Skip to content

fix: integration test cases #671

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
akshaydeo merged 2 commits into from
Nov 25, 2025
Merged

fix: integration test cases #671

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4d9311d
fix: integration test cases
TejasGhatte Oct 23, 2025
0d4d2cc
fixes integration tests flow
akshaydeo Nov 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .gitattributes
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,6 @@ docker-entrypoint.sh text eol=lf
# Default behavior for all other files
* text=auto

# Mark dummy credentials as generated to avoid security scanner false positives
tests/integrations/dummy-gcp-credentials.json linguist-generated=true

26 changes: 25 additions & 1 deletion .github/workflows/npx-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,34 @@ concurrency:
cancel-in-progress: true

jobs:
# Check if pipeline should be skipped based on first line of commit message
check-skip:
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
should-skip: ${{ steps.check.outputs.should-skip }}
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Check if pipeline should be skipped
id: check
run: |
COMMIT_MESSAGE=$(git log -1 --pretty=%B)
FIRST_LINE=$(echo "$COMMIT_MESSAGE" | head -n 1)
if [[ "$FIRST_LINE" == *"--skip-pipeline"* ]]; then
echo "should-skip=true" >> $GITHUB_OUTPUT
else
echo "should-skip=false" >> $GITHUB_OUTPUT
fi

Comment thread
akshaydeo marked this conversation as resolved.
publish:
needs: [check-skip]
if: needs.check-skip.outputs.should-skip != 'true'
runs-on: ubuntu-latest
permissions:
contents: write
contents: write
id-token: write # Required for npm provenance
steps:
# Checkout the repository
Expand Down
22 changes: 22 additions & 0 deletions .github/workflows/pr-test-notifier.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,29 @@ permissions:
pull-requests: write

jobs:
# Check if pipeline should be skipped based on first line of commit message
check-skip:
runs-on: ubuntu-latest
outputs:
should-skip: ${{ steps.check.outputs.should-skip }}
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Check if pipeline should be skipped
id: check
run: |
COMMIT_MESSAGE=$(git log -1 --pretty=%B)
FIRST_LINE=$(echo "$COMMIT_MESSAGE" | head -n 1)
if [[ "$FIRST_LINE" == *"--skip-pipeline"* ]]; then
echo "should-skip=true" >> $GITHUB_OUTPUT
else
echo "should-skip=false" >> $GITHUB_OUTPUT
fi
Comment on lines +14 to +31
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Nov 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Add explicit permissions to the check-skip job.

For consistency with pr-tests.yml and to follow security best practices, the check-skip job should declare explicit permissions.

Apply this diff:

   check-skip:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     outputs:
       should-skip: ${{ steps.check.outputs.should-skip }}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
check-skip:
runs-on: ubuntu-latest
outputs:
should-skip: ${{ steps.check.outputs.should-skip }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Check if pipeline should be skipped
id: check
run: |
COMMIT_MESSAGE=$(git log -1 --pretty=%B)
FIRST_LINE=$(echo "$COMMIT_MESSAGE" | head -n 1)
if [[ "$FIRST_LINE" == *"--skip-pipeline"* ]]; then
echo "should-skip=true" >> $GITHUB_OUTPUT
else
echo "should-skip=false" >> $GITHUB_OUTPUT
fi
check-skip:
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
should-skip: ${{ steps.check.outputs.should-skip }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Check if pipeline should be skipped
id: check
run: |
COMMIT_MESSAGE=$(git log -1 --pretty=%B)
FIRST_LINE=$(echo "$COMMIT_MESSAGE" | head -n 1)
if [[ "$FIRST_LINE" == *"--skip-pipeline"* ]]; then
echo "should-skip=true" >> $GITHUB_OUTPUT
else
echo "should-skip=false" >> $GITHUB_OUTPUT
fi
🤖 Prompt for AI Agents 
In .github/workflows/pr-test-notifier.yml around lines 14 to 31, the check-skip
job lacks explicit permissions; add a permissions block under the check-skip job
(same location as other jobs) declaring at minimum "contents: read" to align
with pr-tests.yml and follow least-privilege practice so the job can read the
repository commit message safely.


notify:
needs: [check-skip]
if: needs.check-skip.outputs.should-skip != 'true'
name: Post Test Instructions
runs-on: ubuntu-latest
steps:
Expand Down
24 changes: 24 additions & 0 deletions .github/workflows/pr-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,32 @@ concurrency:
cancel-in-progress: true

jobs:
# Check if pipeline should be skipped based on first line of commit message
check-skip:
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
should-skip: ${{ steps.check.outputs.should-skip }}
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Check if pipeline should be skipped
id: check
run: |
COMMIT_MESSAGE=$(git log -1 --pretty=%B)
FIRST_LINE=$(echo "$COMMIT_MESSAGE" | head -n 1)
if [[ "$FIRST_LINE" == *"--skip-pipeline"* ]]; then
echo "should-skip=true" >> $GITHUB_OUTPUT
else
echo "should-skip=false" >> $GITHUB_OUTPUT
fi
Comment thread
akshaydeo marked this conversation as resolved.

# This job shows up immediately and waits for approval
run-tests:
needs: [check-skip]
if: needs.check-skip.outputs.should-skip != 'true'
name: Run Tests (Awaiting Approval)
runs-on: ubuntu-latest

Expand Down
24 changes: 24 additions & 0 deletions .github/workflows/snyk.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,29 @@ permissions:
security-events: write

jobs:
# Check if pipeline should be skipped based on first line of commit message
check-skip:
runs-on: ubuntu-latest
outputs:
should-skip: ${{ steps.check.outputs.should-skip }}
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Check if pipeline should be skipped
id: check
run: |
COMMIT_MESSAGE=$(git log -1 --pretty=%B)
FIRST_LINE=$(echo "$COMMIT_MESSAGE" | head -n 1)
if [[ "$FIRST_LINE" == *"--skip-pipeline"* ]]; then
echo "should-skip=true" >> $GITHUB_OUTPUT
else
echo "should-skip=false" >> $GITHUB_OUTPUT
fi

Comment on lines +16 to +34
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Nov 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Add explicit permissions to the check-skip job.

The check-skip job should declare explicit permissions to follow security best practices and satisfy CodeQL requirements. The job needs contents: read to checkout the repository and read commit messages.

Apply this diff:

   check-skip:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     outputs:
       should-skip: ${{ steps.check.outputs.should-skip }}
🤖 Prompt for AI Agents 
.github/workflows/snyk.yml around lines 16 to 34: the check-skip job lacks
explicit permissions; add a permissions block to the job with "contents: read"
so the workflow can safely checkout and read commit messages (e.g., insert a
permissions section under the job definition specifying contents: read).

snyk-open-source:
needs: [check-skip]
if: needs.check-skip.outputs.should-skip != 'true'
name: Snyk Open Source (deps)
runs-on: ubuntu-latest
steps:
Expand Down Expand Up @@ -49,6 +71,8 @@ jobs:
sarif_file: snyk.sarif

snyk-code:
needs: [check-skip]
if: needs.check-skip.outputs.should-skip != 'true'
name: Snyk Code (SAST)
runs-on: ubuntu-latest
steps:
Expand Down
35 changes: 27 additions & 8 deletions .github/workflows/test-coverage.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,114 +1,133 @@
name: Run tests and upload coverage

# Disabled temporarily
on: []
# on:
# push:
# branches: [main, master]
# pull_request:
# branches: [main, master]
# workflow_dispatch:
on:
push:
branches: [main, master]
pull_request:
branches: [main, master]

jobs:
# Check if pipeline should be skipped based on first line of commit message
check-skip:
runs-on: ubuntu-latest
outputs:
should-skip: ${{ steps.check.outputs.should-skip }}
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Check if pipeline should be skipped
id: check
run: |
COMMIT_MESSAGE=$(git log -1 --pretty=%B)
FIRST_LINE=$(echo "$COMMIT_MESSAGE" | head -n 1)
if [[ "$FIRST_LINE" == *"--skip-pipeline"* ]]; then
echo "should-skip=true" >> $GITHUB_OUTPUT
else
echo "should-skip=false" >> $GITHUB_OUTPUT
fi
Comment on lines +11 to +28
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Nov 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Add explicit permissions to the check-skip job.

The check-skip job lacks explicit permissions, which triggers the CodeQL warning. Add a minimal permissions block to declare only the rights needed to read the repository.

Apply this diff:

   check-skip:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     outputs:
       should-skip: ${{ steps.check.outputs.should-skip }}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
check-skip:
runs-on: ubuntu-latest
outputs:
should-skip: ${{ steps.check.outputs.should-skip }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Check if pipeline should be skipped
id: check
run: |
COMMIT_MESSAGE=$(git log -1 --pretty=%B)
FIRST_LINE=$(echo "$COMMIT_MESSAGE" | head -n 1)
if [[ "$FIRST_LINE" == *"--skip-pipeline"* ]]; then
echo "should-skip=true" >> $GITHUB_OUTPUT
else
echo "should-skip=false" >> $GITHUB_OUTPUT
fi
check-skip:
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
should-skip: ${{ steps.check.outputs.should-skip }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Check if pipeline should be skipped
id: check
run: |
COMMIT_MESSAGE=$(git log -1 --pretty=%B)
FIRST_LINE=$(echo "$COMMIT_MESSAGE" | head -n 1)
if [[ "$FIRST_LINE" == *"--skip-pipeline"* ]]; then
echo "should-skip=true" >> $GITHUB_OUTPUT
else
echo "should-skip=false" >> $GITHUB_OUTPUT
fi
🤖 Prompt for AI Agents 
.github/workflows/test-coverage.yml around lines 11 to 28: the check-skip job
has no explicit permissions which triggers CodeQL warnings; add a minimal
permissions block for repository read access by declaring permissions: contents:
read at the job level (directly under the job name) so the job can read commit
data while limiting other rights.


test:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium test

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
needs: [check-skip]
if: needs.check-skip.outputs.should-skip != 'true'
name: Run tests and collect coverage
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 2

- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.24.3'

- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
cache-dependency-path: 'ui/package-lock.json'

- name: Install dependencies
run: |
for dir in core framework transports tests/core-chatbot; do
if [ -f "$dir/go.mod" ]; then
echo "Installing dependencies for $dir..."
(cd "$dir" && go mod download)
fi
done
# Install dependencies for core test modules (adds coverage to core)
if [ -f "tests/core-providers/go.mod" ]; then
echo "Installing dependencies for tests/core-providers (core test coverage)..."
(cd tests/core-providers && go mod download)
fi

- name: Fix core-chatbot dependencies
run: |
echo "Running go mod tidy for core-chatbot..."
(cd tests/core-chatbot && go mod tidy)

- name: Build UI
run: |
echo "Building UI for embedding in transport..."
cd ui
npm ci
npm run build
npm run copy-build

- name: Start services for integration tests
run: |
echo "Starting Redis and Weaviate for vector store tests..."
cd framework
docker-compose up -d
# Wait for services to be healthy
echo "Waiting for services to be ready..."
timeout 60 bash -c 'until docker-compose ps | grep -q "healthy"; do sleep 2; done' || true
sleep 5

- name: Rebuild plugins
run: |
echo "Rebuilding example plugins..."
if [ -d "examples/plugins/hello-world" ]; then
cd examples/plugins/hello-world
# Clean old build
rm -rf build
mkdir -p build
# Rebuild plugin with current dependencies
go build -buildmode=plugin -o build/hello-world.so main.go || echo "Plugin build failed, tests will skip"
fi

- name: Run tests
run: |
# Run tests for each module and combine coverage
for dir in core framework transports tests/core-chatbot; do
if [ -f "$dir/go.mod" ]; then
echo "Running tests for $dir..."
dirname=$(echo $dir | sed 's/\//-/g')
(cd "$dir" && go test -coverprofile=../coverage-$dirname.txt -coverpkg=github.com/maximhq/bifrost/core/...,github.com/maximhq/bifrost/framework/...,github.com/maximhq/bifrost/transports/... ./... || true)
fi
done

# Run core test modules (adds coverage to core, not separate modules)
echo "Running tests/core-providers (adds coverage to core)..."
(cd tests/core-providers && GOWORK=off go test -coverprofile=../../coverage-core-providers.txt -coverpkg=github.com/maximhq/bifrost/core/...,github.com/maximhq/bifrost/framework/...,github.com/maximhq/bifrost/transports/... . || true)

# Combine coverage files
echo "mode: atomic" > coverage.txt
grep -h -v "^mode:" coverage-*.txt >> coverage.txt 2>/dev/null || true

- name: Stop services
if: always()
run: |
echo "Stopping docker services..."
cd framework
docker-compose down || true

- name: Upload results to Codecov
uses: codecov/codecov-action@v5
with:
token: ${{ secrets.CODECOV_TOKEN }}
slug: maximhq/bifrost

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium test

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

11 changes: 10 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,4 +40,13 @@ go.work.sum
# Test reports
test-reports

.claude
# Cursor specific
.claude

# Python specific
**/__pycache__/**
**/venv/
**/.venv/
**/.pytest_cache/
**/.coverage/
**/.pytest_cache/
Loading
Loading