ilia/punimtag
1
0
Fork 0
Code Issues 9 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

chore: Update CI workflow to use virtual environment directly and enhance summary output
Some checks failed
CI / skip-ci-check (pull_request) Successful in 1m29s
Details
CI / lint-and-type-check (pull_request) Successful in 2m7s
Details
CI / python-lint (pull_request) Successful in 1m55s
Details
CI / test-backend (pull_request) Successful in 3m9s
Details
CI / build (pull_request) Failing after 1m44s
Details
CI / secret-scanning (pull_request) Successful in 1m36s
Details
CI / dependency-scan (pull_request) Successful in 1m35s
Details
CI / sast-scan (pull_request) Successful in 2m48s
Details
CI / workflow-summary (pull_request) Successful in 1m27s
Details

Browse Source 
This commit modifies the CI workflow to utilize the virtual environment's pip and python directly, avoiding shell activation issues. Additionally, it enhances the CI workflow summary by providing a clearer overview of job results, including detailed descriptions of each job's purpose and how to interpret the backend test results. This improves the overall clarity and usability of the CI process.
This commit is contained in:
Tanya 2026-01-08 14:43:46 -05:00
parent 7dd95cbcd0
commit c6f27556ac
2 changed files with 88 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
.gitea/workflows/ci.yml
View File

@ -424,11 +424,9 @@ jobs:
# Create virtual environment
python3 -m venv /tmp/backend-venv
source /tmp/backend-venv/bin/activate
# Install core dependencies (skip heavy ML dependencies for faster build)
# This validates that requirements.txt structure is valid and core imports work
pip install --no-cache-dir fastapi uvicorn pydantic sqlalchemy psycopg2-binary redis rq python-jose python-multipart python-dotenv bcrypt
# Use venv's pip and python directly (avoids shell activation issues)
/tmp/backend-venv/bin/pip install --no-cache-dir fastapi uvicorn pydantic sqlalchemy psycopg2-binary redis rq python-jose python-multipart python-dotenv bcrypt
# Set environment variables for validation
export PYTHONPATH=$(pwd)
@ -440,7 +438,7 @@ jobs:
# Validate imports and app instantiation (without starting server or connecting to DB)
echo "🔍 Validating backend imports and structure..."
python3 << 'EOF'
/tmp/backend-venv/bin/python3 << 'EOF'
import sys
import os
sys.path.insert(0, '.')
@ -680,42 +678,90 @@ jobs:
steps:
- name: Generate workflow summary
run: |
SUMMARY_FILE="${GITHUB_STEP_SUMMARY:-/dev/stdout}"
# Ensure directory exists if using a file path (for act/local runners)
if [ "$SUMMARY_FILE" != "/dev/stdout" ] && [ "$SUMMARY_FILE" != "/dev/stderr" ]; then
mkdir -p "$(dirname "$SUMMARY_FILE")" || true
touch "$SUMMARY_FILE" || true
echo "═══════════════════════════════════════════════════════════════"
echo "🔍 CI WORKFLOW SUMMARY"
echo "═══════════════════════════════════════════════════════════════"
echo ""
echo "This gives a plain-English overview of what ran in this pipeline and whether it passed."
echo ""
echo "JOB RESULTS:"
echo "────────────"
echo ""
echo "📝 Lint & Type Check: ${{ needs.lint-and-type-check.result }}"
echo " └─ Runs ESLint on the admin UI and TypeScript type-checks the viewer UI"
echo ""
echo "🐍 Python Lint: ${{ needs.python-lint.result }}"
echo " └─ Runs Python style and syntax checks over the backend"
echo ""
echo "🧪 Backend Tests: ${{ needs.test-backend.result }}"
echo " └─ Runs 'pytest tests/ -v' against the FastAPI backend (with coverage)"
echo ""
echo "🏗️ Build: ${{ needs.build.result }}"
echo " └─ Validates backend imports/structure, builds admin frontend (Vite), and viewer frontend (Next.js)"
echo ""
echo "🔐 Secret Scanning: ${{ needs.secret-scanning.result }}"
echo " └─ Uses Gitleaks to look for committed secrets"
echo ""
echo "📦 Dependency Scan: ${{ needs.dependency-scan.result }}"
echo " └─ Uses Trivy to scan dependencies for HIGH/CRITICAL vulns"
echo ""
echo "🔍 SAST Scan: ${{ needs.sast-scan.result }}"
echo " └─ Uses Semgrep to look for insecure code patterns"
echo ""
echo "═══════════════════════════════════════════════════════════════"
echo "STATUS LEGEND:"
echo "──────────────"
echo " success = Job finished and all checks/tests passed"
echo " failure = Job ran but one or more checks/tests failed (see that job's log)"
echo " cancelled = Job was stopped before finishing"
echo " skipped = Job did not run, usually because CI was skipped for this commit"
echo ""
echo "═══════════════════════════════════════════════════════════════"
echo "📊 HOW TO READ THE BACKEND TEST RESULTS:"
echo "────────────────────────────────────────"
echo ""
echo "• The 'Backend Tests' row above tells you if the test run as a whole passed or failed."
echo ""
echo "• To see which specific tests failed or how they ran:"
echo " 1. Open the 'test-backend' job in this workflow run"
echo " 2. Look at the 'Run backend tests' step to see the 'pytest -v' output"
echo " 3. For local debugging, run 'pytest tests/ -v' in your dev environment"
echo ""
echo "═══════════════════════════════════════════════════════════════"
# Also write to step summary if available (for GitHub Actions compatibility)
if [ -n "$GITHUB_STEP_SUMMARY" ] && [ "$GITHUB_STEP_SUMMARY" != "/dev/stdout" ]; then
{
echo "## 🔍 CI Workflow Summary"
echo ""
echo "This table gives a **plain-English overview** of what ran in this pipeline and whether it passed."
echo ""
echo "### Job Results"
echo ""
echo "| Job | What it does | Status |"
echo "|-----|--------------|--------|"
echo "| 📝 Lint & Type Check | Runs ESLint on the admin UI and TypeScript type-checks the viewer UI | ${{ needs.lint-and-type-check.result }} |"
echo "| 🐍 Python Lint | Runs Python style and syntax checks over the backend | ${{ needs.python-lint.result }} |"
echo "| 🧪 Backend Tests | Runs \`pytest tests/ -v\` against the FastAPI backend (with coverage) | ${{ needs.test-backend.result }} |"
echo "| 🏗️ Build | Validates backend imports/structure, builds admin frontend (Vite), and viewer frontend (Next.js) | ${{ needs.build.result }} |"
echo "| 🔐 Secret Scanning | Uses Gitleaks to look for committed secrets | ${{ needs.secret-scanning.result }} |"
echo "| 📦 Dependency Scan | Uses Trivy to scan dependencies for HIGH/CRITICAL vulns | ${{ needs.dependency-scan.result }} |"
echo "| 🔍 SAST Scan | Uses Semgrep to look for insecure code patterns | ${{ needs.sast-scan.result }} |"
echo ""
echo "**Legend for the Status column:**"
echo "- \`success\`: job finished and all checks/tests passed."
echo "- \`failure\`: job ran but one or more checks/tests failed (see that job's log)."
echo "- \`cancelled\`: job was stopped before finishing."
echo "- \`skipped\`: job did not run, usually because CI was skipped for this commit."
echo ""
echo "### 📊 How to read the backend test results"
echo ""
echo "- The **Backend Tests** row tells you if the test run as a whole passed or failed."
echo "- To see which specific tests failed or how they ran:"
echo " 1. Open the **test-backend** job in this workflow run."
echo " 2. Look at the **Run backend tests** step to see the \`pytest -v\` output."
echo " 3. For local debugging, run \`pytest tests/ -v\` in your dev environment."
} >> "$GITHUB_STEP_SUMMARY" || true
fi
{
echo "## 🔍 CI Workflow Summary"
echo ""
echo "This table gives a **plain-English overview** of what ran in this pipeline and whether it passed."
echo ""
echo "### Job Results"
echo ""
echo "| Job | What it does | Status |"
echo "|-----|--------------|--------|"
echo "| 📝 Lint & Type Check | Runs ESLint on the admin UI and TypeScript type-checks the viewer UI | ${{ needs.lint-and-type-check.result }} |"
echo "| 🐍 Python Lint | Runs Python style and syntax checks over the backend | ${{ needs.python-lint.result }} |"
echo "| 🧪 Backend Tests | Runs \`pytest tests/ -v\` against the FastAPI backend (with coverage) | ${{ needs.test-backend.result }} |"
echo "| 🏗️ Build | Validates backend imports/structure, builds admin frontend (Vite), and viewer frontend (Next.js) | ${{ needs.build.result }} |"
echo "| 🔐 Secret Scanning | Uses Gitleaks to look for committed secrets | ${{ needs.secret-scanning.result }} |"
echo "| 📦 Dependency Scan | Uses Trivy to scan dependencies for HIGH/CRITICAL vulns | ${{ needs.dependency-scan.result }} |"
echo "| 🔍 SAST Scan | Uses Semgrep to look for insecure code patterns | ${{ needs.sast-scan.result }} |"
echo ""
echo "Legend for the **Status** column:"
echo "- \`success\`: job finished and all checks/tests passed."
echo "- \`failure\`: job ran but one or more checks/tests failed (see that job's log)."
echo "- \`cancelled\`: job was stopped before finishing."
echo "- \`skipped\`: job did not run, usually because CI was skipped for this commit."
echo ""
echo "### 📊 How to read the backend test results"
echo ""
echo "- The **Backend Tests** row tells you if the test run as a whole passed or failed."
echo "- To see which specific tests failed or how they ran:"
echo " 1. Open the **test-backend** job in this workflow run."
echo " 2. Look at the **Run backend tests** step to see the \`pytest -v\` output."
echo " 3. For local debugging, run \`pytest tests/ -v\` in your dev environment."
} >> "$SUMMARY_FILE" || true
continue-on-error: true

2
tests/test_api_auth.py
View File

@ -126,7 +126,7 @@ class TestTokenRefresh:
"""Test token refresh endpoint."""
def test_refresh_token_success(
self, test_client: TestClient
self, test_client: TestClient, admin_user
):
"""Verify successful token refresh."""
# Get refresh token from login