From 5bbd82bacd6699dc31fdbfe6a9cdb264d3ca58db Mon Sep 17 00:00:00 2001 From: ZdenekSrotyr Date: Mon, 13 Apr 2026 14:36:31 +0200 Subject: [PATCH] =?UTF-8?q?fix:=20address=20Devin=20review=20=E2=80=94=20d?= =?UTF-8?q?ocker-e2e=20.env,=20jira=20webhook=20test=20isolation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Create empty .env before docker compose up in CI (env_file: .env is required) - Mock get_jira_service in webhook HMAC test to isolate signature check from Jira API availability — strict assert 200 instead of permissive 500 --- .github/workflows/ci.yml | 4 +++- tests/test_jira_webhooks.py | 34 ++++++++++++++++++++++------------ 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e9d57e4..98ae7b7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -56,7 +56,9 @@ jobs: run: uv pip install --system ".[dev]" - name: Start services - run: docker compose up -d --wait --wait-timeout 60 + run: | + touch .env + docker compose up -d --wait --wait-timeout 60 - name: Run Docker E2E tests run: pytest tests/ -v --tb=short -m docker --timeout=120 diff --git a/tests/test_jira_webhooks.py b/tests/test_jira_webhooks.py index b70f170..3d67d4d 100644 --- a/tests/test_jira_webhooks.py +++ b/tests/test_jira_webhooks.py @@ -33,6 +33,9 @@ def webhook_client(tmp_path, monkeypatch): monkeypatch.setattr(svc.Config, "JIRA_WEBHOOK_SECRET", "test-webhook-secret") monkeypatch.setattr(svc.Config, "JIRA_DATA_DIR", data_dir) + # Reset singleton so it picks up fresh Config values + svc._jira_service = None + # Reimport app to pick up router from app.main import create_app app = create_app() @@ -70,20 +73,27 @@ def test_invalid_signature_401(webhook_client): def test_valid_signature_accepted(webhook_client): - """POST with correct HMAC-SHA256 is not rejected as 401.""" + """POST with correct HMAC-SHA256 passes signature check (not 401).""" + from unittest.mock import patch + payload = json.dumps({"webhookEvent": "jira:issue_updated", "issue": {"key": "TEST-1"}}).encode() sig = _sign(payload, "test-webhook-secret") - resp = webhook_client.post( - "/webhooks/jira", - content=payload, - headers={ - "Content-Type": "application/json", - "X-Hub-Signature-256": sig, - }, - ) - # Should pass signature check; 200, 500 (service error), or 503 (not configured) are fine - # 500 can occur if JIRA_DATA_DIR points to a stale path from another test - assert resp.status_code in (200, 500, 503) + + # Mock process_webhook_event so the test only checks HMAC validation, + # not the full Jira API flow (which requires a real Jira connection). + with patch("app.api.jira_webhooks.get_jira_service") as mock_svc: + mock_svc.return_value.is_configured.return_value = True + mock_svc.return_value.process_webhook_event.return_value = True + + resp = webhook_client.post( + "/webhooks/jira", + content=payload, + headers={ + "Content-Type": "application/json", + "X-Hub-Signature-256": sig, + }, + ) + assert resp.status_code == 200 def test_empty_payload_400(webhook_client):