293 lines
9.7 KiB
Bash
Executable File
293 lines
9.7 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
# ⚠️ DEPRECATED: This script is deprecated and will be removed in v2.0.0
|
|
# Please use: .github/skills/scripts/skill-runner.sh test-backend-coverage
|
|
# For more info: docs/AGENT_SKILLS_MIGRATION.md
|
|
echo "⚠️ WARNING: This script is deprecated and will be removed in v2.0.0" >&2
|
|
echo " Please use: .github/skills/scripts/skill-runner.sh test-backend-coverage" >&2
|
|
echo " For more info: docs/AGENT_SKILLS_MIGRATION.md" >&2
|
|
echo "" >&2
|
|
sleep 1
|
|
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
|
BACKEND_DIR="$ROOT_DIR/backend"
|
|
COVERAGE_FILE="$BACKEND_DIR/coverage.txt"
|
|
MIN_COVERAGE="${CHARON_MIN_COVERAGE:-${CPM_MIN_COVERAGE:-85}}"
|
|
|
|
generate_test_encryption_key() {
|
|
if command -v openssl >/dev/null 2>&1; then
|
|
openssl rand -base64 32 | tr -d '\n'
|
|
return
|
|
fi
|
|
|
|
if command -v python3 >/dev/null 2>&1; then
|
|
python3 - <<'PY'
|
|
import base64
|
|
import os
|
|
|
|
print(base64.b64encode(os.urandom(32)).decode())
|
|
PY
|
|
return
|
|
fi
|
|
|
|
echo ""
|
|
}
|
|
|
|
ensure_encryption_key() {
|
|
local key_source="existing"
|
|
local decoded_key_hex=""
|
|
local decoded_key_bytes=0
|
|
|
|
if [[ -z "${CHARON_ENCRYPTION_KEY:-}" ]]; then
|
|
key_source="generated"
|
|
CHARON_ENCRYPTION_KEY="$(generate_test_encryption_key)"
|
|
fi
|
|
|
|
if [[ -z "${CHARON_ENCRYPTION_KEY:-}" ]]; then
|
|
echo "Error: Could not provision CHARON_ENCRYPTION_KEY automatically."
|
|
echo "Install openssl or python3, or set CHARON_ENCRYPTION_KEY manually to a base64-encoded 32-byte key."
|
|
exit 1
|
|
fi
|
|
|
|
if ! decoded_key_hex=$(printf '%s' "$CHARON_ENCRYPTION_KEY" | base64 --decode 2>/dev/null | od -An -tx1 -v | tr -d ' \n'); then
|
|
key_source="regenerated"
|
|
CHARON_ENCRYPTION_KEY="$(generate_test_encryption_key)"
|
|
if ! decoded_key_hex=$(printf '%s' "$CHARON_ENCRYPTION_KEY" | base64 --decode 2>/dev/null | od -An -tx1 -v | tr -d ' \n'); then
|
|
echo "Error: CHARON_ENCRYPTION_KEY could not be decoded and regeneration failed."
|
|
echo "Set CHARON_ENCRYPTION_KEY to a valid base64-encoded 32-byte key."
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
decoded_key_bytes=$(( ${#decoded_key_hex} / 2 ))
|
|
if [[ "$decoded_key_bytes" -ne 32 ]]; then
|
|
key_source="regenerated"
|
|
CHARON_ENCRYPTION_KEY="$(generate_test_encryption_key)"
|
|
if ! decoded_key_hex=$(printf '%s' "$CHARON_ENCRYPTION_KEY" | base64 --decode 2>/dev/null | od -An -tx1 -v | tr -d ' \n'); then
|
|
echo "Error: CHARON_ENCRYPTION_KEY has invalid length and regeneration failed."
|
|
echo "Set CHARON_ENCRYPTION_KEY to a valid base64-encoded 32-byte key."
|
|
exit 1
|
|
fi
|
|
|
|
decoded_key_bytes=$(( ${#decoded_key_hex} / 2 ))
|
|
if [[ "$decoded_key_bytes" -ne 32 ]]; then
|
|
echo "Error: Could not provision a valid 32-byte CHARON_ENCRYPTION_KEY."
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
export CHARON_ENCRYPTION_KEY
|
|
|
|
if [[ "$key_source" == "generated" ]]; then
|
|
echo "Info: CHARON_ENCRYPTION_KEY was not set; generated an ephemeral test key."
|
|
elif [[ "$key_source" == "regenerated" ]]; then
|
|
echo "Warning: CHARON_ENCRYPTION_KEY was invalid; generated an ephemeral test key."
|
|
fi
|
|
}
|
|
|
|
ensure_encryption_key
|
|
|
|
# Perf asserts are sensitive to -race overhead; loosen defaults for hook runs
|
|
export PERF_MAX_MS_GETSTATUS_P95="${PERF_MAX_MS_GETSTATUS_P95:-25ms}"
|
|
export PERF_MAX_MS_GETSTATUS_P95_PARALLEL="${PERF_MAX_MS_GETSTATUS_P95_PARALLEL:-50ms}"
|
|
export PERF_MAX_MS_LISTDECISIONS_P95="${PERF_MAX_MS_LISTDECISIONS_P95:-75ms}"
|
|
|
|
# trap 'rm -f "$COVERAGE_FILE"' EXIT
|
|
|
|
cd "$BACKEND_DIR"
|
|
|
|
# Packages to exclude from coverage (main packages and infrastructure code)
|
|
# These are entrypoints and initialization code that don't benefit from unit tests
|
|
EXCLUDE_PACKAGES=(
|
|
"github.com/Wikid82/charon/backend/internal/trace"
|
|
"github.com/Wikid82/charon/backend/integration"
|
|
)
|
|
|
|
# Try to run tests to produce coverage file; some toolchains may return a non-zero
|
|
# exit if certain coverage tooling is unavailable (e.g. covdata) while still
|
|
# producing a usable coverage file. Capture the status so we can report real
|
|
# test failures after the coverage check.
|
|
# Note: Using -v for verbose output and -race for race detection
|
|
GO_TEST_STATUS=0
|
|
TEST_OUTPUT_FILE=$(mktemp)
|
|
trap 'rm -f "$TEST_OUTPUT_FILE"' EXIT
|
|
|
|
if command -v gotestsum &> /dev/null; then
|
|
set +e
|
|
gotestsum --format pkgname -- -race -mod=readonly -coverprofile="$COVERAGE_FILE" ./... 2>&1 | tee "$TEST_OUTPUT_FILE"
|
|
GO_TEST_STATUS=$?
|
|
set -e
|
|
else
|
|
set +e
|
|
go test -race -v -mod=readonly -coverprofile="$COVERAGE_FILE" ./... 2>&1 | tee "$TEST_OUTPUT_FILE"
|
|
GO_TEST_STATUS=$?
|
|
set -e
|
|
fi
|
|
|
|
if [ "$GO_TEST_STATUS" -ne 0 ]; then
|
|
echo "Warning: go test returned non-zero (status ${GO_TEST_STATUS}); checking coverage file presence"
|
|
echo ""
|
|
echo "============================================"
|
|
echo "FAILED TEST SUMMARY:"
|
|
echo "============================================"
|
|
grep -E "(FAIL:|--- FAIL:)" "$TEST_OUTPUT_FILE" || echo "No specific failures captured in output"
|
|
echo "============================================"
|
|
fi
|
|
|
|
# Filter out excluded packages from coverage file
|
|
if [ -f "$COVERAGE_FILE" ]; then
|
|
echo "Filtering excluded packages from coverage report..."
|
|
FILTERED_COVERAGE="${COVERAGE_FILE}.filtered"
|
|
|
|
# Build sed command with all patterns at once (more efficient than loop)
|
|
SED_PATTERN=""
|
|
for pkg in "${EXCLUDE_PACKAGES[@]}"; do
|
|
if [ -z "$SED_PATTERN" ]; then
|
|
SED_PATTERN="\|^${pkg}|d"
|
|
else
|
|
SED_PATTERN="${SED_PATTERN};\|^${pkg}|d"
|
|
fi
|
|
done
|
|
|
|
# Use non-blocking sed with explicit input/output (avoids -i hang issues)
|
|
timeout 30 sed "$SED_PATTERN" "$COVERAGE_FILE" > "$FILTERED_COVERAGE" || {
|
|
echo "Error: Coverage filtering failed or timed out"
|
|
echo "Using unfiltered coverage file"
|
|
cp "$COVERAGE_FILE" "$FILTERED_COVERAGE"
|
|
}
|
|
|
|
mv "$FILTERED_COVERAGE" "$COVERAGE_FILE"
|
|
echo "Coverage filtering complete"
|
|
fi
|
|
|
|
if [ ! -f "$COVERAGE_FILE" ]; then
|
|
echo "Error: coverage file not generated by go test"
|
|
exit 1
|
|
fi
|
|
|
|
# Generate coverage report once with timeout protection
|
|
# NOTE: Large repos can produce big coverage profiles; allow more time for parsing.
|
|
COVERAGE_OUTPUT=$(timeout 180 go tool cover -func="$COVERAGE_FILE" 2>&1) || {
|
|
echo "Error: go tool cover failed or timed out after 180 seconds"
|
|
echo "This may indicate corrupted coverage data or memory issues"
|
|
exit 1
|
|
}
|
|
|
|
# Extract and display the summary line (total coverage)
|
|
TOTAL_LINE=$(echo "$COVERAGE_OUTPUT" | awk '/^total:/ {line=$0} END {print line}')
|
|
|
|
if [ -z "$TOTAL_LINE" ]; then
|
|
echo "Error: Coverage report missing 'total:' line"
|
|
echo "Coverage output:"
|
|
echo "$COVERAGE_OUTPUT"
|
|
exit 1
|
|
fi
|
|
|
|
echo "$TOTAL_LINE"
|
|
|
|
# Extract statement coverage percentage from go tool cover summary line
|
|
STATEMENT_PERCENT=$(echo "$TOTAL_LINE" | awk '{
|
|
if (NF < 3) {
|
|
print "ERROR: Invalid coverage line format" > "/dev/stderr"
|
|
exit 1
|
|
}
|
|
# Extract last field and remove trailing %
|
|
last_field = $NF
|
|
if (last_field !~ /^[0-9]+(\.[0-9]+)?%$/) {
|
|
printf "ERROR: Last field is not a valid percentage: %s\n", last_field > "/dev/stderr"
|
|
exit 1
|
|
}
|
|
# Remove trailing %
|
|
gsub(/%$/, "", last_field)
|
|
print last_field
|
|
}')
|
|
|
|
if [ -z "$STATEMENT_PERCENT" ] || [ "$STATEMENT_PERCENT" = "ERROR" ]; then
|
|
echo "Error: Could not extract coverage percentage from: $TOTAL_LINE"
|
|
exit 1
|
|
fi
|
|
|
|
# Validate that extracted value is numeric (allows decimals and integers)
|
|
if ! echo "$STATEMENT_PERCENT" | grep -qE '^[0-9]+(\.[0-9]+)?$'; then
|
|
echo "Error: Extracted coverage value is not numeric: '$STATEMENT_PERCENT'"
|
|
echo "Source line: $TOTAL_LINE"
|
|
exit 1
|
|
fi
|
|
|
|
# Compute line coverage directly from coverprofile blocks (authoritative gate in this script)
|
|
# Format per line:
|
|
# file:startLine.startCol,endLine.endCol numStatements count
|
|
LINE_PERCENT=$(awk '
|
|
BEGIN {
|
|
total_lines = 0
|
|
covered_lines = 0
|
|
}
|
|
NR == 1 {
|
|
next
|
|
}
|
|
{
|
|
split($1, pos, ":")
|
|
if (length(pos) < 2) {
|
|
next
|
|
}
|
|
|
|
file = pos[1]
|
|
split(pos[2], ranges, ",")
|
|
split(ranges[1], start_parts, ".")
|
|
split(ranges[2], end_parts, ".")
|
|
|
|
start_line = start_parts[1] + 0
|
|
end_line = end_parts[1] + 0
|
|
count = $3 + 0
|
|
|
|
if (start_line <= 0 || end_line <= 0 || end_line < start_line) {
|
|
next
|
|
}
|
|
|
|
for (line = start_line; line <= end_line; line++) {
|
|
key = file ":" line
|
|
if (!(key in seen_total)) {
|
|
seen_total[key] = 1
|
|
total_lines++
|
|
}
|
|
if (count > 0 && !(key in seen_covered)) {
|
|
seen_covered[key] = 1
|
|
covered_lines++
|
|
}
|
|
}
|
|
}
|
|
END {
|
|
if (total_lines == 0) {
|
|
print "0.0"
|
|
exit 0
|
|
}
|
|
printf "%.1f", (covered_lines * 100.0) / total_lines
|
|
}
|
|
' "$COVERAGE_FILE")
|
|
|
|
if [ -z "$LINE_PERCENT" ]; then
|
|
echo "Error: Could not compute line coverage from $COVERAGE_FILE"
|
|
exit 1
|
|
fi
|
|
|
|
if ! echo "$LINE_PERCENT" | grep -qE '^[0-9]+(\.[0-9]+)?$'; then
|
|
echo "Error: Computed line coverage is not numeric: '$LINE_PERCENT'"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Statement coverage: ${STATEMENT_PERCENT}%"
|
|
echo "Line coverage: ${LINE_PERCENT}%"
|
|
echo "Coverage gate (line coverage): minimum required ${MIN_COVERAGE}%"
|
|
|
|
if awk -v current="$LINE_PERCENT" -v minimum="$MIN_COVERAGE" 'BEGIN { exit !(current + 0 < minimum + 0) }'; then
|
|
echo "Coverage ${LINE_PERCENT}% is below required ${MIN_COVERAGE}% (set CHARON_MIN_COVERAGE or CPM_MIN_COVERAGE to override)"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Coverage requirement met"
|
|
|
|
# Bubble up real test failures (after printing coverage info) so pre-commit
|
|
# reflects the actual test status.
|
|
if [ "$GO_TEST_STATUS" -ne 0 ]; then
|
|
exit "$GO_TEST_STATUS"
|
|
fi
|