The doc says:
After all tests pass, integration with online services must be verified manually with:
molecule create -s weblate
- edit the gandi zone to set ns1-test to the IP of the bind-host VM
- wait 1h for DNS propagation
ansible-playbook –private-key id_rsa –user debian -i openstack.py -e domain=test.securedrop.club securedrop-club-playbook.yml
- manually verify
weblate.test.securedrop.clubetc. integration with online services such as GitHub authentication
Actually DNS delays are not due to propagation times, which are quicks. They are due to time-to-leave, i.e. the updates of an existing record is not took into account everywhere at the same time.
Imho we could dramatically reduce human intervention by creating a new test subdomain at each preprod test run. It could be something like test-hash.securedrop.club.
If such a domain is new at each run (the hash should help), then propagation is immediate and the domain/zone is usable immediately from everywhere on internet.
Btw this suppose that the ansible master as the right to update the main DNS zone when ansible run, which might induce coupling between tests and prod. To get rid of this, we could create a static intermediate subdomain (delegated) test.securedrop.club, hosted on bind-host and set with kind updates permissions (e.g. rndc run locally by the debian user). Then the Ansible master could setup a hash.test.securedrop.club domain and play there.