Replace savepoint/shared-connection approach with real commits and
table cleanup in teardown. This ensures test data is visible to API
endpoint sessions without connection sharing deadlocks.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Both admin_session and test_app now bind to the same connection
(admin_conn), ensuring test-created data is visible to API endpoints.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
API dependency overrides now use the same connection as admin_session,
so test-created data (tenants, users) is visible to endpoints under
the same transaction. Fixes FK violations in CI tests.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The test admin_session uses savepoint transactions invisible to the
login endpoint's own DB session. Mint tokens directly instead of
going through /api/auth/login.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- alembic.ini: change fallback DB to tod_test (CI creates tod_test, not tod)
- ci.yml: upgrade Go to 1.25 (matches go.mod)
- ci.yml: upgrade Node to 20 (fixes ESM require() error in Vitest)
- conftest.py: ruff format
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- alembic/env.py: strengthen the URL override to fall back to
TEST_DATABASE_URL when DATABASE_URL is absent, so alembic never
falls back to the hardcoded 'tod' URL in alembic.ini regardless
of which env var a test runner sets.
- tests/integration/conftest.py: add explanatory comments on why
DATABASE_URL is forced into the subprocess env, and use
env.setdefault() to supply CREDENTIAL_ENCRYPTION_KEY if the
calling environment omits it — migration 029 (VPN tenant
isolation) requires it to encrypt the WireGuard server private key.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
