From 79ae34108a61f1e8431731f0bc3689656d6b104a Mon Sep 17 00:00:00 2001 From: chihlasm Date: Fri, 10 Apr 2026 19:55:10 +0000 Subject: [PATCH] fix: add Alembic migrations step + RLS env vars to CI - Run alembic upgrade head before tests so DB roles and RLS policies exist - Set TEST_DB_NAME=resolutionflow_test so test_rls_isolation.py connects to the correct database (was defaulting to patherly_test which doesn't exist in CI) - Set DB_APP_ROLE_PASSWORD so create_db_roles migration creates resolutionflow_app with a known password that the RLS isolation tests can connect with Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 18bf85ec..37f62d1f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,6 +31,8 @@ jobs: SECRET_KEY: ci-test-secret-key-not-for-production DEBUG: "true" APP_NAME: ResolutionFlow + TEST_DB_NAME: resolutionflow_test + DB_APP_ROLE_PASSWORD: app_secret_ci steps: - uses: actions/checkout@v5 @@ -47,6 +49,9 @@ jobs: - name: Install dependencies run: pip install -r backend/requirements.txt -r backend/requirements-dev.txt + - name: Run Alembic migrations + run: cd backend && alembic upgrade head + - name: Check tenant filter enforcement run: cd backend && python scripts/check_tenant_filters.py # Warn mode only (exits 0). Switch to --fail after Phase 1 backlog clears.