diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 8e4da8b..b81fe1a 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -424,11 +424,9 @@ jobs: # Create virtual environment python3 -m venv /tmp/backend-venv - source /tmp/backend-venv/bin/activate - # Install core dependencies (skip heavy ML dependencies for faster build) - # This validates that requirements.txt structure is valid and core imports work - pip install --no-cache-dir fastapi uvicorn pydantic sqlalchemy psycopg2-binary redis rq python-jose python-multipart python-dotenv bcrypt + # Use venv's pip and python directly (avoids shell activation issues) + /tmp/backend-venv/bin/pip install --no-cache-dir fastapi uvicorn pydantic sqlalchemy psycopg2-binary redis rq python-jose python-multipart python-dotenv bcrypt # Set environment variables for validation export PYTHONPATH=$(pwd) @@ -440,7 +438,7 @@ jobs: # Validate imports and app instantiation (without starting server or connecting to DB) echo "๐Ÿ” Validating backend imports and structure..." - python3 << 'EOF' + /tmp/backend-venv/bin/python3 << 'EOF' import sys import os sys.path.insert(0, '.') @@ -680,42 +678,90 @@ jobs: steps: - name: Generate workflow summary run: | - SUMMARY_FILE="${GITHUB_STEP_SUMMARY:-/dev/stdout}" - # Ensure directory exists if using a file path (for act/local runners) - if [ "$SUMMARY_FILE" != "/dev/stdout" ] && [ "$SUMMARY_FILE" != "/dev/stderr" ]; then - mkdir -p "$(dirname "$SUMMARY_FILE")" || true - touch "$SUMMARY_FILE" || true + echo "โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" + echo "๐Ÿ” CI WORKFLOW SUMMARY" + echo "โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" + echo "" + echo "This gives a plain-English overview of what ran in this pipeline and whether it passed." + echo "" + echo "JOB RESULTS:" + echo "โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€" + echo "" + echo "๐Ÿ“ Lint & Type Check: ${{ needs.lint-and-type-check.result }}" + echo " โ””โ”€ Runs ESLint on the admin UI and TypeScript type-checks the viewer UI" + echo "" + echo "๐Ÿ Python Lint: ${{ needs.python-lint.result }}" + echo " โ””โ”€ Runs Python style and syntax checks over the backend" + echo "" + echo "๐Ÿงช Backend Tests: ${{ needs.test-backend.result }}" + echo " โ””โ”€ Runs 'pytest tests/ -v' against the FastAPI backend (with coverage)" + echo "" + echo "๐Ÿ—๏ธ Build: ${{ needs.build.result }}" + echo " โ””โ”€ Validates backend imports/structure, builds admin frontend (Vite), and viewer frontend (Next.js)" + echo "" + echo "๐Ÿ” Secret Scanning: ${{ needs.secret-scanning.result }}" + echo " โ””โ”€ Uses Gitleaks to look for committed secrets" + echo "" + echo "๐Ÿ“ฆ Dependency Scan: ${{ needs.dependency-scan.result }}" + echo " โ””โ”€ Uses Trivy to scan dependencies for HIGH/CRITICAL vulns" + echo "" + echo "๐Ÿ” SAST Scan: ${{ needs.sast-scan.result }}" + echo " โ””โ”€ Uses Semgrep to look for insecure code patterns" + echo "" + echo "โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" + echo "STATUS LEGEND:" + echo "โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€" + echo " success = Job finished and all checks/tests passed" + echo " failure = Job ran but one or more checks/tests failed (see that job's log)" + echo " cancelled = Job was stopped before finishing" + echo " skipped = Job did not run, usually because CI was skipped for this commit" + echo "" + echo "โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" + echo "๐Ÿ“Š HOW TO READ THE BACKEND TEST RESULTS:" + echo "โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€" + echo "" + echo "โ€ข The 'Backend Tests' row above tells you if the test run as a whole passed or failed." + echo "" + echo "โ€ข To see which specific tests failed or how they ran:" + echo " 1. Open the 'test-backend' job in this workflow run" + echo " 2. Look at the 'Run backend tests' step to see the 'pytest -v' output" + echo " 3. For local debugging, run 'pytest tests/ -v' in your dev environment" + echo "" + echo "โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" + + # Also write to step summary if available (for GitHub Actions compatibility) + if [ -n "$GITHUB_STEP_SUMMARY" ] && [ "$GITHUB_STEP_SUMMARY" != "/dev/stdout" ]; then + { + echo "## ๐Ÿ” CI Workflow Summary" + echo "" + echo "This table gives a **plain-English overview** of what ran in this pipeline and whether it passed." + echo "" + echo "### Job Results" + echo "" + echo "| Job | What it does | Status |" + echo "|-----|--------------|--------|" + echo "| ๐Ÿ“ Lint & Type Check | Runs ESLint on the admin UI and TypeScript type-checks the viewer UI | ${{ needs.lint-and-type-check.result }} |" + echo "| ๐Ÿ Python Lint | Runs Python style and syntax checks over the backend | ${{ needs.python-lint.result }} |" + echo "| ๐Ÿงช Backend Tests | Runs \`pytest tests/ -v\` against the FastAPI backend (with coverage) | ${{ needs.test-backend.result }} |" + echo "| ๐Ÿ—๏ธ Build | Validates backend imports/structure, builds admin frontend (Vite), and viewer frontend (Next.js) | ${{ needs.build.result }} |" + echo "| ๐Ÿ” Secret Scanning | Uses Gitleaks to look for committed secrets | ${{ needs.secret-scanning.result }} |" + echo "| ๐Ÿ“ฆ Dependency Scan | Uses Trivy to scan dependencies for HIGH/CRITICAL vulns | ${{ needs.dependency-scan.result }} |" + echo "| ๐Ÿ” SAST Scan | Uses Semgrep to look for insecure code patterns | ${{ needs.sast-scan.result }} |" + echo "" + echo "**Legend for the Status column:**" + echo "- \`success\`: job finished and all checks/tests passed." + echo "- \`failure\`: job ran but one or more checks/tests failed (see that job's log)." + echo "- \`cancelled\`: job was stopped before finishing." + echo "- \`skipped\`: job did not run, usually because CI was skipped for this commit." + echo "" + echo "### ๐Ÿ“Š How to read the backend test results" + echo "" + echo "- The **Backend Tests** row tells you if the test run as a whole passed or failed." + echo "- To see which specific tests failed or how they ran:" + echo " 1. Open the **test-backend** job in this workflow run." + echo " 2. Look at the **Run backend tests** step to see the \`pytest -v\` output." + echo " 3. For local debugging, run \`pytest tests/ -v\` in your dev environment." + } >> "$GITHUB_STEP_SUMMARY" || true fi - { - echo "## ๐Ÿ” CI Workflow Summary" - echo "" - echo "This table gives a **plain-English overview** of what ran in this pipeline and whether it passed." - echo "" - echo "### Job Results" - echo "" - echo "| Job | What it does | Status |" - echo "|-----|--------------|--------|" - echo "| ๐Ÿ“ Lint & Type Check | Runs ESLint on the admin UI and TypeScript type-checks the viewer UI | ${{ needs.lint-and-type-check.result }} |" - echo "| ๐Ÿ Python Lint | Runs Python style and syntax checks over the backend | ${{ needs.python-lint.result }} |" - echo "| ๐Ÿงช Backend Tests | Runs \`pytest tests/ -v\` against the FastAPI backend (with coverage) | ${{ needs.test-backend.result }} |" - echo "| ๐Ÿ—๏ธ Build | Validates backend imports/structure, builds admin frontend (Vite), and viewer frontend (Next.js) | ${{ needs.build.result }} |" - echo "| ๐Ÿ” Secret Scanning | Uses Gitleaks to look for committed secrets | ${{ needs.secret-scanning.result }} |" - echo "| ๐Ÿ“ฆ Dependency Scan | Uses Trivy to scan dependencies for HIGH/CRITICAL vulns | ${{ needs.dependency-scan.result }} |" - echo "| ๐Ÿ” SAST Scan | Uses Semgrep to look for insecure code patterns | ${{ needs.sast-scan.result }} |" - echo "" - echo "Legend for the **Status** column:" - echo "- \`success\`: job finished and all checks/tests passed." - echo "- \`failure\`: job ran but one or more checks/tests failed (see that job's log)." - echo "- \`cancelled\`: job was stopped before finishing." - echo "- \`skipped\`: job did not run, usually because CI was skipped for this commit." - echo "" - echo "### ๐Ÿ“Š How to read the backend test results" - echo "" - echo "- The **Backend Tests** row tells you if the test run as a whole passed or failed." - echo "- To see which specific tests failed or how they ran:" - echo " 1. Open the **test-backend** job in this workflow run." - echo " 2. Look at the **Run backend tests** step to see the \`pytest -v\` output." - echo " 3. For local debugging, run \`pytest tests/ -v\` in your dev environment." - } >> "$SUMMARY_FILE" || true continue-on-error: true diff --git a/tests/test_api_auth.py b/tests/test_api_auth.py index 766a3a2..a6a5195 100644 --- a/tests/test_api_auth.py +++ b/tests/test_api_auth.py @@ -126,7 +126,7 @@ class TestTokenRefresh: """Test token refresh endpoint.""" def test_refresh_token_success( - self, test_client: TestClient + self, test_client: TestClient, admin_user ): """Verify successful token refresh.""" # Get refresh token from login