From 68799917cc5fc9c3f346c8fca71d55e91928aa5d Mon Sep 17 00:00:00 2001 From: ykaiboussiSO Date: Tue, 19 May 2026 08:38:49 -0500 Subject: [PATCH 1/9] chore: Implement Coverage Comparison Between Feature Branch Against Main Branch Resolves: PQE-407 --- .../workflows/Upload-main-coverage-files.yml | 54 ++++++++++++++++ .github/workflows/go-test.yml | 64 ++++++++++++------- 2 files changed, 95 insertions(+), 23 deletions(-) create mode 100644 .github/workflows/Upload-main-coverage-files.yml diff --git a/.github/workflows/Upload-main-coverage-files.yml b/.github/workflows/Upload-main-coverage-files.yml new file mode 100644 index 00000000..dc0271a0 --- /dev/null +++ b/.github/workflows/Upload-main-coverage-files.yml @@ -0,0 +1,54 @@ +# Copyright 2026 Specter Ops, Inc. +# +# Licensed under the Apache License, Version 2.0 +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +name: Run Go tests + +on: + pull_request: + branches: + - "main" + - "stage/**" + types: + - "opened" + - "synchronize" + +jobs: + upload-main-coverage-file: + runs-on: ubuntu-latest + outputs: + coverage-artifact-id: ${{ steps.upload-coverage-artifact-step.outputs.artifact-id }} + steps: + - name: Checkout source code for this repository + uses: actions/checkout@v4 + with: + ref: origin/main + + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: true + check-latest: true + + - name: Run Make Test Cmd + run: make test + + - name: Upload Coverage File + uses: actions/upload-artifact@v7 + id: upload-coverage-artifact-step + with: + include-hidden-files: true + path: .coverage/coverage.txt diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index 90dfcaa4..74864faa 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -26,29 +26,14 @@ on: - "synchronize" jobs: - - # TODO: fix existing issues before uncommenting - # vet: - # name: Vet source code - # runs-on: ubuntu-latest - # steps: - # - name: Checkout source code for this repository - # uses: actions/checkout@v4 - # - # - name: Install Go - # uses: actions/setup-go@v5 - # with: - # go-version-file: go.mod - # cache: true - # check-latest: true - # - # - name: Vet Code - # run: | - # go vet ./... - test: runs-on: ubuntu-latest + needs: upload-main-coverage-file steps: + - env: + COV_FILE_ID: ${{ needs.upload-main-coverage-file.outputs.coverage-artifact-id }} + run: echo "Artifact ID from previous job is $COV_FILE_ID" + - name: Checkout source code for this repository uses: actions/checkout@v4 @@ -61,8 +46,41 @@ jobs: - name: Run Tests run: | - go test ./... + make test + + - name: Parse Coverage Value From Feature Branch + run: | + echo "current_coverage=$(tail -n 1 .coverage/coverage.txt | awk '{print $3}' | awk 'sub("%", "")')" >> $GITHUB_ENV + + - name: Feature Branch Coverage Value + run: | + printf 'Coverage Value: %s\n' "$current_coverage" + + - name: Download Main Coverage + uses: actions/download-artifact@v8 + with: + artifact-ids: ${{ needs.upload-main-coverage-file.outputs.coverage-artifact-id }} + path: tmp/ + + - name: Display structure of downloaded files + run: ls -R + - name: Parse Coverage Value From Main Branch + run: | + echo "main_coverage=$(tail -n 1 tmp/coverage.txt | awk '{print $3}' | awk 'sub("%", "")')" >> $GITHUB_ENV + + - name: Main Coverage Value + run: | + printf 'Coverage Value: %s\n' "$main_coverage" + + - name: Coverage Evaluation + run: | + if (( echo "$current_coverage < $main_coverage" | bc -l)); then + echo "Failing the workflow. Coverage on feature branch ($current_coverage%) is below main branch ($main_coverage%)" + exit 1 + else + echo "Coverage is within the limits" + fi integration-test-pg: name: Run integration tests (pg) runs-on: ubuntu-latest @@ -95,7 +113,7 @@ jobs: env: CONNECTION_STRING: postgres://dawgs:weneedbetterpasswords@localhost:5432/dawgs?sslmode=disable run: | - go test -tags manual_integration ./integration + make test_integration integration-test-neo4j: name: Run integration tests (neo4j) @@ -128,4 +146,4 @@ jobs: env: CONNECTION_STRING: neo4j://neo4j:weneedbetterpasswords@localhost:7687 run: | - go test -tags manual_integration ./integration + make test_integration From 13c15a62705c6ecd671b678774406c4b2e819f88 Mon Sep 17 00:00:00 2001 From: ykaiboussiSO Date: Tue, 19 May 2026 08:58:23 -0500 Subject: [PATCH 2/9] Pinning SHA on GH Actions --- .github/workflows/Upload-main-coverage-files.yml | 4 ++-- .github/workflows/go-test.yml | 12 ++++++------ .github/workflows/run-static-analysis.yml | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/Upload-main-coverage-files.yml b/.github/workflows/Upload-main-coverage-files.yml index dc0271a0..f87ce3e9 100644 --- a/.github/workflows/Upload-main-coverage-files.yml +++ b/.github/workflows/Upload-main-coverage-files.yml @@ -32,12 +32,12 @@ jobs: coverage-artifact-id: ${{ steps.upload-coverage-artifact-step.outputs.artifact-id }} steps: - name: Checkout source code for this repository - uses: actions/checkout@v4 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5 with: ref: origin/main - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # ratchet:actions/setup-go@v5 with: go-version-file: go.mod cache: true diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index 74864faa..2e592c26 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -35,10 +35,10 @@ jobs: run: echo "Artifact ID from previous job is $COV_FILE_ID" - name: Checkout source code for this repository - uses: actions/checkout@v4 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # ratchet:actions/setup-go@v5 with: go-version-file: go.mod cache: true @@ -100,10 +100,10 @@ jobs: --health-retries 5 steps: - name: Checkout source code for this repository - uses: actions/checkout@v4 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # ratchet:actions/setup-go@v5 with: go-version-file: go.mod cache: true @@ -133,10 +133,10 @@ jobs: --health-start-period 40s steps: - name: Checkout source code for this repository - uses: actions/checkout@v4 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # ratchet:actions/setup-go@v5 with: go-version-file: go.mod cache: true diff --git a/.github/workflows/run-static-analysis.yml b/.github/workflows/run-static-analysis.yml index fc63b672..cfd6efb7 100644 --- a/.github/workflows/run-static-analysis.yml +++ b/.github/workflows/run-static-analysis.yml @@ -30,10 +30,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout source code for this repository - uses: actions/checkout@v4 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # ratchet:actions/setup-go@v5 with: go-version-file: go.mod cache: true From 0c6a504d497ed23b10bae5ff51466de6d93e4f18 Mon Sep 17 00:00:00 2001 From: ykaiboussiSO Date: Tue, 19 May 2026 09:06:50 -0500 Subject: [PATCH 3/9] update main branch --- .github/workflows/Upload-main-coverage-files.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Upload-main-coverage-files.yml b/.github/workflows/Upload-main-coverage-files.yml index f87ce3e9..44bd80ef 100644 --- a/.github/workflows/Upload-main-coverage-files.yml +++ b/.github/workflows/Upload-main-coverage-files.yml @@ -34,7 +34,7 @@ jobs: - name: Checkout source code for this repository uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5 with: - ref: origin/main + ref: main - name: Install Go uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # ratchet:actions/setup-go@v5 From 0d45a528757ee395c1f88a73eb69dbc24ced2d73 Mon Sep 17 00:00:00 2001 From: ykaiboussiSO Date: Tue, 19 May 2026 09:23:59 -0500 Subject: [PATCH 4/9] Fix workflow dependency --- .github/workflows/Upload-main-coverage-files.yml | 2 +- .github/workflows/go-test.yml | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/Upload-main-coverage-files.yml b/.github/workflows/Upload-main-coverage-files.yml index 44bd80ef..2d3a6e0f 100644 --- a/.github/workflows/Upload-main-coverage-files.yml +++ b/.github/workflows/Upload-main-coverage-files.yml @@ -26,7 +26,7 @@ on: - "synchronize" jobs: - upload-main-coverage-file: + upload-main-coverage-files: runs-on: ubuntu-latest outputs: coverage-artifact-id: ${{ steps.upload-coverage-artifact-step.outputs.artifact-id }} diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index 2e592c26..d70f5aca 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -26,9 +26,11 @@ on: - "synchronize" jobs: + call-run-upload-main-coverage-files: + uses: ./.github/workflows/upload-main-coverage-files.yml test: runs-on: ubuntu-latest - needs: upload-main-coverage-file + needs: call-run-upload-main-coverage-files steps: - env: COV_FILE_ID: ${{ needs.upload-main-coverage-file.outputs.coverage-artifact-id }} @@ -47,15 +49,15 @@ jobs: - name: Run Tests run: | make test - + - name: Parse Coverage Value From Feature Branch run: | echo "current_coverage=$(tail -n 1 .coverage/coverage.txt | awk '{print $3}' | awk 'sub("%", "")')" >> $GITHUB_ENV - + - name: Feature Branch Coverage Value run: | printf 'Coverage Value: %s\n' "$current_coverage" - + - name: Download Main Coverage uses: actions/download-artifact@v8 with: @@ -68,11 +70,11 @@ jobs: - name: Parse Coverage Value From Main Branch run: | echo "main_coverage=$(tail -n 1 tmp/coverage.txt | awk '{print $3}' | awk 'sub("%", "")')" >> $GITHUB_ENV - + - name: Main Coverage Value run: | printf 'Coverage Value: %s\n' "$main_coverage" - + - name: Coverage Evaluation run: | if (( echo "$current_coverage < $main_coverage" | bc -l)); then From 4b6391668f7b5b374363a1c533eca8ebceec45b9 Mon Sep 17 00:00:00 2001 From: ykaiboussiSO Date: Tue, 19 May 2026 09:43:56 -0500 Subject: [PATCH 5/9] Implement Reuseable Workflow --- .github/workflows/Upload-main-coverage-files.yml | 14 ++++++-------- .github/workflows/go-test.yml | 5 +++-- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/.github/workflows/Upload-main-coverage-files.yml b/.github/workflows/Upload-main-coverage-files.yml index 2d3a6e0f..a0c21092 100644 --- a/.github/workflows/Upload-main-coverage-files.yml +++ b/.github/workflows/Upload-main-coverage-files.yml @@ -14,16 +14,14 @@ # # SPDX-License-Identifier: Apache-2.0 -name: Run Go tests +name: Run Go Tests on Main Branch on: - pull_request: - branches: - - "main" - - "stage/**" - types: - - "opened" - - "synchronize" + workflow_call: + outputs: + coverage-artifact-id: + description: Coverage artifact id for the main branch baseline + value: ${{ jobs.upload-main-coverage-files.outputs.coverage-artifact-id }} jobs: upload-main-coverage-files: diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index d70f5aca..da1e72d4 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -24,6 +24,7 @@ on: types: - "opened" - "synchronize" + - "reopened" jobs: call-run-upload-main-coverage-files: @@ -33,7 +34,7 @@ jobs: needs: call-run-upload-main-coverage-files steps: - env: - COV_FILE_ID: ${{ needs.upload-main-coverage-file.outputs.coverage-artifact-id }} + COV_FILE_ID: ${{ needs.call-run-upload-main-coverage-files.outputs.coverage-artifact-id }} run: echo "Artifact ID from previous job is $COV_FILE_ID" - name: Checkout source code for this repository @@ -61,7 +62,7 @@ jobs: - name: Download Main Coverage uses: actions/download-artifact@v8 with: - artifact-ids: ${{ needs.upload-main-coverage-file.outputs.coverage-artifact-id }} + artifact-ids: ${{ needs.call-run-upload-main-coverage-files.outputs.coverage-artifact-id }} path: tmp/ - name: Display structure of downloaded files From d5271ad5bb47e23ccdc362057e80c029c8005caf Mon Sep 17 00:00:00 2001 From: ykaiboussiSO Date: Tue, 19 May 2026 09:45:39 -0500 Subject: [PATCH 6/9] fix file issue --- ...Upload-main-coverage-files.yml => upload-coverage-files.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{Upload-main-coverage-files.yml => upload-coverage-files.yml} (95%) diff --git a/.github/workflows/Upload-main-coverage-files.yml b/.github/workflows/upload-coverage-files.yml similarity index 95% rename from .github/workflows/Upload-main-coverage-files.yml rename to .github/workflows/upload-coverage-files.yml index a0c21092..64108960 100644 --- a/.github/workflows/Upload-main-coverage-files.yml +++ b/.github/workflows/upload-coverage-files.yml @@ -21,7 +21,7 @@ on: outputs: coverage-artifact-id: description: Coverage artifact id for the main branch baseline - value: ${{ jobs.upload-main-coverage-files.outputs.coverage-artifact-id }} + value: ${{ jobs.upload-coverage-files.outputs.coverage-artifact-id }} jobs: upload-main-coverage-files: From e305d3d7af5dc2e9abf876bd69405edcde480936 Mon Sep 17 00:00:00 2001 From: ykaiboussiSO Date: Tue, 19 May 2026 09:51:19 -0500 Subject: [PATCH 7/9] update file path --- .github/workflows/go-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index da1e72d4..86ef04ad 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -28,7 +28,7 @@ on: jobs: call-run-upload-main-coverage-files: - uses: ./.github/workflows/upload-main-coverage-files.yml + uses: ./.github/workflows/upload-coverage-files.yml test: runs-on: ubuntu-latest needs: call-run-upload-main-coverage-files From a67c1f96bca2f674626b4d489ca3cf105bc3e5c4 Mon Sep 17 00:00:00 2001 From: ykaiboussiSO Date: Tue, 19 May 2026 09:59:44 -0500 Subject: [PATCH 8/9] fix syntax error --- .github/workflows/go-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index 86ef04ad..370f1d20 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -78,7 +78,7 @@ jobs: - name: Coverage Evaluation run: | - if (( echo "$current_coverage < $main_coverage" | bc -l)); then + if (( $(echo "$current_coverage < $main_coverage" | bc -l))); then echo "Failing the workflow. Coverage on feature branch ($current_coverage%) is below main branch ($main_coverage%)" exit 1 else From badc336d24a5bcc4f7e7b26d572c0c732c11df5a Mon Sep 17 00:00:00 2001 From: ykaiboussiSO Date: Tue, 19 May 2026 10:08:06 -0500 Subject: [PATCH 9/9] update reference mapping --- .github/workflows/upload-coverage-files.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/upload-coverage-files.yml b/.github/workflows/upload-coverage-files.yml index 64108960..a0c21092 100644 --- a/.github/workflows/upload-coverage-files.yml +++ b/.github/workflows/upload-coverage-files.yml @@ -21,7 +21,7 @@ on: outputs: coverage-artifact-id: description: Coverage artifact id for the main branch baseline - value: ${{ jobs.upload-coverage-files.outputs.coverage-artifact-id }} + value: ${{ jobs.upload-main-coverage-files.outputs.coverage-artifact-id }} jobs: upload-main-coverage-files: