Schemathesis

A handful of new usability improvements!

:rocket: New

- **CLI**: `--max-failures=N` option to exit after first `N` failures or errors. 1580
- **CLI**: `--wait-for-schema=N` option to automatically retry schema loading for `N` seconds. 1582
- **CLI**: Display old and new payloads in `st replay` when the `-v` option is passed. 1584

:bug: Fixed

- Internal error on generating negative tests for query parameters with `explode: true`.

More improvements on user experience!

From now Schemathesis will warn you if you specify an invalid API location and all responses are 404


WARNING: All API responses have a 404 status code. Did you specify the proper API location?


:rocket: New
- `after_load_schema` hook, which is designed for modifying the loaded API schema before running tests. For example, you can use it to add Open API links to your schema via `schema.add_link`
- New `utf8_bom` fixup. It helps to mitigate JSON decoding errors inside the `response_schema_conformance` check when the payload contains BOM. 1563
- **CLI**: Warning if all responses are 404

:bug: Fixed
- **docs**: Description of `-v` or `--verbosity` option for CLI.

:wrench: Changed
- Execute `before_call` / `after_call` hooks inside the `call_*` methods. It makes them available for the `pytest` integration.

A little patch release that improves user experience!

From now Schemathesis will warn you if you forgot to specify proper API credentials


WARNING: Most of the responses from `GET /api/secret/` have a 401 status code. Did you specify proper API credentials?


Also, we're extending SaaS test reports a bit! Schemathesis will send us information about what CLI options you use, so we can provide you with suggestions on how you can do more with CLI! **Don't worry**, all the data is anonymized and there is no sensitive info.

What's Changed
* Add `SCHEMATHESIS_BASE_URL` environment variable for specifying `--base-url` in CLI
* Collect anonymized CLI usage data in reports
* Warning if the API returns too many HTTP 401

Hello friends!

**Schemathesis 3.16.0** brings a brand new GitHub integration and many readability improvements to the test results. You will have much less visual clutter reading Schemathesis reports, and the failures will be much more concise from now.

:octocat: GitHub Integration

Now you can use a native GitHub application to collect & display API fuzzing results directly in your PR!
It makes Schemathesis much simpler to use in your GitHub Actions workflows and brings more Schemathesis.io features closer to you:
- **API Issues Dashboard**: Debug issues faster with all the report details in a UI;
- **Additional checks**: Get your API checked more thoroughly by extra conformance checks;

Grab your [installation](https://github.com/apps/schemathesis) now!

After installation, you'll be redirected to SaaS to grab your access token, which you need to add to your workflow.

Depending on your application deployment, you'll need to add a new step to your GitHub Actions workflow. You can use this code sample to test your API in a pull request or run tests against a publicly resolvable API:

yaml
jobs:
api-tests:
runs-on: ubuntu-20.04
steps:
- uses: schemathesis/actionv1
with:
API schema location
schema: 'http://127.0.0.1:5001/openapi.json'
Set your token from secrets
token: ${{ secrets.SCHEMATHESIS_TOKEN }}


*You can find other deployment scenarios in our documentation*

Then you'll get your report:

<img src="https://app.schemathesis.io/images/schemathesis-github-report.png" alt="Schemathesis Report"/>

Read the full integration guide in our [docs](https://schemathesis.readthedocs.io/en/stable/continuous_integration.html).

A few notes:
- Report upload size has some limitations now. My guess is that 250kb should be enough for most cases - let me know if I am wrong;
- Using reporting with public repositories is free. Private ones are available on the [paid plan](https://schemathesis.io/#pricing);

What is next?

This release doesn't support GitHub organizations. The support will be added soon as well as more features like:
- **Precise API Coverage**: Per-keyword coverage achieved by the test suite;
- **Stateful Flows**: See how stateful tests are exercising your API endpoints in flow diagrams;
- **Schema fixes**: Fix your API schema immediately by applying an autogenerated patch.

Your feedback is important :heart:

Please, let us know what you think about the integration in [this discussion](https://github.com/schemathesis/schemathesis/discussions/1567).

:bug: Fixed

- Compatibility with `hypothesis >= 6.49` in 1538.
- Support for Hypothesis' skipping tests when the `generate` phase is disabled.
- Generating headers with schemas of `array` or `object` types.
- Do not report optional headers missing.

:wrench: Changed

- **Pytest**: Turn off schema validation by default. Pass `validate_schema=True` to the schema loader of your choice to keep the old behavior.
- **Code samples**: Do not display irrelevant HTTP headers. It affects ones automatically set by `requests` when test cases go to the application under test.
- **CLI**: Display the test environment metadata only if the `-v` option is present.

:fire: Removed

- **SaaS**: Implicit reporting when the proper credentials were specified. From now on, every report upload requires the explicit `--report` CLI option.
- **CLI**: Text representation of HTTP requests in the CLI output.

:bug: Fixed

- Do not discard dots (`.`) in OpenAPI expressions during parsing.

:bug: Fixed

- `TypeError` when using `--auth-type=digest` in CLI.