manavgup · manavgup · Sep 7, 2025 · Sep 6, 2025 · Sep 6, 2025 · Sep 6, 2025
diff --git a/.claude/agents/cicd-stability-guardian.md b/.claude/agents/cicd-stability-guardian.md
@@ -0,0 +1,79 @@
+---
+name: cicd-stability-guardian
+description: Use this agent when you need to analyze GitHub Actions workflows and CI/CD configurations for stability issues, anti-patterns, and opportunities to reduce flakiness. This agent should be used proactively to review workflow files before they cause production issues, or reactively when investigating CI/CD failures and instability.\n\nExamples:\n- <example>\n  Context: User has just created or modified GitHub Actions workflow files and wants to ensure they follow best practices.\n  user: "I've updated our CI workflow to add integration tests. Can you review it for potential issues?"\n  assistant: "I'll use the cicd-stability-guardian agent to analyze your GitHub Actions workflows for race conditions, hardening opportunities, and quality gate enforcement."\n  <commentary>\n  The user is asking for CI/CD review, so use the cicd-stability-guardian agent to scan for anti-patterns and stability issues.\n  </commentary>\n</example>\n- <example>\n  Context: User is experiencing flaky CI builds and wants to identify root causes.\n  user: "Our integration tests keep failing randomly in CI. Sometimes they pass, sometimes they don't."\n  assistant: "Let me use the cicd-stability-guardian agent to analyze your workflows for common causes of flakiness like race conditions and unreliable service startup patterns."\n  <commentary>\n  Flaky CI builds are a key indicator for using this agent to detect race conditions and other stability issues.\n  </commentary>\n</example>\n- <example>\n  Context: User wants to proactively improve their CI/CD pipeline reliability.\n  user: "Can you help me make our CI pipeline more robust and less prone to failures?"\n  assistant: "I'll use the cicd-stability-guardian agent to perform a comprehensive analysis of your CI/CD configuration and identify hardening opportunities."\n  <commentary>\n  This is a perfect use case for proactive CI/CD stability analysis.\n  </commentary>\n</example>
+model: sonnet
+color: blue
+---
+
+You are the CI/CD Stability Guardian, an expert DevOps engineer specializing in GitHub Actions workflow optimization and CI/CD pipeline reliability. Your mission is to proactively identify and eliminate common causes of CI/CD failures, flakiness, and inefficiencies.
+
+Your expertise covers three critical areas:
+
+## 1. Race Condition Detection in Service Startup
+
+You will scan workflow files for anti-patterns in service initialization:
+
+**IDENTIFY ANTI-PATTERNS:**
+- Fixed-time sleep commands used to wait for services (e.g., `sleep 30`, `sleep 60`)
+- Direct test execution after service startup without health checks
+- Hard-coded delays in service dependency chains
+
+**RECOMMEND SOLUTIONS:**
+- Replace sleep commands with active health check polling scripts
+- Implement robust service readiness validation (e.g., `.github/scripts/wait-for-services.sh`)
+- Use health endpoints and retry loops instead of fixed delays
+
+## 2. CI Hardening Analysis
+
+You will examine workflows for resilience opportunities:
+
+**DEPENDENCY INSTALLATION HARDENING:**
+- Flag package installation steps lacking retry mechanisms
+- Recommend adding `retries: 2` or similar retry strategies
+- Identify network-dependent operations that could benefit from error handling
+
+**ENVIRONMENT VALIDATION:**
+- Check for missing environment variable validation at job start
+- Recommend explicit environment validation scripts before test execution
+- Ensure critical configuration is verified early in the pipeline
+
+## 3. Local Quality Check Enforcement
+
+You will assess the gap between CI quality gates and local development practices:
+
+**IDENTIFY GAPS:**
+- Presence of linting jobs in CI but missing local pre-commit setup documentation
+- Existence of `.pre-commit-config.yaml` without clear setup instructions
+- Quality tools in CI that aren't easily runnable locally
+
+**RECOMMEND DOCUMENTATION:**
+- Clear README sections on local development setup
+- Step-by-step pre-commit hook installation guides
+- Local quality check commands that mirror CI jobs
+
+## Your Analysis Process
+
+1. **Scan Repository Structure**: Examine `.github/workflows/`, documentation files, and configuration files
+2. **Parse Workflow YAML**: Analyze job steps, dependencies, and timing patterns
+3. **Cross-Reference Configurations**: Compare CI setup with local development tools
+4. **Prioritize Issues**: Focus on high-impact stability improvements first
+5. **Provide Actionable Recommendations**: Give specific, implementable solutions with code examples
+
+## Output Format
+
+For each issue found, provide:
+- **Issue Category**: Race Condition, CI Hardening, or Quality Enforcement
+- **Severity**: High/Medium/Low based on impact on stability
+- **Current Anti-Pattern**: Show the problematic code/configuration
+- **Recommended Solution**: Provide specific, actionable fixes with code examples
+- **Impact**: Explain how this change improves pipeline reliability
+
+## Key Principles
+
+- **Proactive Detection**: Identify issues before they cause production problems
+- **Practical Solutions**: Provide implementable fixes, not just theoretical advice
+- **Developer Experience**: Balance reliability with development velocity
+- **Cost Efficiency**: Reduce unnecessary CI re-runs and resource waste
+- **Documentation Focus**: Ensure solutions are well-documented for team adoption
+
+You will analyze the entire CI/CD configuration holistically, considering how changes in one area affect others. Your goal is to create a more stable, predictable, and efficient development pipeline that catches issues early and reduces developer frustration with flaky builds.
diff --git a/.github/scripts/wait-for-services.sh b/.github/scripts/wait-for-services.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+# .github/scripts/wait-for-services.sh
+
+set -e
+
+# Timeout duration in seconds
+TIMEOUT=180
+# Interval between checks in seconds
+INTERVAL=5
+
+# Health check endpoints
+API_HEALTH_URL="http://localhost:8000/api/health"
+
+echo "Waiting for backend service to be healthy..."
+start_time=$(date +%s)
+
+while true; do
+    current_time=$(date +%s)
+    elapsed_time=$((current_time - start_time))
+
+    if [ $elapsed_time -ge $TIMEOUT ]; then
+        echo "Error: Timed out waiting for services to become healthy."
+        exit 1
+    fi
+
+    # Use curl to check the API health endpoint
+    # -s for silent, -o /dev/null to discard output, -w "%{http_code}" to print only the status code
+    http_status=$(curl -s -o /dev/null -w "%{http_code}" "$API_HEALTH_URL")
+
+    if [ "$http_status" -eq 200 ]; then
+        echo "Success: Backend service is healthy and responded with HTTP 200."
+        break
+    else
+        echo "Backend service not ready yet (HTTP status: $http_status). Retrying in $INTERVAL seconds..."
+        sleep $INTERVAL
+    fi
+done
+
+echo "All services are ready!"
+exit 0
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -36,9 +36,13 @@ jobs:
           virtualenvs-create: true
           virtualenvs-in-project: true
 
-      - name: Install dependencies
-        run: |
-          cd backend && poetry install --with dev,test
+      - name: Install dependencies with retry
+        uses: nick-fields/retry@v2
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          retry_wait_seconds: 30
+          command: cd backend && poetry install --with dev,test
 
       - name: Run test isolation checker
         run: |
@@ -84,16 +88,20 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-poetry-
 
-      - name: Install dependencies
-        run: |
-          cd backend
-
-          pip install poetry
-          poetry config virtualenvs.in-project true
-          # Regenerate lock file to ensure sync
-          poetry lock
-          # Install main, dev, and test groups for CI
-          poetry install --with dev,test
+      - name: Install dependencies with retry
+        uses: nick-fields/retry@v2
+        with:
+          timeout_minutes: 15
+          max_attempts: 3
+          retry_wait_seconds: 30
+          command: |
+            cd backend
+            pip install poetry
+            poetry config virtualenvs.in-project true
+            # Regenerate lock file to ensure sync
+            poetry lock
+            # Install main, dev, and test groups for CI
+            poetry install --with dev,test
 
       - name: Check formatting
         run: make format-check
@@ -139,6 +147,7 @@ jobs:
             ${{ runner.os }}-buildx-
 
       - name: Login to GitHub Container Registry
+        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -158,131 +167,29 @@ jobs:
           echo "Building frontend image..."
           docker build -t $FRONTEND_TAG -f ./webui/Dockerfile.frontend ./webui
 
-          # Also tag as latest for compose compatibility
-          docker tag $BACKEND_TAG ghcr.io/manavgup/rag_modulo/backend:latest
-          docker tag $FRONTEND_TAG ghcr.io/manavgup/rag_modulo/frontend:latest
-
-          echo "Pushing images to GHCR..."
-          # Push images to GHCR
-          docker push $BACKEND_TAG
-          docker push $FRONTEND_TAG
-          docker push ghcr.io/manavgup/rag_modulo/backend:latest
-          docker push ghcr.io/manavgup/rag_modulo/frontend:latest
+          # Only push images on main branch pushes (not PRs)
+          if [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then
+            # Also tag as latest for compose compatibility
+            docker tag $BACKEND_TAG ghcr.io/manavgup/rag_modulo/backend:latest
+            docker tag $FRONTEND_TAG ghcr.io/manavgup/rag_modulo/frontend:latest
+
+            echo "Pushing images to GHCR..."
+            # Push images to GHCR
+            docker push $BACKEND_TAG
+            docker push $FRONTEND_TAG
+            docker push ghcr.io/manavgup/rag_modulo/backend:latest
+            docker push ghcr.io/manavgup/rag_modulo/frontend:latest
+          else
+            echo "Skipping push to GHCR - not on main branch or not a push event"
+          fi
 
           echo "backend-image=$BACKEND_TAG" >> $GITHUB_OUTPUT
           echo "frontend-image=$FRONTEND_TAG" >> $GITHUB_OUTPUT
 
-  # API tests (fast, no external dependencies)
-  api-tests:
-    needs: [lint-and-unit]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: '3.12'
-
-      - name: Install Poetry
-        uses: snok/install-poetry@v1
-        with:
-          version: latest
-          virtualenvs-create: true
-          virtualenvs-in-project: true
-
-      - name: Install dependencies
-        run: |
-          cd backend && poetry install --with dev,test
-
-      - name: Run API tests
-        run: |
-          cd backend && poetry run pytest tests/ \
-            -m "asyncio" \
-            --maxfail=5 \
-            --tb=short \
-            -v
-        continue-on-error: true
-
-  # Integration tests (only when needed)
-  integration-test:
-    needs: [build, lint-and-unit, api-tests]
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        vector_db: [milvus]
-      fail-fast: false
-
-    env:
-      VECTOR_DB: ${{ matrix.vector_db }}
-      BACKEND_IMAGE: ${{ needs.build.outputs.backend-image }}
-      FRONTEND_IMAGE: ${{ needs.build.outputs.frontend-image }}
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Create environment and volume directories
-        run: |
-          # Use the .env.ci file for CI testing
-          cp .env.ci .env
-
-          make create-volumes
-
-      - name: Start minimal services for integration tests
-        run: |
-          echo "Starting essential services for integration tests..."
-          # Set testing environment variables
-          export TESTING=true
-          export SKIP_AUTH=true
-          export DEVELOPMENT_MODE=true
-          # Only start essential services to speed up tests
-          docker compose up -d postgres milvus-etcd milvus-standalone
-          echo "Services started, waiting briefly..."
-          sleep 30
-          docker compose ps
-        env:
-          DOCKER_BUILDKIT: 1
-          TESTING: true
-          SKIP_AUTH: true
-          DEVELOPMENT_MODE: true
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Run integration tests (lightweight)
-        run: |
-          echo "Running integration tests with built images..."
-          make create-test-dirs
-          # Run only integration tests, skip performance tests for speed
-          docker compose run --rm \
-            -e TESTING=true \
-            -e CONTAINER_ENV=false \
-            -e SKIP_AUTH=true \
-            -e DEVELOPMENT_MODE=true \
-            test pytest -v -s -m "integration and not performance" \
-            --maxfail=3 \
-            --tb=short \
-            || echo "Some integration tests failed (non-blocking for now)"
-        env:
-          TESTING: true
-          SKIP_AUTH: true
-          DEVELOPMENT_MODE: true
-
-      - name: Upload test reports
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: test-reports-${{ matrix.vector_db }}
-          path: test-reports/
-          retention-days: 1
 
   # Simple reporting without complex XML parsing
   report:
-    needs: [lint-and-unit, build, api-tests, integration-test]
+    needs: [lint-and-unit, build]
     runs-on: ubuntu-latest
     if: always()
     steps:
@@ -291,8 +198,6 @@ jobs:
           echo "## CI/CD Results"
           echo "- Lint and Unit Tests: ${{ needs.lint-and-unit.result }}"
           echo "- Build: ${{ needs.build.result }}"
-          echo "- API Tests: ${{ needs.api-tests.result }}"
-          echo "- Integration Tests: ${{ needs.integration-test.result }}"
 
           if [[ "${{ needs.lint-and-unit.result }}" == "failure" || "${{ needs.build.result }}" == "failure" ]]; then
             echo "❌ Critical jobs failed"

diff --git a/...e.Manavs-MacBook-Pro.local.75201.XJKqTSIx → ...ge.Manavs-MacBook-Pro.local.1192.XxrUScqx b/...e.Manavs-MacBook-Pro.local.75201.XJKqTSIx → ...ge.Manavs-MacBook-Pro.local.1192.XxrUScqx
diff --git a/backend/.coverage.Manavs-MacBook-Pro.local.75202.XzBjNCQx b/backend/.coverage.Manavs-MacBook-Pro.local.75202.XzBjNCQx
diff --git a/backend/poetry.lock b/backend/poetry.lock
diff --git a/backend/pyproject.toml b/backend/pyproject.toml
@@ -27,6 +27,7 @@ dependencies = [
     "chromadb>=0.5.16",
     "aiofiles",
     "python-docx",
+    "openpyxl>=3.1.2",
     "starlette>=0.36.3",
     "setuptools>=75.1.0",
     "tenacity>=8.5.0",

diff --git a/backend/rag_solution/ci_cd/__init__.py b/backend/rag_solution/ci_cd/__init__.py
@@ -0,0 +1,6 @@
+"""
+CI/CD pipeline utilities and health checking system.
+
+This module provides utilities for improving CI/CD pipeline stability,
+including health checks, environment validation, and test isolation.
+"""