Add comprehensive test suite covering core functionality and edge cases (#1182)

* Enable GitHub issues for projects with retry logic

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* refactor: reorganize test suite with fixtures and business-focused tests

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* chore: replace black/isort/flake8 with ruff for code formatting and linting

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* ci: add coverage file path configuration to test workflow

* update CI config and use official Ruff Docker image for linting

* simplify Makefile targets and improve CI workflow with better coverage handling

* remove hardcoded coverage.xml file

* optimize Docker build with layer caching and artifact sharing between jobs

* fix coverage.xml path

* standardize Dockerfile AS syntax to uppercase

* add Codecov coverage reporting to test workflow

* fix coverage report upload by copying XML from Docker container

* simplify CI workflow by removing build job and using docker compose directly

* update Docker coverage handling in CI workflow and simplify Makefile

* refactor Docker setup by introducing base and application Dockerfiles, enhancing caching mechanisms, and updating docker-compose configuration for improved CI integration

* update GitHub Actions workflow to include permissions for contents and packages

* enhance GitHub Actions workflow by adding optional Personal Access Token usage and enriching image metadata with source and description labels

* more fixes.

* Add login step for Container Registry in GitHub Actions workflow

* Update coverage file paths in GitHub Actions workflow to use /tmp directory

* Refactor coverage handling in GitHub Actions workflow to create a dedicated output directory and simplify XML file copying from mounted volume

* Update coverage file paths in GitHub Actions workflow to use /app directory for consistency with container structure

* Refactor utility functions in jazzband.utils module for improved type hinting and code clarity. Add comprehensive unit tests for utility functions, including URL safety validation, cache header management, and redirect target handling.

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* Formatting.

* Add comprehensive unit tests for exception handling, custom headers, mixins, and renderer functionality. Introduce new fixtures for testing and enhance existing ones for better coverage.

* Update pre-commit configuration to use --unsafe-fixes for ruff and remove unnecessary result assignments in CSP header tests.

* Add Codecov badge to README for improved visibility of test coverage

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>

Author: jezdez

.codecov.yml

@@ -0,0 +1,29 @@
+codecov:
+  require_ci_to_pass: true
+
+coverage:
+  precision: 2
+  round: down
+  range: "70...100"
+  status:
+    project:
+      default:
+        target: auto
+        threshold: 1%
+    patch:
+      default:
+        target: auto
+        threshold: 1%
+
+parsers:
+  gcov:
+    branch_detection:
+      conditional: true
+      loop: true
+      method: false
+      macro: false
+
+comment:
+  layout: "reach,diff,flags,files,footer"
+  behavior: default
+  require_changes: false

.env.test

@@ -0,0 +1,6 @@
+FLASK_ENV=testing
+OAUTHLIB_INSECURE_TRANSPORT=1
+# Test environment settings for GitHub OAuth
+GITHUB_ORG_NAME=test-org-name
+GITHUB_CLIENT_ID=test-client-id
+GITHUB_CLIENT_SECRET=test-client-secret

.flake8

@@ -0,0 +1,46 @@
+name: Cleanup Old Cache Images
+
+on:
+  schedule:
+    # Run weekly on Sundays at 2 AM UTC
+    - cron: '0 2 * * 0'
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  BASE_IMAGE_NAME: ${{ github.repository }}/base
+
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'jazzband'
+    
+    steps:
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Delete old images
+        run: |
+          # Get all image versions
+          PACKAGE_NAME=$(echo "${{ env.BASE_IMAGE_NAME }}" | cut -d'/' -f2-)
+          
+          # Get all versions of the base image package
+          VERSIONS=$(gh api \
+            -H "Accept: application/vnd.github.v3+json" \
+            "/orgs/${{ github.repository_owner }}/packages/container/$PACKAGE_NAME/versions" \
+            --jq '.[].id' | head -n -5)  # Keep the 5 most recent versions
+          
+          # Delete old versions (keep the latest 5)
+          for version_id in $VERSIONS; do
+            echo "Deleting version ID: $version_id"
+            gh api \
+              --method DELETE \
+              -H "Accept: application/vnd.github.v3+json" \
+              "/orgs/${{ github.repository_owner }}/packages/container/$PACKAGE_NAME/versions/$version_id" || true
+          done
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 

.github/workflows/cleanup-cache.yml

@@ -1,4 +1,9 @@
 name: Test & Deploy
+
+permissions:
+  contents: read
+  packages: write
+
 on:
   push:
     branches:
@@ -10,9 +15,86 @@ on:
     types:
       - published
 
+env:
+  REGISTRY: ghcr.io
+  BASE_IMAGE_NAME: ${{ github.repository }}/base
+
 jobs:
+  build-base-image:
+    runs-on: ubuntu-latest
+    outputs:
+      image-tag: ${{ steps.meta.outputs.tags }}
+      image-digest: ${{ steps.build.outputs.digest }}
+      cache-hit: ${{ steps.cache-check.outputs.cache-hit }}
+      deps-hash: ${{ steps.deps-hash.outputs.hash }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          # Alternative: Use a Personal Access Token if GITHUB_TOKEN doesn't work
+          # password: ${{ secrets.GHCR_TOKEN }}
+
+      - name: Generate dependency hash
+        id: deps-hash
+        run: |
+          DEPS_HASH=$(cat requirements.txt package.json package-lock.json | sha256sum | cut -d' ' -f1)
+          echo "hash=$DEPS_HASH" >> $GITHUB_OUTPUT
+
+      - name: Check if base image exists
+        id: cache-check
+        run: |
+          # Check if an image with this dependency hash already exists
+          if docker manifest inspect ${{ env.REGISTRY }}/${{ env.BASE_IMAGE_NAME }}:deps-${{ steps.deps-hash.outputs.hash }} > /dev/null 2>&1; then
+            echo "cache-hit=true" >> $GITHUB_OUTPUT
+            echo "Base image cache hit!"
+          else
+            echo "cache-hit=false" >> $GITHUB_OUTPUT
+            echo "Base image cache miss, will build new image"
+          fi
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.BASE_IMAGE_NAME }}
+          tags: |
+            type=raw,value=deps-${{ steps.deps-hash.outputs.hash }}
+            type=raw,value=latest
+            type=ref,event=branch
+            type=ref,event=pr
+            type=sha
+          labels: |
+            org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
+            org.opencontainers.image.description=Base image with dependencies for Jazzband website
+
+      - name: Build and push base image
+        if: steps.cache-check.outputs.cache-hit != 'true'
+        id: build
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.base
+          platforms: linux/amd64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: |
+            DEPS_HASH=${{ steps.deps-hash.outputs.hash }}
+
   test:
     runs-on: ubuntu-latest
+    needs: build-base-image
 
     steps:
       - name: Cancel Previous Runs
@@ -22,18 +104,61 @@ jobs:
 
       - uses: actions/checkout@v4
 
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - uses: actions/setup-node@v4
         with:
           node-version: "15"
           check-latest: true
 
-      - run: make envvar
+      - name: Create .env file
+        run: make envvar
+
+      - name: Pull base image
+        run: |
+          docker pull ${{ env.REGISTRY }}/${{ env.BASE_IMAGE_NAME }}:deps-${{ needs.build-base-image.outputs.deps-hash }}
+
+      - name: Build application image
+        env:
+          BASE_IMAGE: ${{ env.REGISTRY }}/${{ env.BASE_IMAGE_NAME }}:deps-${{ needs.build-base-image.outputs.deps-hash }}
+        run: make build-app
 
-      - run: make pull
+      - name: Run tests
+        env:
+          JAZZBAND_IMAGE: jazzband-website:latest
+          COVERAGE_FILE: /app/.coverage
+          COVERAGE_XML: /app/coverage.xml
+        run: |
+          # Create coverage output directory
+          mkdir -p $PWD/coverage-data
+          chmod 777 $PWD/coverage-data
+          
+          # Run tests with volume mount for coverage output
+          docker compose run --rm \
+            -e COVERAGE_FILE \
+            -e COVERAGE_XML \
+            -v $PWD/coverage-data:/app/coverage-data \
+            -u root \
+            web sh -c "
+              pytest tests/ --cov=jazzband --cov-report=xml --cov-report=term
+              cp /app/coverage.xml /app/coverage-data/coverage.xml
+              chmod 644 /app/coverage-data/coverage.xml
+            "
 
-      - run: make image
+      # Copy coverage XML from mounted volume
+      - name: Copy coverage XML from container
+        run: |
+          cp coverage-data/coverage.xml ./coverage.xml || echo "Failed to copy coverage.xml"
 
-      - run: make test
+      - name: Upload coverage reports to Codecov with GitHub Action
+        uses: codecov/codecov-action@v5
+        with:
+          file: ./coverage.xml
 
   deploy:
     if: github.event.action == 'published' && github.repository == 'jazzband/website'

.github/workflows/test-and-deploy.yml

@@ -11,3 +11,5 @@ node_modules
 .local/
 .parcel-cache
 .vscode
+.coverage
+coverage.xml

.gitignore

@@ -1,13 +1,7 @@
 repos:
-  - repo: https://github.com/psf/black
-    rev: 25.1.0
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.6.5
     hooks:
-    - id: black
-  - repo: https://github.com/PyCQA/isort
-    rev: 6.0.1
-    hooks:
-    - id: isort
-  - repo: https://github.com/PyCQA/flake8
-    rev: 7.2.0
-    hooks:
-    - id: flake8
+      - id: ruff
+        args: [--fix, --unsafe-fixes]
+      - id: ruff-format

.isort.cfg

@@ -1,4 +1,4 @@
-FROM node as npm
+FROM node AS npm
 
 WORKDIR /tmp
 

.pre-commit-config.yaml

@@ -0,0 +1,38 @@
+# Application image that uses the cached base image
+ARG BASE_IMAGE
+FROM node AS npm
+
+WORKDIR /tmp
+
+# Copy package files (should already be cached in base image)
+COPY package.json package-lock.json /tmp/
+
+# Install dependencies (this layer should be cached from base image build)
+RUN npm update -g npm && npm install
+
+# Copy application code and build frontend assets
+COPY . /tmp/
+RUN npm run build
+
+# -----------------------------------------------------------------------------
+# Use the cached base image
+FROM ${BASE_IMAGE}
+
+# Switch to root temporarily to copy files
+USER root
+
+# Copy application code
+COPY . /app/
+
+# Copy built frontend assets from the npm stage
+COPY --from=npm /tmp/jazzband/static/dist /app/jazzband/static/dist/
+
+# Ensure proper ownership
+RUN chown -R 10001:10001 /app
+
+# Switch back to app user
+USER 10001
+
+EXPOSE 5000
+
+ENTRYPOINT ["/app/docker-entrypoint.sh", "--"]