chore(ci): diagnose failing checks — fix SECRET import#30
Merged
Conversation
Foss sandbox
Resolves F821 ruff errors on lines 883, 893, 942 where SECRET was used but never imported into app.py (it lives in app.users).
There was a problem hiding this comment.
Pull request overview
Fixes a CI lint failure in the backend by ensuring the Google OAuth secret constant used in app.py is actually imported, eliminating ruff F821 Undefined name SECRET errors.
Changes:
- Add missing
SECRETimport fromapp.usersinsurfsense_backend/app/app.py.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
45
to
49
| from app.users import ( | ||
| SECRET, | ||
| auth_backend, | ||
| current_active_user, | ||
| fastapi_users, |
- ruff-format: reformat surfsense_backend/app/app.py (trailing newline after the new SECRET import) - biome check --write: fix import ordering and formatting violations across 28 files in surfsense_web/ (atoms, components/ui, components/ tool-ui, lib/apis, svgr.d.ts) — these pre-existing issues caused the TypeScript/JavaScript Quality check to fail on every PR
@rocicorp/zero-sqlite3 requires readline/readline.h to compile its native extension. The GitHub Actions Ubuntu runner doesn't include libreadline-dev by default, causing pnpm install to fail with a gyp build error before biome can even run.
UsamaSadiq
approved these changes
Jun 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
Test PR to diagnose CI failures that have been merged through on multiple PRs.
What this fixes
Adds the missing
SECRETimport toapp.py(imported fromapp.users).This resolves the ruff
F821 Undefined name SECRETerrors on lines 883, 893, 942.Known remaining failures (from prior PR analysis)
Based on analysis of PRs #21–#28, the following checks have been consistently failing:
1. TypeScript/JavaScript Quality (every PR)
@rocicorp/zero-sqlite3fails to compile duringpnpm installbecause the GitHub Actions Ubuntu runner is missingreadline/readline.h(libreadline-dev).Fix: add
sudo apt-get install -y libreadline-devas a step beforepnpm install.2. Security Scan (bandit — HIGH severity)
Three files use weak hash functions flagged as B324:
scrape_webpage.py:36—hashlib.md5(url.encode())doom_loop.py:61—hashlib.sha1(...)generate_image.py:257—hashlib.md5(image_url.encode())Fix: add
usedforsecurity=Falseto each call (they're used for IDs, not security).3. Python Backend Quality — ruff-format
ruff-formatreports 2 files need reformatting.4. Quality Gate
Always fails because it depends on the above three.
Test plan