Create new action to measure code coverage of our test suite#8278
Create new action to measure code coverage of our test suite#8278g1rly-c0d3r wants to merge 29 commits into
Conversation
… we manually ran it
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughThis PR adds a Coverage GitHub Actions workflow with change detection, containerized execution, report collection, pytest defaults, testing dependencies, and documentation for the coverage-clone secret. ChangesCoverage workflow and test setup
Sequence Diagram(s)sequenceDiagram
participant GitHubActions
participant ChangesJob
participant SetupAndRunJob
participant DockerCompose
GitHubActions->>ChangesJob: trigger coverage workflow
ChangesJob->>ChangesJob: detect changed paths
ChangesJob->>SetupAndRunJob: pass change outputs
SetupAndRunJob->>DockerCompose: start Docker stack
SetupAndRunJob->>DockerCompose: collect logs and database output
SetupAndRunJob->>GitHubActions: upload coverage report
🚥 Pre-merge checks | ✅ 6✅ Passed checks (6 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Warning One or more dependencies are approaching or past End-of-Life. |
There was a problem hiding this comment.
Actionable comments posted: 6
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/coverage.yml (1)
1-110: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick winAdd a
permissions:block to follow least-privilege principle.The workflow has no
permissions:block, so it inherits the default token permissions (which may be broad depending on repo settings). Since this workflow only needs to read code and upload artifacts, it should use minimal permissions. This is flagged by zizmor.🔒 Proposed fix
+permissions: + contents: read + name: Coverage🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/coverage.yml around lines 1 - 110, The Coverage workflow currently relies on default GITHUB_TOKEN scope, so add an explicit least-privilege permissions block at the workflow level. Update the workflow definition for the Coverage job set so it only grants the minimal access needed for actions like actions/checkout and actions/upload-artifact, and keep the rest of the jobs unchanged. Reference the workflow’s top-level configuration near the existing on: and jobs: sections when applying the fix.Source: Linters/SAST tools
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/coverage.yml:
- Line 31: The checkout steps in the workflow are persisting GitHub credentials
in .git/config, which triggers the artipacked warning. Update both
actions/checkout usages in the workflow to set persist-credentials to false,
since neither checkout needs to push or amend commits. Make the change on each
checkout step so the token is not retained after checkout.
- Around line 54-57: The setup job condition references an undefined changes
output, so frontend-only changes never satisfy the workflow gate. Update the if
expression in the setup job to use the actual output name exposed by the changes
job (the frontend-related output defined alongside backend_changed and
frontend/frontend_changes), and keep the workflow_dispatch branch intact so the
setup job triggers correctly for frontend-only edits.
- Around line 3-5: The coverage workflow is missing the pull_request trigger, so
its PR-specific logic in the changes job can never run. Update the workflow’s on
block to include pull_request alongside push and workflow_dispatch, and verify
the changes job condition still correctly evaluates for pull_request events by
referencing the existing changes job and event-based condition logic.
- Around line 17-23: The workflow condition in the `if` block is fragile because
`github.event.head_commit` can be null for `workflow_dispatch` events, so the
existing `head_commit.committer.name` checks in the coverage workflow should be
made null-safe. Update the conditional logic to explicitly handle
`workflow_dispatch` separately or guard access to `github.event.head_commit`
before reading `committer.name`, while preserving the existing `Hosted Weblate`,
`github-actions`, and forked pull request exclusions.
- Around line 52-107: The workflow splits setup and execution into separate
jobs, but GitHub Actions runners are ephemeral so the installed run-coverage
script and started Docker containers from setup are not available in run. Update
the coverage workflow by merging the setup and run steps into a single job (or
otherwise ensure all required artifacts/services are recreated in run), using
the setup and run job names as the key locations to refactor.
In @.github/workflows/README.md:
- Around line 72-83: Fix the broken markdown links in the COVERAGE_SCRIPT_CLONE
documentation table by updating the development repo link to use a fully
qualified GitHub URL and correcting the PR anchor so it points to the actual
pull request number shown as `#8278`. Update the affected entries in the README
table so the links resolve properly without changing the surrounding wording or
structure.
---
Outside diff comments:
In @.github/workflows/coverage.yml:
- Around line 1-110: The Coverage workflow currently relies on default
GITHUB_TOKEN scope, so add an explicit least-privilege permissions block at the
workflow level. Update the workflow definition for the Coverage job set so it
only grants the minimal access needed for actions like actions/checkout and
actions/upload-artifact, and keep the rest of the jobs unchanged. Reference the
workflow’s top-level configuration near the existing on: and jobs: sections when
applying the fix.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: e7dc0191-b0ed-47f9-9398-a9251ff1841c
📒 Files selected for processing (4)
.github/workflows/README.md.github/workflows/coverage.ymlpytest.inirequirements-testing.txt
| on: | ||
| push: | ||
| workflow_dispatch: |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
Missing pull_request trigger despite PR objectives stating the workflow should run on PRs.
The on: block only includes push and workflow_dispatch, but the PR objectives explicitly state the action should "run on pull requests." Additionally, the changes job condition (lines 21-22) contains logic for pull_request events that can never fire. This logic appears copied from test.yml but the trigger was not carried over.
🔧 Proposed fix
on:
push:
+ pull_request:
+ # Only run for external PRs to avoid duplicate runs
+ # (internal PRs already trigger the push event)
workflow_dispatch:📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| on: | |
| push: | |
| workflow_dispatch: | |
| on: | |
| push: | |
| pull_request: | |
| # Only run for external PRs to avoid duplicate runs | |
| # (internal PRs already trigger the push event) | |
| workflow_dispatch: |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/coverage.yml around lines 3 - 5, The coverage workflow is
missing the pull_request trigger, so its PR-specific logic in the changes job
can never run. Update the workflow’s on block to include pull_request alongside
push and workflow_dispatch, and verify the changes job condition still correctly
evaluates for pull_request events by referencing the existing changes job and
event-based condition logic.
| if: | | ||
| github.event.head_commit.committer.name != 'Hosted Weblate' && | ||
| github.event.head_commit.committer.name != 'github-actions' && | ||
| ( | ||
| github.event_name != 'pull_request' || | ||
| github.event.pull_request.head.repo.fork == true | ||
| ) |
There was a problem hiding this comment.
🩺 Stability & Availability | 🟠 Major | ⚡ Quick win
github.event.head_commit is null for workflow_dispatch events — condition is fragile.
For workflow_dispatch events, github.event.head_commit is null, so github.event.head_commit.committer.name evaluates to an empty string. While the != comparison happens to work (empty string != 'Hosted Weblate' is true), this is fragile and relies on undefined behavior. Consider guarding the condition or restructuring to handle workflow_dispatch separately.
🔧 Proposed fix
if: |
- github.event.head_commit.committer.name != 'Hosted Weblate' &&
- github.event.head_commit.committer.name != 'github-actions' &&
+ (github.event_name == 'workflow_dispatch' ||
+ (github.event.head_commit.committer.name != 'Hosted Weblate' &&
+ github.event.head_commit.committer.name != 'github-actions')) &&
(
github.event_name != 'pull_request' ||
github.event.pull_request.head.repo.fork == true
)📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| if: | | |
| github.event.head_commit.committer.name != 'Hosted Weblate' && | |
| github.event.head_commit.committer.name != 'github-actions' && | |
| ( | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.head.repo.fork == true | |
| ) | |
| if: | | |
| (github.event_name == 'workflow_dispatch' || | |
| (github.event.head_commit.committer.name != 'Hosted Weblate' && | |
| github.event.head_commit.committer.name != 'github-actions')) && | |
| ( | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.head.repo.fork == true | |
| ) |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/coverage.yml around lines 17 - 23, The workflow condition
in the `if` block is fragile because `github.event.head_commit` can be null for
`workflow_dispatch` events, so the existing `head_commit.committer.name` checks
in the coverage workflow should be made null-safe. Update the conditional logic
to explicitly handle `workflow_dispatch` separately or guard access to
`github.event.head_commit` before reading `committer.name`, while preserving the
existing `Hosted Weblate`, `github-actions`, and forked pull request exclusions.
| frontend_changes: ${{ steps.filter.outputs.frontend_files }} | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟠 Major | ⚡ Quick win
Set persist-credentials: false on checkout actions to prevent credential persistence.
Both actions/checkout steps don't set persist-credentials: false, which means the GitHub token persists in .git/config after checkout. This is flagged by zizmor as an artipacked risk. Since neither step needs to push commits, credentials should not persist.
🔒 Proposed fix
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v4
+ with:
+ persist-credentials: falseApply to both checkout steps (lines 31 and 68).
Also applies to: 68-68
🧰 Tools
🪛 zizmor (1.26.1)
[warning] 31-31: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/coverage.yml at line 31, The checkout steps in the
workflow are persisting GitHub credentials in .git/config, which triggers the
artipacked warning. Update both actions/checkout usages in the workflow to set
persist-credentials to false, since neither checkout needs to push or amend
commits. Make the change on each checkout step so the token is not retained
after checkout.
Source: Linters/SAST tools
| if: | | ||
| (needs.changes.outputs.backend_changed || | ||
| needs.changes.outputs.frontend_changed) || | ||
| github.event_name == 'workflow_dispatch' |
There was a problem hiding this comment.
🎯 Functional Correctness | 🔴 Critical | ⚡ Quick win
frontend_changed output doesn't exist — setup job won't trigger for frontend-only changes.
The changes job defines outputs backend_changed, frontend, and frontend_changes (lines 26-28), but the setup job condition references needs.changes.outputs.frontend_changed which is undefined. This evaluates to an empty string (falsy), so frontend-only changes will never trigger the setup job. This is confirmed by actionlint.
🔧 Proposed fix
if: |
(needs.changes.outputs.backend_changed ||
- needs.changes.outputs.frontend_changed) ||
+ needs.changes.outputs.frontend) ||
github.event_name == 'workflow_dispatch'📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| if: | | |
| (needs.changes.outputs.backend_changed || | |
| needs.changes.outputs.frontend_changed) || | |
| github.event_name == 'workflow_dispatch' | |
| if: | | |
| (needs.changes.outputs.backend_changed || | |
| needs.changes.outputs.frontend) || | |
| github.event_name == 'workflow_dispatch' |
🧰 Tools
🪛 actionlint (1.7.12)
[error] 55-55: property "frontend_changed" is not defined in object type {backend_changed: string; frontend: string; frontend_changes: string}
(expression)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/coverage.yml around lines 54 - 57, The setup job condition
references an undefined changes output, so frontend-only changes never satisfy
the workflow gate. Update the if expression in the setup job to use the actual
output name exposed by the changes job (the frontend-related output defined
alongside backend_changed and frontend/frontend_changes), and keep the
workflow_dispatch branch intact so the setup job triggers correctly for
frontend-only edits.
Source: Linters/SAST tools
| <tr> | ||
| <td>COVERAGE_SCRIPT_CLONE</td> | ||
| <td>Yes</td> | ||
| <td> | ||
| Github Deploy token linked to the [development repo](github.com/specify/specify-development) to allow actions to clone it. | ||
| </td> | ||
| <td> | ||
| <a href="https://github.com/specify/specify7/pull/"> | ||
| #8278 | ||
| </a> | ||
| </td> | ||
| </tr> |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Fix broken markdown links in the COVERAGE_SCRIPT_CLONE documentation.
Two link issues:
- Line 76:
[development repo](github.com/specify/specify-development)is missinghttps://— the link won't resolve. - Line 79: The PR link href is
https://github.com/specify/specify7/pull/(incomplete) while the text says#8278— the number should be in the URL.
📝 Proposed fix
- Github Deploy token linked to the [development repo](github.com/specify/specify-development) to allow actions to clone it.
+ Github Deploy token linked to the [development repo](https://github.com/specify/specify-development) to allow actions to clone it.- <a href="https://github.com/specify/specify7/pull/">
+ <a href="https://github.com/specify/specify7/pull/8278">
`#8278`
</a>📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| <tr> | |
| <td>COVERAGE_SCRIPT_CLONE</td> | |
| <td>Yes</td> | |
| <td> | |
| Github Deploy token linked to the [development repo](github.com/specify/specify-development) to allow actions to clone it. | |
| </td> | |
| <td> | |
| <a href="https://github.com/specify/specify7/pull/"> | |
| #8278 | |
| </a> | |
| </td> | |
| </tr> | |
| <tr> | |
| <td>COVERAGE_SCRIPT_CLONE</td> | |
| <td>Yes</td> | |
| <td> | |
| Github Deploy token linked to the [development repo](https://github.com/specify/specify-development) to allow actions to clone it. | |
| </td> | |
| <td> | |
| <a href="https://github.com/specify/specify7/pull/8278"> | |
| `#8278` | |
| </a> | |
| </td> | |
| </tr> |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/README.md around lines 72 - 83, Fix the broken markdown
links in the COVERAGE_SCRIPT_CLONE documentation table by updating the
development repo link to use a fully qualified GitHub URL and correcting the PR
anchor so it points to the actual pull request number shown as `#8278`. Update the
affected entries in the README table so the links resolve properly without
changing the surrounding wording or structure.
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.github/workflows/coverage.yml (1)
52-58: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winAdd an explicit least-privilege
permissionsblock.No
permissions:is declared, so the job inherits the repo's defaultGITHUB_TOKENscopes (flagged by zizmor). Since this job only checks out and reads, scope it down.🔒 Proposed fix
setup-and-run: needs: changes + permissions: + contents: read if: | (needs.changes.outputs.backend_changed || needs.changes.outputs.frontend_changed) || github.event_name == 'workflow_dispatch'🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/coverage.yml around lines 52 - 58, The setup-and-run job in the workflow is inheriting the default GITHUB_TOKEN scopes instead of using least privilege. Add an explicit permissions block for this job in the setup-and-run definition, scoped only to the access needed for checkout and read-only actions. Keep the change localized to the workflow job that runs after needs: changes, and avoid granting any write or broad repository permissions.Source: Linters/SAST tools
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In @.github/workflows/coverage.yml:
- Around line 52-58: The setup-and-run job in the workflow is inheriting the
default GITHUB_TOKEN scopes instead of using least privilege. Add an explicit
permissions block for this job in the setup-and-run definition, scoped only to
the access needed for checkout and read-only actions. Keep the change localized
to the workflow job that runs after needs: changes, and avoid granting any write
or broad repository permissions.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 6d4bf9cd-eb21-4ec7-a544-7d156fe50464
📒 Files selected for processing (1)
.github/workflows/coverage.yml
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
.github/workflows/coverage.yml (1)
93-93: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick winReplace fragile
sleep 100with a health-check loop.A hardcoded 100-second sleep is unreliable — services may take longer to start (causing failures) or start faster (wasting CI time). Consider polling with a timeout instead, e.g.:
♻️ Suggested refactor
- sleep 100 + timeout 120 bash -c 'until docker exec mariadb mariadb -uroot -ppassword -e "SELECT 1" &>/dev/null; do sleep 2; done'🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/coverage.yml at line 93, Replace the hardcoded sleep in the workflow with a bounded health-check polling loop that repeatedly verifies the dependent service is ready, exits immediately on success, and fails with a clear diagnostic after a timeout. Preserve the existing setup and use the workflow’s service/health-check command as the readiness target.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/coverage.yml:
- Around line 93-97: Fix the SQL command in the workflow step by changing the
outer shell quoting to double quotes while keeping root as a single-quoted SQL
string in the mariadb invocation (`docker exec`), so the User comparison is
parsed correctly.
- Around line 90-97: The “Run the script” step currently only waits and prints
Docker logs, so coverage generation never occurs. Update the step identified by
id “run-coverage” to invoke /usr/bin/run-coverage before artifact upload,
retaining the diagnostics if needed or clearly commenting them as
debugging-only.
---
Nitpick comments:
In @.github/workflows/coverage.yml:
- Line 93: Replace the hardcoded sleep in the workflow with a bounded
health-check polling loop that repeatedly verifies the dependent service is
ready, exits immediately on success, and fails with a clear diagnostic after a
timeout. Preserve the existing setup and use the workflow’s service/health-check
command as the readiness target.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: ff1977b9-67e3-49a0-8194-ee3615fe24be
📒 Files selected for processing (1)
.github/workflows/coverage.yml
| - name: Run the script | ||
| id: run-coverage | ||
| run: | | ||
| sleep 100 | ||
| docker logs mariadb | ||
| echo "=================================================================================" | ||
| docker logs specify7 | ||
| docker exec mariadb mariadb -uroot -ppassword -e 'select * from mysql.user where User = 'root';' |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check if run-coverage is referenced in compose files or entrypoints
rg -n 'run-coverage' --type yaml --type docker -g '!**/.github/**'
fd -e yml -e yaml -e sh -e py -e env | xargs rg -l 'run-coverage' 2>/dev/nullRepository: specify/specify7
Length of output: 234
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Inspect the workflow around the reported lines.
sed -n '1,160p' .github/workflows/coverage.yml
# Search the repository for any invocation/reference of the generated script or artifact.
rg -n --hidden --glob '!.git' --glob '!**/node_modules/**' --glob '!**/dist/**' 'run-coverage|report\.tar\.bz2' .
# Look for likely entrypoints or compose definitions that could run the script indirectly.
fd -a -t f -e yml -e yaml -e sh -e bash -e dockerfile -e Dockerfile -e js -e ts -e py -e entrypoint -e env . |
xargs -r rg -n 'run-coverage|report\.tar\.bz2|coverage' 2>/dev/nullRepository: specify/specify7
Length of output: 5300
Invoke run-coverage in this step .github/workflows/coverage.yml:91 — the step only sleeps and prints logs, so /usr/bin/run-coverage never runs and report.tar.bz2 won’t be produced here. If this is just debugging, add a comment; otherwise call the script before uploading the artifact.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/coverage.yml around lines 90 - 97, The “Run the script”
step currently only waits and prints Docker logs, so coverage generation never
occurs. Update the step identified by id “run-coverage” to invoke
/usr/bin/run-coverage before artifact upload, retaining the diagnostics if
needed or clearly commenting them as debugging-only.
| sleep 100 | ||
| docker logs mariadb | ||
| echo "=================================================================================" | ||
| docker logs specify7 | ||
| docker exec mariadb mariadb -uroot -ppassword -e 'select * from mysql.user where User = 'root';' |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
SQL query on line 97 has a shell quoting bug.
The nested single quotes cause the shell to misparse the command:
-e 'select * from mysql.user where User = 'root';'
Shell concatenation produces: select * from mysql.user where User = root; — where root is an unquoted SQL identifier (column reference), not a string literal. MySQL will error with "Unknown column 'root'".
Use double quotes for the outer shell argument:
🔧 Proposed fix
- docker exec mariadb mariadb -uroot -ppassword -e 'select * from mysql.user where User = 'root';'
+ docker exec mariadb mariadb -uroot -ppassword -e "select * from mysql.user where User = 'root';"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| sleep 100 | |
| docker logs mariadb | |
| echo "=================================================================================" | |
| docker logs specify7 | |
| docker exec mariadb mariadb -uroot -ppassword -e 'select * from mysql.user where User = 'root';' | |
| sleep 100 | |
| docker logs mariadb | |
| echo "=================================================================================" | |
| docker logs specify7 | |
| docker exec mariadb mariadb -uroot -ppassword -e "select * from mysql.user where User = 'root';" |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/coverage.yml around lines 93 - 97, Fix the SQL command in
the workflow step by changing the outer shell quoting to double quotes while
keeping root as a single-quoted SQL string in the mariadb invocation (`docker
exec`), so the User comparison is parsed correctly.
Fixes #8264 #8228
This adds a new Github action that will run on PRs that will generate a report of code coverage that is downloadable for one day. This also adds support for running pytest as a test runner so that we can measure our backend code coverage from our tests.
Checklist
self-explanatory (or properly documented)
Testing instructions
Since you can not manually trigger a workflow on any other branch than main:
Coverageworkflow should attempt to runreport.tar.bz2archive is not emptySummary by CodeRabbit
pytest.inito set the defaultDJANGO_SETTINGS_MODULE.coverageandpytest-django.COVERAGE_SCRIPT_CLONEsecret details.