Mastodon interoperability smoke tests (strict: HTTPS + signature verification) #616
Description
Summary
Add a strict-mode smoke test lane that validates Fedify's interoperability with Mastodon over HTTPS with HTTP signature verification enabled. This complements the non-strict lane (#615 / PR #598), which tests basic ActivityPub over HTTP with signature verification skipped.
Parent issue
Sub-issue of #481 (Interoperability smoke test suite).
Motivation
The non-strict smoke tests validate that ActivityPub messages are correctly formed and processed, but they skip TLS and signature verification. In real-world federation, every request is signed and verified over HTTPS. This lane ensures the full chain works: TLS termination, HTTP signature signing, signature verification, and WebFinger discovery over HTTPS.
Approach
- Standalone Docker Compose file with Caddy reverse proxies terminating TLS in front of both the Fedify harness and Mastodon
- Self-signed CA generated per CI run, trusted by all containers (
SSL_CERT_FILEfor Ruby/OpenSSL,DENO_CERTfor Deno) STRICT_MODEenv var toggles signature verification and URL scheme in the shared harness code- WebFinger-based account discovery in provisioning instead of DB pre-registration
- CI trigger: nightly schedule +
workflow_dispatch(not on every push)
Architecture
┌─────────────────┐
│ Caddy proxy │◄── "fedify-harness" alias (TLS :443)
│ (harness) │
└────────┬────────┘
│ reverse_proxy :3001
┌────────▼────────┐
│ fedify-harness │
│ -backend │
└─────────────────┘
┌─────────────────┐
│ Caddy proxy │◄── "mastodon" alias (TLS :443)
│ (mastodon) │
└────────┬────────┘
│ reverse_proxy :3000
┌────────▼────────┐
│ mastodon-web │
│ -backend │
└─────────────────┘
Acceptance criteria
- All 6 smoke test scenarios pass with signature verification enabled over HTTPS
- Self-signed CA is generated and trusted by all containers
- WebFinger discovery works over HTTPS during provisioning
- Non-strict lane is not affected (no regressions)
- CI workflow runs on nightly schedule and
workflow_dispatch