feat: opt-in Docker-based Gitea integration test suite (#66)

Adds tests/integration/: an optional real-Gitea suite, skipped by default,
enabled only by GITEA_INTEGRATION=1.

- docker-compose.yml pins gitea/gitea:1.22.6 (disposable container, port 3003)
- gitea-integration helper: up (wait-ready) / token (test-only admin, token to
  stdout only) / down (removes container + volume)
- conftest.py: session fixtures; unique disposable seed repo (inttest-<hex>)
  created via API and deleted on teardown
- test_gitea_live.py (6 tests, via shared api_request/api_get_all client):
  issue pagination multi-page walk + overall limit, PR listing, targeted label
  add/remove leaves other labels intact, bad-token 401 fails closed without
  echoing the credential, real 404 payload surfaces as safe redacted error
- README + developer-testing-guidelines section 8 updated (planned -> real)

Default pytest tests/ -q: 355 passed, 6 skipped (unit suite unchanged, no
network). Live verification: 6 passed against the pinned container. No
production credentials; token never logged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-07-02 16:11:48 -04:00
parent 02c0c2023b
commit 22347bd549
7 changed files with 327 additions and 8 deletions
+9 -8
View File
@@ -208,17 +208,18 @@ git diff --cached | grep -nEi "authorization: (basic|bearer)|password|token=[A-Z
---
## 8. Unit tests vs. future Docker integration tests
## 8. Unit tests vs. Docker integration tests
* **Unit tests (today, default):** fast, fully mocked, no network, no keychain.
* **Unit tests (default):** fast, fully mocked, no network, no keychain.
This is where the vast majority of coverage lives and where new tests should
go. They must stay fast and must not require credentials.
* **Docker/local-Gitea integration tests (planned, see #66):** opt-in and
skipped by default, gated behind an explicit environment variable and run
against a pinned, disposable Gitea container. They validate real API behavior
(pagination, permissions, label/PR-review endpoints, error payloads) that
mocks cannot prove. They must not require production credentials and must not
leak tokens.
* **Docker/local-Gitea integration tests (#66, `tests/integration/`):** opt-in
and skipped by default — enabled only by `GITEA_INTEGRATION=1` and run
against a pinned, disposable Gitea container
(`tests/integration/gitea-integration up|token|down`). They validate real
API behavior (pagination, permissions, label endpoints, error payloads) that
mocks cannot prove. They must not use production credentials and must not
leak tokens. See [`../tests/integration/README.md`](../tests/integration/README.md).
Rule of thumb: prove **logic and request-shaping** with unit tests; reserve
integration tests for **real-server compatibility**. Do not convert unit tests