Skip to content

Playwright testing#204

Merged
haiphucnguyen merged 1 commit intomainfrom
feature/playwright-testing
May 31, 2025
Merged

Playwright testing#204
haiphucnguyen merged 1 commit intomainfrom
feature/playwright-testing

Conversation

@haiphucnguyen
Copy link
Copy Markdown
Collaborator

@haiphucnguyen haiphucnguyen commented May 31, 2025

Description

Changes Made

Additional Notes

github-advanced-security[bot]
github-advanced-security bot found potential problems May 31, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems May 31, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems May 31, 2025
View reviewed changes
.github/workflows/playwright.yml
Comment on lines +15 to +151
timeout-minutes: 60
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4

# Cache pnpm store
- name: Cache pnpm store
uses: actions/cache@v3
with:
path: ~/.pnpm-store
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-

# Cache Playwright browsers
- name: Cache Playwright browsers
uses: actions/cache@v3
with:
path: ~/.cache/ms-playwright
key: ${{ runner.os }}-playwright-browsers-v1
restore-keys: |
${{ runner.os }}-playwright-browsers-

# Set up pnpm (must be before install)
- name: Set up pnpm
uses: pnpm/action-setup@v4

- name: Set up Node
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'pnpm'
cache-dependency-path: '**/pnpm-lock.yaml'

- name: Set up JDK
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '21'

# Install all dependencies
- name: Install dependencies
run: pnpm install

- name: Generate .backend.local
run: |
cat <<EOF > apps/backend/.env.local
POSTGRES_PASSWORD=flowinquiry123
# Secret for testing on CI only
JWT_BASE64_SECRET=VDk3amx5ZjNjbVZKc256RXoxRGpCTklwS0FGbmltMDNQNGQ0Z2VaOXRwYTlEc0VBVG05bTlJUXRzMWE0VG9CdEJ2Mkk2TzJzZEEwZU5hMWg5WG1mcTU1R0hG
EOF

- name: Generate .env.local for frontend
run: |
cat <<EOF > apps/frontend/.env.local
NEXT_PUBLIC_BASE_URL=http://localhost:8080
BACK_END_URL=http://localhost:8080
# Secret for testing on CI only
AUTH_SECRET=mPigMZXj1qRQKKnv8ILE1iQ+uexLD3oRD1PSsy/NejtCBovKwCpMV8sSFHOfqme2pc/UV9ALqlECSYZGt4gQkw==
EOF

# Start and wait for PostgreSQL
- name: Start PostgreSQL
run: pnpm docker:up

- name: Wait for PostgreSQL
run: |
echo "Waiting for PostgreSQL to be ready..."
timeout 60s bash -c '
until docker exec $(docker ps -q --filter name=postgresql) pg_isready -U flowinquiry; do
echo "Waiting for pg_isready..."
sleep 2
done
'

# Conditionally start backend
- name: Start backend
if: inputs.run_backend == true
run: |
./gradlew :apps:backend:server:bootRun > backend.log 2>&1 &
echo "Waiting for backend..."
timeout 120s bash -c '
until curl -sf http://localhost:8080/actuator/health; do
echo "Waiting for backend..."
sleep 2
done
'

# Conditionally start frontend
- name: Start frontend
if: inputs.run_frontend == true
run: |
pnpm dev:frontend > frontend.log 2>&1 &
echo "Waiting for frontend..."
timeout 60s bash -c '
until curl -sf http://localhost:3000; do
echo "Waiting for frontend..."
sleep 2
done
' || (echo "Frontend failed to start. Dumping logs:" && cat frontend.log && exit 1)

# Install Playwright and run tests
- name: Install Playwright Browsers
working-directory: ./apps/frontend
run: pnpm playwright:install --with-deps

- name: Run Playwright tests
id: run_tests
working-directory: ./apps/frontend
run: pnpm test

# Upload HTML report for PR review
- name: Upload Playwright report
if: always()
uses: actions/upload-artifact@v4
with:
name: playwright-report
path: apps/frontend/playwright-report/
retention-days: 30

# Summarize test result in GitHub Actions UI
- name: Summarize Playwright Results
if: always()
run: |
echo "### Playwright Report" >> $GITHUB_STEP_SUMMARY
echo "- ✅ [Download Report](./apps/frontend/playwright-report/index.html)" >> $GITHUB_STEP_SUMMARY

# Graceful shutdown of all services
- name: Shutdown services
if: always()
run: |
echo "Stopping backend..."
pkill -f "apps:backend:server:bootRun" || true
echo "Stopping frontend..."
pkill -f "pnpm dev" || true
echo "Stopping Docker services..."
pnpm docker:down

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 10 months ago

To fix the issue, we need to add a permissions block to the workflow. This block should specify the least privileges required for the workflow to function correctly. Based on the actions performed in the workflow, the minimal permissions required are contents: read. This ensures the workflow can read repository contents without granting unnecessary write permissions.

The permissions block should be added at the root level of the workflow file to apply to all jobs. Alternatively, it can be added specifically to the test job if other jobs in the workflow require different permissions.

Suggested changeset 1
.github/workflows/playwright.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -12,2 +12,5 @@
 
+permissions:
+  contents: read
+
 jobs:
EOF
@@ -12,2 +12,5 @@

permissions:
contents: read

jobs:
Copilot is powered by AI and may make mistakes. Always verify output.
@haiphucnguyen haiphucnguyen force-pushed the feature/playwright-testing branch from af0373c to 4cea25a Compare May 31, 2025 20:28
@haiphucnguyen haiphucnguyen merged commit cfe556a into main May 31, 2025
10 checks passed
@haiphucnguyen haiphucnguyen deleted the feature/playwright-testing branch May 31, 2025 20:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@haiphucnguyen @github-advanced-security