From 4a2fbe24a9109d9c0d6a3876d803caa984f2bbed Mon Sep 17 00:00:00 2001 From: Andreas Jansson Date: Wed, 4 Feb 2026 22:27:33 +0100 Subject: [PATCH 1/2] fix: save service token ID for reliable cleanup during e2e teardown Previously, the stop script tried to find service tokens by name which could fail if names didn't match exactly. Now we: 1. Save the service token ID (UUID) during start 2. Delete by ID during stop (deterministic and reliable) 3. Keep name-based fallback for backwards compatibility This prevents service token accumulation from failed/partial teardowns. --- test/e2e/fixture/server/start | 5 +++++ test/e2e/fixture/server/stop | 33 ++++++++++++++++++++++++++------- 2 files changed, 31 insertions(+), 7 deletions(-) diff --git a/test/e2e/fixture/server/start b/test/e2e/fixture/server/start index 1b0e5962..1b793167 100755 --- a/test/e2e/fixture/server/start +++ b/test/e2e/fixture/server/start @@ -87,6 +87,10 @@ log "Access AUD: $ACCESS_AUD" log "Service token client ID: $SERVICE_TOKEN_CLIENT_ID" log "R2 bucket: $R2_BUCKET" +# Parse service token ID (needed for cleanup) +SERVICE_TOKEN_ID=$(echo "$TERRAFORM_OUTPUT" | jq -r '.service_token_id.value') +log "Service token ID: $SERVICE_TOKEN_ID" + # Save outputs for other scripts echo "$TERRAFORM_OUTPUT" > "$CCTR_FIXTURE_DIR/terraform-output.json" echo "$WORKER_URL" > "$CCTR_FIXTURE_DIR/worker-url.txt" @@ -94,6 +98,7 @@ echo "$WORKER_NAME" > "$CCTR_FIXTURE_DIR/worker-name.txt" echo "$GATEWAY_TOKEN" > "$CCTR_FIXTURE_DIR/gateway-token.txt" echo "$SERVICE_TOKEN_CLIENT_ID" > "$CCTR_FIXTURE_DIR/cf-access-client-id.txt" echo "$SERVICE_TOKEN_CLIENT_SECRET" > "$CCTR_FIXTURE_DIR/cf-access-client-secret.txt" +echo "$SERVICE_TOKEN_ID" > "$CCTR_FIXTURE_DIR/service-token-id.txt" echo "$E2E_TEST_RUN_ID" > "$CCTR_FIXTURE_DIR/test-run-id.txt" echo "$R2_BUCKET" > "$CCTR_FIXTURE_DIR/r2-bucket-name.txt" echo "${WORKER_NAME}-sandbox" > "$CCTR_FIXTURE_DIR/container-name.txt" diff --git a/test/e2e/fixture/server/stop b/test/e2e/fixture/server/stop index 73cc2fe4..b5e1a0af 100755 --- a/test/e2e/fixture/server/stop +++ b/test/e2e/fixture/server/stop @@ -2,10 +2,12 @@ # Stop and clean up ALL cloud e2e infrastructure # # This script: -# 1. Deletes the deployed worker -# 2. Deletes the R2 bucket (may fail if not empty - requires manual cleanup) -# 3. Deletes the service token -# 4. Cleans up local state files +# 1. Deletes the Access application +# 2. Deletes the deployed worker +# 3. Deletes the container application +# 4. Deletes the R2 bucket (may fail if not empty - requires manual cleanup) +# 5. Deletes the service token (using saved ID for reliability) +# 6. Cleans up local state files set -e SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" @@ -40,6 +42,7 @@ WORKER_NAME=$(cat "$CCTR_FIXTURE_DIR/worker-name.txt" 2>/dev/null || echo "") R2_BUCKET=$(cat "$CCTR_FIXTURE_DIR/r2-bucket-name.txt" 2>/dev/null || echo "") TEST_RUN_ID=$(cat "$CCTR_FIXTURE_DIR/test-run-id.txt" 2>/dev/null || echo "") ACCESS_APP_ID=$(cat "$CCTR_FIXTURE_DIR/access-app-id.txt" 2>/dev/null || echo "") +SERVICE_TOKEN_ID=$(cat "$CCTR_FIXTURE_DIR/service-token-id.txt" 2>/dev/null || echo "") # Step 0: Delete the Access application first (so it stops protecting the worker) if [ -n "$ACCESS_APP_ID" ] && [ -n "$CLOUDFLARE_API_TOKEN" ] && [ -n "$CLOUDFLARE_ACCOUNT_ID" ]; then @@ -87,16 +90,31 @@ if [ -n "$R2_BUCKET" ]; then fi # Step 3: Delete service token via API +# First try using the saved service token ID (most reliable) +if [ -n "$SERVICE_TOKEN_ID" ] && [ -n "$CLOUDFLARE_API_TOKEN" ] && [ -n "$CLOUDFLARE_ACCOUNT_ID" ]; then + echo "Deleting service token by ID: $SERVICE_TOKEN_ID" >&2 + DELETE_RESULT=$(curl -s -X DELETE \ + "https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/access/service_tokens/$SERVICE_TOKEN_ID" \ + -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ + -H "Content-Type: application/json") + if echo "$DELETE_RESULT" | jq -e '.success == true' >/dev/null 2>&1; then + echo "Service token deleted" >&2 + else + echo "Warning: Failed to delete service token by ID, trying by name..." >&2 + fi +fi + +# Fallback: try to find and delete by name (for backwards compatibility) if [ -n "$TEST_RUN_ID" ] && [ -n "$CLOUDFLARE_API_TOKEN" ] && [ -n "$CLOUDFLARE_ACCOUNT_ID" ]; then - echo "Deleting service token: moltbot-e2e-$TEST_RUN_ID" >&2 - # Find and delete the service token + echo "Looking for service token by name: moltbot-e2e-$TEST_RUN_ID" >&2 TOKEN_ID=$(curl -s -X GET \ "https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/access/service_tokens" \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -H "Content-Type: application/json" | \ jq -r ".result[] | select(.name == \"moltbot-e2e-$TEST_RUN_ID\") | .id" 2>/dev/null || echo "") - if [ -n "$TOKEN_ID" ]; then + if [ -n "$TOKEN_ID" ] && [ "$TOKEN_ID" != "$SERVICE_TOKEN_ID" ]; then + echo "Found additional token by name, deleting: $TOKEN_ID" >&2 curl -s -X DELETE \ "https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/access/service_tokens/$TOKEN_ID" \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ @@ -113,6 +131,7 @@ rm -f "$CCTR_FIXTURE_DIR/worker-name.txt" rm -f "$CCTR_FIXTURE_DIR/gateway-token.txt" rm -f "$CCTR_FIXTURE_DIR/cf-access-client-id.txt" rm -f "$CCTR_FIXTURE_DIR/cf-access-client-secret.txt" +rm -f "$CCTR_FIXTURE_DIR/service-token-id.txt" rm -f "$CCTR_FIXTURE_DIR/test-run-id.txt" rm -f "$CCTR_FIXTURE_DIR/r2-bucket-name.txt" rm -f "$CCTR_FIXTURE_DIR/container-name.txt" From 8088e7325f0bef4af096e89c7afabe70ef7ba6cc Mon Sep 17 00:00:00 2001 From: Andreas Jansson Date: Thu, 5 Feb 2026 11:28:18 +0100 Subject: [PATCH 2/2] pin playwright-cli to 0.0.62 in CI 0.0.63 has issues --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6230f0b8..79ec4cf0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -74,7 +74,7 @@ jobs: run: npx playwright install --with-deps chromium - name: Install playwright-cli - run: npm install -g @playwright/cli + run: npm install -g @playwright/cli@0.0.62 - name: Install cctr uses: taiki-e/install-action@v2