feat: Add unit and its tests

[StoynovAngel]

Summary by CodeRabbit

• Tests

  • Implemented automated unit and integration testing workflows that execute on pull requests and commits to the main branch, with PostgreSQL database support for integration tests.

• Chores

  • Added test-scoped dependencies and updated test configuration to support automated testing infrastructure.

[coderabbitai]

Warning

Rate limit exceeded

@StoynovAngel has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 0 minutes and 6 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9d3a201f-e5dd-48d4-b6a8-f51d19c047f5

📥 Commits

Reviewing files that changed from the base of the PR and between a2e3b04 and 48e5640.

📒 Files selected for processing (2)

• .github/workflows/test.yml
• backend/src/test/java/com/angel/autonow/ExampleControllerIT.java

📝 Walkthrough

Walkthrough

This pull request introduces a GitHub Actions workflow for automated testing on the main branch, adds Spring Security test dependencies to Maven, creates a basic unit test for ExampleController, and removes a permissive test security configuration that previously disabled CSRF and allowed all requests.

Changes

Cohort / File(s)	Summary
CI/CD Workflow Setup .github/workflows/test.yml	New GitHub Actions workflow triggering on pushes and pull requests to main with changes under backend/**. Defines three jobs: unit-tests (runs Maven tests excluding *IT and *IntegrationTest), integration-tests (starts PostgreSQL 16 service and runs integration tests), and test-summary (aggregates results and fails workflow if either test job fails).
Maven Dependencies backend/pom.xml	Added spring-security-test dependency with test scope for test fixture support.
Test Code backend/src/test/java/com/angel/autonow/ExampleControllerTest.java	New JUnit 5 test class with a single test method that instantiates ExampleController and asserts its exampleEndpoint() method returns "hello".
Removed Test Configuration backend/src/test/java/com/angel/autonow/security/TestSecurityConfig.java	Deleted @TestConfiguration class that previously configured a SecurityFilterChain bean disabling CSRF and permitting all HTTP requests.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Poem

🐰 A workflow now guides the tests with care,
Unit and integration dance in pair,
PostgreSQL springs to life so bright,
Security configs trimmed just right,
CI/CD pipelines, running clean and fair!

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'feat: Add unit and its tests' is vague and does not clearly specify what unit is being added or what the main changes accomplish. It lacks concrete detail about the actual modifications.	Replace with a more specific title that describes the actual changes, such as 'feat: Add GitHub Actions test workflow and security test dependency' or 'feat: Add automated testing pipeline with unit and integration tests'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch StoynovAngel-patch-1

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

.github/workflows/maven.yml (1)

11-15: Consider adding workflow_dispatch for manual workflow runs.

While the current triggers are appropriate for CI, adding workflow_dispatch allows developers to manually trigger the build when needed for testing or troubleshooting.

🔧 Proposed enhancement

 on:
   push:
     branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
+  workflow_dispatch:

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/maven.yml around lines 11 - 15, Update the GitHub Actions
triggers in the "on" block to allow manual runs by adding workflow_dispatch;
modify the existing on: push/pull_request configuration (the top-level "on"
stanza) to include workflow_dispatch so developers can trigger the maven
workflow manually from the Actions UI.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/maven.yml:
- Around line 17-35: The job-level permissions are missing for the GITHUB_TOKEN
in the "build" job; add a permissions block under the build job (near the
runs-on / steps) that sets the minimal required scopes and explicitly grants
contents: write for the "Update dependency graph" action
(advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6)
while restricting other permissions to least privilege (e.g., read where
needed); place this permissions stanza at the job level so the build job and its
steps (including "Update dependency graph") use the specified, limited token
scopes.
- Line 35: Update the pinned action reference for
advanced-security/maven-dependency-submission-action used on the workflow step
(the line containing "uses:
advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6"):
replace the old SHA pin with the latest stable release tag (for example v5.0.0)
or update the SHA to the latest commit matching that stable tag to keep pinning
while getting the newest fixes and security improvements.

---

Nitpick comments:
In @.github/workflows/maven.yml:
- Around line 11-15: Update the GitHub Actions triggers in the "on" block to
allow manual runs by adding workflow_dispatch; modify the existing on:
push/pull_request configuration (the top-level "on" stanza) to include
workflow_dispatch so developers can trigger the maven workflow manually from the
Actions UI.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 12a3f6e4-e5b5-4aff-b7ba-873710b1b531

📥 Commits

Reviewing files that changed from the base of the PR and between 8c133a3 and c2c1692.

📒 Files selected for processing (1)

• .github/workflows/maven.yml

[coderabbitai]

🧹 Nitpick comments (2)

.github/workflows/test.yml (2)

94-100: Consider handling the "cancelled" state as well.

The check only handles "failure" but jobs can also be "cancelled". You might want to treat cancelled jobs as failures for completeness:

       - name: Check test results
         run: |
-          if [[ "${{ needs.unit-tests.result }}" == "failure" || "${{ needs.integration-tests.result }}" == "failure" ]]; then
+          if [[ "${{ needs.unit-tests.result }}" != "success" || "${{ needs.integration-tests.result }}" != "success" ]]; then
             echo "Tests failed!"
             exit 1
           fi
           echo "All tests passed!"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/test.yml around lines 94 - 100, The "Check test results"
step currently treats only "failure" as a failing job; update the conditional
that inspects needs.unit-tests.result and needs.integration-tests.result to also
treat the "cancelled" state as a failure (e.g., check for == "failure" OR ==
"cancelled" for each dependency) so that cancelled jobs cause the step to echo
"Tests failed!" and exit 1; update the conditional logic that references
needs.unit-tests.result and needs.integration-tests.result accordingly.

---

1-14: Add explicit permissions block to limit GITHUB_TOKEN scope.

The workflow lacks a permissions block, which means it uses the default token permissions. Following the principle of least privilege, explicitly restrict permissions. Since this workflow only needs to read the repository contents, add:

 name: Tests

 on:
   push:
     branches: [ "main" ]
     paths:
       - 'backend/**'
       - '.github/workflows/test.yml'
   pull_request:
     branches: [ "main" ]
     paths:
       - 'backend/**'
       - '.github/workflows/test.yml'

+permissions:
+  contents: read
+
 jobs:

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/test.yml around lines 1 - 14, The workflow "Tests"
currently relies on default GITHUB_TOKEN permissions; add a top-level
permissions block to restrict the token to least privilege by specifying
permissions: contents: read (so the workflow can only read the repository),
placed alongside the existing name and on keys; reference the workflow name
"Tests" and the GITHUB_TOKEN usage to locate where to insert the new permissions
block.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/test.yml:
- Around line 94-100: The "Check test results" step currently treats only
"failure" as a failing job; update the conditional that inspects
needs.unit-tests.result and needs.integration-tests.result to also treat the
"cancelled" state as a failure (e.g., check for == "failure" OR == "cancelled"
for each dependency) so that cancelled jobs cause the step to echo "Tests
failed!" and exit 1; update the conditional logic that references
needs.unit-tests.result and needs.integration-tests.result accordingly.
- Around line 1-14: The workflow "Tests" currently relies on default
GITHUB_TOKEN permissions; add a top-level permissions block to restrict the
token to least privilege by specifying permissions: contents: read (so the
workflow can only read the repository), placed alongside the existing name and
on keys; reference the workflow name "Tests" and the GITHUB_TOKEN usage to
locate where to insert the new permissions block.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a3bc6afe-c2f8-4e0c-9076-7ba1eaf946a4

📥 Commits

Reviewing files that changed from the base of the PR and between 518b8d4 and a2e3b04.

📒 Files selected for processing (4)

• .github/workflows/test.yml
• backend/pom.xml
• backend/src/test/java/com/angel/autonow/ExampleControllerTest.java
• backend/src/test/java/com/angel/autonow/security/TestSecurityConfig.java

💤 Files with no reviewable changes (1)

• backend/src/test/java/com/angel/autonow/security/TestSecurityConfig.java

✅ Files skipped from review due to trivial changes (1)

• backend/pom.xml