Skip to content

Test labeling gate#140

Closed
reyhankoyun wants to merge 10 commits intoaws:mainfrom
reyhankoyun:test-labeling-gate
Closed

Test labeling gate#140
reyhankoyun wants to merge 10 commits intoaws:mainfrom
reyhankoyun:test-labeling-gate

Conversation

@reyhankoyun
Copy link
Copy Markdown
Contributor

@reyhankoyun reyhankoyun commented Oct 23, 2025

Issue #, if available:

Description of changes:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@reyhankoyun
Add integration tests workflow and enable parallel test execution
f203d36 
- Add integration-tests.yml workflow with OIDC authentication and pull_request_target
- Support team member detection and safe-to-test label for external contributors
- Remove #[ignore] annotations from all 6 integration tests
- Add dynamic port allocation using atomic counter to prevent port conflicts
- Add proper randomness to secret naming (thread ID + nanoseconds + random number)
- Add fastrand dependency for random number generation
- Update test-local.sh to remove --ignored flag and update comments
- Enable both sequential (--test-threads=1) and parallel test execution
@reyhankoyun
Update safe-to-test label to match AWS conventions
7d0b42f 
Use 'safe to test' (with spaces) to align with other AWS repositories
@reyhankoyun
Simplify workflow condition to trust-based model
6e684a7 
- COLLABORATOR: automatic test execution
- Others: require 'safe to test' label for manual approval
- Remove repo source checks - only author trust level matters
@reyhankoyun
Simplify integration tests for sequential execution
3a9a4f3
@reyhankoyun
Add reopened and ready_for_review triggers to integration tests workflow
77d134f 
- Add reopened trigger (part of default set)
- Add ready_for_review trigger for draft PRs marked ready
- Add Checkout step name for consistency
@reyhankoyun
Merge branch 'aws:main' into main
1faf57e
@reyhankoyun
Add comprehensive caching integration tests
b63c4fc 
- test_cache_hit_behavior: Verifies cache hits are faster than AWS calls
- test_refresh_now_bypasses_cache: Confirms refreshNow=true bypasses cache
- test_cache_after_secret_update: Tests stale cache behavior after secret updates
- test_real_ttl_expiration_timing: Validates TTL expiration and cache refresh
- test_ttl_zero_disables_caching: Ensures TTL=0 disables caching completely

These tests cover all critical caching behaviors that cannot be unit tested,
including timing-based assertions and AWS integration scenarios.
@reyhankoyun
Refactor integration tests: categorize and secure workflow
3f073a4 
- Updated caching.rs to only include true integration tests:
  - test_cache_after_secret_update: Real AWS secret rotation + cache staleness
  - test_real_ttl_expiration_timing: Real time-based TTL with actual delays
  - Removed performance-focused tests (moved to future performance suite)
  - Removed parameter behavior tests (moved to future unit tests)

- Fixed GitHub Actions security vulnerability:
  - Changed pull_request_target to only trigger on 'labeled' events
  - Eliminates race condition where unapproved code could execute with AWS credentials
  - Each commit now requires explicit human approval via safe-to-test label
  - Auto-removes label after use to prevent persistent approval

Integration tests now focus on real AWS interactions and timing behavior
that cannot be effectively mocked or measured in unit tests.
@reyhankoyun
Merge branch 'caching-tests-clean'
f3c841f
@reyhankoyun
test: Add file to verify labeling gate functionality
c522049 
This PR tests the security gate that requires safe-to-test label
before integration tests can run with AWS credentials.
@reyhankoyun reyhankoyun requested a review from a team as a code owner October 23, 2025 22:50
@reyhankoyun reyhankoyun added the safe-to-test Maintainer approval to run integration tests for external contributor PRs. label Oct 23, 2025
@codecov
Copy link
Copy Markdown

codecov bot commented Oct 23, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.72%. Comparing base (ab15067) to head (c522049).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #140   +/-   ##
=======================================
  Coverage   91.72%   91.72%           
=======================================
  Files          14       14           
  Lines        2418     2418           
  Branches     2418     2418           
=======================================
  Hits         2218     2218           
  Misses        150      150           
  Partials       50       50

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

safe-to-test Maintainer approval to run integration tests for external contributor PRs.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@reyhankoyun