerAndWait.test.ts (2 hunks)
  • internal-packages/run-engine/src/engine/tests/cancelling.test.ts (2 hunks)
  • internal-packages/run-engine/src/engine/tests/checkpoints.test.ts (1 hunks)
  • internal-packages/run-engine/src/engine/tests/delays.test.ts (4 hunks)
  • internal-packages/run-engine/src/engine/tests/dequeuing.test.ts (2 hunks)
  • internal-packages/run-engine/src/engine/tests/pendingVersion.test.ts (2 hunks)
  • internal-packages/run-engine/src/engine/tests/priority.test.ts (2 hunks)
  • internal-packages/run-engine/src/engine/tests/trigger.test.ts (2 hunks)
  • internal-packages/run-engine/src/engine/tests/triggerAndWait.test.ts (2 hunks)
  • internal-packages/run-engine/src/engine/tests/ttl.test.ts (1 hunks)
  • internal-packages/run-engine/src/engine/tests/waitpoints.test.ts (8 hunks)
  • internal-packages/testcontainers/package.json (1 hunks)
  • internal-packages/testcontainers/src/index.ts (6 hunks)
✅ Files skipped from review due to trivial changes (1)
  • internal-packages/run-engine/src/engine/tests/attemptFailures.test.ts
🚧 Files skipped from review as they are similar to previous changes (2)
  • internal-packages/testcontainers/package.json
  • .github/workflows/unit-tests.yml
🧰 Additional context used
🧬 Code Graph Analysis (3)
internal-packages/run-engine/src/engine/tests/batchTrigger.test.ts (1)
apps/webapp/app/v3/runEngine.server.ts (1)
  • engine (9-9)
internal-packages/run-engine/src/engine/tests/batchTriggerAndWait.test.ts (1)
apps/webapp/app/v3/runEngine.server.ts (1)
  • engine (9-9)
internal-packages/run-engine/src/engine/tests/checkpoints.test.ts (1)
apps/webapp/app/v3/runEngine.server.ts (1)
  • engine (9-9)
🪛 Biome (1.9.4)
internal-packages/testcontainers/src/index.ts

[error] 221-221: Unexpected empty object pattern.

(lint/correctness/noEmptyPattern)

🪛 Checkov (3.2.334)
.github/workflows/testcontainers.yml

[MEDIUM] 67-68: Basic Auth Credentials

(CKV_SECRET_4)

🪛 YAMLlint (1.35.1)
.github/workflows/testcontainers.yml

[error] 72-72: trailing spaces

(trailing-spaces)

[error] 75-75: trailing spaces

(trailing-spaces)

🪛 GitHub Check: CodeQL
.github/workflows/testcontainers.yml

[warning] 10-77: Workflow does not contain permissions
Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {{contents: read}}

⏰ Context from checks skipped due to timeout of 90000ms (13)
  • GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - pnpm)
  • GitHub Check: units / 🧪 Unit Tests
  • GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - npm)
  • GitHub Check: 🧪 Unit Tests (run 10)
  • GitHub Check: 🧪 Unit Tests (run 9)
  • GitHub Check: 🧪 Unit Tests (run 8)
  • GitHub Check: 🧪 Unit Tests (run 7)
  • GitHub Check: 🧪 Unit Tests (run 6)
  • GitHub Check: 🧪 Unit Tests (run 5)
  • GitHub Check: 🧪 Unit Tests (run 4)
  • GitHub Check: 🧪 Unit Tests (run 3)
  • GitHub Check: 🧪 Unit Tests (run 2)
  • GitHub Check: 🧪 Unit Tests (run 1)
🔇 Additional comments (26)
internal-packages/run-engine/src/engine/tests/ttl.test.ts (1)

105-105: Added await to ensure proper asynchronous cleanup

The change properly awaits the asynchronous engine.quit() call, ensuring that the engine's resources are fully cleaned up before the test completes. This prevents potential resource leaks and ensures consistent test behavior.

internal-packages/run-engine/src/engine/tests/batchTrigger.test.ts (1)

180-180: Added await to ensure proper asynchronous cleanup

The change properly awaits the asynchronous engine.quit() call, ensuring that the engine's resources are fully cleaned up before the test completes. This prevents potential resource leaks and ensures consistent test behavior.

internal-packages/run-engine/src/engine/tests/cancelling.test.ts (2)

223-223: Added await to ensure proper asynchronous cleanup

The change properly awaits the asynchronous engine.quit() call, ensuring that the engine's resources are fully cleaned up before the test completes. This prevents potential resource leaks and ensures consistent test behavior.

324-324: Added await to ensure proper asynchronous cleanup

The change properly awaits the asynchronous engine.quit() call, ensuring that the engine's resources are fully cleaned up before the test completes. This prevents potential resource leaks and ensures consistent test behavior.

internal-packages/run-engine/src/engine/tests/batchTriggerAndWait.test.ts (2)

355-355: Added await to ensure proper asynchronous cleanup

The change properly awaits the asynchronous engine.quit() call, ensuring that the engine's resources are fully cleaned up before the test completes. This prevents potential resource leaks and ensures consistent test behavior.

573-573: Added await to ensure proper asynchronous cleanup

The change properly awaits the asynchronous engine.quit() call, ensuring that the engine's resources are fully cleaned up before the test completes. This prevents potential resource leaks and ensures consistent test behavior.

internal-packages/run-engine/src/engine/tests/delays.test.ts (1)

89-89: Great improvement to properly await engine.quit() calls

Adding await to these asynchronous cleanup calls ensures that the engine shutdown process completes before the test finishes. This prevents potential resource leaks and improves test reliability by ensuring proper cleanup between tests.

Also applies to: 186-186, 290-290, 401-401

internal-packages/run-engine/src/engine/tests/pendingVersion.test.ts (1)

161-161: Correctly awaiting asynchronous cleanup

Adding await to these engine.quit() calls ensures proper cleanup after complex tests involving multiple runs, queues, and database state transitions. This change prevents potential resource leaks and test interference.

Also applies to: 322-322

internal-packages/run-engine/src/engine/tests/checkpoints.test.ts (1)

1378-1378: Completed async cleanup pattern

Adding await here completes the pattern of properly awaiting asynchronous cleanup calls in this file. This ensures that all resources created during this checkpoint test are properly cleaned up before the test terminates.

internal-packages/run-engine/src/engine/tests/triggerAndWait.test.ts (1)

192-192: Properly awaiting asynchronous cleanup in parent-child run tests

Adding await to these cleanup calls ensures that all resources created during complex parent-child run tests are fully cleaned up before test completion. This is particularly important when testing coordinated runs with waitpoints, as incomplete cleanup could leave dangling resources or state.

Also applies to: 448-448

internal-packages/run-engine/src/engine/tests/priority.test.ts (2)

106-106: Properly await the asynchronous engine.quit() call

The addition of await before engine.quit() ensures proper asynchronous cleanup of resources before the test case finishes. This prevents potential resource leaks and race conditions that could lead to flaky tests.

200-200: Properly await the asynchronous engine.quit() call

The addition of await before engine.quit() ensures proper asynchronous cleanup of resources before the test case finishes. This is consistent with the fix in the previous test case in this file.

internal-packages/run-engine/src/engine/tests/dequeuing.test.ts (2)

80-80: Properly await the asynchronous engine.quit() call

Adding await before engine.quit() ensures proper asynchronous cleanup of resources before the test case finishes. This prevents potential resource leaks and test pollution that could affect subsequent tests.

172-172: Properly await the asynchronous engine.quit() call

Adding await before engine.quit() ensures proper asynchronous cleanup of resources before the test case finishes. This is consistent with the fix in the previous test case in this file.

internal-packages/run-engine/src/engine/tests/waitpoints.test.ts (1)

124-124: Properly await all asynchronous engine.quit() calls across multiple test cases

All instances of engine.quit() have been updated to await engine.quit() across the test cases in this file. This ensures proper asynchronous cleanup of resources before each test case finishes, preventing resource leaks and potential test interference.

This change is particularly important in tests with waitpoints and complex concurrency patterns, as proper cleanup prevents race conditions and zombie processes that could affect test reliability.

Also applies to: 264-264, 403-403, 519-519, 667-667, 817-817, 969-969, 1129-1129

internal-packages/run-engine/src/engine/tests/trigger.test.ts (3)

201-201: Properly await the asynchronous engine.quit() call

Adding await before engine.quit() ensures proper asynchronous cleanup of resources before the test case finishes. This is important for the successful run test case to cleanly release all resources.

328-328: Properly await the asynchronous engine.quit() call

Adding await before engine.quit() ensures proper asynchronous cleanup of resources before the test case finishes. This is consistent with the fix in the successful run test case and ensures proper cleanup even when tests end with failures.

1-331: Great job improving resource cleanup across tests

These changes collectively address a systematic issue with resource cleanup in tests. By properly awaiting the asynchronous engine.quit() calls, you've improved test reliability and prevented potential resource leaks and race conditions that could lead to flaky tests.

This change aligns well with the broader improvements in the PR for standardizing and enhancing cleanup operations with the new logCleanup helper function mentioned in the PR summary.

.github/workflows/testcontainers.yml (3)

1-16: Good choice of parallelization strategy

The workflow setup with a matrix of 10 parallel runs and fail-fast disabled is a good approach for testcontainer tests. This allows isolation between test runs and helps identify flaky tests by running them multiple times in parallel.

17-34: Good Docker configuration to avoid network conflicts

Configuring Docker's default address pools is an excellent practice for container-heavy CI workflows. This prevents IP address conflicts when running multiple containers in parallel across the test matrix.

I see you've configured:

  • A 172.17.0.0/12 pool with size 20
  • A 192.168.0.0/16 pool with size 24

This should provide sufficient IP space for your containerized tests.

51-57: Nice usage of DockerHub authentication

Using DockerHub authentication is a good practice to avoid rate limits when pulling images, especially in CI environments with multiple parallel runs.

internal-packages/testcontainers/src/index.ts (5)

8-9: Good additions for better diagnostics and CI detection

Adding tinyexec for shell command execution and std-env for CI environment detection are good choices for the enhanced logging system.

36-37: Well-designed global state for tracking cleanup operations

These global counters are a good approach for tracking cleanup sequence and concurrency:

  • cleanupOrder maintains the sequence of resource cleanups
  • activeCleanups tracks concurrent cleanup operations

This will be valuable for diagnosing resource cleanup issues.

39-91: Excellent implementation of structured cleanup logging

The logCleanup function is a well-implemented enhancement:

  1. It standardizes cleanup logging across different resource types
  2. It tracks important diagnostics: timing, errors, order, and concurrency
  3. It conditionally collects Docker diagnostics when cleanup takes too long or fails
  4. It only logs in CI environments to avoid overhead in local development
  5. It uses structured JSON logging for easy parsing and analysis

This will significantly improve debugging of container cleanup issues.

93-219: Comprehensive Docker diagnostics implementation

The Docker diagnostic functions provide valuable insights for debugging container-related issues:

  1. They collect information about Docker networks, containers, and their relationships
  2. They have proper error handling to prevent diagnostics from throwing errors
  3. They return well-structured data
  4. They're only triggered when there's a problem, minimizing overhead

These diagnostics will be especially helpful when troubleshooting network or container cleanup issues.

227-227: Good standardization of resource cleanup with increased timeouts

All cleanup operations now use the logCleanup helper with consistent 30-second timeouts for containers. This is a significant improvement:

  1. The increased timeout (from 10 to 30 seconds) gives containers more time to shut down gracefully
  2. Standardizing cleanup through logCleanup ensures consistent error handling and diagnostics
  3. The diagnostic data will help identify resource cleanup issues

This change addresses likely cleanup races that can occur in parallel test environments.

Also applies to: 241-241, 263-263, 282-282, 334-334

coderabbitai[bot]
coderabbitai bot reviewed May 4, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
internal-packages/testcontainers/src/index.ts (2)

73-79: Consider adding a configurable threshold for Docker diagnostics

The function triggers Docker diagnostics if cleanup takes longer than 5 seconds. Consider making this threshold configurable via an environment variable to adjust sensitivity based on the testing environment.

- if (error || durationMs > 5000 || env.DOCKER_DIAGNOSTICS) {
+ const diagnosticsThresholdMs = Number(env.DOCKER_DIAGNOSTICS_THRESHOLD_MS) || 5000;
+ if (error || durationMs > diagnosticsThresholdMs || env.DOCKER_DIAGNOSTICS) {

133-176: Consider implementing rate limiting for Docker commands in parallel test environments

When many tests run in parallel, each calling Docker diagnostic commands, there's potential for performance issues or rate limiting from the Docker daemon. Consider implementing a simple rate limiting mechanism or caching for Docker diagnostics.

// Add this somewhere at the top of the file
let lastDockerDiagnosticsTime = 0;
let cachedDiagnostics: DockerDiagnostics | null = null;
const DOCKER_DIAGNOSTICS_CACHE_MS = 1000; // 1 second cache

// Modify getDockerDiagnostics to use caching
async function getDockerDiagnostics(): Promise<DockerDiagnostics> {
  const now = Date.now();
  
  // Return cached diagnostics if recent enough
  if (cachedDiagnostics && now - lastDockerDiagnosticsTime < DOCKER_DIAGNOSTICS_CACHE_MS) {
    return cachedDiagnostics;
  }
  
  const [containers, networks, networkAttachments, containerNetworks] = await Promise.all([
    getDockerContainers(),
    getDockerNetworks(),
    getDockerNetworkAttachments(),
    getDockerContainerNetworks(),
  ]);

  cachedDiagnostics = {
    containers,
    networks,
    containerNetworks,
    networkAttachments,
  };
  
  lastDockerDiagnosticsTime = now;
  return cachedDiagnostics;
}

Also applies to: 182-223

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9a53fed and c66a302.

📒 Files selected for processing (2)
  • internal-packages/testcontainers/src/index.ts (4 hunks)
  • internal-packages/testcontainers/src/utils.ts (1 hunks)
🧰 Additional context used
🧬 Code Graph Analysis (1)
internal-packages/testcontainers/src/index.ts (2)
apps/webapp/app/env.server.ts (1)
  • env (727-727)
internal-packages/testcontainers/src/utils.ts (3)
  • createPostgresContainer (9-42)
  • createRedisContainer (44-75)
  • createElectricContainer (107-129)
⏰ Context from checks skipped due to timeout of 90000ms (17)
  • GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - pnpm)
  • GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - npm)
  • GitHub Check: 🧪 Unit Tests (run 10)
  • GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - pnpm)
  • GitHub Check: 🧪 Unit Tests (run 9)
  • GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - npm)
  • GitHub Check: typecheck / typecheck
  • GitHub Check: 🧪 Unit Tests (run 8)
  • GitHub Check: units / 🧪 Unit Tests
  • GitHub Check: 🧪 Unit Tests (run 7)
  • GitHub Check: 🧪 Unit Tests (run 6)
  • GitHub Check: 🧪 Unit Tests (run 5)
  • GitHub Check: 🧪 Unit Tests (run 4)
  • GitHub Check: 🧪 Unit Tests (run 3)
  • GitHub Check: Analyze (javascript-typescript)
  • GitHub Check: 🧪 Unit Tests (run 2)
  • GitHub Check: 🧪 Unit Tests (run 1)
🔇 Additional comments (13)
internal-packages/testcontainers/src/utils.ts (2)

90-94: Good enhancement to container metadata collection

Adding structured container metadata collection improves observability for Redis connection issues. The metadata includes essential container details like ID, name, and network names, which will make debugging easier.

97-97: Improved error handling for Redis connection issues

Previously, errors were silently caught by the event handler without logging. Now, both the error and container metadata are logged, which will provide better visibility into Redis connection failures during tests.

internal-packages/testcontainers/src/index.ts (11)

6-9: Appropriate imports for new functionality

Added imports support the new logging and diagnostics functionality. Using std-env for environment detection is a good practice for conditional logging.

36-37: Well-designed counter implementation for tracking cleanup and setup operations

The global counters cleanupOrder, activeCleanups, and setupOrder enable tracking of the sequence and concurrency of cleanup and setup operations. This is essential for diagnosing issues in parallel test execution environments.

Also applies to: 330-331

39-97: Excellent implementation of centralized cleanup logging

The logCleanup function provides a standardized way to handle resource cleanup with detailed logging. It captures important metrics:

  1. Timing information (start, end, duration)
  2. Cleanup order and parallelism tracking
  3. Error handling and reporting
  4. Conditional Docker diagnostics based on failure or slow cleanup

The CI-only logging ensures logs don't clutter local development environments.

99-105: Simple and effective string parsing utilities

These utility functions have clear purposes and implementations for parsing Docker command output.

107-246: Comprehensive Docker diagnostics implementation

The Docker diagnostic functions provide detailed information about Docker resources, which is essential for debugging container issues. The functions handle errors gracefully and always return some information, even when parts of the diagnostics gathering fail.

The Docker command format strings are well-constructed to extract relevant information.

248-272: Proper integration of task context and cleanup logging for network resources

The network fixture now receives test context information and implements the new logging pattern. The network stop is properly wrapped with logCleanup to ensure consistent error handling and logging.

274-302: Good enhancement to postgres container management

The postgres container fixture now includes detailed logging and uses a 30-second timeout for container stop operations, which is more reliable than the default timeout. The metadata collection is comprehensive and useful for debugging.

332-348: Well-implemented setup logging function

The logSetup function complements logCleanup by providing similar structured logging for resource setup operations. The CI-only logging avoids noise in local environments.

301-301: Appropriate increase in container stop timeout

Increasing the container stop timeout from the default 10 seconds to 30 seconds is a good practice. This allows more time for containers to properly shut down, reducing the likelihood of cleanup errors, especially in CI environments where resources might be constrained.

Also applies to: 382-382, 451-451

350-383: Consistent pattern applied to Redis container management

The Redis container fixture follows the same pattern as other resources, with detailed logging and proper cleanup timeout. This consistency makes the code more maintainable.

421-452: Proper enhancement to Electric container management

The Electric container fixture now includes TaskContext, detailed logging, and proper cleanup timeout, consistent with other container resources.

coderabbitai[bot]
coderabbitai bot reviewed May 5, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (1)
.github/workflows/testcontainers.yml (1)

8-16: ⚠️ Potential issue

Add permissions block to the workflow

The workflow doesn't specify permissions for the GITHUB_TOKEN, which could be a security concern. GitHub's principle of least privilege suggests limiting permissions to only what's needed.

Add a permissions block at the workflow level:

name: "🐳 Testcontainers"

on:
  workflow_call:
  workflow_dispatch:
  push:

+permissions:
+  contents: read

jobs:
  unitTests:
    name: "🧪 Unit Tests (run ${{ matrix.run }})"
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        run: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
🧹 Nitpick comments (4)
.github/workflows/testcontainers.yml (4)

17-22: Consider explaining why IPv6 is disabled

The workflow disables IPv6, but it's not clear why this is necessary. Adding a comment explaining the reason would improve maintainability.

      - name: 🔧 Disable IPv6
+       # Disabling IPv6 to prevent potential networking issues with Docker containers
        run: |
          sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
          sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1
          sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=1

80-80: Remove trailing whitespace

There's trailing whitespace at the end of this line.

-          ENCRYPTION_KEY: "secret"
-      
+          ENCRYPTION_KEY: "secret"
🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 80-80: trailing spaces

(trailing-spaces)

83-83: Remove trailing whitespace

There's trailing whitespace at the end of this line.

-        run: pnpm run test:packages
-      
+        run: pnpm run test:packages
🧰 Tools
🪛 YAMLlint (1.35.1)

[error] 83-83: trailing spaces

(trailing-spaces)

72-85: Consider adding timeout for test runs

The test steps don't have timeout limits specified. Consider adding timeouts to prevent jobs from running indefinitely if something gets stuck, especially with container-based tests.

      - name: 🧪 Run Webapp Unit Tests
+       timeout-minutes: 15
        run: pnpm run test:webapp
        env:
          DATABASE_URL: postgresql://postgres:postgres@localhost:5432/postgres
          DIRECT_URL: postgresql://postgres:postgres@localhost:5432/postgres
          SESSION_SECRET: "secret"
          MAGIC_LINK_SECRET: "secret"
          ENCRYPTION_KEY: "secret"
      
      - name: 🧪 Run Package Unit Tests
+       timeout-minutes: 15
        run: pnpm run test:packages
      
      - name: 🧪 Run Internal Unit Tests
+       timeout-minutes: 15
        run: pnpm run test:internal
🧰 Tools
🪛 Checkov (3.2.334)

[MEDIUM] 75-76: Basic Auth Credentials

(CKV_SECRET_4)

🪛 YAMLlint (1.35.1)

[error] 80-80: trailing spaces

(trailing-spaces)

[error] 83-83: trailing spaces

(trailing-spaces)

🪛 GitHub Check: CodeQL

[warning] 10-85: Workflow does not contain permissions
Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {{contents: read}}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c66a302 and f5672ab.

📒 Files selected for processing (2)
  • .github/workflows/testcontainers.yml (1 hunks)
  • internal-packages/testcontainers/src/utils.ts (3 hunks)
🧰 Additional context used
🪛 Checkov (3.2.334)
.github/workflows/testcontainers.yml

[MEDIUM] 75-76: Basic Auth Credentials

(CKV_SECRET_4)

🪛 YAMLlint (1.35.1)
.github/workflows/testcontainers.yml

[error] 80-80: trailing spaces

(trailing-spaces)

[error] 83-83: trailing spaces

(trailing-spaces)

🪛 GitHub Check: CodeQL
.github/workflows/testcontainers.yml

[warning] 10-85: Workflow does not contain permissions
Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {{contents: read}}

⏰ Context from checks skipped due to timeout of 90000ms (11)
  • GitHub Check: units / 🧪 Unit Tests
  • GitHub Check: 🧪 Unit Tests (run 10)
  • GitHub Check: 🧪 Unit Tests (run 9)
  • GitHub Check: 🧪 Unit Tests (run 8)
  • GitHub Check: 🧪 Unit Tests (run 7)
  • GitHub Check: 🧪 Unit Tests (run 6)
  • GitHub Check: 🧪 Unit Tests (run 5)
  • GitHub Check: 🧪 Unit Tests (run 4)
  • GitHub Check: 🧪 Unit Tests (run 3)
  • GitHub Check: 🧪 Unit Tests (run 2)
  • GitHub Check: 🧪 Unit Tests (run 1)
🔇 Additional comments (6)
internal-packages/testcontainers/src/utils.ts (4)

72-77: Improved error handling for Redis connection verification

The new implementation properly handles errors from verifyRedisConnection using tryCatch, ensuring that containers are cleaned up with an appropriate timeout when verification fails. This is a good improvement to the resource management.

97-101: Good addition of container metadata for debugging

Collecting container metadata (ID, name, network names) provides valuable context for troubleshooting Redis connection issues. This will help diagnose problems when containers fail to start properly.

103-109: Improved error handling with conditional logging

The error handler now includes debug-mode logging with container metadata, which will be extremely helpful for troubleshooting. The comment explaining that you're not throwing immediately is also helpful for understanding the control flow.

113-119: Better error propagation for ping failures

Good improvement to the error handling by providing additional context when Redis ping fails. The conditional debug logging with container metadata will significantly help with diagnostics.

.github/workflows/testcontainers.yml (2)

23-41: Good Docker configuration for preventing network conflicts

The Docker address pool configuration is a good practice to prevent network conflicts when running multiple containers in parallel. This aligns well with the matrix strategy for test parallelization.

59-64: Secure handling of DockerHub credentials

Good use of GitHub secrets for DockerHub authentication to avoid rate limits. This is a security best practice.

@nicktrn nicktrn requested a review from matt-aitken May 5, 2025 21:51
@nicktrn nicktrn merged commit 053389d into main May 6, 2025
12 checks passed
@nicktrn nicktrn deleted the fix/testcontainers branch May 6, 2025 07:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@matt-aitken matt-aitken Awaiting requested review from matt-aitken

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nicktrn @matt-aitken