feat: Add AWS role-based authentication system with comprehensive testing #6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| lint-and-format: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install development dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements-dev.txt | |
| - name: Run ruff linting | |
| run: ruff check . | |
| - name: Run ruff formatting check | |
| run: ruff format --check . | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python for local testing | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install dependencies for unit tests | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pytest pytest-asyncio | |
| # Install just the core dependencies needed for unit tests | |
| pip install pydantic boto3 python-dateutil | |
| - name: Run unit tests (mocked, no AWS/DB) | |
| run: | | |
| # Run only unit tests that don't require real AWS or DB connections | |
| PYTHONPATH=$PWD pytest tests/ -v -k "not integration" --tb=short --maxfail=3 | |
| continue-on-error: true | |
| - name: Create test environment files | |
| run: | | |
| # Create agents/.env for CI testing | |
| cat > agents/.env << EOF | |
| # AI Model API Keys (dummy values for CI) | |
| GOOGLE_API_KEY=dummy_key_for_testing | |
| ANTHROPIC_API_KEY=dummy_key_for_testing | |
| DB_PASSWORD=postgres | |
| AWS_PROFILE=default | |
| AWS_REGION=us-east-1 | |
| LOG_LEVEL=INFO | |
| EOF | |
| # Create slack_bot/.env for CI testing | |
| cat > slack_bot/.env << EOF | |
| # Slack App Configuration (dummy values for CI) | |
| SLACK_BOT_TOKEN=xoxb-dummy-token-for-ci | |
| SLACK_SIGNING_SECRET=dummy-signing-secret | |
| SLACK_APP_TOKEN=xapp-dummy-app-token | |
| SRE_AGENT_API_TIMEOUT=30 | |
| SESSION_TIMEOUT_MINUTES=60 | |
| MAX_ACTIVE_SESSIONS=100 | |
| HEALTH_CHECK_INTERVAL=300 | |
| EOF | |
| - name: Start PostgreSQL | |
| run: | | |
| docker compose up -d postgres | |
| sleep 10 # Wait for postgres to be ready | |
| - name: Build test image | |
| run: | | |
| docker build \ | |
| --target test \ | |
| -f ./agents/sre_agent/Dockerfile-agent \ | |
| -t sre-bot:test \ | |
| . | |
| - name: Run full test suite in Docker | |
| run: | | |
| docker run --rm \ | |
| --network sre-bot_default \ | |
| -e PYTHONPATH=/app \ | |
| -e DB_HOST=postgres \ | |
| -e DB_PORT=5432 \ | |
| -e DB_NAME=srebot \ | |
| -e DB_USER=postgres \ | |
| -e DB_PASSWORD=postgres \ | |
| sre-bot:test \ | |
| pytest tests/ -v --tb=short --maxfail=5 | |
| - name: Show test logs on failure | |
| if: failure() | |
| run: | | |
| echo "=== Test execution failed. Checking container logs ===" | |
| docker compose logs postgres || echo "No postgres logs available" | |
| - name: Clean up test environment | |
| if: always() | |
| run: docker compose down -v | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| needs: [lint-and-format, test] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Container Registry | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=sha,prefix={{branch}}- | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./agents/sre_agent/Dockerfile-agent | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Test Docker image | |
| run: | | |
| docker run --rm \ | |
| -e PYTHONPATH=/app \ | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} \ | |
| python -c "import agents.sre_agent.agent; print('Import successful')" | |
| integration-test: | |
| runs-on: ubuntu-latest | |
| needs: [build-and-push] | |
| if: github.event_name != 'pull_request' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Compose | |
| run: | | |
| # Create agents/.env for CI testing | |
| cat > agents/.env << EOF | |
| # AI Model API Keys (dummy values for CI) | |
| GOOGLE_API_KEY=dummy_key_for_testing | |
| ANTHROPIC_API_KEY=dummy_key_for_testing | |
| DB_PASSWORD=postgres | |
| AWS_PROFILE=default | |
| AWS_REGION=us-east-1 | |
| LOG_LEVEL=INFO | |
| EOF | |
| # Create slack_bot/.env for CI testing | |
| cat > slack_bot/.env << EOF | |
| # Slack App Configuration (dummy values for CI) | |
| SLACK_BOT_TOKEN=xoxb-dummy-token-for-ci | |
| SLACK_SIGNING_SECRET=dummy-signing-secret | |
| SLACK_APP_TOKEN=xapp-dummy-app-token | |
| SRE_AGENT_API_TIMEOUT=30 | |
| SESSION_TIMEOUT_MINUTES=60 | |
| MAX_ACTIVE_SESSIONS=100 | |
| HEALTH_CHECK_INTERVAL=300 | |
| EOF | |
| - name: Start services with Docker Compose | |
| run: | | |
| docker compose up -d postgres | |
| sleep 10 # Wait for postgres to be ready | |
| - name: Test health endpoints | |
| run: | | |
| # Start the API service | |
| docker compose up -d sre-bot-api | |
| sleep 15 # Wait for service to start | |
| # Test health endpoints | |
| curl -f http://localhost:8001/health || exit 1 | |
| curl -f http://localhost:8001/health/readiness || exit 1 | |
| curl -f http://localhost:8001/health/liveness || exit 1 | |
| - name: Clean up | |
| if: always() | |
| run: docker compose down -v |