Test more things

• what if the web API is down?

• what if it fails for a bit then is up again?

We can’t trigger an error…

but we can mock or fake them!

Two approaches with vcr

• complementing with the webmockr package; 🙂

• editing cassettes. 😁

Demo 🚀

Amending a vcr cassette

Importance of vcr::skip_if_vcr_off(). Amending itself:

• Start from an actual cassette;

• Edit and delete.

Easier than starting from scratch!

Authentication gymnastics

Say the API need a secret…

• How to NOT leak it?

• How to have tests pass in external pull requests?

Security mindset

• What are the secrets your package use? API keys?

• Use special accounts for testing if possible.

• Where do secrets live? Headers? Files?

• Learn how to keep secrets safe, double-check.

• Learn how to handle mistakes. (🙊 I recently leaked my own GitHub PAT!)

Demo 🚀

Secrets & vcr

• Know your secrets well;

• Know the tools well;

• Some logic in setup.R and secrets as GitHub repo secrets.

HTTP testing in R book chapter about security.

Time for a break! ☕