test: fail closed when DIFFBOT_TOKEN is missing#18
Open
brendancsmith wants to merge 1 commit into
Open
Conversation
The functional tests call the live Diffbot API. Previously, a missing DIFFBOT_TOKEN produced a confusing live 401 Unauthorized deep in the request stack, and it was easy to mistake an unconfigured environment for a passing run. Make the `token` fixture fail fast with a clear, actionable message when the token is absent, so a misconfigured local or CI environment is obvious and functional tests never silently pass without exercising the API. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01AGzjoh1Ketrd8x1AZJ4gfc
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 0 |
| Duplication | 0 |
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
There was a problem hiding this comment.
Pull request overview
This PR improves developer experience and CI clarity by making the functional test suite fail immediately (and clearly) when DIFFBOT_TOKEN is missing, instead of allowing tests to reach the live Diffbot API and fail later with an opaque 401 Unauthorized.
Changes:
- Update the
tokensession fixture to explicitly checkDIFFBOT_TOKENandpytest.fail(..., pytrace=False)when unset/empty. - Provide an actionable failure message describing local
.envsetup and CI secret options (including Dependabot secrets).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The functional tests (
tests/functional/) call the live Diffbot API and require a validDIFFBOT_TOKEN. Previously, when the token was missing, the tests fell through to a real HTTP request and failed with a cryptic401 Unauthorizeddeep in the aiohttp/tenacity stack. Worse, it was easy to mistake an unconfigured environment for a legitimate run.This makes the
tokenfixture fail closed: ifDIFFBOT_TOKENis unset, the functional tests fail immediately with a clear, actionable message instead of a confusing 401 — and they can never silently pass without actually exercising the API.Change
tests/functional/conftest.py— the session-scopedtokenfixture now checks for an empty/unset token and callspytest.fail(..., pytrace=False)with guidance on how to provide the token (local.env, an Actions secret for normal runs, or a Dependabot secret for Dependabot PRs).Why
This surfaced while diagnosing the failing checks on #17 (a Dependabot PR). Dependabot runs don't receive Actions/environment secrets, so
DIFFBOT_TOKENwas empty and the functional tests failed with an opaque 401. The proper fix for #17 itself is to addDIFFBOT_TOKENas a Dependabot secret so the functional tests run for real against the upgraded dependencies; this PR is the complementary DX improvement so any future missing-token situation fails loudly and legibly rather than mysteriously.Behavior
Running the suite without a token now yields (unit tests still pass):
Test plan
ruff checkandruff format --checkpass on the changed filepytestwith no token → functional tests error loudly with the new message; unit tests passpytestwith a validDIFFBOT_TOKEN→ full suite passes (unchanged behavior; requires a token to verify in CI)🤖 Generated with Claude Code
Generated by Claude Code