fix/added tests to cover db lookup for session refresh tokens #275
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| concurrency: | |
| group: ci-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| PIP_DISABLE_PIP_VERSION_CHECK: "1" | |
| APP__ENVIRONMENT: development | |
| APP__SERVICE: auth-service | |
| APP__HOST: 0.0.0.0 | |
| APP__PORT: "8000" | |
| APP__LOG_LEVEL: INFO | |
| DATABASE__URL: postgresql+asyncpg://postgres:postgres@localhost:5432/auth_service | |
| REDIS__URL: redis://localhost:6379/0 | |
| JWT__ALGORITHM: RS256 | |
| JWT__ACCESS_TOKEN_TTL_SECONDS: "900" | |
| JWT__REFRESH_TOKEN_TTL_SECONDS: "604800" | |
| OAUTH__GOOGLE_CLIENT_ID: ci-google-client-id | |
| OAUTH__GOOGLE_CLIENT_SECRET: ci-google-client-secret | |
| OAUTH__GOOGLE_REDIRECT_URI: http://localhost:8000/auth/oauth/google/callback | |
| OAUTH__REDIRECT_URI_ALLOWLIST: '["http://localhost:8000/auth/oauth/google/callback"]' | |
| SAML__SP_ENTITY_ID: ci-sp-entity | |
| SAML__SP_ACS_URL: http://localhost:8000/auth/saml/callback | |
| SAML__SP_X509_CERT: ci-sp-cert | |
| SAML__SP_PRIVATE_KEY: ci-sp-private-key | |
| SAML__IDP_ENTITY_ID: ci-idp-entity | |
| SAML__IDP_SSO_URL: https://idp.example.com/sso | |
| SAML__IDP_X509_CERT: ci-idp-cert | |
| RATE_LIMIT__DEFAULT_REQUESTS_PER_MINUTE: "120" | |
| RATE_LIMIT__LOGIN_REQUESTS_PER_MINUTE: "10" | |
| RATE_LIMIT__TOKEN_REQUESTS_PER_MINUTE: "30" | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Prepare CI environment | |
| uses: ./.github/actions/setup-ci | |
| with: | |
| python-version: "3.11" | |
| - name: Ruff | |
| run: python -m ruff check . | |
| - name: Black | |
| run: python -m black --check . | |
| unit_tests: | |
| name: Unit Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Prepare CI environment | |
| uses: ./.github/actions/setup-ci | |
| with: | |
| python-version: "3.11" | |
| - name: Run unit tests | |
| run: python -m pytest tests/unit -q | |
| integration_tests: | |
| name: Integration Tests | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:16 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: auth_service | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd "pg_isready -U postgres -d auth_service" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| redis: | |
| image: redis:7 | |
| ports: | |
| - 6379:6379 | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Prepare CI environment | |
| uses: ./.github/actions/setup-ci | |
| with: | |
| python-version: "3.11" | |
| - name: Run integration tests | |
| run: python -m pytest tests/integration -q | |
| migrations: | |
| name: Migration Checks | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:16 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: auth_service | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd "pg_isready -U postgres -d auth_service" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Prepare CI environment | |
| uses: ./.github/actions/setup-ci | |
| with: | |
| python-version: "3.11" | |
| - name: Alembic offline migration compile | |
| run: python -m alembic upgrade head --sql > /tmp/alembic.sql | |
| - name: Alembic online migration | |
| run: python -m alembic upgrade head | |
| build: | |
| name: Build Packages | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Prepare CI environment | |
| uses: ./.github/actions/setup-ci | |
| with: | |
| python-version: "3.11" | |
| install-build: "true" | |
| - name: Build service package | |
| run: python -m build | |
| - name: Build SDK package | |
| run: python -m build sdk | |
| - name: Smoke test SDK wheel imports | |
| shell: bash | |
| run: | | |
| rm -rf /tmp/sdk-wheel-test | |
| python -m pip install --no-deps --target /tmp/sdk-wheel-test sdk/dist/auth_service_sdk-*.whl | |
| python - <<'PY' | |
| import os | |
| import sys | |
| target = "/tmp/sdk-wheel-test" | |
| repo_root = os.getcwd() | |
| sys.path = [ | |
| target, | |
| *[ | |
| path | |
| for path in sys.path | |
| if os.path.abspath(path or repo_root) != repo_root | |
| ], | |
| ] | |
| import sdk | |
| from sdk import APIKeyAuthMiddleware, AuthClient, JWTAuthMiddleware | |
| from sdk.cache import JWKSCacheManager | |
| assert sdk.__file__.startswith(target), sdk.__file__ | |
| print("SDK wheel import smoke test passed") | |
| print(AuthClient, JWTAuthMiddleware, APIKeyAuthMiddleware, JWKSCacheManager) | |
| PY | |
| checks: | |
| name: checks | |
| runs-on: ubuntu-latest | |
| if: ${{ always() }} | |
| needs: | |
| - lint | |
| - unit_tests | |
| - integration_tests | |
| - migrations | |
| - build | |
| steps: | |
| - name: Verify all CI jobs passed | |
| shell: bash | |
| run: | | |
| declare -A results=( | |
| [lint]="${{ needs.lint.result }}" | |
| [unit_tests]="${{ needs.unit_tests.result }}" | |
| [integration_tests]="${{ needs.integration_tests.result }}" | |
| [migrations]="${{ needs.migrations.result }}" | |
| [build]="${{ needs.build.result }}" | |
| ) | |
| for job in lint unit_tests integration_tests migrations build; do | |
| result="${results[$job]}" | |
| echo "$job: $result" | |
| if [ "$result" != "success" ]; then | |
| echo "::error::$job finished with status '$result'" | |
| exit 1 | |
| fi | |
| done |