Quality Assurance#
This page describes the quality assurance measures enforced in the CI/CD pipeline. For instructions on running these checks locally, see Developer Workflow.
Overview#
Every merge request goes through the following QA jobs:
Job |
What it enforces |
|---|---|
|
Python static analysis (score ≥ 5.0) |
|
Ruff lint/format, mypy, YAML/JSON |
|
Dockerfile best practices |
|
Security-focused k8s manifest lint |
|
Kubernetes manifest schema validation |
|
Kubernetes best practice scoring |
|
Python unit tests + coverage |
|
JavaScript unit tests + coverage |
|
Playwright E2E on k8s cluster |
|
Quality gate, coverage, security |
Linting & formatting#
Python code is checked with Ruff (linting and formatting) and mypy
(type checking). These are run via prek pre-commit hook manager.
Configuration is in .pre-commit-config.yaml and pyproject.toml.
Unit tests#
Python:
pytestwith async support. Test files are inapi/tests/andauth_service/tests/.Frontend: Jest (via CRA/Craco). Tests live alongside components are in
js/src/.
In both cases coverage reports are generated and uploaded to SonarQube for further analysis.
E2E integration tests#
Playwright tests run against a full deployment on a kind cluster, verifying critical user flows end-to-end.
SonarQube analysis#
The SonarQube scanner analyses the full codebase (Python + JavaScript) after all tests have run. It checks:
Code coverage (Python and JavaScript)
Reliability and maintainability issues: code smells, bugs and vulnerabilities
Security hotspots
A quality gate must pass before the MR can be merged