30 lines
1.5 KiB
Markdown
30 lines
1.5 KiB
Markdown
# Testing Practices
|
|
|
|
## Scope
|
|
- Applies to all modules, shared libraries, and tooling in this repository.
|
|
- Covers quality, maintainability, security, reusability, and test readiness.
|
|
|
|
## Required test layers
|
|
- Unit tests for every library and service (happy paths, edge cases, determinism, serialization).
|
|
- Integration tests for cross-component flows (database, messaging, storage, and service contracts).
|
|
- End-to-end tests for user-visible workflows and release-critical flows.
|
|
- Performance tests for scanners, exporters, and release orchestration paths.
|
|
- Security tests for authn/authz, input validation, and dependency risk checks.
|
|
- Offline and airgap validation: all suites must run without network access.
|
|
|
|
## Cadence
|
|
- Per change: unit tests plus relevant integration tests and determinism checks.
|
|
- Nightly: full integration and end-to-end suites per module.
|
|
- Weekly: performance baselines and flakiness triage.
|
|
- Release gate: full test matrix, security verification, and reproducible build checks.
|
|
|
|
## Evidence and reporting
|
|
- Record results in sprint Execution Logs with date, scope, and outcomes.
|
|
- Track flaky tests and block releases until mitigations are documented.
|
|
- Store deterministic fixtures and hashes for any generated artifacts.
|
|
|
|
## Environment expectations
|
|
- Use UTC timestamps, fixed seeds, and CultureInfo.InvariantCulture where relevant.
|
|
- Avoid live network calls; rely on fixtures and local emulators only.
|
|
- Inject time and ID providers (TimeProvider, IGuidGenerator) for testability.
|