feat: Add AWS role-based authentication system with comprehensive testing #9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| lint-and-format: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install development dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements-dev.txt | |
| - name: Run ruff linting | |
| run: ruff check . | |
| - name: Run ruff formatting check | |
| run: ruff format --check . | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python for local testing | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install dependencies for unit tests | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pytest pytest-asyncio | |
| # Install just the core dependencies needed for unit tests | |
| pip install pydantic boto3 python-dateutil | |
| - name: Run unit tests (mocked, no AWS/DB) | |
| run: | | |
| # Run only unit tests that don't require real AWS or DB connections | |
| PYTHONPATH=$PWD pytest tests/ -v -k "not integration" --tb=short --maxfail=3 | |
| continue-on-error: true | |
| - name: Create test environment files | |
| run: | | |
| # Create agents/.env for CI testing | |
| cat > agents/.env << EOF | |
| # AI Model API Keys (dummy values for CI) | |
| GOOGLE_API_KEY=dummy_key_for_testing | |
| ANTHROPIC_API_KEY=dummy_key_for_testing | |
| DB_PASSWORD=postgres | |
| AWS_PROFILE=default | |
| AWS_REGION=us-east-1 | |
| LOG_LEVEL=INFO | |
| EOF | |
| # Create slack_bot/.env for CI testing | |
| cat > slack_bot/.env << EOF | |
| # Slack App Configuration (dummy values for CI) | |
| SLACK_BOT_TOKEN=xoxb-dummy-token-for-ci | |
| SLACK_SIGNING_SECRET=dummy-signing-secret | |
| SLACK_APP_TOKEN=xapp-dummy-app-token | |
| SRE_AGENT_API_TIMEOUT=30 | |
| SESSION_TIMEOUT_MINUTES=60 | |
| MAX_ACTIVE_SESSIONS=100 | |
| HEALTH_CHECK_INTERVAL=300 | |
| EOF | |
| - name: Start PostgreSQL | |
| run: | | |
| docker compose up -d postgres | |
| sleep 10 # Wait for postgres to be ready | |
| - name: Build test image | |
| run: | | |
| docker build \ | |
| --target test \ | |
| -f ./agents/sre_agent/Dockerfile-agent \ | |
| -t sre-bot:test \ | |
| . | |
| - name: Run full test suite in Docker | |
| run: | | |
| docker run --rm \ | |
| --network sre-bot_default \ | |
| -e PYTHONPATH=/app \ | |
| -e DB_HOST=postgres \ | |
| -e DB_PORT=5432 \ | |
| -e DB_NAME=srebot \ | |
| -e DB_USER=postgres \ | |
| -e DB_PASSWORD=postgres \ | |
| sre-bot:test \ | |
| pytest tests/ -v --tb=short --maxfail=5 | |
| - name: Show test logs on failure | |
| if: failure() | |
| run: | | |
| echo "=== Test execution failed. Checking container logs ===" | |
| docker compose logs postgres || echo "No postgres logs available" | |
| - name: Clean up test environment | |
| if: always() | |
| run: docker compose down -v | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| needs: [lint-and-format, test] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # Docker registry login removed - not needed since we're not pushing | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=sha,prefix={{branch}}- | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./agents/sre_agent/Dockerfile-agent | |
| push: false | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Test Docker image | |
| run: | | |
| # Use the locally built image with the first tag from metadata | |
| docker run --rm \ | |
| -e PYTHONPATH=/app \ | |
| $(echo "${{ steps.meta.outputs.tags }}" | head -n1) \ | |
| python -c "import agents.sre_agent.agent; print('Import successful')" | |
| integration-test: | |
| runs-on: ubuntu-latest | |
| needs: [build-and-push] | |
| if: github.event_name != 'pull_request' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Compose | |
| run: | | |
| # Create agents/.env for CI testing | |
| cat > agents/.env << EOF | |
| # AI Model API Keys (dummy values for CI) | |
| GOOGLE_API_KEY=dummy_key_for_testing | |
| ANTHROPIC_API_KEY=dummy_key_for_testing | |
| DB_PASSWORD=postgres | |
| AWS_PROFILE=default | |
| AWS_REGION=us-east-1 | |
| LOG_LEVEL=INFO | |
| EOF | |
| # Create slack_bot/.env for CI testing | |
| cat > slack_bot/.env << EOF | |
| # Slack App Configuration (dummy values for CI) | |
| SLACK_BOT_TOKEN=xoxb-dummy-token-for-ci | |
| SLACK_SIGNING_SECRET=dummy-signing-secret | |
| SLACK_APP_TOKEN=xapp-dummy-app-token | |
| SRE_AGENT_API_TIMEOUT=30 | |
| SESSION_TIMEOUT_MINUTES=60 | |
| MAX_ACTIVE_SESSIONS=100 | |
| HEALTH_CHECK_INTERVAL=300 | |
| EOF | |
| - name: Start services with Docker Compose | |
| run: | | |
| docker compose up -d postgres | |
| sleep 10 # Wait for postgres to be ready | |
| - name: Test health endpoints | |
| run: | | |
| # Start the API service | |
| docker compose up -d sre-bot-api | |
| sleep 15 # Wait for service to start | |
| # Test health endpoints | |
| curl -f http://localhost:8001/health || exit 1 | |
| curl -f http://localhost:8001/health/readiness || exit 1 | |
| curl -f http://localhost:8001/health/liveness || exit 1 | |
| - name: Clean up | |
| if: always() | |
| run: docker compose down -v |