Skip to content

ci: add integration tests against live API#181

Merged
sachiniyer merged 2 commits intomainfrom
siyer/integ-test
Mar 11, 2026
Merged

ci: add integration tests against live API#181
sachiniyer merged 2 commits intomainfrom
siyer/integ-test

Conversation

@sachiniyer
Copy link
Copy Markdown
Contributor

@sachiniyer sachiniyer commented Mar 11, 2026
edited by devin-ai-integration Bot
Loading

Summary

  • Add Rust integration test suite (tests/integration.rs) that exercises every CLI command end-to-end against the live Detail API
  • Tests cover: auth login/logout/status, repos list, bugs list/show with status filters/pagination/vulns, scans list, and failure without auth
  • Tests skip gracefully when DETAIL_API_KEY is absent so cargo test works locally
  • New integration.yml workflow runs on pushes to main and same-repo PRs, using the integration-tests GitHub Environment for secret scoping

Security

  • Fork PRs are skipped (GitHub never exposes secrets to pull_request from forks)
  • Same-repo PRs run automatically (authors are collaborators with write access)
  • DETAIL_API_KEY is scoped to the integration-tests environment

Setup

Remove required reviewers from the integration-tests environment in repo Settings → Environments. The environment still scopes the secret; the if condition handles fork PR protection.

Test plan

  • Verify integration tests pass in CI on this PR
  • Verify cargo test still passes locally without DETAIL_API_KEY
  • Verify fork PRs skip the integration job

🤖 Generated with Claude Code

Open with Devin

@sachiniyer sachiniyer temporarily deployed to integration-tests March 11, 2026 22:03 — with GitHub Actions Inactive
devin-ai-integration[bot]
devin-ai-integration Bot reviewed Mar 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 4 additional findings.

Open in Devin Review

sachiniyer and others added 2 commits March 11, 2026 15:06
@sachiniyer @claude
ci: add integration tests against live API
309838a 
Add a Rust integration test suite (tests/integration.rs) that exercises
the CLI binary end-to-end against the Detail API, covering auth login/
logout/status, repos list, bugs list/show with filters and pagination,
and scans list.

Tests skip gracefully when DETAIL_API_KEY is absent, so `cargo test`
works locally without a key. A new CI workflow runs these tests on
pushes to main and same-repo PRs using the "integration-tests"
GitHub Environment for secret scoping.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sachiniyer @claude
style: fix rustfmt formatting in integration tests
8357b50 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sachiniyer sachiniyer temporarily deployed to integration-tests March 11, 2026 22:07 — with GitHub Actions Inactive
@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector Bot commented Mar 11, 2026

💡 Codex Review

cli/.github/workflows/api-docs.yml

Lines 10 to 12 in 125d273

permissions:
pages: write
id-token: write

P1 Badge Grant contents read permission to API Docs workflow

At the workflow level, setting only pages and id-token drops the default contents: read permission, so the actions/checkout@v4 step in this job cannot fetch the repository and the docs deploy will fail whenever this workflow runs. Add contents: read alongside the existing permissions so the checkout and subsequent copy/deploy steps can execute.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@sachiniyer sachiniyer merged commit b95246e into main Mar 11, 2026
12 checks passed
@sachiniyer sachiniyer deleted the siyer/integ-test branch March 11, 2026 22:21
@sachiniyer sachiniyer mentioned this pull request Mar 12, 2026
Merged
sachiniyer added a commit that referenced this pull request Mar 12, 2026
@sachiniyer @claude
chore(release): bump version to 0.1.11 (#186)
0085d02 
## Summary
- Bumps version from 0.1.10 to 0.1.11
- The release workflow will auto-tag and build artifacts when merged to
main

### Changes since v0.1.10

**Features:**
- Add shell tab completion via clap_complete (#182)
- Add --scan-id flag to bugs list command (#184)
- Add scans list command (#163)
- Add scans to the skill.md for the detail CLI (#185)
- Auto-detect repository in detail-bugs skill (#160)

**Fixes:**
- Show user-friendly error messages instead of debug output (#129)
- Continue list numbering across pages instead of resetting (#130)
- Add file locking to prevent concurrent config overwrites (#131)

**Chores & Refactoring:**
- Replace Makefile with cargo xtask (#159)
- Upgrade all dependencies to latest versions (#158)
- Enable comprehensive clippy lints (pedantic, nursery, restriction)
(#134, #135, #144, #152, #153, #154, #155)
- Add GitHub Pages workflow for API docs (#178)
- Add Scalar API reference page (#177)
- Add integration tests against live API (#181)
- Remove alpha warning from README (#156)

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sachiniyer