Improve CI code checks (URL path, Python syntax, linting, tests)

[adamoutler]

Summary:

• Add/standardize a set of CI checks in code_checks.yml to catch common issues earlier:
  • New check-url-paths job to prevent incorrect absolute /php/ calls in frontend code (should be php/ or ./php/).
  • Python syntax check (py_compile) added as its own step to fail early on invalid .py files.
  • Lint job updated/standardized:
    • Installs and runs shellcheck, flake8, php -l, and hadolint
    • Sets continue-on-error: true for non-blocking lint steps so we can iterate and fix warnings without breaking other CI checks immediately.
  • Test job updated to install test deps and run pytest with the -m "not (docker or compose or feature_complete)" marker exclusion.

What changed and why:

• check-url-paths: Prevents future regressions caused by absolute frontend URLs like '/php/' that will break in some environments when the site is served from a sub-path. Checks for instances used with AJAX/fetch calls and fails fast.
• Python syntax check: Adds a fast safety net that compiles all .py files to catch syntax errors early during CI rather than later in runs or on the backend startup.
• Lint job: Consolidates all linting steps (shell, Python, PHP, Docker) into the workflow so contributors get consistent feedback. Shell and PHP checks are non-blocking to avoid noisy PR failures for legacy code, while flake8 uses targeted rules to catch critical errors and complexity violations.
• Tests: Ensures unit tests run in CI without running slow or docker-based integration tests (via the pytest marker exclusion).

These checks exclude certain items lsuch as line length and certain artistic expressions such as code spacing which can be more readable when left as-is.

Summary by CodeRabbit

• Chores
  • Enhanced continuous integration: added automated linting and unit testing to improve code quality and reliability.
  • New checks cover shell scripts, Python code, PHP syntax, and container configuration, and run unit tests while excluding long-running integration suites.

[coderabbitai]

Walkthrough

Adds two CI jobs to the existing GitHub Actions workflow: a lint job that runs multi-language linters and checks, and a test job that installs Python dependencies and runs pytest (excluding specific test suites).

Changes

Cohort / File(s)	Summary
CI Workflow Job Additions \.github/workflows/code_checks.yml	Adds lint job (checkout, setup Python 3.11, install flake8/hadolint/shellcheck/PHP, run ShellCheck, Flake8 passes, PHP syntax check, hadolint with continue-on-error). Adds test job (checkout, setup Python 3.11, install requirements + pytest/pyyaml, run pytest excluding docker/compose/feature_complete tests).

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant GH as GitHub Actions
  participant Runner as Runner
  participant Lint as Lint job
  participant Test as Test job
  participant Other as Existing checks

  GH->>Runner: trigger code_checks workflow
  par Parallel jobs
    Runner->>Other: run existing checks (check-url-paths, python-syntax)
    Runner->>Lint: run lint steps
    Runner->>Test: run test steps
  end
  Lint-->>Runner: report lint results
  Test-->>Runner: report test results
  Other-->>Runner: report results
  Runner-->>GH: aggregate job statuses

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Single-file configuration change adding two cohesive jobs.
• Review focus:
  • .github/workflows/code_checks.yml — verify job steps, versions, and exclusion patterns for pytest.
  • Flake8/hadolint/ShellCheck invocation details and continue-on-error usage.

Poem

🐇 I hopped into CI with a cheerful tune,

linted the shells beneath the moon.
Tests took a leap, then twitched their nose,
green lights gleamed where the workflow goes.
— a rabbit's nod to cleaner rows 🥕

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: adding CI code checks for linting and tests alongside existing URL path and Python syntax checks.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

.github/workflows/code_checks.yml (2)

58-59: Hadolint download via /latest/ endpoint is fragile.

Using /latest/download/ can break if the release structure or naming convention changes. Consider either:

1. Pinning to a specific version (e.g., v2.12.0) for reproducibility
2. Using apt-get install hadolint if available in the default repos
3. Using a dedicated Dockerfile linting GitHub Action

If pinning a version, apply this diff:

-          wget -O /tmp/hadolint https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64
+          wget -O /tmp/hadolint https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64

Alternatively, simplify to use the system package (if available):

-          wget -O /tmp/hadolint https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64
-          chmod +x /tmp/hadolint
+          apt-get install -y hadolint

---

83-86: Remove redundant fallback operator with Docker lint.

The step already has continue-on-error: true, so the || true at the end of line 86 is redundant and may mask real hadolint failures. Simplify to let hadolint output speak for itself.

       - name: Docker lint
         continue-on-error: true
         run: |
           echo "🔍 Linting Dockerfiles..."
-          /tmp/hadolint Dockerfile* || true
+          find . -name "Dockerfile*" -exec /tmp/hadolint {} \;

Using find is more explicit and handles the edge case where no Dockerfiles exist without swallowing errors.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dbd1bda and 2309b8e.

📒 Files selected for processing (1)

• .github/workflows/code_checks.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.8)

.github/workflows/code_checks.yml

49-49: the runner of "actions/setup-python@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

95-95: the runner of "actions/setup-python@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: docker_dev

🔇 Additional comments (3)

.github/workflows/code_checks.yml (3)

100-102: Verify requirements.txt exists before installing.

The test job assumes requirements.txt exists at the repo root. If it's missing, pip install -r requirements.txt will fail. Consider adding a guard or error handling to clarify the expectation.

Please confirm that requirements.txt is always present in the repository root. If it's optional or may not exist in all branches, apply defensive error handling:

         run: |
-          pip install -r requirements.txt
+          if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
           pip install pytest

Alternatively, if it's required, add a comment documenting that expectation.

---

69-74: Python linting strategy is sound.

Running flake8 in two passes (specific errors first, then complexity/warnings) is a solid approach. The targeted error codes (E9, F63, F7, F82) catch correctness issues early, and the second pass enforces complexity constraints. This aligns well with the PR goal to catch critical errors without blocking on style warnings.

---

63-67: Shell linting integration looks good.

The shellcheck step correctly discovers all .sh files and enforces shell script best practices. Combined with continue-on-error: true, it allows the workflow to capture warnings without blocking CI during iterative development.

[adamoutler]

Worked on my setup. Need time to re-evaluate in this env. Looks like it needs a python path. Will push tomorrow sometime.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.github/workflows/code_checks.yml (2)

82-87: Remove redundant || true in Docker lint step.

Line 86 has || true after the first hadolint command, but the entire step already has continue-on-error: true. The || true is redundant and adds unnecessary noise.

       - name: Docker lint
         continue-on-error: true
         run: |
           echo "🔍 Linting Dockerfiles..."
-          /tmp/hadolint Dockerfile* || true
+          /tmp/hadolint Dockerfile* 
           find . -name "Dockerfile*" -exec /tmp/hadolint {} \;

---

58-61: ---

Consider adding checksum verification to the hadolint download for supply-chain security.

The hadolint binary is downloaded from GitHub releases (line 58) without integrity verification. Since hadolint is not available in Ubuntu's official package repositories, the binary download is the standard installation method. Adding checksum verification would strengthen supply-chain security without requiring a package manager alternative.

If desired, verify the binary against checksums published alongside the hadolint release on GitHub.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2309b8e and d8f684c.

📒 Files selected for processing (1)

• .github/workflows/code_checks.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: docker_dev

🔇 Additional comments (1)

.github/workflows/code_checks.yml (1)

42-110: All verification checks passed — code is properly configured.

The pytest markers (docker, compose, feature_complete) are actively used throughout the test suite and will be correctly excluded by the workflow. The ./server directory exists, requirements.txt is present, and the PYTHONPATH export is valid. The workflow structure, two-stage flake8 approach, and continue-on-error: true flags are sound.

[adamoutler]

This PR is ready. The detected test failures are legitimate. These tests are failing because they are actually failing. #1291 fixes the tests.