fix: add router unit tests to ci #2361
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SkArchon
requested review from
Noroth,
asoorm,
thisisnithin and
wilsonrivera
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the WalkthroughThe pull request modifies the GitHub Actions workflow configuration to reorganize Codecov upload steps. It adds a Codecov upload step to the build_test workflow with token configuration and removes the verbose flag and explicit files list from the integration_test workflow's Codecov upload step. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~5 minutes
Possibly related PRs
Pre-merge checks✅ Passed checks (3 passed)
Comment |
Router-nonroot image scan passed✅ No security vulnerabilities found in image: |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/router-ci.yaml(1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)
- GitHub Check: build-router
- GitHub Check: build_push_image (nonroot)
- GitHub Check: build_push_image
- GitHub Check: build_test
- GitHub Check: image_scan (nonroot)
- GitHub Check: image_scan
- GitHub Check: integration_test (./. ./fuzzquery ./lifecycle ./modules)
- GitHub Check: integration_test (./telemetry)
- GitHub Check: integration_test (./events)
- GitHub Check: Analyze (go)
- GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (1)
.github/workflows/router-ci.yaml (1)
168-171: The codecov/codecov-action@v5 reference is already current and stable—no action needed.Based on verification:
- v5.5.1 (released September 4, 2025) is the latest stable release
- v5 is the latest major version series; no v6 or v7 exists
- No known security vulnerabilities or compatibility issues are reported for v5
- Using
@v5automatically tracks the latest patch versions (v5.5.1+)
.github/workflows/router-ci.yaml
Outdated
Comment on lines
168
to
171
| - name: Upload results to Codecov | ||
| uses: codecov/codecov-action@v5 | ||
| with: | ||
| token: ${{ secrets.CODECOV_TOKEN }} |
There was a problem hiding this comment.
🧩 Analysis chain
Script executed:
# Read the router-ci.yaml file to see full context of both Codecov uploads
cat -n .github/workflows/router-ci.yaml | sed -n '30,180p'Repository: wundergraph/cosmo
<shell_result>
Repository: wundergraph/cosmo
Exit code: 0
stdout:
30 # Runs for forks without access to repository secrets
31 build_test_fork:
32 if: github.event.pull_request.head.repo.full_name != github.repository
33 runs-on: ubuntu-latest
34 timeout-minutes: 15
35 steps:
36 - uses: actions/checkout@v4
37
38 - uses: ./.github/actions/go
39 with:
40 cache-dependency-path: |
41 router/go.sum
42 router-tests/go.sum
43 demo/go.sum
44
45 - uses: ./.github/actions/go-mod-tidy
46 with:
47 working-directory: ./router
48
49 - name: Install tools
50 run: make setup-build-tools
51
52 - name: Install Bun For Plugin Building
53 uses: oven-sh/setup-bun@v2
54 with:
55 bun-version: 1.2.15
56
57 - name: Generate code
58 run: make generate-go
59
60 - name: Check if git is not dirty after generating files
61 run: git diff --no-ext-diff --exit-code
62
63 - name: Install dependencies
64 working-directory: ./router
65 run: go mod download
66
67 - name: Run linters on router-tests
68 uses: ./.github/actions/go-linter
69 with:
70 working-directory: ./router-tests
71
72 - name: Run linters on router
73 uses: ./.github/actions/go-linter
74 with:
75 working-directory: ./router
76
77 - name: Test
78 working-directory: ./router
79 run: make test
80
81 - name: Build
82 working-directory: ./router
83 run: make build
84
85 # Runs for forks to test docker image is building
86 build_image_fork:
87 if: github.event.pull_request.head.repo.full_name != github.repository
88 runs-on: ubuntu-latest
89 timeout-minutes: 15
90 strategy:
91 matrix:
92 docker_build_target: [ '', 'nonroot' ]
93 steps:
94 - uses: actions/checkout@v4
95
96 - uses: ./.github/actions/build-push-image
97 with:
98 docker_context: router
99 dockerfile: router/Dockerfile
100 docker_build_target: ${{ matrix.docker_build_target }}
101 token: ${{secrets.GITHUB_TOKEN}}
102 image_name: router
103 image_description: 'Cosmo Router'
104 push: 'false'
105
106 # Runs for people with write access to the repository
107 # that have access to the secrets
108 build_test:
109 if: github.event.pull_request.head.repo.full_name == github.repository
110 runs-on: ubuntu-latest
111 timeout-minutes: 15
112 steps:
113 - uses: actions/checkout@v4
114
115 - name: Log in to Docker Container registry (With write access)
116 uses: docker/login-action@v3
117 with:
118 registry: docker.io
119 username: ${{secrets.DOCKER_USERNAME}}
120 password: ${{secrets.DOCKER_PASSWORD}}
121
122 - uses: ./.github/actions/go
123 with:
124 cache-dependency-path: |
125 router/go.sum
126 router-tests/go.sum
127 demo/go.sum
128 - uses: ./.github/actions/go-mod-tidy
129 with:
130 working-directory: ./router
131
132 - name: Install tools
133 run: make setup-build-tools
134
135 - name: Install Bun For Plugin Building
136 uses: oven-sh/setup-bun@v2
137 with:
138 bun-version: 1.2.15
139
140 - name: Generate code
141 run: make generate-go
142
143 - name: Check if git is not dirty after generating files
144 run: git diff --no-ext-diff --exit-code
145
146 - name: Install dependencies
147 working-directory: ./router
148 run: go mod download
149
150 - name: Run linters on router-tests
151 uses: ./.github/actions/go-linter
152 with:
153 working-directory: ./router-tests
154
155 - name: Run linters on router
156 uses: ./.github/actions/go-linter
157 with:
158 working-directory: ./router
159
160 - name: Test
161 working-directory: ./router
162 run: make test
163
164 - name: Build
165 working-directory: ./router
166 run: make build
167
168 - name: Upload results to Codecov
169 uses: codecov/codecov-action@v5
170 with:
171 token: ${{ secrets.CODECOV_TOKEN }}
172
173 integration_test:
174 runs-on: ubuntu-latest-l
175 timeout-minutes: 30
176 strategy:
177 fail-fast: false
178 matrix:
179 test_target:
180 [
</shell_result>
Script executed:
# Check the integration_test job and its Codecov upload around lines 340-360
cat -n .github/workflows/router-ci.yaml | sed -n '165,380p'Repository: wundergraph/cosmo
<shell_result>
Repository: wundergraph/cosmo
Exit code: 0
stdout:
165 working-directory: ./router
166 run: make build
167
168 - name: Upload results to Codecov
169 uses: codecov/codecov-action@v5
170 with:
171 token: ${{ secrets.CODECOV_TOKEN }}
172
173 integration_test:
174 runs-on: ubuntu-latest-l
175 timeout-minutes: 30
176 strategy:
177 fail-fast: false
178 matrix:
179 test_target:
180 [
181 './. ./fuzzquery ./lifecycle ./modules',
182 './telemetry',
183 './events',
184 ]
185 services:
186 nats:
187 image: ghcr.io/wundergraph/cosmo/nats:2.11.0-alpine
188 options: >-
189 --health-cmd "curl -f http://localhost:8222/healthz"
190 --health-interval 10s
191 --health-timeout 5s
192 --health-retries 5
193 ports:
194 - 4222:4222
195 - 8222:8222
196 - 6222:6222
197 redis:
198 image: redis:7
199 # Set health checks to wait until redis has started
200 options: >-
201 --health-cmd "redis-cli ping"
202 --health-interval 10s
203 --health-timeout 5s
204 --health-retries 5
205 ports:
206 - 6379:6379
207 redis-0:
208 image: bitnamilegacy/redis-cluster:7.2
209 options: >-
210 --health-cmd "redis-cli ping"
211 --health-interval 10s
212 --health-timeout 5s
213 --health-retries 5
214 env:
215 ALLOW_EMPTY_PASSWORD: "yes"
216 REDIS_NODES: "redis-0 redis-1 redis-2"
217 REDIS_CLUSTER_REPLICAS: "0"
218 REDIS_CLUSTER_CREATOR: "no"
219 ports:
220 - 7001:6379
221 redis-1:
222 image: bitnamilegacy/redis-cluster:7.2
223 options: >-
224 --health-cmd "redis-cli ping"
225 --health-interval 10s
226 --health-timeout 5s
227 --health-retries 5
228 env:
229 ALLOW_EMPTY_PASSWORD: "yes"
230 REDIS_NODES: "redis-0 redis-1 redis-2"
231 REDIS_CLUSTER_REPLICAS: "0"
232 REDIS_CLUSTER_CREATOR: "no"
233 ports:
234 - 7002:6379
235 redis-2:
236 image: bitnamilegacy/redis-cluster:7.2
237 options: >-
238 --health-cmd "redis-cli ping"
239 --health-interval 10s
240 --health-timeout 5s
241 --health-retries 5
242 env:
243 ALLOW_EMPTY_PASSWORD: "yes"
244 REDIS_NODES: "redis-0 redis-1 redis-2"
245 REDIS_CLUSTER_REPLICAS: "0"
246 REDIS_CLUSTER_CREATOR: "yes"
247 ports:
248 - 7003:6379
249 kafka:
250 image: bitnamilegacy/kafka:3.7.0
251 options: >-
252 --health-cmd "kafka-broker-api-versions.sh --version"
253 --health-interval 10s
254 --health-timeout 5s
255 --health-retries 5
256 env:
257 KAFKA_ENABLE_KRAFT: yes
258 KAFKA_CFG_PROCESS_ROLES: controller,broker
259 KAFKA_CFG_CONTROLLER_LISTENER_NAMES: CONTROLLER
260 KAFKA_CFG_LISTENERS: PLAINTEXT://:9092,CONTROLLER://:9093
261 KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP: CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT
262 KAFKA_CFG_CONTROLLER_QUORUM_VOTERS: 1@localhost:9093
263 KAFKA_CFG_TRANSACTION_PARTITION_VERIFICATION_ENABLE: false
264 KAFKA_CFG_ADVERTISED_LISTENERS: PLAINTEXT://localhost:9092
265 KAFKA_CFG_NODE_ID: 1
266 ALLOW_PLAINTEXT_LISTENER: yes
267 KAFKA_KRAFT_CLUSTER_ID: XkpGZQ27R3eTl3OdTm2LYA # 16 byte base64-encoded UUID
268 ports:
269 - '9092:9092'
270 steps:
271 - name: Wait for Redis Cluster
272 run: |
273 echo "[CHECK] Waiting for Redis Cluster to become healthy..."
274 cluster_containers=$(docker ps --quiet --filter "ancestor=bitnamilegacy/redis-cluster:7.2")
275
276 success=0
277 for i in {1..30}; do
278 if [ $i -eq 1 ]; then
279 echo "[INIT] Forcing cluster creation..."
280 # pick one container as the "creator"
281 creator=$(echo $cluster_containers | awk '{print $1}')
282 # run the cluster create command inside it
283 docker exec "$creator" redis-cli --cluster create redis-0:6379 redis-1:6379 redis-2:6379 --cluster-replicas 0 --cluster-yes || true
284 fi
285
286 for cid in $cluster_containers; do
287 docker exec "$cid" redis-cli -p 6379 cluster info
288 if docker exec "$cid" redis-cli -p 6379 cluster info 2>/dev/null | grep -q "cluster_state:ok"; then
289 echo "[SUCCESS] Redis Cluster is ready (reported by $cid)"
290 success=1
291 break 2
292 fi
293 done
294
295 echo "[WAITING] Cluster not ready yet (attempt $i)..."
296 sleep 2
297 done
298
299 if [ $success -eq 0 ]; then
300 echo "[ERROR] Redis Cluster did not become healthy in time"
301 for cid in $cluster_containers; do
302 echo "--- Cluster info for $cid ---"
303 docker exec "$cid" redis-cli -p 6379 cluster info || true
304 docker exec "$cid" redis-cli -p 6379 cluster nodes || true
305 echo "--- Logs for $cid ---"
306 docker logs "$cid" | tail -n 100
307 done
308 exit 1
309 fi
310 - uses: actions/checkout@v4
311 - uses: ./.github/actions/go
312 with:
313 cache-dependency-path: |
314 router-tests/go.sum
315 - name: Install tools
316 run: make setup-build-tools
317
318 - name: Install Bun For Plugin Building
319 uses: oven-sh/setup-bun@v2
320 with:
321 bun-version: 1.2.15
322
323 - name: Install dependencies
324 working-directory: ./router-tests
325 run: go mod download
326 - name: Configure Redis Authentication & ACL
327 run: |
328 docker ps -a
329 # Set a password for each master node
330 for cid in $(docker ps --format "{{.ID}} {{.Image}}" | grep "redis-cluster" | awk '{print $1}'); do
331 echo "Configuring ACLs in container $cid"
332 docker exec "$cid" redis-cli -p 6379 ACL SETUSER cosmo on ">test" "~*" "+@all"
333 docker exec "$cid" redis-cli -p 6379 ping
334 done
335 cid=$(docker ps --format "{{.ID}} {{.Image}}" | grep "redis:7" | awk '{print $1}')
336 # Sanity checks
337 docker exec "$cid" redis-cli -p 6379 ping
338 docker exec "$cid" redis-cli -u "redis://cosmo:test@redis-0:6379" ping
339 docker exec "$cid" redis-cli -u "redis://cosmo:test@redis-0:6379" cluster nodes
340
341 - name: Run Integration tests ${{ matrix.test_target }}
342 working-directory: ./router-tests
343 run: make test-coverage test_retry_count=0 test_params="-run '^Test[^(Flaky)]' --timeout=5m -p 1 --parallel 10" test_target="${{ matrix.test_target }}"
344
345 - name: Run Flaky Integration tests ${{ matrix.test_target }}
346 working-directory: ./router-tests
347 run: make test-coverage test_retry_count=3 test_params="-run '^TestFlaky' --timeout=5m -p 1 --parallel 10" test_target="${{ matrix.test_target }}"
348
349 - name: Upload results to Codecov
350 uses: codecov/codecov-action@v5
351 with:
352 token: ${{ secrets.CODECOV_TOKEN }}
353
354 image_scan:
355 if: github.event.pull_request.head.repo.full_name == github.repository
356 runs-on: ubuntu-latest
357 timeout-minutes: 15
358 strategy:
359 matrix:
360 docker_build_target: [ '', 'nonroot' ]
361 steps:
362 - uses: actions/checkout@v4
363
364 - uses: ./.github/actions/build-push-image
365 id: docker_build
366 with:
367 docker_username: ${{secrets.DOCKER_USERNAME}}
368 docker_password: ${{secrets.DOCKER_PASSWORD}}
369 docker_context: router
370 dockerfile: router/Dockerfile
371 docker_build_target: ${{ matrix.docker_build_target }}
372 token: ${{secrets.GITHUB_TOKEN}}
373 image_name: router
374 image_description: 'Cosmo Router'
375 image_platforms: 'linux/amd64'
376 load_Image: 'true'
377 push: 'false'
378
379 - uses: ./.github/actions/image-scan
380 with:
</shell_result>
codecov-action@v5 missing token fork PR behavior documentation
<web_search_result>
Short answer: codecov-action@v5 documents that uploads from forked PRs may run without a repository token (token secrets are unavailable to fork workflows) only when tokenless uploads are enabled (global upload token / opt‑in) or when you use OIDC. If neither is used, uploads from forks will not have the CODECOV_TOKEN and the upload/commit status can fail or be omitted. See Codecov action README, Codecov token docs, and community posts for details.
Sources:
[1] codecov/codecov-action README (v5 notes: tokenless uploads, use_oidc option).
[2] Codecov docs — Adding the Codecov token / Uploading without a token.
[3] Codecov community posts describing missing commit status and fork/secret limitations.
</web_search_result>
Script executed:
# Check codecov-action@v5 behavior with missing token by looking at its release notes and documentation
curl -s https://api.github.com/repos/codecov/codecov-action/releases/tags/v5 | jq -r '.body' | head -100Repository: wundergraph/cosmo
<shell_result>
Repository: wundergraph/cosmo
Exit code: 0
stdout:
null
</shell_result>
Script executed:
# Check if there are any related discussions or issues in the PR comments/description
gh pr view --json title,body,comments -q '.title, .body, .comments[].body' 2>/dev/null | head -50Repository: wundergraph/cosmo
<shell_result>
Repository: wundergraph/cosmo
Exit code: 0
</shell_result>
Add fork protection to integration_test job or its Codecov upload step to prevent failures on fork PRs.
The new Codecov upload in build_test (lines 168–171) is correctly gated by the job's fork protection condition (line 109). However, integration_test (line 173) runs for all PRs including forks but lacks a fork condition and attempts to upload coverage using secrets.CODECOV_TOKEN (lines 349–352). In fork PRs, this secret is unavailable, causing the codecov-action@v5 step to fail.
Fix: Add an if condition to the integration_test job (or the Codecov upload step within it) to restrict execution to non-fork PRs:
if: github.event.pull_request.head.repo.full_name == github.repository🤖 Prompt for AI Agents
.github/workflows/router-ci.yaml lines 168-171, 173 and 349-352: the
integration_test job (or its Codecov upload step) attempts to use
secrets.CODECOV_TOKEN on forked PRs causing failures because the secret is
unavailable; add a fork-protection if condition to either the integration_test
job or specifically its Codecov upload step using: if:
github.event.pull_request.head.repo.full_name == github.repository so the upload
only runs for PRs from the same repo (non-fork) and avoids executing the
codecov-action on forked PRs.
Codecov Report✅ All modified and coverable lines are covered by tests. ❌ Your project check has failed because the head coverage (28.67%) is below the target coverage (90.00%). You can increase the head coverage or adjust the target coverage. Additional details and impacted files@@ Coverage Diff @@
## main #2361 +/- ##
==========================================
- Coverage 29.29% 28.67% -0.62%
==========================================
Files 127 127
Lines 11040 11058 +18
Branches 251 241 -10
==========================================
- Hits 3234 3171 -63
- Misses 7804 7885 +81
Partials 2 2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
SkArchon
force-pushed
the
milinda/router-coverage
branch
from
b433635 to
1438a7f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds the router unit tests to ci
Summary by CodeRabbit
Note: This release contains no user-facing changes. Updates are limited to internal build and testing infrastructure.
✏️ Tip: You can customize this high-level summary in your review settings.
Checklist