Skip to content
BudApp: PR Review

feat(eval): introduce the limit for heatmap api #859

Sign in to view logs

feat(eval): introduce the limit for heatmap api

feat(eval): introduce the limit for heatmap api #859

Workflow file for this run

.github/workflows/budapp-pr-review.yml at 08d43e1
name: "BudApp: PR Review"
on:
pull_request:
types: [opened, synchronize, reopened]
paths:
- 'services/budapp/**'
env:
PYTHON_VERSION: "3.11"
jobs:
security:
name: Security Scan
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./services/budapp
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install bandit
run: |
python -m pip install --upgrade pip
pip install bandit[toml]
- name: Run bandit security scan
run: |
echo "::group::Running bandit security scan"
bandit -r budapp/ -ll --skip B608 -f json -o bandit-report.json || true
bandit -r budapp/ -ll --skip B608
echo "::endgroup::"
- name: Upload bandit report
if: always()
uses: actions/upload-artifact@v4
with:
name: bandit-security-report
path: bandit-report.json
test:
name: Run Tests
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./services/budapp
services:
postgres:
image: postgres:15
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: bud_serve_test
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
redis:
image: redis:7-alpine
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 6379:6379
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Cache pip dependencies
uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-test-${{ hashFiles('**/requirements.txt', '**/requirements-test.txt') }}
restore-keys: |
${{ runner.os }}-pip-test-
${{ runner.os }}-pip-
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r requirements-test.txt
pip install pytest-cov # For coverage reporting
- name: Set up environment
run: |
cp .env.sample .env
# Update test database connection
sed -i 's/PSQL_HOST=.*/PSQL_HOST=localhost/' .env
sed -i 's/PSQL_DB_NAME=.*/PSQL_DB_NAME=bud_serve_test/' .env
sed -i 's/REDIS_HOST=.*/REDIS_HOST=localhost/' .env
# Fix Redis URI format (must include redis:// scheme)
sed -i 's/SECRETS_REDIS_URI=.*/SECRETS_REDIS_URI=redis:\/\/localhost:6379/' .env
# Set the Redis URL that the application actually expects
echo "TENSORZERO_REDIS_URL=redis://localhost:6379" >> .env
# Fix placeholder URLs and set required test values
sed -i 's|BUD_CONNECT_BASE_URL=.*|BUD_CONNECT_BASE_URL=http://localhost:8081|' .env
sed -i 's|KEYCLOAK_SERVER_URL=.*|KEYCLOAK_SERVER_URL=http://localhost:8080/|' .env
sed -i 's|MINIO_ENDPOINT=.*|MINIO_ENDPOINT=localhost:9000|' .env
# Set required secrets for testing
sed -i 's/PSQL_USER=.*/PSQL_USER=postgres/' .env
sed -i 's/PSQL_PASSWORD=.*/PSQL_PASSWORD=postgres/' .env
sed -i 's/JWT_SECRET_KEY=.*/JWT_SECRET_KEY=test-secret-key-for-ci-testing-only/' .env
sed -i 's/SUPER_USER_PASSWORD=.*/SUPER_USER_PASSWORD=test-password/' .env
# Generate test RSA keys for CI (with encryption)
openssl genrsa -aes256 -passout pass:bud_encryption_password -out private_key.pem 2048
openssl rsa -in private_key.pem -passin pass:bud_encryption_password -pubout -out public_key.pem
# Set AES key for testing (32 bytes = 256 bits in hex)
echo "AES_KEY_HEX=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" >> .env
# Show environment file for debugging (without sensitive data)
echo "Environment file setup complete"
- name: Run database migrations
run: |
alembic -c ./budapp/alembic.ini upgrade head
- name: Run tests with coverage
run: |
echo "::group::Running pytest with coverage"
# Note: Some tests have import issues or require Dapr, skipping problematic ones
# Run only the working tests
pytest tests/ \
--ignore=tests/test_cluster_node_metrics.py \
--ignore=tests/test_update_credential.py \
--ignore=tests/test_redis.py \
--cov=budapp \
--cov-report=xml \
--cov-report=html \
--cov-report=term-missing \
-v \
-x
echo "::endgroup::"
- name: Upload coverage reports
uses: actions/upload-artifact@v4
with:
name: coverage-report
path: |
coverage.xml
htmlcov/
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
file: ./coverage.xml
flags: unittests
name: codecov-umbrella
fail_ci_if_error: false
dependency-check:
name: Check Dependencies
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./services/budapp
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install pip-audit
run: |
python -m pip install --upgrade pip
pip install pip-audit
- name: Run dependency vulnerability scan
run: |
echo "::group::Checking for vulnerable dependencies"
pip-audit -r requirements.txt -r requirements-test.txt -r requirements-lint.txt
echo "::endgroup::"
pr-status:
name: PR Review Status
runs-on: ubuntu-latest
needs: [security, test, dependency-check]
if: always()
steps:
- name: Check job results
run: |
if [[ "${{ needs.security.result }}" == "failure" ]]; then
echo "❌ Security scan failed"
exit 1
fi
if [[ "${{ needs.test.result }}" == "failure" ]]; then
echo "❌ Tests failed"
exit 1
fi
if [[ "${{ needs.dependency-check.result }}" == "failure" ]]; then
echo "❌ Dependency check failed"
exit 1
fi
echo "✅ All checks passed!"