Merge pull request #112 from cbaugus/dev

fix: workers running past duration + POST /config race condition (closes #109, #110)

Author: cbaugus

.github/workflows/release.yaml

@@ -0,0 +1,191 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+env:
+  REGISTRY: docker.io
+  IMAGE_NAME: cbaugus/rust_loadtest
+
+jobs:
+  # ── 1. Lint ────────────────────────────────────────────────────────────────
+  lint:
+    name: Lint (rustfmt & clippy)
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          components: rustfmt, clippy
+
+      - name: Cache Rust dependencies
+        uses: Swatinem/rust-cache@v2
+        with:
+          shared-key: lint
+
+      - name: Check formatting
+        run: cargo fmt --all --check
+
+      - name: Run clippy
+        run: cargo clippy --all-targets --all-features -- -D warnings
+
+  # ── 2. Test ────────────────────────────────────────────────────────────────
+  test:
+    name: Test Suite
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Cache Rust dependencies
+        uses: Swatinem/rust-cache@v2
+        with:
+          shared-key: test
+
+      - name: Run unit tests
+        run: cargo test --lib --all-features --verbose -- --test-threads=1
+        timeout-minutes: 10
+
+      - name: Run integration tests
+        run: cargo test --test '*' --all-features --verbose -- --test-threads=1
+        timeout-minutes: 10
+
+  # ── 3. Build & publish Docker images ──────────────────────────────────────
+  build-and-release:
+    name: Build, Push & Release
+    runs-on: ubuntu-latest
+    needs: [lint, test]
+    timeout-minutes: 30
+    permissions:
+      contents: write   # needed to create GitHub releases
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # Strip the leading 'v' to get a bare semver (e.g. v1.5.3 → 1.5.3)
+      - name: Derive version strings
+        id: version
+        run: |
+          TAG="${{ github.ref_name }}"
+          SEMVER="${TAG#v}"
+          echo "tag=${TAG}"       >> $GITHUB_OUTPUT
+          echo "semver=${SEMVER}" >> $GITHUB_OUTPUT
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      # ── Standard image ──────────────────────────────────────────────────
+      - name: Build standard image (load for SBOM)
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64
+          tags: ${{ env.IMAGE_NAME }}:${{ steps.version.outputs.tag }}
+          push: false
+          load: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # ── Chainguard image ─────────────────────────────────────────────────
+      - name: Build Chainguard image (load for SBOM)
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile.chainguard
+          platforms: linux/amd64
+          tags: ${{ env.IMAGE_NAME }}:${{ steps.version.outputs.tag }}-Chainguard
+          push: false
+          load: true
+          cache-from: type=gha
+
+      # ── SBOMs ─────────────────────────────────────────────────────────────
+      - name: Install Syft
+        run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
+
+      - name: Generate SBOM — standard
+        run: |
+          syft "docker:${{ env.IMAGE_NAME }}:${{ steps.version.outputs.tag }}" \
+            -o cyclonedx-json > sbom-standard.cyclonedx.json
+
+      - name: Generate SBOM — Chainguard
+        run: |
+          syft "docker:${{ env.IMAGE_NAME }}:${{ steps.version.outputs.tag }}-Chainguard" \
+            -o cyclonedx-json > sbom-chainguard.cyclonedx.json
+
+      # ── Push standard: version tag + latest ───────────────────────────────
+      - name: Push standard image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64
+          tags: |
+            ${{ env.IMAGE_NAME }}:${{ steps.version.outputs.tag }}
+            ${{ env.IMAGE_NAME }}:latest
+          provenance: true
+          push: true
+          cache-from: type=gha
+
+      # ── Push Chainguard: version tag + latest-Chainguard ─────────────────
+      - name: Push Chainguard image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile.chainguard
+          platforms: linux/amd64
+          tags: |
+            ${{ env.IMAGE_NAME }}:${{ steps.version.outputs.tag }}-Chainguard
+            ${{ env.IMAGE_NAME }}:latest-Chainguard
+          provenance: true
+          push: true
+          cache-from: type=gha
+
+      # ── Update Docker Hub repository description ──────────────────────────
+      - name: Update Docker Hub description
+        uses: peter-evans/dockerhub-description@v4
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          repository: ${{ env.IMAGE_NAME }}
+          readme-filepath: ./DOCKER_HUB_OVERVIEW.md
+
+      # ── GitHub Release ────────────────────────────────────────────────────
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ steps.version.outputs.tag }}
+          name: ${{ steps.version.outputs.tag }}
+          generate_release_notes: true
+          files: |
+            sbom-standard.cyclonedx.json
+            sbom-chainguard.cyclonedx.json
+          body: |
+            ## Docker images
+
+            | Variant | Pull command |
+            |---------|-------------|
+            | Standard (Ubuntu) | `docker pull ${{ env.IMAGE_NAME }}:${{ steps.version.outputs.tag }}` |
+            | Chainguard (minimal) | `docker pull ${{ env.IMAGE_NAME }}:${{ steps.version.outputs.tag }}-Chainguard` |
+
+            `latest` and `latest-Chainguard` are also updated to this release.
+
+            ## SBOMs
+            CycloneDX SBOMs for both images are attached to this release.

src/client.rs

@@ -15,6 +15,8 @@ pub struct ClientConfig {
     pub client_key_path: Option<String>,
     pub custom_headers: Option<String>,
     pub pool_config: Option<PoolConfig>,
+    /// Enable per-request cookie jar (required for scenario session isolation).
+    pub cookie_store: bool,
 }
 
 /// Result of building the client, includes parsed headers for logging.
@@ -60,6 +62,11 @@ pub fn build_client(
         pool_config.max_idle_per_host, pool_config.idle_timeout
     );
 
+    // Cookie store for session isolation (scenario workers)
+    if config.cookie_store {
+        client_builder = client_builder.cookie_store(true);
+    }
+
     // Build client with TLS settings
     let client = if config.skip_tls_verify {
         println!("WARNING: Skipping TLS certificate verification.");

src/config.rs

@@ -719,6 +719,7 @@ impl Config {
             client_key_path: self.client_key_path.clone(),
             custom_headers: self.custom_headers.clone(),
             pool_config: Some(crate::connection_pool::PoolConfig::from_env()),
+            cookie_store: false,
         }
     }
 

src/main.rs

@@ -714,12 +714,8 @@ async fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
     // Startup standby config: fallback when a test YAML has no `standby:` block.
     // Nodes auto-revert to their startup state (typically TARGET_RPS=0) after a test ends.
     let startup_standby: Arc<StandbyRunConfig> = Arc::new(StandbyRunConfig {
-        workers: config.num_concurrent_tasks,
-        rps: if let LoadModel::Rps { target_rps } = &config.load_model {
-            *target_rps
-        } else {
-            0.0
-        },
+        workers: 2,
+        rps: 0.0,
         url: config.target_url.clone(),
         request_type: config.request_type.clone(),
         send_json: config.send_json,
@@ -1120,6 +1116,13 @@ async fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
                     "Config submitted via POST /config — draining worker pool"
                 );
 
+                // Bump generation first — invalidates any in-flight completion watcher
+                // so it exits at Check 2 rather than re-spawning standby workers on top
+                // of the workers we are about to start.
+                {
+                    let mut ts = test_state_for_watcher.lock().unwrap();
+                    ts.generation += 1;
+                }
                 // Signal graceful stop (workers exit after current request).
                 {
                     let state = pool_for_watcher.lock().await;
@@ -1182,12 +1185,10 @@ async fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
                                         tenant: new_tenant.clone().unwrap_or_default(),
                                         node_id: node_id_for_watcher.clone(),
                                         run_id: new_run_id.clone(),
+                                        skip_tls_verify: new_cfg.skip_tls_verify,
+                                        resolve_target_addr: new_cfg.resolve_target_addr.clone(),
                                     };
-                                    tokio::spawn(run_scenario_worker(
-                                        new_client.clone(),
-                                        sc,
-                                        new_start,
-                                    ))
+                                    tokio::spawn(run_scenario_worker(sc, new_start))
                                 })
                                 .collect()
                         }
@@ -1474,7 +1475,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
                         (None, None, None)
                     };
                     (
-                        remaining as i64,
+                        (remaining as i64).max(0),
                         ts.yaml.clone(),
                         ts.node_state.to_string(),
                         started_at,

src/worker.rs

@@ -20,6 +20,7 @@ fn should_sample(rate: u8) -> bool {
     counter % 100 < rate as u64
 }
 
+use crate::client::{build_client, ClientConfig};
 use crate::connection_pool::GLOBAL_POOL_STATS;
 use crate::errors::ErrorCategory;
 use crate::executor::{ScenarioExecutor, SessionStore};
@@ -142,6 +143,8 @@ pub async fn run_worker(client: reqwest::Client, config: WorkerConfig, start_tim
             // immediately next iteration (Concurrent) or we set a long pause (0 RPS).
             if current_target_rps == 0.0 {
                 next_fire = now + Duration::from_secs(3600);
+                // rps=0 means idle standby — skip request entirely and wait for the next cycle.
+                continue;
             }
             // For Concurrent (f64::MAX), next_fire stays in the past → fires immediately.
         }
@@ -373,6 +376,10 @@ pub struct ScenarioWorkerConfig {
     pub node_id: String,
     /// Run identifier (Issue #106). Unique per test dispatch.
     pub run_id: String,
+    /// Skip TLS certificate verification (propagated from global config).
+    pub skip_tls_verify: bool,
+    /// DNS override string in `hostname:ip:port` format (propagated from global config).
+    pub resolve_target_addr: Option<String>,
 }
 
 /// Runs a scenario-based worker task that executes multi-step scenarios according to the load model.
@@ -382,13 +389,10 @@ pub struct ScenarioWorkerConfig {
 ///
 /// # Cookie and Session Management
 ///
-/// For proper session isolation, each scenario execution gets its own cookie-enabled
-/// HTTP client. This ensures cookies from one virtual user don't leak to another.
-pub async fn run_scenario_worker(
-    _client: reqwest::Client, // Ignored - we create per-execution clients
-    config: ScenarioWorkerConfig,
-    start_time: Instant,
-) {
+/// Each scenario execution gets its own cookie-enabled HTTP client built from the
+/// worker config (DNS override, TLS settings). This ensures cookies from one virtual
+/// user don't leak to another while preserving global client settings.
+pub async fn run_scenario_worker(config: ScenarioWorkerConfig, start_time: Instant) {
     debug!(
         task_id = config.task_id,
         scenario = %config.scenario.name,
@@ -416,6 +420,23 @@ pub async fn run_scenario_worker(
     // subsequent iterations skip the HTTP request until the TTL expires.
     let mut session = SessionStore::new();
 
+    // Build the HTTP client once per worker with DNS override, TLS, and cookie store enabled.
+    // Building once avoids log flooding and expensive reconstruction on every loop iteration.
+    let worker_client = build_client(&ClientConfig {
+        skip_tls_verify: config.skip_tls_verify,
+        resolve_target_addr: config.resolve_target_addr.clone(),
+        client_cert_path: None,
+        client_key_path: None,
+        custom_headers: None,
+        pool_config: None,
+        cookie_store: true,
+    })
+    .map(|r| r.client)
+    .unwrap_or_else(|e| {
+        error!(error = %e, "Failed to build scenario worker client; falling back to default");
+        reqwest::Client::new()
+    });
+
     loop {
         time::sleep_until(next_fire).await;
 
@@ -444,20 +465,14 @@ pub async fn run_scenario_worker(
             next_fire += Duration::from_millis(cycle_ms);
         } else if current_target_sps == 0.0 {
             next_fire = now + Duration::from_secs(3600);
+            // rps=0 means idle standby — skip scenario execution entirely and wait for the next cycle.
+            continue;
         }
 
-        // Create new cookie-enabled client for this virtual user
-        // This ensures cookie isolation between scenario executions
-        let client = reqwest::Client::builder()
-            .cookie_store(true) // Enable automatic cookie management
-            .timeout(std::time::Duration::from_secs(30))
-            .build()
-            .unwrap_or_else(|_| reqwest::Client::new());
-
-        // Create executor with isolated client
+        // Create executor with the worker's configured client
         let executor = ScenarioExecutor::new(
             config.base_url.clone(),
-            client,
+            worker_client.clone(),
             config.node_id.clone(),
             config.run_id.clone(),
         );