Skip to content

Create new action to measure code coverage of our test suite#8278

Open
g1rly-c0d3r wants to merge 29 commits into
mainfrom
issue-8264
Open

Create new action to measure code coverage of our test suite#8278
g1rly-c0d3r wants to merge 29 commits into
mainfrom
issue-8264

Conversation

@g1rly-c0d3r

@g1rly-c0d3r g1rly-c0d3r commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

Fixes #8264 #8228

This adds a new Github action that will run on PRs that will generate a report of code coverage that is downloadable for one day. This also adds support for running pytest as a test runner so that we can measure our backend code coverage from our tests.

Checklist

  • Self-review the PR after opening it to make sure the changes look good and
    self-explanatory (or properly documented)
  • Add relevant issue to release milestone
  • Add pr to documentation list
  • Add automated tests

Testing instructions

Since you can not manually trigger a workflow on any other branch than main:

  • trivially change a file
  • push changes to this branch
    • The Coverage workflow should attempt to run
  • Follow the instructions here to download the report, and make sure that the workflow succeeded
  • Ensure that the report.tar.bz2 archive is not empty

Summary by CodeRabbit

  • New Features
    • Added an automated “Coverage” workflow on push and manual runs, publishing a downloadable coverage report artifact.
  • Bug Fixes
    • Improved workflow triggering to run only when relevant backend/frontend changes occur and to skip specific automated commits.
  • Chores
    • Added pytest.ini to set the default DJANGO_SETTINGS_MODULE.
    • Updated testing dependencies with coverage and pytest-django.
    • Updated workflow documentation to include the required COVERAGE_SCRIPT_CLONE secret details.

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

This PR adds a Coverage GitHub Actions workflow with change detection, containerized execution, report collection, pytest defaults, testing dependencies, and documentation for the coverage-clone secret.

Changes

Coverage workflow and test setup

Layer / File(s) Summary
Workflow triggers and change detection
.github/workflows/coverage.yml
Defines workflow guards, classifies frontend and backend changes, and exposes outputs for downstream execution.
Environment setup and coverage report
.github/workflows/coverage.yml, .github/workflows/README.md
Installs prerequisites, clones coverage tooling, configures and starts Docker services, collects database and service output, uploads the report artifact, and documents COVERAGE_SCRIPT_CLONE.
Pytest defaults and test dependencies
pytest.ini, requirements-testing.txt
Sets the Django settings module for pytest and adds coverage and pytest-django.

Sequence Diagram(s)

sequenceDiagram
  participant GitHubActions
  participant ChangesJob
  participant SetupAndRunJob
  participant DockerCompose
  GitHubActions->>ChangesJob: trigger coverage workflow
  ChangesJob->>ChangesJob: detect changed paths
  ChangesJob->>SetupAndRunJob: pass change outputs
  SetupAndRunJob->>DockerCompose: start Docker stack
  SetupAndRunJob->>DockerCompose: collect logs and database output
  SetupAndRunJob->>GitHubActions: upload coverage report
Loading
🚥 Pre-merge checks | ✅ 6
✅ Passed checks (6 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly states the main change: adding a new action to measure test coverage.
Linked Issues check ✅ Passed The workflow, artifact upload, and pytest support align with #8264’s goal of automated coverage analysis.
Out of Scope Changes check ✅ Passed The added README, pytest config, and testing dependencies all support the coverage workflow and are in scope.
Automatic Tests ✅ Passed PASS: the PR only adds coverage/pytest workflow config and no app logic, and the repo already has backend tests, so no new automated tests were necessary.
Testing Instructions ✅ Passed The testing steps align with the workflow’s push/manual-dispatch flow and artifact validation; GitHub docs require workflow_dispatch to exist on the default branch.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch issue-8264

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@g1rly-c0d3r g1rly-c0d3r linked an issue Jul 8, 2026 that may be closed by this pull request
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

Warning

One or more dependencies are approaching or past End-of-Life.
Please plan upgrades accordingly.

STATUS=WARNING
NODE_VERSION=20
NODE_CYCLE=20
EOL_DATE=2026-04-30
DAYS_REMAINING=-71

--- Node.js ---
Version: 20
EOL: 2026-04-30
Status: WARNING

STATUS=OK
PYTHON_VERSION=3.12
PYTHON_CYCLE=3.12
EOL_DATE=2028-10-31
DAYS_REMAINING=844

--- Python ---
Version: 3.12
EOL: 2028-10-31
Status: OK

STATUS=WARNING
DJANGO_VERSION=4.2
DJANGO_CYCLE=4.2
EOL_DATE=2026-04-07
DAYS_REMAINING=-94

--- Django ---
Version: 4.2
EOL: 2026-04-07
Status: WARNING


@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 6

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
.github/workflows/coverage.yml (1)

1-110: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Add a permissions: block to follow least-privilege principle.

The workflow has no permissions: block, so it inherits the default token permissions (which may be broad depending on repo settings). Since this workflow only needs to read code and upload artifacts, it should use minimal permissions. This is flagged by zizmor.

🔒 Proposed fix
+permissions:
+  contents: read
+
 name: Coverage
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/coverage.yml around lines 1 - 110, The Coverage workflow
currently relies on default GITHUB_TOKEN scope, so add an explicit
least-privilege permissions block at the workflow level. Update the workflow
definition for the Coverage job set so it only grants the minimal access needed
for actions like actions/checkout and actions/upload-artifact, and keep the rest
of the jobs unchanged. Reference the workflow’s top-level configuration near the
existing on: and jobs: sections when applying the fix.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/coverage.yml:
- Line 31: The checkout steps in the workflow are persisting GitHub credentials
in .git/config, which triggers the artipacked warning. Update both
actions/checkout usages in the workflow to set persist-credentials to false,
since neither checkout needs to push or amend commits. Make the change on each
checkout step so the token is not retained after checkout.
- Around line 54-57: The setup job condition references an undefined changes
output, so frontend-only changes never satisfy the workflow gate. Update the if
expression in the setup job to use the actual output name exposed by the changes
job (the frontend-related output defined alongside backend_changed and
frontend/frontend_changes), and keep the workflow_dispatch branch intact so the
setup job triggers correctly for frontend-only edits.
- Around line 3-5: The coverage workflow is missing the pull_request trigger, so
its PR-specific logic in the changes job can never run. Update the workflow’s on
block to include pull_request alongside push and workflow_dispatch, and verify
the changes job condition still correctly evaluates for pull_request events by
referencing the existing changes job and event-based condition logic.
- Around line 17-23: The workflow condition in the `if` block is fragile because
`github.event.head_commit` can be null for `workflow_dispatch` events, so the
existing `head_commit.committer.name` checks in the coverage workflow should be
made null-safe. Update the conditional logic to explicitly handle
`workflow_dispatch` separately or guard access to `github.event.head_commit`
before reading `committer.name`, while preserving the existing `Hosted Weblate`,
`github-actions`, and forked pull request exclusions.
- Around line 52-107: The workflow splits setup and execution into separate
jobs, but GitHub Actions runners are ephemeral so the installed run-coverage
script and started Docker containers from setup are not available in run. Update
the coverage workflow by merging the setup and run steps into a single job (or
otherwise ensure all required artifacts/services are recreated in run), using
the setup and run job names as the key locations to refactor.

In @.github/workflows/README.md:
- Around line 72-83: Fix the broken markdown links in the COVERAGE_SCRIPT_CLONE
documentation table by updating the development repo link to use a fully
qualified GitHub URL and correcting the PR anchor so it points to the actual
pull request number shown as `#8278`. Update the affected entries in the README
table so the links resolve properly without changing the surrounding wording or
structure.

---

Outside diff comments:
In @.github/workflows/coverage.yml:
- Around line 1-110: The Coverage workflow currently relies on default
GITHUB_TOKEN scope, so add an explicit least-privilege permissions block at the
workflow level. Update the workflow definition for the Coverage job set so it
only grants the minimal access needed for actions like actions/checkout and
actions/upload-artifact, and keep the rest of the jobs unchanged. Reference the
workflow’s top-level configuration near the existing on: and jobs: sections when
applying the fix.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: e7dc0191-b0ed-47f9-9398-a9251ff1841c

📥 Commits

Reviewing files that changed from the base of the PR and between 0ce7b0c and 9ef2fcb.

📒 Files selected for processing (4)
  • .github/workflows/README.md
  • .github/workflows/coverage.yml
  • pytest.ini
  • requirements-testing.txt

Comment on lines +3 to +5
on:
push:
workflow_dispatch:

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Missing pull_request trigger despite PR objectives stating the workflow should run on PRs.

The on: block only includes push and workflow_dispatch, but the PR objectives explicitly state the action should "run on pull requests." Additionally, the changes job condition (lines 21-22) contains logic for pull_request events that can never fire. This logic appears copied from test.yml but the trigger was not carried over.

🔧 Proposed fix
 on: 
   push:
+  pull_request:
+    # Only run for external PRs to avoid duplicate runs
+    # (internal PRs already trigger the push event)
   workflow_dispatch:
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
on:
push:
workflow_dispatch:
on:
push:
pull_request:
# Only run for external PRs to avoid duplicate runs
# (internal PRs already trigger the push event)
workflow_dispatch:
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/coverage.yml around lines 3 - 5, The coverage workflow is
missing the pull_request trigger, so its PR-specific logic in the changes job
can never run. Update the workflow’s on block to include pull_request alongside
push and workflow_dispatch, and verify the changes job condition still correctly
evaluates for pull_request events by referencing the existing changes job and
event-based condition logic.

Comment on lines +17 to +23
if: |
github.event.head_commit.committer.name != 'Hosted Weblate' &&
github.event.head_commit.committer.name != 'github-actions' &&
(
github.event_name != 'pull_request' ||
github.event.pull_request.head.repo.fork == true
)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

github.event.head_commit is null for workflow_dispatch events — condition is fragile.

For workflow_dispatch events, github.event.head_commit is null, so github.event.head_commit.committer.name evaluates to an empty string. While the != comparison happens to work (empty string != 'Hosted Weblate' is true), this is fragile and relies on undefined behavior. Consider guarding the condition or restructuring to handle workflow_dispatch separately.

🔧 Proposed fix
     if: |
-      github.event.head_commit.committer.name != 'Hosted Weblate' &&
-      github.event.head_commit.committer.name != 'github-actions' &&
+      (github.event_name == 'workflow_dispatch' ||
+       (github.event.head_commit.committer.name != 'Hosted Weblate' &&
+        github.event.head_commit.committer.name != 'github-actions')) &&
       (
         github.event_name != 'pull_request'  ||
         github.event.pull_request.head.repo.fork == true
       )
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if: |
github.event.head_commit.committer.name != 'Hosted Weblate' &&
github.event.head_commit.committer.name != 'github-actions' &&
(
github.event_name != 'pull_request' ||
github.event.pull_request.head.repo.fork == true
)
if: |
(github.event_name == 'workflow_dispatch' ||
(github.event.head_commit.committer.name != 'Hosted Weblate' &&
github.event.head_commit.committer.name != 'github-actions')) &&
(
github.event_name != 'pull_request' ||
github.event.pull_request.head.repo.fork == true
)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/coverage.yml around lines 17 - 23, The workflow condition
in the `if` block is fragile because `github.event.head_commit` can be null for
`workflow_dispatch` events, so the existing `head_commit.committer.name` checks
in the coverage workflow should be made null-safe. Update the conditional logic
to explicitly handle `workflow_dispatch` separately or guard access to
`github.event.head_commit` before reading `committer.name`, while preserving the
existing `Hosted Weblate`, `github-actions`, and forked pull request exclusions.

frontend_changes: ${{ steps.filter.outputs.frontend_files }}

steps:
- uses: actions/checkout@v4

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Set persist-credentials: false on checkout actions to prevent credential persistence.

Both actions/checkout steps don't set persist-credentials: false, which means the GitHub token persists in .git/config after checkout. This is flagged by zizmor as an artipacked risk. Since neither step needs to push commits, credentials should not persist.

🔒 Proposed fix
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false

Apply to both checkout steps (lines 31 and 68).

Also applies to: 68-68

🧰 Tools
🪛 zizmor (1.26.1)

[warning] 31-31: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/coverage.yml at line 31, The checkout steps in the
workflow are persisting GitHub credentials in .git/config, which triggers the
artipacked warning. Update both actions/checkout usages in the workflow to set
persist-credentials to false, since neither checkout needs to push or amend
commits. Make the change on each checkout step so the token is not retained
after checkout.

Source: Linters/SAST tools

Comment thread .github/workflows/coverage.yml Outdated
Comment on lines +54 to +57
if: |
(needs.changes.outputs.backend_changed ||
needs.changes.outputs.frontend_changed) ||
github.event_name == 'workflow_dispatch'

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🔴 Critical | ⚡ Quick win

frontend_changed output doesn't exist — setup job won't trigger for frontend-only changes.

The changes job defines outputs backend_changed, frontend, and frontend_changes (lines 26-28), but the setup job condition references needs.changes.outputs.frontend_changed which is undefined. This evaluates to an empty string (falsy), so frontend-only changes will never trigger the setup job. This is confirmed by actionlint.

🔧 Proposed fix
     if: |
       (needs.changes.outputs.backend_changed  ||
-      needs.changes.outputs.frontend_changed) ||
+      needs.changes.outputs.frontend) ||
       github.event_name == 'workflow_dispatch'
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if: |
(needs.changes.outputs.backend_changed ||
needs.changes.outputs.frontend_changed) ||
github.event_name == 'workflow_dispatch'
if: |
(needs.changes.outputs.backend_changed ||
needs.changes.outputs.frontend) ||
github.event_name == 'workflow_dispatch'
🧰 Tools
🪛 actionlint (1.7.12)

[error] 55-55: property "frontend_changed" is not defined in object type {backend_changed: string; frontend: string; frontend_changes: string}

(expression)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/coverage.yml around lines 54 - 57, The setup job condition
references an undefined changes output, so frontend-only changes never satisfy
the workflow gate. Update the if expression in the setup job to use the actual
output name exposed by the changes job (the frontend-related output defined
alongside backend_changed and frontend/frontend_changes), and keep the
workflow_dispatch branch intact so the setup job triggers correctly for
frontend-only edits.

Source: Linters/SAST tools

Comment on lines +72 to +83
<tr>
<td>COVERAGE_SCRIPT_CLONE</td>
<td>Yes</td>
<td>
Github Deploy token linked to the [development repo](github.com/specify/specify-development) to allow actions to clone it.
</td>
<td>
<a href="https://github.com/specify/specify7/pull/">
#8278
</a>
</td>
</tr>

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Fix broken markdown links in the COVERAGE_SCRIPT_CLONE documentation.

Two link issues:

  1. Line 76: [development repo](github.com/specify/specify-development) is missing https:// — the link won't resolve.
  2. Line 79: The PR link href is https://github.com/specify/specify7/pull/ (incomplete) while the text says #8278 — the number should be in the URL.
📝 Proposed fix
-                Github Deploy token linked to the [development repo](github.com/specify/specify-development) to allow actions to clone it.
+                Github Deploy token linked to the [development repo](https://github.com/specify/specify-development) to allow actions to clone it.
-                <a href="https://github.com/specify/specify7/pull/">
+                <a href="https://github.com/specify/specify7/pull/8278">
                     `#8278`
                 </a>
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
<tr>
<td>COVERAGE_SCRIPT_CLONE</td>
<td>Yes</td>
<td>
Github Deploy token linked to the [development repo](github.com/specify/specify-development) to allow actions to clone it.
</td>
<td>
<a href="https://github.com/specify/specify7/pull/">
#8278
</a>
</td>
</tr>
<tr>
<td>COVERAGE_SCRIPT_CLONE</td>
<td>Yes</td>
<td>
Github Deploy token linked to the [development repo](https://github.com/specify/specify-development) to allow actions to clone it.
</td>
<td>
<a href="https://github.com/specify/specify7/pull/8278">
`#8278`
</a>
</td>
</tr>
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/README.md around lines 72 - 83, Fix the broken markdown
links in the COVERAGE_SCRIPT_CLONE documentation table by updating the
development repo link to use a fully qualified GitHub URL and correcting the PR
anchor so it points to the actual pull request number shown as `#8278`. Update the
affected entries in the README table so the links resolve properly without
changing the surrounding wording or structure.

@github-project-automation github-project-automation Bot moved this from 📋Back Log to Dev Attention Needed in General Tester Board Jul 8, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.github/workflows/coverage.yml (1)

52-58: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Add an explicit least-privilege permissions block.

No permissions: is declared, so the job inherits the repo's default GITHUB_TOKEN scopes (flagged by zizmor). Since this job only checks out and reads, scope it down.

🔒 Proposed fix
   setup-and-run:
     needs: changes
+    permissions:
+      contents: read
     if: |
       (needs.changes.outputs.backend_changed  ||
       needs.changes.outputs.frontend_changed) ||
       github.event_name == 'workflow_dispatch'
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/coverage.yml around lines 52 - 58, The setup-and-run job
in the workflow is inheriting the default GITHUB_TOKEN scopes instead of using
least privilege. Add an explicit permissions block for this job in the
setup-and-run definition, scoped only to the access needed for checkout and
read-only actions. Keep the change localized to the workflow job that runs after
needs: changes, and avoid granting any write or broad repository permissions.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/coverage.yml:
- Around line 52-58: The setup-and-run job in the workflow is inheriting the
default GITHUB_TOKEN scopes instead of using least privilege. Add an explicit
permissions block for this job in the setup-and-run definition, scoped only to
the access needed for checkout and read-only actions. Keep the change localized
to the workflow job that runs after needs: changes, and avoid granting any write
or broad repository permissions.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 6d4bf9cd-eb21-4ec7-a544-7d156fe50464

📥 Commits

Reviewing files that changed from the base of the PR and between 9ef2fcb and 9a6f0bb.

📒 Files selected for processing (1)
  • .github/workflows/coverage.yml

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
.github/workflows/coverage.yml (1)

93-93: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win

Replace fragile sleep 100 with a health-check loop.

A hardcoded 100-second sleep is unreliable — services may take longer to start (causing failures) or start faster (wasting CI time). Consider polling with a timeout instead, e.g.:

♻️ Suggested refactor
-          sleep 100
+          timeout 120 bash -c 'until docker exec mariadb mariadb -uroot -ppassword -e "SELECT 1" &>/dev/null; do sleep 2; done'
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/coverage.yml at line 93, Replace the hardcoded sleep in
the workflow with a bounded health-check polling loop that repeatedly verifies
the dependent service is ready, exits immediately on success, and fails with a
clear diagnostic after a timeout. Preserve the existing setup and use the
workflow’s service/health-check command as the readiness target.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/coverage.yml:
- Around line 93-97: Fix the SQL command in the workflow step by changing the
outer shell quoting to double quotes while keeping root as a single-quoted SQL
string in the mariadb invocation (`docker exec`), so the User comparison is
parsed correctly.
- Around line 90-97: The “Run the script” step currently only waits and prints
Docker logs, so coverage generation never occurs. Update the step identified by
id “run-coverage” to invoke /usr/bin/run-coverage before artifact upload,
retaining the diagnostics if needed or clearly commenting them as
debugging-only.

---

Nitpick comments:
In @.github/workflows/coverage.yml:
- Line 93: Replace the hardcoded sleep in the workflow with a bounded
health-check polling loop that repeatedly verifies the dependent service is
ready, exits immediately on success, and fails with a clear diagnostic after a
timeout. Preserve the existing setup and use the workflow’s service/health-check
command as the readiness target.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: ff1977b9-67e3-49a0-8194-ee3615fe24be

📥 Commits

Reviewing files that changed from the base of the PR and between fd96f57 and ec71760.

📒 Files selected for processing (1)
  • .github/workflows/coverage.yml

Comment thread .github/workflows/coverage.yml Outdated
Comment on lines +90 to +97
- name: Run the script
id: run-coverage
run: |
sleep 100
docker logs mariadb
echo "================================================================================="
docker logs specify7
docker exec mariadb mariadb -uroot -ppassword -e 'select * from mysql.user where User = 'root';'

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if run-coverage is referenced in compose files or entrypoints
rg -n 'run-coverage' --type yaml --type docker -g '!**/.github/**'
fd -e yml -e yaml -e sh -e py -e env | xargs rg -l 'run-coverage' 2>/dev/null

Repository: specify/specify7

Length of output: 234


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the workflow around the reported lines.
sed -n '1,160p' .github/workflows/coverage.yml

# Search the repository for any invocation/reference of the generated script or artifact.
rg -n --hidden --glob '!.git' --glob '!**/node_modules/**' --glob '!**/dist/**' 'run-coverage|report\.tar\.bz2' .

# Look for likely entrypoints or compose definitions that could run the script indirectly.
fd -a -t f -e yml -e yaml -e sh -e bash -e dockerfile -e Dockerfile -e js -e ts -e py -e entrypoint -e env . |
  xargs -r rg -n 'run-coverage|report\.tar\.bz2|coverage' 2>/dev/null

Repository: specify/specify7

Length of output: 5300


Invoke run-coverage in this step .github/workflows/coverage.yml:91 — the step only sleeps and prints logs, so /usr/bin/run-coverage never runs and report.tar.bz2 won’t be produced here. If this is just debugging, add a comment; otherwise call the script before uploading the artifact.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/coverage.yml around lines 90 - 97, The “Run the script”
step currently only waits and prints Docker logs, so coverage generation never
occurs. Update the step identified by id “run-coverage” to invoke
/usr/bin/run-coverage before artifact upload, retaining the diagnostics if
needed or clearly commenting them as debugging-only.

Comment thread .github/workflows/coverage.yml Outdated
Comment on lines +93 to +97
sleep 100
docker logs mariadb
echo "================================================================================="
docker logs specify7
docker exec mariadb mariadb -uroot -ppassword -e 'select * from mysql.user where User = 'root';'

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

SQL query on line 97 has a shell quoting bug.

The nested single quotes cause the shell to misparse the command:

-e 'select * from mysql.user where User = 'root';'

Shell concatenation produces: select * from mysql.user where User = root; — where root is an unquoted SQL identifier (column reference), not a string literal. MySQL will error with "Unknown column 'root'".

Use double quotes for the outer shell argument:

🔧 Proposed fix
-          docker exec mariadb mariadb -uroot -ppassword -e 'select * from mysql.user where User = 'root';'
+          docker exec mariadb mariadb -uroot -ppassword -e "select * from mysql.user where User = 'root';"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
sleep 100
docker logs mariadb
echo "================================================================================="
docker logs specify7
docker exec mariadb mariadb -uroot -ppassword -e 'select * from mysql.user where User = 'root';'
sleep 100
docker logs mariadb
echo "================================================================================="
docker logs specify7
docker exec mariadb mariadb -uroot -ppassword -e "select * from mysql.user where User = 'root';"
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/coverage.yml around lines 93 - 97, Fix the SQL command in
the workflow step by changing the outer shell quoting to double quotes while
keeping root as a single-quoted SQL string in the mariadb invocation (`docker
exec`), so the User comparison is parsed correctly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Dev Attention Needed

Development

Successfully merging this pull request may close these issues.

Add a github action that analyzes test coverage on push/pull request Testing requirements not included in requirements-testing.txt

1 participant