AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: address Devin review — docker-e2e .env, jira webhook test isolation

Browse source 
- Create empty .env before docker compose up in CI (env_file: .env is required)
- Mock get_jira_service in webhook HMAC test to isolate signature check
  from Jira API availability — strict assert 200 instead of permissive 500
This commit is contained in:
ZdenekSrotyr 2026-04-13 14:36:31 +02:00
parent 863453b2e2
commit 5bbd82bacd
2 changed files with 25 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/ci.yml vendored
View file

@ -56,7 +56,9 @@ jobs:
run: uv pip install --system ".[dev]" run: uv pip install --system ".[dev]"
- name: Start services - name: Start services
run: docker compose up -d --wait --wait-timeout 60 run: |
touch .env
docker compose up -d --wait --wait-timeout 60
- name: Run Docker E2E tests - name: Run Docker E2E tests
run: pytest tests/ -v --tb=short -m docker --timeout=120 run: pytest tests/ -v --tb=short -m docker --timeout=120

18
tests/test_jira_webhooks.py
View file

@ -33,6 +33,9 @@ def webhook_client(tmp_path, monkeypatch):
monkeypatch.setattr(svc.Config, "JIRA_WEBHOOK_SECRET", "test-webhook-secret") monkeypatch.setattr(svc.Config, "JIRA_WEBHOOK_SECRET", "test-webhook-secret")
monkeypatch.setattr(svc.Config, "JIRA_DATA_DIR", data_dir) monkeypatch.setattr(svc.Config, "JIRA_DATA_DIR", data_dir)
# Reset singleton so it picks up fresh Config values
svc._jira_service = None
# Reimport app to pick up router # Reimport app to pick up router
from app.main import create_app from app.main import create_app
app = create_app() app = create_app()
@ -70,9 +73,18 @@ def test_invalid_signature_401(webhook_client):
def test_valid_signature_accepted(webhook_client): def test_valid_signature_accepted(webhook_client):
"""POST with correct HMAC-SHA256 is not rejected as 401.""" """POST with correct HMAC-SHA256 passes signature check (not 401)."""
from unittest.mock import patch
payload = json.dumps({"webhookEvent": "jira:issue_updated", "issue": {"key": "TEST-1"}}).encode() payload = json.dumps({"webhookEvent": "jira:issue_updated", "issue": {"key": "TEST-1"}}).encode()
sig = _sign(payload, "test-webhook-secret") sig = _sign(payload, "test-webhook-secret")
# Mock process_webhook_event so the test only checks HMAC validation,
# not the full Jira API flow (which requires a real Jira connection).
with patch("app.api.jira_webhooks.get_jira_service") as mock_svc:
mock_svc.return_value.is_configured.return_value = True
mock_svc.return_value.process_webhook_event.return_value = True
resp = webhook_client.post( resp = webhook_client.post(
"/webhooks/jira", "/webhooks/jira",
content=payload, content=payload,
@ -81,9 +93,7 @@ def test_valid_signature_accepted(webhook_client):
"X-Hub-Signature-256": sig, "X-Hub-Signature-256": sig,
}, },
) )
# Should pass signature check; 200, 500 (service error), or 503 (not configured) are fine assert resp.status_code == 200
# 500 can occur if JIRA_DATA_DIR points to a stale path from another test
assert resp.status_code in (200, 500, 503)
def test_empty_payload_400(webhook_client): def test_empty_payload_400(webhook_client):