feat(ci-cd): add comprehensive pull request workflow with multi-level testing (#3)

* feat(ci-cd): add comprehensive pull request workflow with multi-level testing

Add GitHub Actions workflow for automated testing, code quality checks, and
coverage reporting on pull requests. Includes comprehensive documentation
for workflow structure, security practices, and troubleshooting.

Changes:
- Add .github/workflows/pull-request.yml with lint, unit, component,
  integration, and contract test jobs
- Implement parallel test execution and coverage aggregation
- Add automated PR status comments with test results and coverage
- Pin all GitHub Actions to commit SHAs for security compliance
- Add docs/ci-cd-workflows.md with detailed workflow documentation
- Update .gitignore to exclude coverage-report/ and coverage/ directories
- Update CHANGELOG.md with version 1.7 release notes

Features:
- Multi-level testing pipeline (lint → unit → component → integration/contract)
- Code coverage collection and reporting with ReportGenerator
- Codecov integration with separate flags per test level
- Automated PR status comments
- Security: All actions pinned to commit SHAs with minimal permissions

* Update CHANGELOG.md

Co-authored-by: Copilot <[email protected]>

* Update docs/ci-cd-workflows.md

Co-authored-by: Copilot <[email protected]>

* refactor(ci): remove coverage reporting and simplify pr workflow

- Remove code coverage collection from test jobs
- Remove publish-coverage job and Codecov integration
- Simplify test artifacts to TRX files only
- Update test results directory to ./test-results
- Remove coverage metrics from PR status comment

test(integration): fix SSL certificate handling for WireMock HTTPS

- Configure ServicePointManager to accept self-signed certificates
- Properly reset certificate validation callback in cleanup
- Add SSL certificate handling documentation

docs: add local workflow testing documentation

- Document test-workflow-local.sh script usage
- Add local workflow execution guide
- Update integration test docs with SSL handling details
- Update CHANGELOG with version 1.8 changes

feat(tooling): add local workflow testing script

- Add test-workflow-local.sh to replicate CI/CD pipeline locally
- Execute same test sequence as GitHub Actions workflow
- Output test results to ./coverage directory as TRX files
- Provide faster feedback cycle for development

* fix(tests): TLS confing in CI/CD

---------

Co-authored-by: Copilot <[email protected]>

Author: mackowski

.cursor/commands/commit-changes.md

@@ -4,6 +4,8 @@
 3. Propose cmmmit message following conventional commits and conventional commits guidelines
 4. Wait for my review and approval!
 5. After my review commit the changes
+6. propose nam of the git branch and ask if I want to push changes. Wait for my review and approval!
+7. After my review push to the new branch. Do not create new branch locally. Example command `git push origin HEAD:type/very-short-description`
 
 
 Guidelines for version control using conventional commits:

.github/workflows/pull-request.yml

@@ -0,0 +1,281 @@
+name: Pull Request
+
+# Note: All actions are pinned to full-length commit SHAs for security compliance
+# To verify/update commit SHAs, visit each action's GitHub repository and check the Releases page
+# Example: https://github.com/actions/checkout/releases/tag/v4
+
+on:
+  pull_request:
+    branches:
+      - main
+      - develop
+
+permissions:
+  contents: read
+  packages: read
+  pull-requests: write
+
+env:
+  DOTNET_VERSION: '8.0.x'
+
+jobs:
+  lint:
+    name: Lint Code
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4
+        with:
+          dotnet-version: ${{ env.DOTNET_VERSION }}
+
+      - name: Restore dependencies
+        run: dotnet restore
+
+      - name: Format check
+        run: dotnet format --verify-no-changes --verbosity diagnostic
+
+  unit-tests:
+    name: Unit Tests
+    runs-on: ubuntu-latest
+    needs: lint
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4
+        with:
+          dotnet-version: ${{ env.DOTNET_VERSION }}
+
+      - name: Restore dependencies
+        run: dotnet restore
+
+      - name: Run unit tests
+        run: |
+          dotnet test \
+            --filter "Category=Unit" \
+            --results-directory ./test-results \
+            --logger "trx;LogFileName=unit-tests.trx" \
+            --logger "console;verbosity=detailed"
+
+      - name: Upload unit test results
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+        if: always()
+        with:
+          name: unit-test-results
+          path: ./test-results/**/*.trx
+
+  component-tests:
+    name: Component Tests
+    runs-on: ubuntu-latest
+    needs: lint
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4
+        with:
+          dotnet-version: ${{ env.DOTNET_VERSION }}
+
+      - name: Restore dependencies
+        run: dotnet restore
+
+      - name: Run component tests
+        run: |
+          dotnet test \
+            --filter "Category=Component" \
+            --results-directory ./test-results \
+            --logger "trx;LogFileName=component-tests.trx" \
+            --logger "console;verbosity=detailed"
+
+      - name: Upload component test results
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+        if: always()
+        with:
+          name: component-test-results
+          path: ./test-results/**/*.trx
+
+  integration-tests:
+    name: Integration Tests
+    runs-on: ubuntu-latest
+    needs: [unit-tests, component-tests]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4
+        with:
+          dotnet-version: ${{ env.DOTNET_VERSION }}
+
+      - name: Restore dependencies
+        run: dotnet restore
+
+      - name: Run integration tests
+        run: |
+          dotnet test \
+            --filter "Category=Integration" \
+            --results-directory ./test-results \
+            --logger "trx;LogFileName=integration-tests.trx" \
+            --logger "console;verbosity=detailed"
+
+      - name: Upload integration test results
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+        if: always()
+        with:
+          name: integration-test-results
+          path: ./test-results/**/*.trx
+
+  contract-tests:
+    name: Contract Tests
+    runs-on: ubuntu-latest
+    needs: [unit-tests, component-tests]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4
+        with:
+          dotnet-version: ${{ env.DOTNET_VERSION }}
+
+      - name: Restore dependencies
+        run: dotnet restore
+
+      - name: Run contract tests
+        run: |
+          dotnet test \
+            --filter "Category=Contract" \
+            --results-directory ./test-results \
+            --logger "trx;LogFileName=contract-tests.trx" \
+            --logger "console;verbosity=detailed"
+
+      - name: Upload contract test results
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+        if: always()
+        with:
+          name: contract-test-results
+          path: ./test-results/**/*.trx
+
+  status-comment:
+    name: PR Status Comment
+    runs-on: ubuntu-latest
+    needs: [lint, unit-tests, component-tests, integration-tests, contract-tests]
+    if: always() && github.event_name == 'pull_request'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+
+      - name: Download all test results
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
+        continue-on-error: true
+        with:
+          path: ./test-results
+
+      - name: Parse test results
+        id: test-results
+        run: |
+          set -e
+          
+          # Initialize counters
+          TOTAL_TESTS=0
+          PASSED_TESTS=0
+          FAILED_TESTS=0
+          
+          # Find and parse all TRX files
+          for trx in $(find ./test-results -name "*.trx" 2>/dev/null || true); do
+            if [ -f "$trx" ]; then
+              TOTAL=$(grep -oP '(?<=total=")[0-9]+' "$trx" || echo "0")
+              PASSED=$(grep -oP '(?<=passed=")[0-9]+' "$trx" || echo "0")
+              FAILED=$(grep -oP '(?<=failed=")[0-9]+' "$trx" || echo "0")
+              TOTAL_TESTS=$((TOTAL_TESTS + TOTAL))
+              PASSED_TESTS=$((PASSED_TESTS + PASSED))
+              FAILED_TESTS=$((FAILED_TESTS + FAILED))
+            fi
+          done
+          
+          echo "total=$TOTAL_TESTS" >> $GITHUB_OUTPUT
+          echo "passed=$PASSED_TESTS" >> $GITHUB_OUTPUT
+          echo "failed=$FAILED_TESTS" >> $GITHUB_OUTPUT
+          
+          # Determine overall status
+          if [ "${{ needs.lint.result }}" == "failure" ]; then
+            echo "status=❌ Linting failed" >> $GITHUB_OUTPUT
+          elif [ "${{ needs.unit-tests.result }}" == "failure" ] || \
+               [ "${{ needs.component-tests.result }}" == "failure" ] || \
+               [ "${{ needs.integration-tests.result }}" == "failure" ] || \
+               [ "${{ needs.contract-tests.result }}" == "failure" ]; then
+            echo "status=❌ Tests failed" >> $GITHUB_OUTPUT
+          else
+            echo "status=✅ All checks passed" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create PR comment
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
+        with:
+          script: |
+            const status = '${{ steps.test-results.outputs.status }}';
+            const total = '${{ steps.test-results.outputs.total }}';
+            const passed = '${{ steps.test-results.outputs.passed }}';
+            const failed = '${{ steps.test-results.outputs.failed }}';
+            
+            const lintStatus = '${{ needs.lint.result }}' === 'success' ? '✅' : '❌';
+            const unitStatus = '${{ needs.unit-tests.result }}' === 'success' ? '✅' : '❌';
+            const componentStatus = '${{ needs.component-tests.result }}' === 'success' ? '✅' : '❌';
+            const integrationStatus = '${{ needs.integration-tests.result }}' === 'success' ? '✅' : '❌';
+            const contractStatus = '${{ needs.contract-tests.result }}' === 'success' ? '✅' : '❌';
+            
+            const body = `## 🔍 Pull Request CI Status
+            
+            ${status}
+            
+            ### Test Results Summary
+            - **Total Tests:** ${total}
+            - **Passed:** ${passed}
+            - **Failed:** ${failed}
+            
+            ### Job Status
+            | Job | Status |
+            |-----|--------|
+            | Linting | ${lintStatus} |
+            | Unit Tests | ${unitStatus} |
+            | Component Tests | ${componentStatus} |
+            | Integration Tests | ${integrationStatus} |
+            | Contract Tests | ${contractStatus} |
+            
+            ---
+            *This comment is automatically updated on each workflow run.*
+            `;
+            
+            // Find existing comment
+            const comments = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+            });
+            
+            const botComment = comments.data.find(comment => 
+              comment.user.type === 'Bot' && 
+              comment.body.includes('Pull Request CI Status')
+            );
+            
+            if (botComment) {
+              await github.rest.issues.updateComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: botComment.id,
+                body: body,
+              });
+            } else {
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                body: body,
+              });
+            }
+

.gitignore

@@ -7,4 +7,6 @@
 appsettings.Development.json
 **/Properties/launchSettings.json
 
-TestResults/
+TestResults/
+coverage-report/
+coverage/

10xGitHubPolicies.App/Services/GitHub/GitHubClientFactory.cs

@@ -1,3 +1,5 @@
+using System.Net.Http;
+
 using Octokit;
 using Octokit.Internal;
 
@@ -10,14 +12,17 @@ namespace _10xGitHubPolicies.App.Services.GitHub;
 public class GitHubClientFactory : IGitHubClientFactory
 {
     private readonly string? _baseUrl;
+    private readonly HttpClientHandler? _httpClientHandler;
 
     /// <summary>
     /// Initializes a new instance of the GitHubClientFactory.
     /// </summary>
     /// <param name="baseUrl">Optional custom base URL for GitHub API. If null, uses default GitHub API URL.</param>
-    public GitHubClientFactory(string? baseUrl = null)
+    /// <param name="httpClientHandler">Optional HttpClientHandler for custom HTTP configuration (e.g., for test environments with self-signed certificates).</param>
+    public GitHubClientFactory(string? baseUrl = null, HttpClientHandler? httpClientHandler = null)
     {
         _baseUrl = baseUrl;
+        _httpClientHandler = httpClientHandler;
     }
 
     /// <inheritdoc />
@@ -27,6 +32,18 @@ public GitHubClient CreateClient(string token)
         var credentials = new Credentials(token);
         var credentialStore = new InMemoryCredentialStore(credentials);
 
+        if (_httpClientHandler != null)
+        {
+            // For custom base URLs (test scenarios), Connection should add /api/v3 automatically for Enterprise mode
+            // However, with custom HttpClientAdapter, Connection may not detect Enterprise mode correctly
+            // So we need to ensure the base URL format triggers Enterprise mode detection
+            var baseUri = _baseUrl != null ? new Uri(_baseUrl) : GitHubClient.GitHubApiUrl;
+            var httpClientAdapter = new HttpClientAdapter(() => _httpClientHandler);
+            var connection = new Connection(productHeader, baseUri, credentialStore, httpClientAdapter, new SimpleJsonSerializer());
+
+            return new GitHubClient(connection);
+        }
+
         if (_baseUrl != null)
         {
             return new GitHubClient(productHeader, credentialStore, new Uri(_baseUrl));
@@ -42,6 +59,18 @@ public GitHubClient CreateAppClient(string jwt)
         var credentials = new Credentials(jwt, AuthenticationType.Bearer);
         var credentialStore = new InMemoryCredentialStore(credentials);
 
+        if (_httpClientHandler != null)
+        {
+            // For custom base URLs (test scenarios), Connection should add /api/v3 automatically for Enterprise mode
+            // However, with custom HttpClientAdapter, Connection may not detect Enterprise mode correctly
+            // So we need to ensure the base URL format triggers Enterprise mode detection
+            var baseUri = _baseUrl != null ? new Uri(_baseUrl) : GitHubClient.GitHubApiUrl;
+            var httpClientAdapter = new HttpClientAdapter(() => _httpClientHandler);
+            var connection = new Connection(productHeader, baseUri, credentialStore, httpClientAdapter, new SimpleJsonSerializer());
+
+            return new GitHubClient(connection);
+        }
+
         if (_baseUrl != null)
         {
             return new GitHubClient(productHeader, credentialStore, new Uri(_baseUrl));

10xGitHubPolicies.Tests.Integration/Fixtures/GitHubApiFixture.cs

@@ -1,15 +1,25 @@
 using WireMock.Server;
 using WireMock.Settings;
+using System.Net.Http;
 
 namespace _10xGitHubPolicies.Tests.Integration.Fixtures;
 
 public class GitHubApiFixture : IAsyncLifetime
 {
     public WireMockServer MockServer { get; private set; } = null!;
     public string BaseUrl => MockServer.Url!;
+    public HttpClientHandler HttpClientHandler { get; private set; } = null!;
 
     public async Task InitializeAsync()
     {
+        // Create HttpClientHandler that accepts self-signed certificates
+        // This is the .NET Core/.NET 5+ way to handle certificate validation for test scenarios
+        // ServicePointManager is legacy and doesn't work reliably with HttpClient in .NET Core
+        HttpClientHandler = new HttpClientHandler
+        {
+            ServerCertificateCustomValidationCallback = (message, cert, chain, sslPolicyErrors) => true
+        };
+
         MockServer = WireMockServer.Start(new WireMockServerSettings
         {
             UseSSL = true,
@@ -20,6 +30,7 @@ public async Task InitializeAsync()
 
     public async Task DisposeAsync()
     {
+        HttpClientHandler?.Dispose();
         MockServer?.Stop();
         MockServer?.Dispose();
         await Task.CompletedTask;