Add unit tests for uploadPayload

[redsun82]

Risk assessment

• Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

None, these are only tests.

How did/will you validate this change?

• Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

• Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

• CI

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Consider adding a changelog entry for this change.
• Confirm the readme and docs have been updated if necessary.

[Copilot]

Pull Request Overview

This PR adds comprehensive unit tests for the uploadSpecifiedFiles function in the upload library. The tests cover various scenarios including single and multiple SARIF file uploads, category mapping for code quality analysis, SARIF dumping functionality, and different upload modes.

Key Changes:

• Added 7 new test cases covering different upload scenarios
• Created helper functions setupUploadEnvironment and stubUploadDependencies to reduce test code duplication
• Enhanced the createMockSarif helper to support optional automation details for better test flexibility

[mbg]

I appreciate the follow-up to #3180 to add tests. I started having a look, but stopped after the first couple of test cases:

• In #3180, the main change was to uploadPayload, and I was expecting tests to focus around the behaviour of uploadPayload. While it's not currently exported, we have numerous examples of functions that are exported for testing purposes only.
• Tests for uploadSpecifiedFiles would of course be welcome, but they would need to focus on the behaviour of uploadSpecifiedFiles itself, not primarily on the behaviour of uploadPayload.
• The setupUploadEnvironment function is largely superfluous; setupTests already does this.
• The tests would probably benefit from using a macro to set up what is needed for testing uploadSpecifiedFiles, rather than duplicating large chunks of setup code across every test case.
• A lot of the comments are nonsensical (and show a lack of understanding of what's going on) or superfluous

[redsun82]

I probably let copilot a tad too loose on this 😅

[redsun82]

@mbg I've decicided to ditch all that copilot had done and (for the moment) only add uploadPayload tests like you suggested. Now that function should be completely covered (though I chose not to test the different core.warnings logic, as that is logging only and not functional).

[mbg]

Generally this is a big improvement, thank you! There are a couple of points where the implementation of the tests here differs from established patterns for tests elsewhere in the codebase, so it might be good to consider whether it's worth having those differences or we can align it more with the established patterns. That said, there's nothing inherently wrong here, so I'd be happy to approve this if we think it makes sense to keep these tests as they are now.

[mbg]

Minor: I was going to comment that it would probably make sense to include the analysis name in the test names, but I then saw that this already happens via the macro. I have no strong feelings on which is better. In other test files where we have top-level for-loops, we splice the variables into the title provided to test, so it might be good for consistency to do that here as well, but I can see how doing it in the macro is less repetitive.

[mbg]

Minor: maybe a better title would be

Suggested change

	test("handles error", uploadPayloadMacro, {
	test("wraps request errors using `wrapApiConfigurationError`", uploadPayloadMacro, {

[mbg]

I don't think we have this pattern with a continuation (here: body) for the macro to call elsewhere, but I can see why it could be useful. Were there any particular reasons why you chose to do it this way over the established pattern of having inputs/input modifiers and an expected result? (All tests but the last are expected to return a string so you could have a expectedId parameter, and you could just not use the macro for the test where you expect failure.)

[redsun82]

fundamentally I wanted to have the setup that the macro does in common for all the tests. I had a version of this where all the test behaviour was being driven by flags in options (courtesy of copilot), but then the macro code was a mess of conditionals and the tests weren't as clear. The upload skipping tests too do some different checking that I find would be a tad bad to shove in the macro code.

[redsun82]

Also, maybe that could be covered better by a setup function, rather than a macro?

[redsun82]

maybe, considering the test macro is not doing any checks after calling body

[redsun82]

yeah, I like that better 🙂

[mbg]

Did you have any particular reason for having this options object rather than having analysis and body be parameters of exec?

[redsun82]

initially I had more flags that profited from being named explicitly, but I agree that at this stage it's not really needed