Skip to content

CI/CD Guide for Golden Age Hub

Overview

This guide explains the CI/CD pipeline setup for the Golden Age Hub healthcare platform, focusing on isolated PostgreSQL testing for HIPAA compliance and security.

Architecture

Primary CI/CD Pipeline: test-isolated.yml

Purpose: Isolated PostgreSQL testing with HIPAA compliance measures Triggers: Push to main/dev, pull requests, manual dispatch Environment: GitHub Actions with PostgreSQL service containers

Legacy Pipeline: ci.yml

Purpose: Existing comprehensive testing with shared database Status: Maintained for backward compatibility Future: Will be phased out after isolated testing validation

Pipeline Jobs

1. Isolated Database Tests

Features: - PostgreSQL 15 service container - Unique database per test session - Automatic database cleanup - HIPAA compliance validation - Coverage reporting (minimum 80%)

Environment Variables:

TEST_BASE_URL: postgresql+asyncpg://test_user:test_password@localhost:5432/
DATABASE_URL: postgresql+asyncpg://test_user:test_password@localhost:5432/postgres

2. Security & Compliance

Features: - Safety vulnerability scanning - Bandit security linting - HIPAA compliance validation - Secret detection - Patient data pattern checking

Compliance Checks: - No real patient data in code - No hardcoded credentials - Security vulnerability assessment - Audit trail generation

3. Performance Benchmarks

Features: - Database performance testing - Load testing simulation - Benchmark result collection - Performance regression detection

Trigger: Only on main branch pushes

Local Development Setup

Prerequisites

  1. Docker Compose (for local development)
  2. Python 3.10+
  3. uv dependency manager

Running Tests Locally

# Start services
docker-compose up -d postgres

# Run tests with isolated databases
cd backend
uv run pytest tests/ -v

# Stop services
docker-compose down

Option 2: Local PostgreSQL

# Set up local PostgreSQL
export TEST_BASE_URL="postgresql+asyncpg://user:pass@localhost:5432/"

# Run tests
cd backend
uv run pytest tests/ -v

Option 3: Skip Database Tests

# If PostgreSQL unavailable, tests will skip automatically
cd backend
uv run pytest tests/ -v
# Database tests will be SKIPPED

Test Database Strategy

Isolation Approach

Each test session creates a unique database:

test_goldenage_a1b2c3d4  # Test session 1
test_goldenage_b2c3d4e5  # Test session 2
test_goldenage_c3d4e5f6  # Test session 3

Lifecycle Management

  1. Creation: Unique database name generated per test session
  2. Setup: Schema creation and sample data insertion
  3. Testing: Tests run with isolated database
  4. Cleanup: Database automatically dropped after tests

Benefits

  • No Test Interference: Tests can't affect each other
  • Parallel Execution: Multiple test sessions can run simultaneously
  • HIPAA Compliance: No persistent test data
  • Reliability: Fresh database for each test run

HIPAA Compliance Measures

Data Protection

  • Synthetic Data Only: No real patient information in tests
  • Automatic Cleanup: Test databases destroyed after use
  • Audit Logging: All CI/CD runs logged and tracked

Security Validation

# Automated checks in CI/CD
- Patient data pattern detection
- Hardcoded credential scanning
- Vulnerability assessment
- Secret detection

Environment Isolation

  • Service Containers: Isolated PostgreSQL per test run
  • No Data Persistence: Test data never saved permanently
  • Secure Credentials: Environment variables only

Troubleshooting

Common Issues

PostgreSQL Connection Failed

# Check if PostgreSQL is running
docker-compose ps postgres

# Check logs
docker-compose logs postgres

# Restart service
docker-compose restart postgres

Tests Skip Due to Database Unavailable

# Expected behavior when PostgreSQL unavailable
# Tests will show: SKIPPED (PostgreSQL not available for testing)

# To fix: Start PostgreSQL service
docker-compose up -d postgres

Timeout Errors in CI/CD

# Increase timeout in pytest.ini
timeout = 600  # 10 minutes

# Or run specific tests
uv run pytest tests/test_specific.py -v --timeout=300

Performance Issues

Slow Test Execution

# Run tests with duration reporting
uv run pytest tests/ --durations=10

# Identify slow tests and optimize

Database Creation Slowness

  • Normal for first-time database creation
  • Subsequent runs are faster
  • CI/CD caches help with performance

Configuration

Environment Variables

Variable Purpose Default
TEST_BASE_URL PostgreSQL connection for tests postgresql+asyncpg://postgres:password@localhost:5432/
TEST_DB_PREFIX Test database name prefix test_goldenage_
DATABASE_URL Fallback database connection Same as TEST_BASE_URL

pytest.ini Settings

[tool:pytest]
# Test discovery and execution
testpaths = tests
python_files = test_*.py
addopts = --durations=10 --cov-fail-under=80

# Markers for test categorization
markers =
    isolated: Tests requiring isolated database
    integration: Tests requiring live services
    security: Security-focused tests
    performance: Performance benchmarks

Monitoring and Reporting

Coverage Reports

  • Minimum Coverage: 80% required
  • Codecov Integration: Automatic upload
  • Trend Tracking: Coverage changes over time

Security Reports

  • Safety: Known vulnerability scanning
  • Bandit: Security linting
  • Secret Detection: Hardcoded credential finding

Performance Reports

  • Benchmark Results: Performance metrics
  • Regression Detection: Performance changes
  • Trend Analysis: Performance over time

Best Practices

Test Development

  1. Use Isolated Databases: All database tests should use db_session fixture
  2. Clean Up Resources: Don't leave connections open
  3. HIPAA Compliance: Never use real patient data in tests
  4. Proper Markers: Use appropriate pytest markers

CI/CD Optimization

  1. Parallel Execution: Tests run in parallel when possible
  2. Caching: uv dependencies cached for speed
  3. Fail Fast: Stop on first failure for quick feedback
  4. Artifact Retention: Keep reports for 30 days

Security Practices

  1. No Hardcoded Secrets: Use environment variables
  2. Regular Scanning: Automated security checks
  3. Compliance Validation: HIPAA checks in pipeline
  4. Audit Trails: Log all CI/CD activities

Migration from Legacy CI/CD

Current State

  • Legacy ci.yml uses shared database approach
  • New test-isolated.yml uses isolated databases
  • Both pipelines currently active

Migration Plan

  1. Phase 1: Validate isolated testing reliability
  2. Phase 2: Update team workflows to use new pipeline
  3. Phase 3: Deprecate legacy pipeline
  4. Phase 4: Remove legacy configuration

Validation Steps

  1. All tests pass in isolated environment
  2. Performance meets or exceeds legacy pipeline
  3. Team training completed
  4. Documentation updated

Support

Getting Help

  1. Check Logs: GitHub Actions workflow logs
  2. Review Documentation: This guide and test README
  3. Local Testing: Reproduce issues locally
  4. Team Communication: Escalate persistent issues

Resources


Last Updated: 2024-11-23 Version: 1.0 Maintainers: Golden Age Hub Development Team