From c6f27556acaad5053e2fb8654047590fa9a0a3a5 Mon Sep 17 00:00:00 2001 From: Tanya Date: Thu, 8 Jan 2026 14:43:46 -0500 Subject: [PATCH] chore: Update CI workflow to use virtual environment directly and enhance summary output This commit modifies the CI workflow to utilize the virtual environment's pip and python directly, avoiding shell activation issues. Additionally, it enhances the CI workflow summary by providing a clearer overview of job results, including detailed descriptions of each job's purpose and how to interpret the backend test results. This improves the overall clarity and usability of the CI process. --- .gitea/workflows/ci.yml | 128 +++++++++++++++++++++++++++------------- tests/test_api_auth.py | 2 +- 2 files changed, 88 insertions(+), 42 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 8e4da8b..b81fe1a 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -424,11 +424,9 @@ jobs: # Create virtual environment python3 -m venv /tmp/backend-venv - source /tmp/backend-venv/bin/activate - # Install core dependencies (skip heavy ML dependencies for faster build) - # This validates that requirements.txt structure is valid and core imports work - pip install --no-cache-dir fastapi uvicorn pydantic sqlalchemy psycopg2-binary redis rq python-jose python-multipart python-dotenv bcrypt + # Use venv's pip and python directly (avoids shell activation issues) + /tmp/backend-venv/bin/pip install --no-cache-dir fastapi uvicorn pydantic sqlalchemy psycopg2-binary redis rq python-jose python-multipart python-dotenv bcrypt # Set environment variables for validation export PYTHONPATH=$(pwd) @@ -440,7 +438,7 @@ jobs: # Validate imports and app instantiation (without starting server or connecting to DB) echo "๐Ÿ” Validating backend imports and structure..." - python3 << 'EOF' + /tmp/backend-venv/bin/python3 << 'EOF' import sys import os sys.path.insert(0, '.') @@ -680,42 +678,90 @@ jobs: steps: - name: Generate workflow summary run: | - SUMMARY_FILE="${GITHUB_STEP_SUMMARY:-/dev/stdout}" - # Ensure directory exists if using a file path (for act/local runners) - if [ "$SUMMARY_FILE" != "/dev/stdout" ] && [ "$SUMMARY_FILE" != "/dev/stderr" ]; then - mkdir -p "$(dirname "$SUMMARY_FILE")" || true - touch "$SUMMARY_FILE" || true + echo "โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" + echo "๐Ÿ” CI WORKFLOW SUMMARY" + echo "โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" + echo "" + echo "This gives a plain-English overview of what ran in this pipeline and whether it passed." + echo "" + echo "JOB RESULTS:" + echo "โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€" + echo "" + echo "๐Ÿ“ Lint & Type Check: ${{ needs.lint-and-type-check.result }}" + echo " โ””โ”€ Runs ESLint on the admin UI and TypeScript type-checks the viewer UI" + echo "" + echo "๐Ÿ Python Lint: ${{ needs.python-lint.result }}" + echo " โ””โ”€ Runs Python style and syntax checks over the backend" + echo "" + echo "๐Ÿงช Backend Tests: ${{ needs.test-backend.result }}" + echo " โ””โ”€ Runs 'pytest tests/ -v' against the FastAPI backend (with coverage)" + echo "" + echo "๐Ÿ—๏ธ Build: ${{ needs.build.result }}" + echo " โ””โ”€ Validates backend imports/structure, builds admin frontend (Vite), and viewer frontend (Next.js)" + echo "" + echo "๐Ÿ” Secret Scanning: ${{ needs.secret-scanning.result }}" + echo " โ””โ”€ Uses Gitleaks to look for committed secrets" + echo "" + echo "๐Ÿ“ฆ Dependency Scan: ${{ needs.dependency-scan.result }}" + echo " โ””โ”€ Uses Trivy to scan dependencies for HIGH/CRITICAL vulns" + echo "" + echo "๐Ÿ” SAST Scan: ${{ needs.sast-scan.result }}" + echo " โ””โ”€ Uses Semgrep to look for insecure code patterns" + echo "" + echo "โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" + echo "STATUS LEGEND:" + echo "โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€" + echo " success = Job finished and all checks/tests passed" + echo " failure = Job ran but one or more checks/tests failed (see that job's log)" + echo " cancelled = Job was stopped before finishing" + echo " skipped = Job did not run, usually because CI was skipped for this commit" + echo "" + echo "โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" + echo "๐Ÿ“Š HOW TO READ THE BACKEND TEST RESULTS:" + echo "โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€" + echo "" + echo "โ€ข The 'Backend Tests' row above tells you if the test run as a whole passed or failed." + echo "" + echo "โ€ข To see which specific tests failed or how they ran:" + echo " 1. Open the 'test-backend' job in this workflow run" + echo " 2. Look at the 'Run backend tests' step to see the 'pytest -v' output" + echo " 3. For local debugging, run 'pytest tests/ -v' in your dev environment" + echo "" + echo "โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" + + # Also write to step summary if available (for GitHub Actions compatibility) + if [ -n "$GITHUB_STEP_SUMMARY" ] && [ "$GITHUB_STEP_SUMMARY" != "/dev/stdout" ]; then + { + echo "## ๐Ÿ” CI Workflow Summary" + echo "" + echo "This table gives a **plain-English overview** of what ran in this pipeline and whether it passed." + echo "" + echo "### Job Results" + echo "" + echo "| Job | What it does | Status |" + echo "|-----|--------------|--------|" + echo "| ๐Ÿ“ Lint & Type Check | Runs ESLint on the admin UI and TypeScript type-checks the viewer UI | ${{ needs.lint-and-type-check.result }} |" + echo "| ๐Ÿ Python Lint | Runs Python style and syntax checks over the backend | ${{ needs.python-lint.result }} |" + echo "| ๐Ÿงช Backend Tests | Runs \`pytest tests/ -v\` against the FastAPI backend (with coverage) | ${{ needs.test-backend.result }} |" + echo "| ๐Ÿ—๏ธ Build | Validates backend imports/structure, builds admin frontend (Vite), and viewer frontend (Next.js) | ${{ needs.build.result }} |" + echo "| ๐Ÿ” Secret Scanning | Uses Gitleaks to look for committed secrets | ${{ needs.secret-scanning.result }} |" + echo "| ๐Ÿ“ฆ Dependency Scan | Uses Trivy to scan dependencies for HIGH/CRITICAL vulns | ${{ needs.dependency-scan.result }} |" + echo "| ๐Ÿ” SAST Scan | Uses Semgrep to look for insecure code patterns | ${{ needs.sast-scan.result }} |" + echo "" + echo "**Legend for the Status column:**" + echo "- \`success\`: job finished and all checks/tests passed." + echo "- \`failure\`: job ran but one or more checks/tests failed (see that job's log)." + echo "- \`cancelled\`: job was stopped before finishing." + echo "- \`skipped\`: job did not run, usually because CI was skipped for this commit." + echo "" + echo "### ๐Ÿ“Š How to read the backend test results" + echo "" + echo "- The **Backend Tests** row tells you if the test run as a whole passed or failed." + echo "- To see which specific tests failed or how they ran:" + echo " 1. Open the **test-backend** job in this workflow run." + echo " 2. Look at the **Run backend tests** step to see the \`pytest -v\` output." + echo " 3. For local debugging, run \`pytest tests/ -v\` in your dev environment." + } >> "$GITHUB_STEP_SUMMARY" || true fi - { - echo "## ๐Ÿ” CI Workflow Summary" - echo "" - echo "This table gives a **plain-English overview** of what ran in this pipeline and whether it passed." - echo "" - echo "### Job Results" - echo "" - echo "| Job | What it does | Status |" - echo "|-----|--------------|--------|" - echo "| ๐Ÿ“ Lint & Type Check | Runs ESLint on the admin UI and TypeScript type-checks the viewer UI | ${{ needs.lint-and-type-check.result }} |" - echo "| ๐Ÿ Python Lint | Runs Python style and syntax checks over the backend | ${{ needs.python-lint.result }} |" - echo "| ๐Ÿงช Backend Tests | Runs \`pytest tests/ -v\` against the FastAPI backend (with coverage) | ${{ needs.test-backend.result }} |" - echo "| ๐Ÿ—๏ธ Build | Validates backend imports/structure, builds admin frontend (Vite), and viewer frontend (Next.js) | ${{ needs.build.result }} |" - echo "| ๐Ÿ” Secret Scanning | Uses Gitleaks to look for committed secrets | ${{ needs.secret-scanning.result }} |" - echo "| ๐Ÿ“ฆ Dependency Scan | Uses Trivy to scan dependencies for HIGH/CRITICAL vulns | ${{ needs.dependency-scan.result }} |" - echo "| ๐Ÿ” SAST Scan | Uses Semgrep to look for insecure code patterns | ${{ needs.sast-scan.result }} |" - echo "" - echo "Legend for the **Status** column:" - echo "- \`success\`: job finished and all checks/tests passed." - echo "- \`failure\`: job ran but one or more checks/tests failed (see that job's log)." - echo "- \`cancelled\`: job was stopped before finishing." - echo "- \`skipped\`: job did not run, usually because CI was skipped for this commit." - echo "" - echo "### ๐Ÿ“Š How to read the backend test results" - echo "" - echo "- The **Backend Tests** row tells you if the test run as a whole passed or failed." - echo "- To see which specific tests failed or how they ran:" - echo " 1. Open the **test-backend** job in this workflow run." - echo " 2. Look at the **Run backend tests** step to see the \`pytest -v\` output." - echo " 3. For local debugging, run \`pytest tests/ -v\` in your dev environment." - } >> "$SUMMARY_FILE" || true continue-on-error: true diff --git a/tests/test_api_auth.py b/tests/test_api_auth.py index 766a3a2..a6a5195 100644 --- a/tests/test_api_auth.py +++ b/tests/test_api_auth.py @@ -126,7 +126,7 @@ class TestTokenRefresh: """Test token refresh endpoint.""" def test_refresh_token_success( - self, test_client: TestClient + self, test_client: TestClient, admin_user ): """Verify successful token refresh.""" # Get refresh token from login