test(lockdown): cover remaining safety branches on top of #3 (83.1% → 98.7%)#5
Merged
Merged
Conversation
This workflow installs Python dependencies, runs tests, and lints code with multiple Python versions.
Document the architecture, build/test workflow, toolset registration pattern, parameter helpers, error handling conventions, and contribution flow so AI assistants can act productively in this repo without re-discovering conventions. https://claude.ai/code/session_018psjWyFFcz83JXdxBQMUdd
Diseño modular del ERP basado en los conectores disponibles: - Stack por capas (datos, aplicacion, automatizacion, BI, colaboracion) - Modulos del ERP y hoja de ruta por fases - Plan de cuentas premium con prioridades de pago
Adds tests for the highest-risk untested code identified during a coverage analysis: - pkg/lockdown: IsSafeContent (the content-safety decision gate) and isTrustedBot were at 0%. New table-driven tests exercise every branch of the safety logic (trusted bot, private repo, viewer-authored, push-access tiers, and the deny-by-default path), plus cache reuse, query-error propagation, option setters, and cacheKey normalization. Package coverage rises from ~52% to ~83%. - pkg/utils: the tool-result constructors (used by every tool's output) were an entirely untested package at 0%; now fully covered.
The consolidated actions_* tools (ActionsGet, ActionsList, ActionsRunTrigger) dispatch to a set of unexported helpers that were at 0% coverage — the existing Test_* cases only validate the tool schemas, not these implementations. Adds direct white-box tests (success + API-error paths) for: getWorkflowJob, listWorkflowJobs, listWorkflowArtifacts, downloadWorkflowArtifact, getWorkflowRunLogsURL, getWorkflowRunUsage, rerunWorkflowRun, rerunFailedJobs, and deleteWorkflowRunLogs. Each helper now sits at ~78-90%, raising actions.go from ~60% to ~81%.
PR #3 raised pkg/lockdown coverage to 83.1% via safety_test.go. This adds the branches it left uncovered, in a separate file to avoid duplicate test symbols: - getRepoAccessInfo: the repo-cached-but-new-user merge path - queryRepoAccessInfo: GraphQL server-error propagation - log: the emit and below-threshold suppression branches Package coverage 83.1% -> 98.7%. No production code changes. https://claude.ai/code/session_01W9xh1kJCqtHqBgBAMQikon
89d1074 to
eed328b
Compare
israel2606
pushed a commit
that referenced
this pull request
Jun 11, 2026
Three of four red workflows (golangci-lint, go.yml, go-build.yml) shared one root cause: pkg/lockdown no longer compiled. The lockdown package was refactored after PR #5 branched, and the safety_coverage_test.go added by #5 still referenced the removed API (newSafetyTestCache, the old queryRepoAccessInfo signature, repoAccessCacheEntry.viewerLogin) — a semantic conflict git did not catch on merge. lockdown_test.go already covers the new design, so the obsolete file is removed. Also remove two broken/redundant workflows: - python-package.yml: an empty deprecation stub with no jobs, which is an invalid workflow and always reports failure. - go-build.yml: redundant with go.yml (Build and Test Go Project) and built on Node20-deprecated actions (setup-go@v4, cache@v3). go mod tidy -diff, script/test, and go vet all pass. https://claude.ai/code/session_01W9xh1kJCqtHqBgBAMQikon
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
PR #3 already raised
pkg/lockdowncoverage to 83.1% viasafety_test.go. This PR was originally cut from an older base and overlapped with it; it has been rebased ontomainand trimmed to only the complementary tests that cover the branches PR #3 left untouched. Tests live in a separate file (safety_coverage_test.go) to avoid duplicate test symbols.No production code changes.
Coverage added (on top of main)
getRepoAccessInfoqueryRepoAccessInfologWhat's tested
getRepoAccessInfo— the repo-is-cached-but-user-is-unknown path: a pre-seeded user is served without a call, a new user triggers exactly one query and is merged into the existing entry, then is itself cached.queryRepoAccessInfo— GraphQL server-error propagation (distinct from the nil-client guard already covered insafety_test.go).log— the message-emitted path and the below-threshold suppression path (nil-logger early return was already covered).Reuses the existing
newSafetyTestCachehelper,repoAccessQuery, andcountingTransport.Verification
Note on CI
The
build (3.9 / 3.10 / 3.11)jobs are a Python workflow (pytest/flake8) that fails on every PR in this Go repo —pytestcollects 0 tests and exits 5. That's a pre-existing repo workflow misconfiguration, unrelated to this change, and worth disabling/fixing separately.https://claude.ai/code/session_01W9xh1kJCqtHqBgBAMQikon