rodin/review-bot
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

feat: improve test coverage for cmd/review-bot #37

Merged
rodin merged 3 commits from feat/32-test-coverage into main 2026-05-02 18:21:17 +00:00
Conversation 4 Commits 3 Files Changed 4
+662
rodin commented 2026-05-02 18:14:15 +00:00
Owner
Copy Link
Copy Source

Summary

Increases test coverage for cmd/review-bot from 16.7% to 42.3%, exceeding the 40% target.

Partially addresses #32

Changes

  • Unit tests for pure functions:

    • isPatternFile — extension matching logic
    • evaluateCIStatus — CI status evaluation (all pass, failures, empty, mixed, pending)
    • envOrDefault / envOrDefaultFloat / envOrDefaultInt / envOrDefaultBool — env var parsing
    • extractSentinelName — edge cases

  • Subprocess tests for main() error paths:

    • --version flag
    • Missing required flags
    • Invalid reviewer name
    • Invalid repo format
    • Invalid PR number
    • Invalid LLM temperature
    • Invalid LLM provider

  • Integration test scaffold (cmd/review-bot/integration_test.go):

    • Build tag: //go:build integration
    • Skips if env vars not set
    • Full review flow test
    • Post-and-cleanup test

  • Makefile with build/test/lint/coverage targets

  • Added coverage.out to .gitignore

Coverage

Package Before After
cmd/review-bot 16.7% 42.3%

Verification

$ go test ./... -count=1
ok  gitea.weiker.me/rodin/review-bot/budget
ok  gitea.weiker.me/rodin/review-bot/cmd/review-bot
ok  gitea.weiker.me/rodin/review-bot/gitea
ok  gitea.weiker.me/rodin/review-bot/llm
ok  gitea.weiker.me/rodin/review-bot/review

$ go vet ./...
(clean)
## Summary Increases test coverage for `cmd/review-bot` from 16.7% to 42.3%, exceeding the 40% target. Partially addresses #32 ## Changes - **Unit tests** for pure functions: - `isPatternFile` — extension matching logic - `evaluateCIStatus` — CI status evaluation (all pass, failures, empty, mixed, pending) - `envOrDefault` / `envOrDefaultFloat` / `envOrDefaultInt` / `envOrDefaultBool` — env var parsing - `extractSentinelName` — edge cases - **Subprocess tests** for `main()` error paths: - `--version` flag - Missing required flags - Invalid reviewer name - Invalid repo format - Invalid PR number - Invalid LLM temperature - Invalid LLM provider - **Integration test scaffold** (`cmd/review-bot/integration_test.go`): - Build tag: `//go:build integration` - Skips if env vars not set - Full review flow test - Post-and-cleanup test - **Makefile** with build/test/lint/coverage targets - Added `coverage.out` to `.gitignore` ## Coverage | Package | Before | After | |---------|--------|-------| | cmd/review-bot | 16.7% | 42.3% | ## Verification ``` $ go test ./... -count=1 ok gitea.weiker.me/rodin/review-bot/budget ok gitea.weiker.me/rodin/review-bot/cmd/review-bot ok gitea.weiker.me/rodin/review-bot/gitea ok gitea.weiker.me/rodin/review-bot/llm ok gitea.weiker.me/rodin/review-bot/review $ go vet ./... (clean) ```
rodin added 1 commit 2026-05-02 18:14:16 +00:00
feat: improve test coverage for cmd/review-bot
CI / test (pull_request) Successful in 14s
Details
CI / review (gpt-4.1, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 22s
Details
CI / review (gpt-5, security, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 39s
Details
CI / review (gpt-5, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 1m6s
Details
bb596db3c1 
Partially addresses #32

- Tests for setupLogger, isPatternFile, evaluateCIStatus, envOrDefault*, validateReviewerName
- Subprocess tests for main() error paths (version, missing flags, invalid inputs)
- Integration test scaffold (build tag: integration)
- Makefile with build/test/lint/coverage targets
- Coverage: 16.7% → 42.3% for cmd/review-bot
rodin added 1 commit 2026-05-02 18:17:06 +00:00
fix: add coverage to .PHONY in Makefile (NIT)
CI / test (pull_request) Successful in 13s
Details
CI / review (gpt-4.1, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 22s
Details
CI / review (gpt-5, security, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 33s
Details
CI / review (gpt-5, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 1m3s
Details
504f616e99
security-review-bot approved these changes 2026-05-02 18:17:54 +00:00
security-review-bot left a comment
Collaborator
Copy Link
Copy Source

Security Review

Summary

This PR adds unit and integration tests plus simple tooling (Makefile, .gitignore) without modifying production code. The changes do not introduce security-relevant behavior; integration tests are gated behind a build tag and do not log secrets.

Recommendation

APPROVE — Approve the changes. The added tests and tooling are safe from a security perspective and CI has passed. Integration tests are opt-in via build tags and avoid exposing sensitive environment variables or credentials in logs.

Review by security

# Security Review ## Summary This PR adds unit and integration tests plus simple tooling (Makefile, .gitignore) without modifying production code. The changes do not introduce security-relevant behavior; integration tests are gated behind a build tag and do not log secrets. ## Recommendation **APPROVE** — Approve the changes. The added tests and tooling are safe from a security perspective and CI has passed. Integration tests are opt-in via build tags and avoid exposing sensitive environment variables or credentials in logs. --- *Review by security* <!-- review-bot:security -->
rodin added 1 commit 2026-05-02 18:19:05 +00:00
chore: retrigger reviews
CI / test (pull_request) Successful in 14s
Details
CI / review (gpt-4.1, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 22s
Details
CI / review (gpt-5, security, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m20s
Details
CI / review (gpt-5, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 1m24s
Details
3a3c60a3c6
gpt-review-bot approved these changes 2026-05-02 18:19:42 +00:00
gpt-review-bot left a comment
First-time contributor
Copy Link
Copy Source

Gpt Review

Summary

This PR substantially increases test coverage using idiomatic, thorough, and maintainable test code for cmd/review-bot. No issues found.

Recommendation

APPROVE — The changes meet repository conventions, follow Go testing idioms, and improve project health by raising test coverage above the stated goal. All new tests are well structured, isolated, and cover normal and edge cases; subprocess/integration patterns are idiomatic. CI passes and no code quality issues are present. This PR is ready to merge.

Review by gpt

# Gpt Review ## Summary This PR substantially increases test coverage using idiomatic, thorough, and maintainable test code for cmd/review-bot. No issues found. ## Recommendation **APPROVE** — The changes meet repository conventions, follow Go testing idioms, and improve project health by raising test coverage above the stated goal. All new tests are well structured, isolated, and cover normal and edge cases; subprocess/integration patterns are idiomatic. CI passes and no code quality issues are present. This PR is ready to merge. --- *Review by gpt* <!-- review-bot:gpt -->
security-review-bot approved these changes 2026-05-02 18:20:40 +00:00
security-review-bot left a comment
Collaborator
Copy Link
Copy Source

Security Review

Summary

The changes add unit and integration tests, a Makefile, and a minor .gitignore update. No production code paths were modified, and CI has passed. The additions are generally safe; only low-risk information exposure considerations exist in integration test logs.

Findings

# Severity File Line Finding
1 [MINOR] cmd/review-bot/integration_test.go 103 Integration test logs the full formatted review body (which may include PR content and LLM output). If run in shared environments with verbose logs or on failure, this could expose potentially sensitive repository content in logs. Consider truncating or omitting the full body in logs.
2 [MINOR] cmd/review-bot/integration_test.go 133 Integration test posts a real review to the configured Gitea instance. While it attempts cleanup, running against a production repo or with high-privilege tokens could cause unintended side effects. Ensure tests use a dedicated test repo and least-privilege tokens, or add explicit safeguards (e.g., environment variable checks or repo whitelisting).

Recommendation

APPROVE — The PR primarily adds tests and build tooling with no changes to production logic. Security impact is minimal. To harden further, consider truncating or redacting the review body in integration test logs and ensure integration tests are constrained to non-production environments with least-privilege tokens. With CI passing and no exploitable vulnerabilities introduced, this change can be merged.

Review by security

# Security Review ## Summary The changes add unit and integration tests, a Makefile, and a minor .gitignore update. No production code paths were modified, and CI has passed. The additions are generally safe; only low-risk information exposure considerations exist in integration test logs. ## Findings | # | Severity | File | Line | Finding | |---|----------|------|------|--------| | 1 | [MINOR] | `cmd/review-bot/integration_test.go` | 103 | Integration test logs the full formatted review body (which may include PR content and LLM output). If run in shared environments with verbose logs or on failure, this could expose potentially sensitive repository content in logs. Consider truncating or omitting the full body in logs. | | 2 | [MINOR] | `cmd/review-bot/integration_test.go` | 133 | Integration test posts a real review to the configured Gitea instance. While it attempts cleanup, running against a production repo or with high-privilege tokens could cause unintended side effects. Ensure tests use a dedicated test repo and least-privilege tokens, or add explicit safeguards (e.g., environment variable checks or repo whitelisting). | ## Recommendation **APPROVE** — The PR primarily adds tests and build tooling with no changes to production logic. Security impact is minimal. To harden further, consider truncating or redacting the review body in integration test logs and ensure integration tests are constrained to non-production environments with least-privilege tokens. With CI passing and no exploitable vulnerabilities introduced, this change can be merged. --- *Review by security* <!-- review-bot:security -->
cmd/review-bot/integration_test.go
@@ -0,0 +100,4 @@
if body == "" {
t.Fatal("formatted review body is empty")
}
t.Logf("Review body:\n%s", body)
security-review-bot commented 2026-05-02 18:20:40 +00:00
Collaborator
Copy Link
Copy Source

[MINOR] Integration test logs the full formatted review body (which may include PR content and LLM output). If run in shared environments with verbose logs or on failure, this could expose potentially sensitive repository content in logs. Consider truncating or omitting the full body in logs.

**[MINOR]** Integration test logs the full formatted review body (which may include PR content and LLM output). If run in shared environments with verbose logs or on failure, this could expose potentially sensitive repository content in logs. Consider truncating or omitting the full body in logs.
cmd/review-bot/integration_test.go
@@ -0,0 +130,4 @@
// Post a test review
sentinel := "<!-- review-bot:integration-test -->"
testBody := "# Integration Test Review\n\nThis is a test review.\n\n" + sentinel
posted, err := giteaClient.PostReview(ctx, owner, repoName, prNumber, "COMMENT", testBody, nil)
security-review-bot commented 2026-05-02 18:20:40 +00:00
Collaborator
Copy Link
Copy Source

[MINOR] Integration test posts a real review to the configured Gitea instance. While it attempts cleanup, running against a production repo or with high-privilege tokens could cause unintended side effects. Ensure tests use a dedicated test repo and least-privilege tokens, or add explicit safeguards (e.g., environment variable checks or repo whitelisting).

**[MINOR]** Integration test posts a real review to the configured Gitea instance. While it attempts cleanup, running against a production repo or with high-privilege tokens could cause unintended side effects. Ensure tests use a dedicated test repo and least-privilege tokens, or add explicit safeguards (e.g., environment variable checks or repo whitelisting).
sonnet-review-bot approved these changes 2026-05-02 18:20:45 +00:00
sonnet-review-bot left a comment
First-time contributor
Copy Link
Copy Source

Sonnet Review

Summary

Solid test additions significantly improve coverage with clear separation between unit and integration tests. CI is passing and the changes adhere to repository conventions and Go testing idioms.

Findings

# Severity File Line Finding
1 [MINOR] cmd/review-bot/integration_test.go 56 Integration tests use context.Background() for network calls; consider context.WithTimeout to avoid potential indefinite hangs against external services.
2 [MINOR] cmd/review-bot/integration_test.go 127 Integration tests use context.Background() without a timeout when posting and listing reviews; using context.WithTimeout would make tests more robust to slow or unresponsive endpoints.
3 [NIT] cmd/review-bot/main_test.go 391 Subtest name derives from the file path (t.Run(tc.path)) and one case is an empty string; using a descriptive, non-empty subtest name would improve readability and avoid odd test names.

Recommendation

APPROVE — The additions are well-structured and comprehensive, covering pure functions, subprocess error paths, and providing an opt-in integration suite via build tags. Tests follow table-driven patterns and avoid external dependencies in unit tests, aligning with repository conventions. To further improve robustness, add timeouts to the integration test contexts and ensure subtest names are always non-empty for clarity. Otherwise, the PR is ready to merge.

Review by sonnet

# Sonnet Review ## Summary Solid test additions significantly improve coverage with clear separation between unit and integration tests. CI is passing and the changes adhere to repository conventions and Go testing idioms. ## Findings | # | Severity | File | Line | Finding | |---|----------|------|------|--------| | 1 | [MINOR] | `cmd/review-bot/integration_test.go` | 56 | Integration tests use context.Background() for network calls; consider context.WithTimeout to avoid potential indefinite hangs against external services. | | 2 | [MINOR] | `cmd/review-bot/integration_test.go` | 127 | Integration tests use context.Background() without a timeout when posting and listing reviews; using context.WithTimeout would make tests more robust to slow or unresponsive endpoints. | | 3 | [NIT] | `cmd/review-bot/main_test.go` | 391 | Subtest name derives from the file path (t.Run(tc.path)) and one case is an empty string; using a descriptive, non-empty subtest name would improve readability and avoid odd test names. | ## Recommendation **APPROVE** — The additions are well-structured and comprehensive, covering pure functions, subprocess error paths, and providing an opt-in integration suite via build tags. Tests follow table-driven patterns and avoid external dependencies in unit tests, aligning with repository conventions. To further improve robustness, add timeouts to the integration test contexts and ensure subtest names are always non-empty for clarity. Otherwise, the PR is ready to merge. --- *Review by sonnet* <!-- review-bot:sonnet -->
cmd/review-bot/integration_test.go
@@ -0,0 +53,4 @@
t.Fatalf("Invalid repo format %q", giteaRepo)
}
ctx := context.Background()
sonnet-review-bot commented 2026-05-02 18:20:45 +00:00
First-time contributor
Copy Link
Copy Source

[MINOR] Integration tests use context.Background() for network calls; consider context.WithTimeout to avoid potential indefinite hangs against external services.

**[MINOR]** Integration tests use context.Background() for network calls; consider context.WithTimeout to avoid potential indefinite hangs against external services.
cmd/review-bot/integration_test.go
@@ -0,0 +124,4 @@
}
owner, repoName := parts[0], parts[1]
ctx := context.Background()
sonnet-review-bot commented 2026-05-02 18:20:45 +00:00
First-time contributor
Copy Link
Copy Source

[MINOR] Integration tests use context.Background() without a timeout when posting and listing reviews; using context.WithTimeout would make tests more robust to slow or unresponsive endpoints.

**[MINOR]** Integration tests use context.Background() without a timeout when posting and listing reviews; using context.WithTimeout would make tests more robust to slow or unresponsive endpoints.
cmd/review-bot/main_test.go
@@ -368,0 +388,4 @@
{"doc.pdf", false},
{"patterns.Yml", true},
{"deep/path/file.yaml", true},
}
sonnet-review-bot commented 2026-05-02 18:20:45 +00:00
First-time contributor
Copy Link
Copy Source

[NIT] Subtest name derives from the file path (t.Run(tc.path)) and one case is an empty string; using a descriptive, non-empty subtest name would improve readability and avoid odd test names.

**[NIT]** Subtest name derives from the file path (t.Run(tc.path)) and one case is an empty string; using a descriptive, non-empty subtest name would improve readability and avoid odd test names.
rodin merged commit dc450f7771 into main 2026-05-02 18:21:17 +00:00
rodin deleted branch feat/32-test-coverage 2026-05-02 18:21:17 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
gpt-review-bot
security-review-bot
sonnet-review-bot
Labels
Clear labels
ai-review
bug
needs-review
ready
Ready for human review
 self-reviewed
Self-review passed since last push
 wip
Work in progress - do not start new work on this PR
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
security-review-bot rodin (Rodin)
No Assignees
4 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: rodin/review-bot#37
Delete Branch "feat/32-test-coverage"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?