test: inject user env only for cli e2e tests with uat

[yxzhaao]

Summary

Changes

• Change 1
• Change 2

Test Plan

• Unit tests pass
• Manual local verification confirms the lark xxx command works as expected

Related Issues

• None

Summary by CodeRabbit

• Tests

  • Enhanced test infrastructure with improved per-command environment variable management for better test isolation.

• Chores

  • Streamlined CI workflow by moving environment variable injection from static workflow configuration to dynamic test runtime configuration.

[coderabbitai]

📝 Walkthrough

Walkthrough

Refactored E2E test environment variable injection by moving credentials from CI workflow exports to per-request handling in the test harness. Added Env field to Request struct and buildCommandEnv() helper function that conditionally injects credentials only for user-type commands, with corresponding test coverage.

Changes

Cohort / File(s)	Summary
CI Workflow Configuration .github/workflows/ci.yml	Removed hardcoded environment variable exports (LARKSUITE_CLI_APP_ID, LARKSUITE_CLI_USER_ACCESS_TOKEN) from the "Run CLI E2E tests" step, shifting credential injection responsibility to per-request test logic.
E2E Test Infrastructure tests/cli_e2e/core.go	Added Env field to Request struct for per-request environment overrides. Introduced buildCommandEnv() helper that merges os.Environ() with request-specific overrides and conditionally injects test credentials based on command type (DefaultAs == "user").
E2E Test Coverage tests/cli_e2e/core_test.go	Added subtest validating buildCommandEnv() behavior: verifies credential injection for user commands and absence for bot commands using positive/negative assertions.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat(test): Add a CLI E2E testing framework for lark-cli, task domain testcase and ci action #236: Introduced the original CLI E2E test harness (core.go, RunCmd) that this PR enhances with per-request environment variable handling and conditional injection logic.

Suggested labels

size/M

Suggested reviewers

• liangshuo-1

Poem

🐰 A harness refined, from workflow to test,

Environment variables now pass the request,

User or bot—the logic's so neat,

Per-request injection makes testing complete! ✨

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is a placeholder template with no actual content filled in—all sections contain template syntax rather than meaningful information about the changes.	Replace placeholder text with actual summary of changes, specific list of modifications to files, and how the changes were tested.
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'test: inject user env only for cli e2e tests with uat' accurately describes the main change: moving environment variable injection from CI config to the test code, conditionally applied only for user commands.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (3)

tests/cli_e2e/core.go (2)

149-164: req.Env is silently overridden by TEST_* injection when DefaultAs == "user".

Caller-supplied per-request overrides are copied into overrides first, then clobbered by the TEST_BOT1_APP_ID / TEST_USER_ACCESS_TOKEN injection for user commands. That is the opposite of the usual "explicit request beats implicit environment" precedence and will surprise future callers that try to pin a specific LARKSUITE_CLI_APP_ID / LARKSUITE_CLI_USER_ACCESS_TOKEN via req.Env for a user test. No callers of req.Env exist yet, so cheap to fix now.

♻️ Apply injection first, then let req.Env win

 func buildCommandEnv(req Request) []string {
 	env := append([]string{}, os.Environ()...)
 	overrides := map[string]string{}
-	for k, v := range req.Env {
-		overrides[k] = v
-	}
 	// Keep user-token injection scoped to user-only test commands so bot
-	// commands continue to use config-init credentials in the same process.
+	// commands continue to use config-init credentials from the inherited env.
 	if req.DefaultAs == "user" {
 		if appID := os.Getenv("TEST_BOT1_APP_ID"); appID != "" {
 			if token := os.Getenv("TEST_USER_ACCESS_TOKEN"); token != "" {
 				overrides["LARKSUITE_CLI_APP_ID"] = appID
 				overrides["LARKSUITE_CLI_USER_ACCESS_TOKEN"] = token
 			}
 		}
 	}
+	// req.Env takes precedence so callers can pin credentials per invocation.
+	for k, v := range req.Env {
+		overrides[k] = v
+	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/cli_e2e/core.go` around lines 149 - 164, The env injection currently
copies req.Env into overrides then conditionally sets LARKSUITE_CLI_APP_ID /
LARKSUITE_CLI_USER_ACCESS_TOKEN when DefaultAs == "user", which clobbers
caller-supplied values; change buildCommandEnv to apply the TEST_BOT1_APP_ID /
TEST_USER_ACCESS_TOKEN injection into overrides first (if present) and then copy
req.Env entries into overrides so req.Env wins (i.e., later assignments from
req.Env overwrite any injected keys).

---

160-161: Nit: reuse envvars constants instead of hardcoding the variable names.

internal/envvars already exports CliAppID / CliUserAccessToken (the same strings consumed by extension/credential/env/env.go). Referencing the constants keeps the injection key in lockstep with the consumer if it ever gets renamed. Optional.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/cli_e2e/core.go` around lines 160 - 161, Replace the hardcoded
environment variable keys in the overrides map with the exported constants from
internal/envvars: import the package and use envvars.CliAppID instead of
"LARKSUITE_CLI_APP_ID" and envvars.CliUserAccessToken instead of
"LARKSUITE_CLI_USER_ACCESS_TOKEN" so the test stays in sync with the consumer;
update the overrides[...] assignments in tests/cli_e2e/core.go to use those
constants.

tests/cli_e2e/core_test.go (1)

214-225: LGTM; consider tightening coverage a touch.

The subtest is focused and uses specific sentinel values (cli_app_test, uat_test) that make the NotContains assertions robust against parent-env noise. A couple of optional additions worth considering, especially since the bar for this behavior is "don't leak user credentials to bot commands":

• Partial-credential case: only one of TEST_BOT1_APP_ID / TEST_USER_ACCESS_TOKEN set → assert neither LARKSUITE_CLI_* is injected.
• Empty DefaultAs (default identity) → assert no injection, matching the explicit-opt-in contract.
• req.Env override behavior (pairs with the precedence comment on core.go).

🧪 Suggested extra cases

t.Run("skips injection when only one test var is set", func(t *testing.T) {
    t.Setenv("TEST_BOT1_APP_ID", "cli_app_test")
    t.Setenv("TEST_USER_ACCESS_TOKEN", "")

    env := buildCommandEnv(Request{DefaultAs: "user"})
    assert.NotContains(t, env, "LARKSUITE_CLI_APP_ID=cli_app_test")
    assert.NotContains(t, env, "LARKSUITE_CLI_USER_ACCESS_TOKEN=")
})

t.Run("skips injection when DefaultAs is empty", func(t *testing.T) {
    t.Setenv("TEST_BOT1_APP_ID", "cli_app_test")
    t.Setenv("TEST_USER_ACCESS_TOKEN", "uat_test")

    env := buildCommandEnv(Request{})
    assert.NotContains(t, env, "LARKSUITE_CLI_APP_ID=cli_app_test")
    assert.NotContains(t, env, "LARKSUITE_CLI_USER_ACCESS_TOKEN=uat_test")
})

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/cli_e2e/core_test.go` around lines 214 - 225, Add two focused subtests
in tests/cli_e2e/core_test.go exercising buildCommandEnv: one where only
TEST_BOT1_APP_ID or only TEST_USER_ACCESS_TOKEN is set (call
buildCommandEnv(Request{DefaultAs: "user"}) and assert neither
LARKSUITE_CLI_APP_ID nor LARKSUITE_CLI_USER_ACCESS_TOKEN are present), and one
where DefaultAs is empty (buildCommandEnv(Request{}) with both env vars set and
assert no injection); optionally add a test to cover req.Env override behavior
referenced in core.go to ensure Request.Env takes precedence over process env
when present.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@tests/cli_e2e/core_test.go`:
- Around line 214-225: Add two focused subtests in tests/cli_e2e/core_test.go
exercising buildCommandEnv: one where only TEST_BOT1_APP_ID or only
TEST_USER_ACCESS_TOKEN is set (call buildCommandEnv(Request{DefaultAs: "user"})
and assert neither LARKSUITE_CLI_APP_ID nor LARKSUITE_CLI_USER_ACCESS_TOKEN are
present), and one where DefaultAs is empty (buildCommandEnv(Request{}) with both
env vars set and assert no injection); optionally add a test to cover req.Env
override behavior referenced in core.go to ensure Request.Env takes precedence
over process env when present.

In `@tests/cli_e2e/core.go`:
- Around line 149-164: The env injection currently copies req.Env into overrides
then conditionally sets LARKSUITE_CLI_APP_ID / LARKSUITE_CLI_USER_ACCESS_TOKEN
when DefaultAs == "user", which clobbers caller-supplied values; change
buildCommandEnv to apply the TEST_BOT1_APP_ID / TEST_USER_ACCESS_TOKEN injection
into overrides first (if present) and then copy req.Env entries into overrides
so req.Env wins (i.e., later assignments from req.Env overwrite any injected
keys).
- Around line 160-161: Replace the hardcoded environment variable keys in the
overrides map with the exported constants from internal/envvars: import the
package and use envvars.CliAppID instead of "LARKSUITE_CLI_APP_ID" and
envvars.CliUserAccessToken instead of "LARKSUITE_CLI_USER_ACCESS_TOKEN" so the
test stays in sync with the consumer; update the overrides[...] assignments in
tests/cli_e2e/core.go to use those constants.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4453b309-c945-45db-ab05-28608225166c

📥 Commits

Reviewing files that changed from the base of the PR and between 5280517 and 2014032.

📒 Files selected for processing (3)

• .github/workflows/ci.yml
• tests/cli_e2e/core.go
• tests/cli_e2e/core_test.go

💤 Files with no reviewable changes (1)

• .github/workflows/ci.yml

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.09%. Comparing base (5280517) to head (2014032).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #541   +/-   ##
=======================================
  Coverage   59.09%   59.09%           
=======================================
  Files         384      384           
  Lines       32672    32672           
=======================================
  Hits        19307    19307           
  Misses      11556    11556           
  Partials     1809     1809           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🚀 PR Preview Install Guide

🧰 CLI update

npm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@2014032b8473431bd87caf0ff3d01d532431ded0

🧩 Skill update

npx skills add yxzhaao/cli#feat/cli-e2e-user-env-injection -y -g