Skip to content

ci(sight): add unit test coverage gate for agentsight#840

Open
jfeng18 wants to merge 3 commits into
alibaba:mainfrom
jfeng18:ci/agentsight-coverage-gate
Open

ci(sight): add unit test coverage gate for agentsight#840
jfeng18 wants to merge 3 commits into
alibaba:mainfrom
jfeng18:ci/agentsight-coverage-gate

Conversation

@jfeng18

@jfeng18 jfeng18 commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Summary

Closes #836

  • Add cargo-llvm-cov coverage measurement to the test-agentsight CI job
  • Enforce 80% incremental coverage on PRs via diff-cover (new/changed lines must have ≥ 80% test coverage)
  • Coverage summary visible in GitHub Step Summary; Cobertura XML downloadable from Artifacts
  • BPF probe code (src/probes/) and generated files (.skel.rs, bindgen output) excluded from coverage measurement
  • Add Makefile targets (test, test-coverage, coverage) for local development
  • Document CI quality gates and local reproduction steps in DEVELOPMENT.md

Design decisions

Incremental gate (not overall threshold): Current overall coverage is ~48%. A hard 80% overall gate would block all CI runs. The incremental gate ensures all new code meets 80%, and overall coverage ratchets up organically as new code is added with tests.

No fmt/clippy gates in this PR: The codebase has pre-existing fmt (1107 diffs) and clippy (43 errors) issues. Adding those gates requires separate cleanup PRs to avoid scope explosion. This PR focuses solely on coverage measurement.

cargo-llvm-cov over tarpaulin: cargo-llvm-cov uses LLVM source-based instrumentation (no ptrace), avoiding conflicts with libbpf-rs BPF syscalls. Already used by agent-sec-core in the same CI file.

Acceptance criteria checklist

  • CI pipeline includes a coverage check step for agentsight
  • Build fails when new/changed code coverage < 80%
  • Coverage report is visible in CI results (Step Summary + Artifact)
  • Threshold is configurable (THRESHOLD=80 variable in CI step)
  • Documentation updated (DEVELOPMENT.md)

Verification

  • cargo-llvm-cov --cobertura tested locally — produces valid Cobertura XML (47.6%, 12233/25683 lines)
  • diff-cover tested locally — correctly consumes the XML, grep parsing verified
  • Step Summary grep logic tested against real output
  • YAML validates via yaml.safe_load()
  • 5-scenario end-to-end simulation reviewed (normal PR, no-test PR, probe-only PR, non-agentsight PR, push to main)
  • 3 rounds of ultracode adversarial review (9 reviewers total)
  • Zero source code changes (3 files: ci.yaml, Makefile, DEVELOPMENT.md)

Test plan

  • This PR's CI should pass trivially (no .rs files changed → diff-cover sees 0 new lines)
  • After merge, verify on next agentsight PR that coverage summary appears in Step Summary
  • After merge, verify incremental gate blocks a PR with uncovered new code

🤖 Generated with Claude Code

@jfeng18 @claude
ci(sight): add unit test coverage gate for agentsight
bf012a4 
Add cargo-llvm-cov coverage measurement and diff-cover incremental
gate (80% on new/changed lines) to the test-agentsight CI job.

- Replace bare `cargo test` with `cargo llvm-cov --cobertura`
- Exclude BPF probes and generated code from coverage measurement
- Upload Cobertura XML as CI artifact (30 days)
- Show coverage summary in GitHub Step Summary
- Enforce 80% incremental coverage on PRs via diff-cover
- Show uncovered files in collapsible details on gate failure
- Add Makefile targets: test, test-coverage, coverage
- Document CI quality gates and local reproduction in DEVELOPMENT.md

Closes alibaba#836

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@github-actions github-actions Bot added component:sight src/agentsight/ scope:ci ./.github/ scope:documentation ./docs/|./*.md|./NOTICE labels Jun 11, 2026
jfeng18 and others added 2 commits June 11, 2026 11:41
@jfeng18 @claude
fix(ci): restore rustfmt component for BPF skeleton build
4fdcce2 
libbpf-cargo SkeletonBuilder requires rustfmt to format generated
.skel.rs files. The previous commit removed it from components,
causing build.rs to fail with "rustfmt is not installed".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@jfeng18 @claude
fix(ci): use Python XML parser for coverage summary
198026a 
Replace grep -oP + bc with Python xml.etree for parsing the
Cobertura coverage report. More robust across runner environments.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@casparant casparant Awaiting requested review from casparant casparant is a code owner

@kongche-jbw kongche-jbw Awaiting requested review from kongche-jbw kongche-jbw is a code owner

@chengshuyi chengshuyi Awaiting requested review from chengshuyi chengshuyi is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

component:sight src/agentsight/ scope:ci ./.github/ scope:documentation ./docs/|./*.md|./NOTICE

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[CI] Add CI gate for agentsight: require unit test coverage >= 80%

1 participant

@jfeng18