CI/CD Guide for Golden Age Hub¶
Overview¶
This guide explains the CI/CD pipeline setup for the Golden Age Hub healthcare platform, focusing on isolated PostgreSQL testing for HIPAA compliance and security.
Architecture¶
Primary CI/CD Pipeline: test-isolated.yml¶
Purpose: Isolated PostgreSQL testing with HIPAA compliance measures Triggers: Push to main/dev, pull requests, manual dispatch Environment: GitHub Actions with PostgreSQL service containers
Legacy Pipeline: ci.yml¶
Purpose: Existing comprehensive testing with shared database Status: Maintained for backward compatibility Future: Will be phased out after isolated testing validation
Pipeline Jobs¶
1. Isolated Database Tests¶
Features: - PostgreSQL 15 service container - Unique database per test session - Automatic database cleanup - HIPAA compliance validation - Coverage reporting (minimum 80%)
Environment Variables:
TEST_BASE_URL: postgresql+asyncpg://test_user:test_password@localhost:5432/
DATABASE_URL: postgresql+asyncpg://test_user:test_password@localhost:5432/postgres
2. Security & Compliance¶
Features: - Safety vulnerability scanning - Bandit security linting - HIPAA compliance validation - Secret detection - Patient data pattern checking
Compliance Checks: - No real patient data in code - No hardcoded credentials - Security vulnerability assessment - Audit trail generation
3. Performance Benchmarks¶
Features: - Database performance testing - Load testing simulation - Benchmark result collection - Performance regression detection
Trigger: Only on main branch pushes
Local Development Setup¶
Prerequisites¶
- Docker Compose (for local development)
- Python 3.10+
- uv dependency manager
Running Tests Locally¶
Option 1: Docker Compose (Recommended)¶
# Start services
docker-compose up -d postgres
# Run tests with isolated databases
cd backend
uv run pytest tests/ -v
# Stop services
docker-compose down
Option 2: Local PostgreSQL¶
# Set up local PostgreSQL
export TEST_BASE_URL="postgresql+asyncpg://user:pass@localhost:5432/"
# Run tests
cd backend
uv run pytest tests/ -v
Option 3: Skip Database Tests¶
# If PostgreSQL unavailable, tests will skip automatically
cd backend
uv run pytest tests/ -v
# Database tests will be SKIPPED
Test Database Strategy¶
Isolation Approach¶
Each test session creates a unique database:
test_goldenage_a1b2c3d4 # Test session 1
test_goldenage_b2c3d4e5 # Test session 2
test_goldenage_c3d4e5f6 # Test session 3
Lifecycle Management¶
- Creation: Unique database name generated per test session
- Setup: Schema creation and sample data insertion
- Testing: Tests run with isolated database
- Cleanup: Database automatically dropped after tests
Benefits¶
- No Test Interference: Tests can't affect each other
- Parallel Execution: Multiple test sessions can run simultaneously
- HIPAA Compliance: No persistent test data
- Reliability: Fresh database for each test run
HIPAA Compliance Measures¶
Data Protection¶
- Synthetic Data Only: No real patient information in tests
- Automatic Cleanup: Test databases destroyed after use
- Audit Logging: All CI/CD runs logged and tracked
Security Validation¶
# Automated checks in CI/CD
- Patient data pattern detection
- Hardcoded credential scanning
- Vulnerability assessment
- Secret detection
Environment Isolation¶
- Service Containers: Isolated PostgreSQL per test run
- No Data Persistence: Test data never saved permanently
- Secure Credentials: Environment variables only
Troubleshooting¶
Common Issues¶
PostgreSQL Connection Failed¶
# Check if PostgreSQL is running
docker-compose ps postgres
# Check logs
docker-compose logs postgres
# Restart service
docker-compose restart postgres
Tests Skip Due to Database Unavailable¶
# Expected behavior when PostgreSQL unavailable
# Tests will show: SKIPPED (PostgreSQL not available for testing)
# To fix: Start PostgreSQL service
docker-compose up -d postgres
Timeout Errors in CI/CD¶
# Increase timeout in pytest.ini
timeout = 600 # 10 minutes
# Or run specific tests
uv run pytest tests/test_specific.py -v --timeout=300
Performance Issues¶
Slow Test Execution¶
# Run tests with duration reporting
uv run pytest tests/ --durations=10
# Identify slow tests and optimize
Database Creation Slowness¶
- Normal for first-time database creation
- Subsequent runs are faster
- CI/CD caches help with performance
Configuration¶
Environment Variables¶
| Variable | Purpose | Default |
|---|---|---|
TEST_BASE_URL |
PostgreSQL connection for tests | postgresql+asyncpg://postgres:password@localhost:5432/ |
TEST_DB_PREFIX |
Test database name prefix | test_goldenage_ |
DATABASE_URL |
Fallback database connection | Same as TEST_BASE_URL |
pytest.ini Settings¶
[tool:pytest]
# Test discovery and execution
testpaths = tests
python_files = test_*.py
addopts = --durations=10 --cov-fail-under=80
# Markers for test categorization
markers =
isolated: Tests requiring isolated database
integration: Tests requiring live services
security: Security-focused tests
performance: Performance benchmarks
Monitoring and Reporting¶
Coverage Reports¶
- Minimum Coverage: 80% required
- Codecov Integration: Automatic upload
- Trend Tracking: Coverage changes over time
Security Reports¶
- Safety: Known vulnerability scanning
- Bandit: Security linting
- Secret Detection: Hardcoded credential finding
Performance Reports¶
- Benchmark Results: Performance metrics
- Regression Detection: Performance changes
- Trend Analysis: Performance over time
Best Practices¶
Test Development¶
- Use Isolated Databases: All database tests should use
db_sessionfixture - Clean Up Resources: Don't leave connections open
- HIPAA Compliance: Never use real patient data in tests
- Proper Markers: Use appropriate pytest markers
CI/CD Optimization¶
- Parallel Execution: Tests run in parallel when possible
- Caching: uv dependencies cached for speed
- Fail Fast: Stop on first failure for quick feedback
- Artifact Retention: Keep reports for 30 days
Security Practices¶
- No Hardcoded Secrets: Use environment variables
- Regular Scanning: Automated security checks
- Compliance Validation: HIPAA checks in pipeline
- Audit Trails: Log all CI/CD activities
Migration from Legacy CI/CD¶
Current State¶
- Legacy
ci.ymluses shared database approach - New
test-isolated.ymluses isolated databases - Both pipelines currently active
Migration Plan¶
- Phase 1: Validate isolated testing reliability
- Phase 2: Update team workflows to use new pipeline
- Phase 3: Deprecate legacy pipeline
- Phase 4: Remove legacy configuration
Validation Steps¶
- All tests pass in isolated environment
- Performance meets or exceeds legacy pipeline
- Team training completed
- Documentation updated
Support¶
Getting Help¶
- Check Logs: GitHub Actions workflow logs
- Review Documentation: This guide and test README
- Local Testing: Reproduce issues locally
- Team Communication: Escalate persistent issues
Resources¶
- GitHub Actions Documentation
- pytest Documentation
- PostgreSQL Documentation
- HIPAA Compliance Guidelines
Last Updated: 2024-11-23 Version: 1.0 Maintainers: Golden Age Hub Development Team