Comprehensive sociable unit tests for all SDK operations #8
Description
Problem
Several SDK modules lack unit tests entirely, and existing tests may not follow the sociable testing pattern consistently. Tests should exercise real code paths, stubbing only at the network I/O boundary (subprocess calls to gcloud, gh CLI, and google-auth library calls).
Current coverage
| SDK module | Test file | Tests | Notes |
|---|---|---|---|
| manifest | test_manifest | 21 | Good coverage including new env var support |
| users | test_users | 18 | |
| deploy | test_deploy | 11 | Updated for env vars and data_bucket |
| tokens | test_tokens | 8 | |
| setup | test_setup | 6 | |
| context | test_context | 6 | |
| config | test_config | 5 | |
| init | test_init | 5 | |
| solutions | test_solutions | 4 | |
| status | test_status | 3 | |
| secrets | NONE | 0 | Needs full coverage: set, list, add, remove, generate |
| ci | NONE | 0 | Needs coverage: ci_init, ci_setup, ci_trigger, ci_status |
| deployments | NONE | 0 | Needs coverage: deployments_list |
| mcp_status | NONE | 0 | Needs coverage: mcp health, tool enumeration |
| self_install | NONE | 0 | Needs coverage: dependency install logic |
Testing approach
Sociable unit tests — exercise real code paths with minimal stubbing:
- Real file I/O to temp dirs (pytest
tmp_path). Real JSON/YAML parsing. Real config resolution. - Env var isolation — tests set the same env vars the SDK reads in production (XDG overrides, etc.) to temp directories. This proves the env var contract works AND provides isolation.
- Stub at the network boundary only — mock the specific SDK function that calls
gcloudorgh(notsubprocess.runglobally). For example, ifsecrets.pyhas_check_secret_status()that runsgcloud secrets describe --format=json, mock_check_secret_statusto return the expected JSON dict. The calling function's logic runs for real. - Do NOT stub local-only subprocess calls (
git init,git commit, file operations). - Do NOT stub YAML/JSON loading, path resolution, manifest parsing, or any pure logic.
Key areas to cover
These are initial priorities but the scope is comprehensive — all SDK operations should have tests:
secrets module (highest priority — no tests exist)
set_secret— writes to Secret Manager (stub gcloud), validates secret is declaredlist_secrets— reads gapp.yaml + checks Secret Manager status (stub gcloud)add_secret/remove_secret— modifies gapp.yaml (real file I/O to tmp_path)- New
generate: trueflow — auto-creates secret during deploy if missing
env var support (new feature)
get_env_varswith new list format and legacy dict formatresolve_env_varswith{{VARIABLE}}substitution_build_tfvarswith env_vars parameter (partially covered, expand)- Secret-backed env vars mapped to Secret Manager names
deploy module
_secret_existsand_create_and_set_secret(stub gcloud)- Auto-generate secrets flow during deploy
_build_and_push(stub gcloud builds submit)_stage_and_applyend-to-end with stubbed terraform and gcloud
ci module
ci_init,ci_setup,ci_trigger,ci_status(stub gh CLI)
mcp_status module
- Health check, tool enumeration (stub HTTP calls)
Not in scope
- Integration tests that hit real GCP or GitHub APIs
- Tests for CLI formatting (Click output)
- Tests for MCP tool handler wrappers (thin, delegate to SDK)