feat: testing GHCR workflow, VPS compose, bootstrap_testing_server co…

[tystar86]

…mmand

Add PR/manual workflow pushing only testing-* image tags so test VPS pulls stay separate from production :latest/:sha-*.

• docker-compose.yml and docker-compose.testing.yml use BLOGIT_TESTING_IMAGE_TAG
• Document testing vs production image vars in .env.example and test-server plan
• bootstrap_testing_server management command + bootstrap-testing-server.sh
• Note in release-production not to add testing tags there

Summary by CodeRabbit

Release Notes

• New Features

  • Added automated testing server deployment workflow with integrated database initialization and fixture loading capability.

• Chores

  • Improved testing environment configuration and separation from production deployment.
  • Enhanced test server deployment documentation with clearer setup instructions.
  • Extended test coverage for server bootstrapping functionality.

[coderabbitai]

Warning

Rate limit exceeded

@tystar86 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 48 minutes and 2 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: febe1113-2cf8-4baf-9418-7809b68f0dc4

📥 Commits

Reviewing files that changed from the base of the PR and between 016bf91 and 1cb58be.

📒 Files selected for processing (5)

• .env.example
• blog/management/commands/bootstrap_testing_server.py
• config/settings.py
• docs/deployment/test-server-deployment-plan.md
• tests/unit/test_bootstrap_testing_site_command.py

📝 Walkthrough

Walkthrough

This PR establishes a complete testing deployment infrastructure. It adds a GitHub Actions workflow to build and push ephemeral Docker images for PRs, a Django bootstrap command to initialize test databases, a bash deployment script, configuration files, comprehensive documentation, and unit tests. The testing images are strictly separated from production via distinct tags and compose files.

Changes

Testing Deployment Infrastructure

Layer / File(s)	Summary
Configuration & Environment .env.example, docker-compose.testing.yml, docs/deployment/test-server-deployment-plan.md	Added testing-specific environment configuration and Docker Compose stack definition. Testing images are pulled from GHCR using BLOGIT_TESTING_IMAGE_TAG (not production tags); backend waits on PostgreSQL health; both services join an external edge network. Documentation clarifies the testing vs production separation and compose file/tag usage.
Bootstrap Command blog/management/commands/bootstrap_testing_server.py	New Django management command to initialize test databases. Loads initial_data.json fixture when no posts exist; with --force, flushes all tables. Both paths atomically ensure a fixed testing superuser with expected credentials and ADMIN role.
Build & Push Workflow .github/workflows/build-testing-images.yml	New GitHub Actions workflow triggered on PR events and manual dispatch. Runs backend (Python 3.14 + pytest) and frontend (Node.js 22 + npm test) test suites after gating. Computes PR-specific or manual-dispatch tags, multi-arch builds backend (Dockerfile.backend) and frontend (frontend/Dockerfile.frontend.production) images, pushes to GHCR with BuildKit caching, and posts testing tags to PR comments.
Production Workflow Clarification .github/workflows/release-production.yml	Added comment in backend image build step clarifying that testing-* tags are not added here; disposable images are handled by the dedicated testing workflow.
Deployment Script scripts/bootstrap-testing-server.sh	New Bash entrypoint that validates the required BLOGIT_TESTING_IMAGE_TAG argument, exports it, pulls/upsizes the testing compose stack, runs database migrations, then invokes the bootstrap command inside the backend container.
Tests & Documentation tests/unit/test_bootstrap_testing_site_command.py, README.md	Unit tests verify bootstrap behavior: empty database loads fixture and creates superuser; existing posts skip fixture; --force wipes database; missing fixture raises CommandError; force on empty DB leaves only superuser. Project structure tree updated to include docker-compose.testing.yml.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related PRs

• tystar86/claude_rest_api#95: Modifies .github/workflows/release-production.yml to document the separation between testing images (handled by the new build-testing-images workflow) and production images.

Poem

🐰 A rabbit whispers through the workflows pale,
"Bootstrap magics make the test tales sail!"
PR images dance in GHCR's keep,
While postgres dreams in containers deep,
Testing VPS leaps with joy—
Fresh databases, oh what a ploy!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: adding a testing GHCR workflow, VPS Docker Compose configuration, and bootstrap_testing_server command for separating testing images from production.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/vps-testing-bootstrap-ghcr

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/build-testing-images.yml:
- Around line 17-20: The workflow currently sets workflow-level permissions
including "packages: write"; change the global permissions block to only grant
"contents: read" (remove or set "packages: read/none") and add a job-level
permissions block for the build-and-push job that includes "packages: write".
Specifically, update the top-level permissions mapping (the "permissions:"
block) to remove "packages: write" and then add a "permissions:" subsection
under the "build-and-push" job (or its job definition) granting "packages:
write" so only that job can publish packages; apply the same change for the
repeated permissions blocks referenced around lines 57-113.

In `@blog/management/commands/bootstrap_testing_server.py`:
- Around line 67-69: The code currently raises SystemExit when FIXTURE_PATH is
missing; replace that with raising Django's CommandError so the management
framework can catch and handle it. Specifically, in the block that calls
self.stderr.write(f"Fixture missing: {FIXTURE_PATH}") change the subsequent
raise SystemExit(1) to raise CommandError with a descriptive message (e.g.,
including FIXTURE_PATH) so call_command("bootstrap_testing_server") and tests
receive a clean CommandError; CommandError is already imported so no additional
imports are needed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: fed020e0-7bb9-497c-a09b-c34ad1046384

📥 Commits

Reviewing files that changed from the base of the PR and between aff47f1 and f038be6.

📒 Files selected for processing (9)

• .env.example
• .github/workflows/build-testing-images.yml
• .github/workflows/release-production.yml
• blog/management/commands/bootstrap_testing_server.py
• docker-compose.testing.yml
• docker-compose.yml
• docs/deployment/test-server-deployment-plan.md
• scripts/bootstrap-testing-server.sh
• tests/unit/test_bootstrap_testing_site_command.py

[github-actions]

Testing image tag: testing-pr-98 · pinned: testing-pr-98-sha-8f2914321b2e

bash ./bootstrap-testing-server.sh testing-pr-98

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@blog/management/commands/bootstrap_testing_server.py`:
- Around line 25-27: Add a hard environment safety gate at the start of the
management command (e.g., in Command.handle) to prevent accidental runs: refuse
to proceed unless a trusted condition is met — for example settings.DEBUG is
True OR an explicit env var like BOOTSTRAP_TESTING_SERVER_ALLOW="1" is set OR a
required --force flag is passed; if the check fails, print a clear message and
exit without flushing DB or creating the test superuser. Apply this guard around
the code paths that call flush/recreate users and reference the TEST_USERNAME,
TEST_EMAIL, TEST_PASSWORD constants so the destructive sections are protected;
ensure the check is unconditional (hard gate) and documented in the command help
text.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 90ca9fc8-6da5-415c-a2ab-36ededfaffb9

📥 Commits

Reviewing files that changed from the base of the PR and between f038be6 and 016bf91.

📒 Files selected for processing (7)

• .env.example
• .github/workflows/build-testing-images.yml
• README.md
• blog/management/commands/bootstrap_testing_server.py
• docs/deployment/test-server-deployment-plan.md
• scripts/bootstrap-testing-server.sh
• tests/unit/test_bootstrap_testing_site_command.py

✅ Files skipped from review due to trivial changes (2)

• README.md
• .env.example

🚧 Files skipped from review as they are similar to previous changes (2)

• scripts/bootstrap-testing-server.sh
• .github/workflows/build-testing-images.yml