Run full test suite in GitHub Actions with disposable test env

[devarshishimpi]

Description

Sets up CI to run the full Codra test suite on PRs, pushes to main, and manual workflow dispatches.

Changes include:

• Adds a Postgres service container for GitHub Actions test runs.
• Runs migrations before Vitest through npm test.
• Moves test env values out of test helpers and into env files / workflow env.
• Adds .env.test.example for local test setup.
• Updates .dev.vars.example to match the local .dev.vars env names.
• Removes DB test skipping so all 56 tests run locally and in CI.
• Trims CI env vars to only what the current tests actually require.
• Increases Vitest timeout for slower DB-backed integration tests.

Closes #1

Type of change

• New feature (non-breaking change which adds functionality)

How Has This Been Tested?

• Unit Tests
• Integration Tests
• Manual Dashboard Verification
• Manual GitHub Webhook Verification

Checklist:

• I have starred Codra on GitHub
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• My changes generate no new warnings
• New and existing unit tests pass locally with my changes
• I have signed the CLA

[codra-app-personal]

Codra Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 42186fb1a6

ℹ️ About Codra in GitHub

Your team has set up Codra to review pull requests in this repo. Reviews are triggered when you:

• Open a pull request for review
• Mark a draft as ready
• Comment "@codra-app review"

If Codra has suggestions, it will comment; otherwise it will react with 👍.

Codra can also answer questions or update the PR. Try commenting "@codra-app address that feedback".

[codra-app-personal]

Removal of environment variables from example configuration

Several environment variables (DASHBOARD_ALLOWED_USERS, GITHUB_APP_SLUG, CF_DLQ_ID, and BOT_USERNAME) have been removed from the .dev.vars.example file. If these variables are still required for the application to function correctly or for specific features (like DLQ management) to work, new developers will lack the necessary documentation to configure their local environment, leading to potential runtime errors.

[codra-app-personal]

Inconsistent test database naming

The TEST_DATABASE_URL has been changed from postgresql://user:password@localhost:5432/codra_test to postgresql://user:password@localhost:5432/codra. This is inconsistent with the naming convention used for DATABASE_URL (codra_dev). It is recommended to keep the _test suffix to clearly distinguish the test database from other environments and prevent accidental data collisions.

Suggested change

	TEST_DATABASE_URL="postgresql://user:password@localhost:5432/codra"
	TEST_DATABASE_URL="postgresql://user:password@localhost:5432/codra_test"

[codra-app-personal]

Hardcoded dummy secrets in CI configuration

The workflow hardcodes dummy values for sensitive parameters such as GITHUB_APP_WEBHOOK_SECRET, GITHUB_CLIENT_ID, and GITHUB_CLIENT_SECRET. While these are currently placeholders, hardcoding them in the repository is a security anti-pattern that can lead to accidental exposure of real secrets if developers follow this pattern. It is recommended to use GitHub Actions Secrets (e.g., ${{ secrets.GITHUB_CLIENT_SECRET }}) even for test environments.

Suggested change

	GITHUB_APP_SLUG: codra-test-app
	GITHUB_APP_WEBHOOK_SECRET: ${{ secrets.GITHUB_APP_WEBHOOK_SECRET }}
	GITHUB_CLIENT_ID: ${{ secrets.GITHUB_CLIENT_ID }}
	GITHUB_CLIENT_SECRET: ${{ secrets.GITHUB_CLIENT_SECRET }}

[codra-app-personal]

Hardcoded user identity in test configuration

The DASHBOARD_ALLOWED_USERS environment variable contains a specific username (devarshishimpi). For better maintainability and to avoid using real user identities in CI/CD configurations, consider using a generic test user identifier.

Suggested change

	APP_URL: https://codra.test
	DASHBOARD_ALLOWED_USERS: test-user

[codra-app-personal]

Default environment value changed to throwing getter

The 'ENVIRONMENT' property in 'createTestEnv' has been changed from a hardcoded 'test' value to a getter that calls 'unusedEnv()', which throws an Error. If any application code or test helper relies on the default 'ENVIRONMENT' being 'test' without providing it in the 'overrides' object, the tests will crash at runtime.

Suggested change

	BOT_USERNAME: requiredEnv('BOT_USERNAME'),
	ENVIRONMENT: 'test',

[codra-app-personal]

Removal of dummy cryptographic keys may break initialization

Properties like 'APP_PRIVATE_KEY' were previously provided with dummy values. They are now getters that throw via 'unusedEnv()'. If the system under test performs validation on these keys during bootstrap (e.g., checking for a valid PEM format), the tests will fail immediately upon initialization unless these keys are explicitly provided in the environment or overrides.

[codra-app-personal]

Fragile manual environment variable parsing

The loadEnvFiles function implements a custom parser for .env files by splitting content by newlines and slicing at the first '='. This approach is fragile and fails to handle several common .env standards: 1) Inline comments (e.g., 'KEY=VALUE # comment' will result in the value being 'VALUE # comment'), 2) Multi-line quoted values (the line-by-line split breaks these), and 3) Quote stripping fails if there is any trailing whitespace or comments after the closing quote. Using a battle-tested library like 'dotenv' is recommended, or the parser should be enhanced to handle these edge cases.

Suggested change

	function loadEnvFiles() {
	// Consider using a library like dotenv or improving the regex:
	// Example for basic inline comment removal:
	// const lineWithoutComment = line.split('#')[0].trim();

[codra-app-personal]

Empty strings treated as null in usableEnvValue

The usableEnvValue function uses a truthiness check (value && ...), which means an empty string ("") will be returned as null. While likely acceptable for database URLs, this pattern can cause bugs if other environment variables are loaded where an empty string is a distinct and valid configuration value different from null or undefined.

Suggested change

	return value && value !== 'undefined' && value !== 'null' ? value : null;
	return (value !== undefined && value !== null && value !== 'undefined' && value !== 'null') ? value : null;

[codra-app-personal]

Codra Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 42186fb1a6

ℹ️ About Codra in GitHub

Your team has set up Codra to review pull requests in this repo. Reviews are triggered when you:

• Open a pull request for review
• Mark a draft as ready
• Comment "@codra-app review"

If Codra has suggestions, it will comment; otherwise it will react with 👍.

Codra can also answer questions or update the PR. Try commenting "@codra-app address that feedback".

[codra-app-personal]

Removal of environment variables from example configuration

Several environment variables (DASHBOARD_ALLOWED_USERS, GITHUB_APP_SLUG, CF_DLQ_ID, and BOT_USERNAME) have been removed from the .dev.vars.example file. If these variables are still required for the application to function correctly or for specific features (like DLQ management) to work, new developers will lack the necessary documentation to configure their local environment, leading to potential runtime errors.

[codra-app-personal]

Inconsistent test database naming

The TEST_DATABASE_URL has been changed from postgresql://user:password@localhost:5432/codra_test to postgresql://user:password@localhost:5432/codra. This is inconsistent with the naming convention used for DATABASE_URL (codra_dev). It is recommended to keep the _test suffix to clearly distinguish the test database from other environments and prevent accidental data collisions.

Suggested change

	TEST_DATABASE_URL="postgresql://user:password@localhost:5432/codra"
	TEST_DATABASE_URL="postgresql://user:password@localhost:5432/codra_test"

[codra-app-personal]

Hardcoded dummy secrets in CI configuration

The workflow hardcodes dummy values for sensitive parameters such as GITHUB_APP_WEBHOOK_SECRET, GITHUB_CLIENT_ID, and GITHUB_CLIENT_SECRET. While these are currently placeholders, hardcoding them in the repository is a security anti-pattern that can lead to accidental exposure of real secrets if developers follow this pattern. It is recommended to use GitHub Actions Secrets (e.g., ${{ secrets.GITHUB_CLIENT_SECRET }}) even for test environments.

Suggested change

	GITHUB_APP_SLUG: codra-test-app
	GITHUB_APP_WEBHOOK_SECRET: ${{ secrets.GITHUB_APP_WEBHOOK_SECRET }}
	GITHUB_CLIENT_ID: ${{ secrets.GITHUB_CLIENT_ID }}
	GITHUB_CLIENT_SECRET: ${{ secrets.GITHUB_CLIENT_SECRET }}

[codra-app-personal]

Hardcoded user identity in test configuration

The DASHBOARD_ALLOWED_USERS environment variable contains a specific username (devarshishimpi). For better maintainability and to avoid using real user identities in CI/CD configurations, consider using a generic test user identifier.

Suggested change

	APP_URL: https://codra.test
	DASHBOARD_ALLOWED_USERS: test-user

[codra-app-personal]

Default environment value changed to throwing getter

The 'ENVIRONMENT' property in 'createTestEnv' has been changed from a hardcoded 'test' value to a getter that calls 'unusedEnv()', which throws an Error. If any application code or test helper relies on the default 'ENVIRONMENT' being 'test' without providing it in the 'overrides' object, the tests will crash at runtime.

Suggested change

	BOT_USERNAME: requiredEnv('BOT_USERNAME'),
	ENVIRONMENT: 'test',

[codra-app-personal]

Removal of dummy cryptographic keys may break initialization

Properties like 'APP_PRIVATE_KEY' were previously provided with dummy values. They are now getters that throw via 'unusedEnv()'. If the system under test performs validation on these keys during bootstrap (e.g., checking for a valid PEM format), the tests will fail immediately upon initialization unless these keys are explicitly provided in the environment or overrides.

[codra-app-personal]

Fragile manual environment variable parsing

The loadEnvFiles function implements a custom parser for .env files by splitting content by newlines and slicing at the first '='. This approach is fragile and fails to handle several common .env standards: 1) Inline comments (e.g., 'KEY=VALUE # comment' will result in the value being 'VALUE # comment'), 2) Multi-line quoted values (the line-by-line split breaks these), and 3) Quote stripping fails if there is any trailing whitespace or comments after the closing quote. Using a battle-tested library like 'dotenv' is recommended, or the parser should be enhanced to handle these edge cases.

Suggested change

	function loadEnvFiles() {
	// Consider using a library like dotenv or improving the regex:
	// Example for basic inline comment removal:
	// const lineWithoutComment = line.split('#')[0].trim();

[codra-app-personal]

Empty strings treated as null in usableEnvValue

The usableEnvValue function uses a truthiness check (value && ...), which means an empty string ("") will be returned as null. While likely acceptable for database URLs, this pattern can cause bugs if other environment variables are loaded where an empty string is a distinct and valid configuration value different from null or undefined.

Suggested change

	return value && value !== 'undefined' && value !== 'null' ? value : null;
	return (value !== undefined && value !== null && value !== 'undefined' && value !== 'null') ? value : null;

[codra-app-personal]

Codra Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 42186fb1a6

ℹ️ About Codra in GitHub

Your team has set up Codra to review pull requests in this repo. Reviews are triggered when you:

• Open a pull request for review
• Mark a draft as ready
• Comment "@codra-app review"

If Codra has suggestions, it will comment; otherwise it will react with 👍.

Codra can also answer questions or update the PR. Try commenting "@codra-app address that feedback".

[codra-app-personal]

Removal of environment variables from example configuration

Several environment variables (DASHBOARD_ALLOWED_USERS, GITHUB_APP_SLUG, CF_DLQ_ID, and BOT_USERNAME) have been removed from the .dev.vars.example file. If these variables are still required for the application to function correctly or for specific features (like DLQ management) to work, new developers will lack the necessary documentation to configure their local environment, leading to potential runtime errors.

[codra-app-personal]

Inconsistent test database naming

The TEST_DATABASE_URL has been changed from postgresql://user:password@localhost:5432/codra_test to postgresql://user:password@localhost:5432/codra. This is inconsistent with the naming convention used for DATABASE_URL (codra_dev). It is recommended to keep the _test suffix to clearly distinguish the test database from other environments and prevent accidental data collisions.

Suggested change

	TEST_DATABASE_URL="postgresql://user:password@localhost:5432/codra"
	TEST_DATABASE_URL="postgresql://user:password@localhost:5432/codra_test"

[codra-app-personal]

Hardcoded dummy secrets in CI configuration

The workflow hardcodes dummy values for sensitive parameters such as GITHUB_APP_WEBHOOK_SECRET, GITHUB_CLIENT_ID, and GITHUB_CLIENT_SECRET. While these are currently placeholders, hardcoding them in the repository is a security anti-pattern that can lead to accidental exposure of real secrets if developers follow this pattern. It is recommended to use GitHub Actions Secrets (e.g., ${{ secrets.GITHUB_CLIENT_SECRET }}) even for test environments.

Suggested change

	GITHUB_APP_SLUG: codra-test-app
	GITHUB_APP_WEBHOOK_SECRET: ${{ secrets.GITHUB_APP_WEBHOOK_SECRET }}
	GITHUB_CLIENT_ID: ${{ secrets.GITHUB_CLIENT_ID }}
	GITHUB_CLIENT_SECRET: ${{ secrets.GITHUB_CLIENT_SECRET }}

[codra-app-personal]

Hardcoded user identity in test configuration

The DASHBOARD_ALLOWED_USERS environment variable contains a specific username (devarshishimpi). For better maintainability and to avoid using real user identities in CI/CD configurations, consider using a generic test user identifier.

Suggested change

	APP_URL: https://codra.test
	DASHBOARD_ALLOWED_USERS: test-user

[codra-app-personal]

Default environment value changed to throwing getter

The 'ENVIRONMENT' property in 'createTestEnv' has been changed from a hardcoded 'test' value to a getter that calls 'unusedEnv()', which throws an Error. If any application code or test helper relies on the default 'ENVIRONMENT' being 'test' without providing it in the 'overrides' object, the tests will crash at runtime.

Suggested change

	BOT_USERNAME: requiredEnv('BOT_USERNAME'),
	ENVIRONMENT: 'test',

[codra-app-personal]

Removal of dummy cryptographic keys may break initialization

Properties like 'APP_PRIVATE_KEY' were previously provided with dummy values. They are now getters that throw via 'unusedEnv()'. If the system under test performs validation on these keys during bootstrap (e.g., checking for a valid PEM format), the tests will fail immediately upon initialization unless these keys are explicitly provided in the environment or overrides.

[codra-app-personal]

Use specific type instead of 'any' for QUEUE message

The QUEUE stub function uses any for the message parameter. This reduces type safety and makes the code harder to maintain or refactor. It is better to define an interface for the expected message structure.

Suggested change

	@@ -10,19 +23,25 @@ vi.stubGlobal('QUEUE', {
	interface QueueMessage {
	[key: string]: unknown;
	}
	// ... inside vi.stubGlobal
	send: async (msg: QueueMessage) => { ... }

[codra-app-personal]

usableEnvValue logic treats string literals as missing

The usableEnvValue function explicitly returns null if the value is the string 'undefined' or 'null'. While this likely prevents accidental string values from being passed to the database driver, it might mask a legitimate test case where these strings are the intended value.

Suggested change

	function usableEnvValue(value: string | undefined) {
	// Explicitly check for the string literals to prevent them from being treated as missing,
	// but add a comment explaining this specific behavior.
	return value && value !== 'undefined' && value !== 'null' ? value : null;
	}

[codra-app-personal]

Fragile manual environment variable parsing

The loadEnvFiles function implements a custom parser for .env files by splitting content by newlines and slicing at the first '='. This approach is fragile and fails to handle several common .env standards: 1) Inline comments (e.g., 'KEY=VALUE # comment' will result in the value being 'VALUE # comment'), 2) Multi-line quoted values (the line-by-line split breaks these), and 3) Quote stripping fails if there is any trailing whitespace or comments after the closing quote. Using a battle-tested library like 'dotenv' is recommended, or the parser should be enhanced to handle these edge cases.

Suggested change

	function loadEnvFiles() {
	// Consider using a library like dotenv or improving the regex:
	// Example for basic inline comment removal:
	// const lineWithoutComment = line.split('#')[0].trim();

[codra-app-personal]

Empty strings treated as null in usableEnvValue

The usableEnvValue function uses a truthiness check (value && ...), which means an empty string ("") will be returned as null. While likely acceptable for database URLs, this pattern can cause bugs if other environment variables are loaded where an empty string is a distinct and valid configuration value different from null or undefined.

Suggested change

	return value && value !== 'undefined' && value !== 'null' ? value : null;
	return (value !== undefined && value !== null && value !== 'undefined' && value !== 'null') ? value : null;