sln build fix (again), tests fixes, audit work and doctors work
This commit is contained in:
master
29
docs/code-of-conduct/TESTING_PRACTICES.md
Normal file
29
docs/code-of-conduct/TESTING_PRACTICES.md
Normal file
@@ -0,0 +1,29 @@
|
||||
# Testing Practices
|
||||
|
||||
## Scope
|
||||
- Applies to all modules, shared libraries, and tooling in this repository.
|
||||
- Covers quality, maintainability, security, reusability, and test readiness.
|
||||
|
||||
## Required test layers
|
||||
- Unit tests for every library and service (happy paths, edge cases, determinism, serialization).
|
||||
- Integration tests for cross-component flows (database, messaging, storage, and service contracts).
|
||||
- End-to-end tests for user-visible workflows and release-critical flows.
|
||||
- Performance tests for scanners, exporters, and release orchestration paths.
|
||||
- Security tests for authn/authz, input validation, and dependency risk checks.
|
||||
- Offline and airgap validation: all suites must run without network access.
|
||||
|
||||
## Cadence
|
||||
- Per change: unit tests plus relevant integration tests and determinism checks.
|
||||
- Nightly: full integration and end-to-end suites per module.
|
||||
- Weekly: performance baselines and flakiness triage.
|
||||
- Release gate: full test matrix, security verification, and reproducible build checks.
|
||||
|
||||
## Evidence and reporting
|
||||
- Record results in sprint Execution Logs with date, scope, and outcomes.
|
||||
- Track flaky tests and block releases until mitigations are documented.
|
||||
- Store deterministic fixtures and hashes for any generated artifacts.
|
||||
|
||||
## Environment expectations
|
||||
- Use UTC timestamps, fixed seeds, and CultureInfo.InvariantCulture where relevant.
|
||||
- Avoid live network calls; rely on fixtures and local emulators only.
|
||||
- Inject time and ID providers (TimeProvider, IGuidGenerator) for testability.
|
||||
Reference in New Issue
Block a user