test: use separate database for testing #227
Conversation
danielwpz
had a problem deploying
to
Cloud API test env
GitHub Actions
Failure
danielwpz
had a problem deploying
to
Cloud API test env
GitHub Actions
Failure
danielwpz
had a problem deploying
to
Cloud API test env
GitHub Actions
Failure
danielwpz
had a problem deploying
to
Cloud API test env
GitHub Actions
Failure
danielwpz
temporarily deployed
to
Cloud API test env
GitHub Actions
Inactive
There was a problem hiding this comment.
Pull request overview
This PR introduces a separate test database configuration to isolate test execution from the development database, preventing data corruption and ensuring test independence.
Key Changes:
- Implemented database reset logic that creates a fresh test database before each test run
- Refactored test setup to use the new test database configuration
- Updated CI workflow to run all tests in a single command rather than looping through individual test files
Reviewed changes
Copilot reviewed 12 out of 13 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| env.example | Adds DATABASE_TEST_NAME environment variable for configuring the test database name |
| crates/api/tests/common/db_setup.rs | New module implementing test database reset logic with safety checks |
| crates/api/tests/common/mod.rs | Updates test setup to use the test database and returns database instance from setup_test_server_with_pool |
| crates/api/tests/e2e_repositories.rs | Refactors to use centralized test pool setup instead of custom database configuration |
| crates/api/tests/e2e_vpc_login.rs | Adds create_org calls to satisfy VPC login requirements |
| crates/api/tests/e2e_signature_verification.rs | Adds setup_qwen_model call to ensure model exists for tests |
| crates/api/tests/e2e_response_signature_verification.rs | Adds setup_qwen_model call to ensure model exists for tests |
| crates/api/tests/e2e_org_system_prompt.rs | Adds setup_qwen_model call alongside existing setup_glm_model |
| crates/api/tests/e2e_files.rs | Updates test setup calls and adds setup_qwen_model for tests using the model |
| crates/api/tests/e2e_conversations.rs | Adds setup_qwen_model calls to tests that use the Qwen model |
| crates/api/Cargo.toml | Adds tokio-postgres dependency for database administration operations |
| Cargo.lock | Records the tokio-postgres dependency addition |
| .github/workflows/test.yml | Simplifies test execution to use cargo test -p api --tests and adds DATABASE_TEST_NAME environment variable |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| let _ = client | ||
| .execute( | ||
| &format!( | ||
| "SELECT pg_terminate_backend(pid) FROM pg_stat_activity | ||
| WHERE datname = '{test_db_name}' AND pid <> pg_backend_pid()" | ||
| ), | ||
| &[], | ||
| ) | ||
| .await; | ||
|
|
||
| // Drop database if exists | ||
| let drop_result = client | ||
| .execute(&format!("DROP DATABASE IF EXISTS {test_db_name}"), &[]) | ||
| .await; | ||
|
|
||
| if let Err(e) = drop_result { | ||
| warn!("Failed to drop test database (may not exist): {}", e); | ||
| } | ||
|
|
||
| // Create fresh database | ||
| client | ||
| .execute(&format!("CREATE DATABASE {test_db_name}"), &[]) | ||
| .await | ||
| .map_err(|e| format!("Failed to create test database: {e}"))?; |
There was a problem hiding this comment.
SQL injection vulnerability: The database name test_db_name is directly interpolated into SQL queries without proper sanitization or quoting. While there's a safety check that the name contains "test", a malicious database name like test'; DROP TABLE users; -- could bypass this check and execute arbitrary SQL.
Use parameterized queries or properly quote/escape the database name. PostgreSQL identifiers should be wrapped in double quotes and escaped. Consider using the format!() macro with proper identifier escaping or a library function to safely handle database identifiers.
crates/api/tests/common/db_setup.rs
Outdated
|
|
||
| /// Get test database name from environment or default | ||
| pub fn get_test_db_name() -> String { | ||
| env::var("DATABASE_TEST_NAME").unwrap_or_else(|_| "platform_api_test".to_string()) |
There was a problem hiding this comment.
Is the environment variable needed? I think it's fine to use a fixed test database name for testing.
We may rename the default test database name to cloud_api_test as the project has been renamed.
| let server = setup_test_server().await; | ||
|
|
||
| // VPC login requires user to have an organization, create one for the mock user | ||
| create_org(&server).await; |
There was a problem hiding this comment.
Is this necessary? A default org will be created for the VPC login user I think.
There was a problem hiding this comment.
When this setup call is removed, the endpoint returns a 500 error with the message "No organization found" and the API logs show: "User has no organizations". Without calling create_org(), the test will fail
immediately.
There was a problem hiding this comment.
is this unexpected? then probably there is a bug in either the test or the biz logic?
There was a problem hiding this comment.
I think this is to be expected. We create a completely new DB. We have to create an organization for the user otherwise it is expected to fail the validation checks.
| #[tokio::test] | ||
| async fn test_responses_api() { | ||
| let server = setup_test_server().await; | ||
| setup_qwen_model(&server).await; |
There was a problem hiding this comment.
Why add setup_qwen_model() for the tests?
There was a problem hiding this comment.
The test calls /v1/models API and asserts that at least one model is available (assert!(!models.data.is_empty())). Without setup_qwen_model(), no models are registered in the database, causing the endpoint to return an empty list and the test to fail immediately.
think-in-universe
had a problem deploying
to
Cloud API test env
GitHub Actions
Failure
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This is the final PR Bugbot will review for you during this billing cycle
Your free Bugbot reviews will reset on January 9
Details
Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
|
|
||
| // Create fresh database | ||
| client | ||
| .execute(&format!("CREATE DATABASE {test_db_name}"), &[]) |
There was a problem hiding this comment.
Bug: SQL injection vulnerability via unsanitized database name
The test_db_name value from the DATABASE_TEST_NAME environment variable is directly interpolated into SQL statements (DROP DATABASE IF EXISTS {test_db_name} and CREATE DATABASE {test_db_name}) without proper identifier quoting. The safety check test_db_name.contains("test") can be bypassed by crafting a malicious value like test"; DROP DATABASE production; --. Database identifiers in PostgreSQL need to be quoted with double quotes to prevent injection when used in DDL statements.
Additional Locations (1)
think-in-universe
temporarily deployed
to
Cloud API test env
GitHub Actions
Inactive
think-in-universe
had a problem deploying
to
Cloud API test env
GitHub Actions
Failure
think-in-universe
temporarily deployed
to
Cloud API test env
GitHub Actions
Inactive
think-in-universe
changed the title
|
@henrypark133 @PierreLeGuen please help review the PR |
| let server = setup_test_server().await; | ||
|
|
||
| // VPC login requires user to have an organization, create one for the mock user | ||
| create_org(&server).await; |
There was a problem hiding this comment.
I think this is to be expected. We create a completely new DB. We have to create an organization for the user otherwise it is expected to fail the validation checks.
henrypark133
temporarily deployed
to
Cloud API test env
GitHub Actions
Inactive
There was a problem hiding this comment.
Bug: Missing model setup causes test to fail
The test test_conversation_items_include_model uses the model Qwen/Qwen3-30B-A3B-Instruct-2507 but does not call setup_qwen_model(&server).await; after setting up the test server. With the new separate test database, no models are pre-populated, so this test will fail because the model doesn't exist. Other similar tests in this file were updated to add the setup_qwen_model call, but this one was missed.
crates/api/tests/e2e_conversations.rs#L2616-L2618
cloud-api/crates/api/tests/e2e_conversations.rs
Lines 2616 to 2618 in c3ee363
|
@claude review |
Note
Use a separate test database with automatic reset for API integration tests, update CI to run them uniformly, and adjust tests/utilities accordingly.
tests/common/db_setup.rsto manage a dedicated test DB (TEST_DATABASE_NAME, defaultplatform_api_test) with safe reset viatokio-postgresand OnceCell to run once per suite.tests/common/mod.rsto use test DB name, perform one-time reset and migrations, and returnDatabasefromsetup_test_server_with_pool.setup_qwen_model(&server)initialization to various tests; minor adjustments (e.g., VPC login creates org; tuple returns now includeDatabase).cargo test -p api --testsand setTEST_DATABASE_NAMEin workflow.tokio-postgrestodev-dependencies(and lockfile) for test DB management.Written by Cursor Bugbot for commit c3ee363. This will update automatically on new commits. Configure here.