Skip to content

fix: CI Mutation Testing structlog module (#738) #741

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
anchapin merged 4 commits into from
Mar 8, 2026
Merged

fix: CI Mutation Testing structlog module (#738) #741

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3d4ac20
fix: clear node cache in frontend lint CI to resolve zod-validation-e…
openhands-agent Mar 7, 2026
1d868ec
fix: add structlog to dev dependencies for CI mutation testing (#738)
openhands-agent Mar 7, 2026
08e5267
feat: Add dependency vulnerability scanning (#702)
openhands-agent Mar 7, 2026
b36d3e6
fix: CI Mutation Testing structlog module (#738)
openhands-agent Mar 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
89 changes: 89 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -730,6 +730,8 @@ jobs:
du -sh dist/* 2>/dev/null || echo "Build completed"
;;
"lint")
# Clear node_modules/.cache to fix zod-validation-error export issue
rm -rf frontend/node_modules/.cache
Copy link

Copilot AI Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this step you cd frontend before the case, but the added removal uses rm -rf frontend/node_modules/.cache. That path is likely wrong from inside the frontend directory, so it won’t actually clear the cache you intend. Use a path relative to the current working directory (e.g., node_modules/.cache) or move the cleanup before cd frontend.

Suggested change
rm -rf frontend/node_modules/.cache
rm -rf node_modules/.cache

Copilot uses AI. Check for mistakes.
# Run linting
npm run lint
;;
Expand Down Expand Up @@ -799,11 +801,13 @@ jobs:
if [ "${{ matrix.project }}" = "ai-engine" ]; then
cd ai-engine
pip install -e ".[dev]"
pip install structlog
pip install mutmut
else
cd backend
pip install -r requirements.txt
pip install -r requirements-dev.txt
pip install structlog
pip install mutmut
Comment on lines +804 to 811
Copy link

Copilot AI Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The install step now adds pip install structlog even though this job already installs project dependencies (pip install -e ".[dev]" for ai-engine, and pip install -r requirements-dev.txt for backend). This is redundant and can mask missing/incorrect dependency declarations; prefer ensuring structlog is declared in the project dependency files and remove the explicit install here (same applies to pip install mutmut if it’s already in the dev deps).

Suggested change
pip install structlog
pip install mutmut
else
cd backend
pip install -r requirements.txt
pip install -r requirements-dev.txt
pip install structlog
pip install mutmut
else
cd backend
pip install -r requirements.txt
pip install -r requirements-dev.txt

Copilot uses AI. Check for mistakes.
fi

Expand Down Expand Up @@ -1027,6 +1031,91 @@ jobs:
cd backend
ruff format --check src/ tests/

# Dependency vulnerability scanning
vulnerability-scan:
name: Dependency Vulnerability Scan
runs-on: ubuntu-latest
needs: [changes]
if: ${{ needs.changes.outputs.dependencies == 'true' || needs.changes.outputs.frontend == 'true' || needs.changes.outputs.backend == 'true' || needs.changes.outputs.ai-engine == 'true' }}
Comment on lines +1034 to +1039
Copy link

Copilot AI Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR is described as a CI fix for missing structlog, but this workflow change also introduces an entire new vulnerability-scan job (Python + Node audits). If that’s intentional, please update the PR description/scope; otherwise, consider moving the vulnerability scanning to a separate PR to keep review/rollback risk low.

Copilot uses AI. Check for mistakes.
timeout-minutes: 15
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v6

# Python dependency vulnerability scanning (pip-audit)
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.11'

- name: Install pip-audit
run: |
python -m pip install --upgrade pip
pip install pip-audit

- name: Scan Python dependencies (Backend)
if: needs.changes.outputs.backend == 'true' || needs.changes.outputs.dependencies == 'true'
run: |
echo "=== Scanning Backend Dependencies ==="
cd backend
pip-audit -r requirements.txt || true
continue-on-error: true

- name: Scan Python dependencies (AI Engine)
if: needs.changes.outputs.ai-engine == 'true' || needs.changes.outputs.dependencies == 'true'
run: |
echo "=== Scanning AI Engine Dependencies ==="
cd ai-engine
pip-audit -r requirements.txt || true
continue-on-error: true

# Node.js dependency vulnerability scanning (npm audit)
- name: Set up Node.js
uses: actions/setup-node@v6
with:
node-version: '20.19.0'

- name: Install pnpm
uses: pnpm/action-setup@v4
with:
version: 9

- name: Get pnpm store directory
id: pnpm-store
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_OUTPUT

- name: Setup pnpm cache
uses: actions/cache@v5
with:
path: ${{ steps.pnpm-store.outputs.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ env.CACHE_VERSION }}-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-${{ env.CACHE_VERSION }}-
${{ runner.os }}-pnpm-store-

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Scan npm dependencies (Frontend)
if: needs.changes.outputs.frontend == 'true' || needs.changes.outputs.dependencies == 'true'
run: |
echo "=== Scanning Frontend npm Dependencies ==="
cd frontend
npm audit --audit-level=high || true
continue-on-error: true

- name: Scan npm dependencies (Root workspace)
run: |
echo "=== Scanning Root npm Workspace Dependencies ==="
npm audit --audit-level=high || true
continue-on-error: true
Comment on lines +1102 to +1117
Copy link

Copilot AI Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The vulnerability scan installs dependencies with pnpm, but then runs npm audit. npm audit does not use pnpm-lock.yaml and can produce misleading/no results in pnpm-managed workspaces. Prefer pnpm audit (or another tool that explicitly supports pnpm) for accurate scanning.

Copilot uses AI. Check for mistakes.

# Performance tracking and optimization monitoring
performance-monitoring:
name: Performance & Cache Monitoring
Expand Down
1 change: 1 addition & 0 deletions ai-engine/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -289,6 +289,7 @@ dev = [
"black",
"ruff",
"isort",
"structlog",
]

# All GPU options combined
Expand Down
3 changes: 3 additions & 0 deletions backend/requirements-dev.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,6 @@ mutmut>=2.4.0

# Development Tools
pre-commit>=3.0.0

# Logging
structlog
Copy link

Copilot AI Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

requirements-dev.txt uses version constraints for other packages (e.g., pytest-mock>=..., mutmut>=..., pre-commit>=...), but structlog is added without any constraint. To keep dependency resolution stable and consistent with the rest of this file, add an appropriate version specifier (e.g., structlog>=...).

Suggested change
structlog
structlog>=24.0.0

Copilot uses AI. Check for mistakes.
Loading