Add Python import validation to CI pipeline #158
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add GitHub Actions workflow for PR testing - Create tests/check_imports.py to validate all Python files can be imported - Tests all files in server/gti, server/scc, server/secops, server/secops-soar - Catches import errors like "from typing import str" that break production - Pragmatic approach that tests actual runtime imports - Will fail CI with exit code 1 on any import errors
setup.py files execute setuptools commands when imported, causing false positive failures in CI. These files don't need import testing as they're not imported during normal runtime.
- Fix models.py: remove invalid 'str' import from typing - Use double quotes consistently throughout check_imports.py - Exclude problematic file types from import testing: - setup.py files (execute setuptools commands when imported) - test directories and conftest.py (test fixtures) - example.py files (standalone examples) - __init__.py files (some have special import logic) - tools/ subdirectories (use relative imports) These exclusions prevent false positives while still catching real import errors in the main codebase.
- Special handling for tools/ directories: import as modules not files - This allows relative imports (from .. import utils) to work correctly - Tests 323 Python files including all tools directories - Still catches import errors like 'from typing import str' - More comprehensive coverage of the codebase
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
from typing import strContext
A production incident occurred when
from typing import str(an invalid import) made it through to deployment. Standard tools likepython -m compileallonly catch syntax errors, not import errors. This PR implements a practical solution to catch these errors in CI.Implementation
.github/workflows/pr-tests.yml: GitHub Actions workflow that runs on all PRstests/check_imports.py: Script that attempts to import every Python file to catch runtime import errorsCaveats & Trade-offs
This is an expedient solution with known limitations:
Known Issues
.pyfile in isolation, including setup.py and test filesWhy This Approach
from typing import str)compilealldoesn't catch import errorsmypywould require type hints throughout legacy coderuff,flake8) don't catch invalid typing importsFuture Improvements
Consider these enhancements in follow-up PRs:
mypyonce legacy code is cleaned upTest Plan
from typing import strerrorThis is a pragmatic, immediate fix to prevent critical import errors from reaching production. While not perfect, it solves the immediate problem and can be refined over time.