Feature/automatic dependabot tool

[tmikula-dev]

Overview

This pull request introduces automated dependency management with Dependabot, raises code coverage standards, and significantly expands test coverage for critical modules. The main themes are infrastructure automation, improved code quality requirements, and enhanced unit testing for error handling and edge cases.

Release Notes

• Dependabot Auto-approve/merge tool

Related

Closes #114

Summary by CodeRabbit

• Chores

  • Configured weekly automated dependency checks for GitHub Actions and Python packages with limited open PRs and labeled updates.
  • Added workflow to auto-approve and attempt auto-merge of dependency update pull requests.

• Tests

  • Expanded unit tests for API loading, token handling, trace logging, and DB health outcomes; improved test fixtures.

• Documentation

  • Raised documented minimum test coverage to 90%.

[coderabbitai]

Walkthrough

Added Dependabot configuration and a GitHub Actions workflow to auto-approve and attempt auto-merge Dependabot PRs; raised pytest coverage threshold from 80% to 90%; and extended/rewrote multiple unit tests for handlers, token handling, trace logging, and Postgres writer health checks.

Changes

Cohort / File(s)	Summary
Dependabot config & workflow \.github/dependabot.yml, \.github/workflows/dependabot_auto.yml	New Dependabot configuration (weekly checks for github-actions and pip, max 3 open PRs, labels/commit prefix). New workflow auto-approves Dependabot PRs and attempts to enable auto-merge for version/security updates.
Coverage threshold DEVELOPER.md, Makefile	Increased minimum pytest coverage from 80 to 90 (--cov-fail-under and MIN_COVERAGE).
Handler API tests tests/unit/handlers/test_handler_api.py	Refactored tests to use mocker; added test for empty API definition file raising RuntimeError; preserved existing success and FileNotFoundError paths.
Handler token tests tests/unit/handlers/test_handler_token.py	Rewrote to use mocker; added parametrized token extraction cases; consolidated key-refresh tests; added cases for multi-key responses, missing keys field, and request connection errors.
Trace logging tests tests/unit/utils/test_trace_logging.py	Added test_log_payload_skipped_when_trace_not_enabled asserting no trace logging when trace level is disabled.
Postgres writer tests tests/unit/writers/test_writer_postgres.py	Added health-check tests for empty database config and secret-fetch failure (returns appropriate status/messages).
Test fixtures tests/unit/conftest.py	Adjusted Kafka producer mock target to src.writers.writer_kafka.Producer and returned MagicMock with flush() stubbed to 0 to avoid blocking in tests.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Dependabot as "Dependabot"
  participant Repo as "Repository (master)"
  participant GitHubActions as "GitHub Actions\n(dependabot_auto)"
  participant FetchMeta as "dependabot/fetch-metadata"
  participant GHCLI as "gh (CLI)"

  Note over Dependabot,Repo: Dependabot opens PRs (weekly)
  Dependabot->>Repo: open PR (version/security update)
  Repo->>GitHubActions: trigger workflow on PR opened/synchronize
  GitHubActions->>FetchMeta: run action to fetch Dependabot metadata
  FetchMeta-->>GitHubActions: outputs.update-type, pr_url
  GitHubActions->>GHCLI: run `gh pr review --approve` with pr_url
  alt update-type is version or security
    GitHubActions->>GHCLI: run `gh pr merge --auto --squash` (continue-on-error)
    GHCLI-->>GitHubActions: merge attempted / may fail
  end
  GHCLI-->>Repo: PR approved and (maybe) auto-merged

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~30 minutes

Possibly related PRs

• OOP for project writers #104: Related to writer/handler changes and tests that touch writer injection and test updates.
• Token verification with previous public token #83: Introduces HandlerToken logic and public-key fetching that the updated token tests exercise.
• Adding the Dependabot workflows to project #114: Issue tracking addition of Dependabot workflows and auto-merge—directly aligned with added config/workflow.

Suggested reviewers

• petr-pokorny-absa
• ABMC831
• lsulak
• Zejnilovic
• oto-macenauer-absa

Poem

🐰 In code and carrots I hop with glee,

Dependabot brings updates to me,
Tests grow stronger, coverage climbs high,
Auto-merge tries while I nibble a pie,
EventGate hops forward beneath the sky.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Feature/automatic dependabot tool' directly matches the main change introduced in the PR: adding Dependabot workflow automation configuration and tooling.
Description check	✅ Passed	The PR description includes the required template sections (Overview, Release Notes, Related) with meaningful content addressing the main changes and linked issue.
Linked Issues check	✅ Passed	The PR fully addresses issue #114 by implementing Dependabot workflows (.github/dependabot.yml) and auto-merge automation (.github/workflows/dependabot_auto.yml) with comprehensive test coverage additions.
Out of Scope Changes check	✅ Passed	Coverage threshold increases in Makefile/DEVELOPER.md and test enhancements are supporting improvements to ensure quality of dependency updates; all changes align with the stated goal of leveraging test coverage for safe automated merging.
Docstring Coverage	✅ Passed	Docstring coverage is 80.77% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/automatic-dependabot-tool

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

Makefile (1)

6-18: ⚠️ Potential issue | 🟡 Minor

Update stale pytest-unit target description.

The target now enforces 90%, but the inline help still says threshold >= 80%.

Suggested change

-pytest-unit: ## Run unit tests with coverage (threshold >= 80%)
+pytest-unit: ## Run unit tests with coverage (threshold >= 90%)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Makefile` around lines 6 - 18, The pytest-unit target's inline help text is
stale (mentions "threshold >= 80%") while MIN_COVERAGE is set to 90; update the
comment for the pytest-unit Makefile target to reflect the current threshold
(e.g., change "threshold >= 80%" to "threshold >= 90%") so the target
description matches the MIN_COVERAGE value.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/dependabot_auto.yml:
- Around line 4-5: The workflow currently triggers on pull_request types
["opened","synchronize"] and misses the "reopened" event; update the
pull_request types array in the Dependabot workflow (pull_request: types) to
include "reopened" so Dependabot PRs that are closed and later reopened will be
picked up for auto-approval/auto-merge.
- Around line 29-32: The step "Enable auto-merge for Dependabot PRs" currently
silences failures via continue-on-error: true; change this so auto-merge errors
are surfaced: remove continue-on-error and instead capture the gh pr merge exit
status/output (the command run: gh pr merge --auto --squash "$PR_URL") and on
non-zero exit either fail the job or write a clear error message to the workflow
logs (e.g., echo the gh output and exit 1) so merge-setup failures
(protection/review constraints) are not ignored.

In `@tests/unit/handlers/test_handler_api.py`:
- Around line 39-44: The test function
test_load_api_definition_empty_file_raises should use the pytest-mock fixture
instead of unittest.mock.patch: change the test signature to accept the mocker
fixture and replace patch("builtins.open", mock_open(read_data="")) with
mocker.patch("builtins.open", mock_open(read_data="")); keep the rest of the
test (HandlerApi instantiation and pytest.raises check) unchanged so the test
still asserts RuntimeError with message "API specification initialization
failed".

In `@tests/unit/handlers/test_handler_token.py`:
- Around line 107-108: Tests use unittest.mock.patch directly; update them to
use pytest-mock's mocker fixture for consistency: replace calls like patch(...)
and patch.object(...) with mocker.patch(...) and mocker.patch.object(...).
Specifically modify uses around token_handler.with_public_keys_queried and the
other occurrences called out (lines referencing
token_handler._refresh_keys_if_needed, with_public_keys_queried, and similar
mocks at the indicated ranges) so they call mocker.patch / mocker.patch.object
and return the same mocked object/behavior; ensure the mocker fixture is
accepted by the test functions (add a mocker parameter if missing).

In `@tests/unit/writers/test_writer_postgres.py`:
- Around line 388-398: In test_check_health_load_config_exception replace
monkeypatch.setattr with pytest-mock's mocker.patch.object: add the mocker
fixture to the test signature, call mocker.patch.object(writer,
"_load_db_config", side_effect=ValueError("secret fetch failed")) to simulate
the exception, and then call writer.check_health() as before; reference
WriterPostgres._load_db_config and writer.check_health when making the change.

---

Outside diff comments:
In `@Makefile`:
- Around line 6-18: The pytest-unit target's inline help text is stale (mentions
"threshold >= 80%") while MIN_COVERAGE is set to 90; update the comment for the
pytest-unit Makefile target to reflect the current threshold (e.g., change
"threshold >= 80%" to "threshold >= 90%") so the target description matches the
MIN_COVERAGE value.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0c2edbaf-6334-4178-926f-58cfcf387af5

📥 Commits

Reviewing files that changed from the base of the PR and between fa59236 and 7a5f4ff.

📒 Files selected for processing (8)

• .github/dependabot.yml
• .github/workflows/dependabot_auto.yml
• DEVELOPER.md
• Makefile
• tests/unit/handlers/test_handler_api.py
• tests/unit/handlers/test_handler_token.py
• tests/unit/utils/test_trace_logging.py
• tests/unit/writers/test_writer_postgres.py

[coderabbitai]

🧹 Nitpick comments (2)

tests/unit/writers/test_writer_postgres.py (1)

384-384: Use expected-first boolean assertions for consistency.

Line 384 and Line 396 use assert healthy / assert not healthy; this diverges from the test assertion convention used in this repo.

Suggested change

-    assert healthy
+    assert True == healthy
@@
-    assert not healthy
+    assert False == healthy

As per coding guidelines, tests/**/*.py should use the assert pattern: assert expected == actual.

Also applies to: 396-396

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/unit/writers/test_writer_postgres.py` at line 384, The test uses bare
boolean assertions; change the two occurrences of "assert healthy" and "assert
not healthy" in tests/unit/writers/test_writer_postgres.py to the repo's
expected-first style by asserting the expected literal against the variable
(e.g., assert True == healthy and assert False == healthy) so the assertion
reads expected == actual and matches project test conventions.

tests/unit/conftest.py (1)

112-115: Prefer mocker.patch here to match unit-test mocking conventions.

Line 112 currently patches via unittest.mock.patch (through start_patch). In tests/unit/**, this should use mocker.patch(...) for consistency with the project’s unit-test pattern.

Suggested change

-@pytest.fixture(scope="module")
-def event_gate_module():
+@pytest.fixture(scope="module")
+def event_gate_module(mocker):
@@
-    mock_kafka_producer = start_patch("src.writers.writer_kafka.Producer")
-    mock_producer_instance = MagicMock()
-    mock_producer_instance.flush.return_value = 0  # 0 pending → flush loop breaks immediately
-    mock_kafka_producer.return_value = mock_producer_instance
+    mock_kafka_producer = mocker.patch("src.writers.writer_kafka.Producer")
+    mock_producer_instance = mock_kafka_producer.return_value
+    mock_producer_instance.flush.return_value = 0  # 0 pending → flush loop breaks immediately

As per coding guidelines: tests/unit/**/*.py: Use mocker.patch("module.dependency") or mocker.patch.object(Class, "method") for mocking.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/unit/conftest.py` around lines 112 - 115, Replace the use of
start_patch("src.writers.writer_kafka.Producer") with the pytest mocker API:
call mocker.patch("src.writers.writer_kafka.Producer") to create
mock_kafka_producer, keep mock_producer_instance = MagicMock() and its
flush.return_value = 0, and set mock_kafka_producer.return_value =
mock_producer_instance so the Producer instantiation in tests returns the
MagicMock; this aligns with the project convention of using mocker.patch rather
than start_patch.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@tests/unit/conftest.py`:
- Around line 112-115: Replace the use of
start_patch("src.writers.writer_kafka.Producer") with the pytest mocker API:
call mocker.patch("src.writers.writer_kafka.Producer") to create
mock_kafka_producer, keep mock_producer_instance = MagicMock() and its
flush.return_value = 0, and set mock_kafka_producer.return_value =
mock_producer_instance so the Producer instantiation in tests returns the
MagicMock; this aligns with the project convention of using mocker.patch rather
than start_patch.

In `@tests/unit/writers/test_writer_postgres.py`:
- Line 384: The test uses bare boolean assertions; change the two occurrences of
"assert healthy" and "assert not healthy" in
tests/unit/writers/test_writer_postgres.py to the repo's expected-first style by
asserting the expected literal against the variable (e.g., assert True ==
healthy and assert False == healthy) so the assertion reads expected == actual
and matches project test conventions.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b5963362-d8c2-4959-aaf7-8f6aab31b420

📥 Commits

Reviewing files that changed from the base of the PR and between 7a5f4ff and b6965b4.

📒 Files selected for processing (4)

• tests/unit/conftest.py
• tests/unit/handlers/test_handler_api.py
• tests/unit/handlers/test_handler_token.py
• tests/unit/writers/test_writer_postgres.py

🚧 Files skipped from review as they are similar to previous changes (2)

• tests/unit/handlers/test_handler_api.py
• tests/unit/handlers/test_handler_token.py