Skip to content

Playwright fixes and non-public tests #5064

Playwright fixes and non-public tests

Playwright fixes and non-public tests #5064

name: Pipeline
on:
pull_request:
types: [opened, synchronize, reopened]
push:
branches:
- main
env:
AWS_REGION: 'eu-west-2'
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for the actions/checkout
jobs:
###############################################################################
# Secret Scan
###############################################################################
secret-scan:
name: Gitleaks Secret Scan
runs-on: ubuntu-22.04-arm
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
fetch-depth: 0
- name: Run Gitleaks
if: github.actor != 'dependabot[bot]'
uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
###############################################################################
# Install dependencies & build packages
###############################################################################
install:
name: Install
needs: [secret-scan]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: ./.github/actions/setup-node
- uses: ./.github/actions/install-cache
- name: Install
run: npm ci --no-audit --no-fund
build:
name: Build
needs: [install]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: ./.github/actions/install-cache
- uses: ./.github/actions/build-cache
- name: Build
run: NODE_ENV=test npm run build
###############################################################################
# Lighthouse checks
###############################################################################
lighthouse:
name: Lighthouse
needs: [build]
runs-on: ubuntu-latest
if: false # Temporarily disabled due to config overriding CLI params and running against production
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: ./.github/actions/install-cache
- uses: ./.github/actions/build-cache
- name: Start mock server
run: npm run dev:mock-server &
- name: Wait for Mock Server
shell: sh
run: ./.github/scripts/wait-for-service.sh http://localhost:3005
- name: Start Applicaton
run: NODE_ENV=test npm run start &
- name: Unlighthouse assertions and client
run: npx unlighthouse-ci --build-static --site http://localhost:3000/ --budget=80
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
if: always()
with:
name: unlighthouse-report
path: ./.unlighthouse
retention-days: 10
overwrite: true
###############################################################################
# Code quality checks
###############################################################################
quality-checks:
name: Lint
needs: [build]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: ./.github/actions/install-cache
- uses: ./.github/actions/build-cache
- name: Quality check
run: npm run lint
##############################################################################
# TypeScript
##############################################################################
typescript:
name: TypeScript
needs: [build]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: ./.github/actions/install-cache
- uses: ./.github/actions/build-cache
- name: TypeScript Compilation
run: npm run tsc
##############################################################################
# Unit tests
##############################################################################
unit-tests:
name: Unit tests
permissions: write-all
needs: [build]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: ./.github/actions/install-cache
- uses: ./.github/actions/build-cache
- name: Unit tests
run: npm run test:ci
- name: Unit tests coverage comment
uses: ukhsa-internal/jest-coverage-comment-action@v1
with:
coverage-summary-path: ./coverage/coverage-summary.json
junitxml-path: ./junit.xml
title: Unit tests coverage
##############################################################################
# Playwright tests - Non-Public - (fully mocked backend w/ real e2e authentication)
##############################################################################
e2e-tests-non-public:
name: Playwright (Non-Public) (${{ matrix.shard }}/${{ strategy.job-total }})
needs: [build]
timeout-minutes: 30
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
shard: [1]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: ./.github/actions/install-cache
- uses: ./.github/actions/build-cache
- name: Setup Playwright
run: npx playwright install --with-deps
# ── Mock server ───────────────────────────────────────────────────────────
- name: Start mock server
id: start-mock-server
run: |
npm run dev:mock-server &
echo "mockServerPID=$!" >> "$GITHUB_OUTPUT"
- name: Wait for mock server
shell: sh
run: ./.github/scripts/wait-for-service.sh http://localhost:3005
timeout-minutes: 5
# ── Environment ───────────────────────────────────────────────────────────
- name: Create .env.local
env:
AUTH_DOMAIN: ${{ secrets.AUTH_DOMAIN }}
AUTH_CLIENT_ID: ${{ secrets.AUTH_CLIENT_ID }}
AUTH_CLIENT_SECRET: ${{ secrets.AUTH_CLIENT_SECRET }}
AUTH_CLIENT_URL: ${{ secrets.AUTH_CLIENT_URL }}
AUTH_SECRET: ${{ secrets.AUTH_SECRET }}
NEXTAUTH_URL: ${{ secrets.NEXTAUTH_URL }}
run: |
cat > .env.local <<EOF
AUTH_ENABLED=true
MOCK_SESSION=true
MOCK_SESSION_USERNAME=Test User
BASE_URL=http://localhost:3000
API_URL=http://localhost:3005
AUTH_DOMAIN=$AUTH_DOMAIN
AUTH_CLIENT_ID=$AUTH_CLIENT_ID
AUTH_CLIENT_SECRET=$AUTH_CLIENT_SECRET
AUTH_CLIENT_URL=$AUTH_CLIENT_URL
AUTH_SECRET=$AUTH_SECRET
NEXTAUTH_URL=$NEXTAUTH_URL
EOF
cp .env.local .next/standalone/.env.local
cp -r .next/static .next/standalone/.next/static
cp -r public .next/standalone/public
echo "✅ .env.local created and assets copied"
# Secrets already verified above
# ── Dev server ────────────────────────────────────────────────────────────
- name: Start dev server
id: start-dev-server
run: |
node .next/standalone/server.js > next-server.log 2>&1 &
echo "devServerPID=$!" >> "$GITHUB_OUTPUT"
env:
PORT: 3000
HOSTNAME: 0.0.0.0
NODE_ENV: test
AUTH_ENABLED: true
BASE_URL: http://localhost:3000
- name: Wait for dev server
shell: sh
run: ./.github/scripts/wait-for-service.sh http://localhost:3000
timeout-minutes: 5
# ── Tests ─────────────────────────────────────────────────────────────────
- name: Run Playwright tests
run: |
npx playwright test --grep "@auth-ui|@non-public" \
--shard=${{ matrix.shard }}/${{ strategy.job-total }}
env:
baseURL: http://localhost:3000
AUTH_ENABLED: true
# ── Artifacts ─────────────────────────────────────────────────────────────
- name: Upload Playwright report
uses: actions/upload-artifact@v4
if: ${{ !cancelled() }}
with:
name: playwright-report-non-public-${{ matrix.shard }}_${{ strategy.job-total }}
path: playwright-report/
retention-days: 10
# ── Cleanup ───────────────────────────────────────────────────────────────
- name: Cleanup servers
if: always()
run: |
kill -9 ${{ steps.start-mock-server.outputs.mockServerPID }} || true
kill -9 ${{ steps.start-dev-server.outputs.devServerPID }} || true
echo "✅ Servers stopped"
##############################################################################
# Playwright tests - Public - (fully mocked backend)
##############################################################################
e2e-tests-public:
name: Playwright (Public) (${{ matrix.shard }}/${{ strategy.job-total }})
needs: [build]
timeout-minutes: 20
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
shard: [1, 2, 3]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- uses: ./.github/actions/install-cache
- uses: ./.github/actions/build-cache
- name: Setup Playwright
run: npx playwright install --with-deps
- name: Start mock server
id: start-mock-server
run: |
npm run dev:mock-server &
echo "mockServerPID=$!" >> "$GITHUB_OUTPUT"
- name: Wait for Mock Server
shell: sh
run: ./.github/scripts/wait-for-service.sh http://localhost:3005
- name: Start Dev Server
id: start-dev-server
run: |
npm run start &
echo "devServerPID=$!" >> "$GITHUB_OUTPUT"
env:
NODE_ENV: test
- name: Wait for Dev Server
shell: sh
run: ./.github/scripts/wait-for-service.sh http://localhost:3000
- name: Run Playwright tests
run: npx playwright test --grep-invert "@smoke|@non-public|@auth-ui" --shard=${{ matrix.shard }}/${{ strategy.job-total }}
env:
baseURL: http://localhost:3000
AUTH_ENABLED: false
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
if: ${{ !cancelled() }}
with:
name: playwright-report-${{ matrix.shard }}_${{ strategy.job-total }}
path: playwright-report/
retention-days: 10
- name: Cleanup servers
if: always()
run: |
kill -9 ${{ steps.start-mock-server.outputs.mockServerPID }} || true
kill -9 ${{ steps.start-dev-server.outputs.devServerPID }} || true
###############################################################################
# Docker build check (PR validation)
###############################################################################
docker-build-check:
name: Docker Build Check
needs: [build]
runs-on: ubuntu-22.04-arm
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Build Docker image
run: docker build -t fe-test .
- name: Run container
run: docker run -d -p 3000:3000 --name fe-test fe-test
- name: Health check
run: |
echo "Waiting for container to start..."
sleep 10
if [ "$(docker inspect -f '{{.State.Running}}' fe-test)" != "true" ]; then
echo "Container is not running"
docker logs fe-test
exit 1
fi
echo "Container is running successfully"
- name: Cleanup
if: always()
run: docker rm -f fe-test
###############################################################################
# Success gate
###############################################################################
success-gate:
name: Build Success Check
needs: [unit-tests, quality-checks, typescript, e2e-tests-public, docker-build-check, e2e-tests-non-public]
runs-on: ubuntu-latest
steps:
- run: echo 'All tests passed ✅'
###############################################################################
# Push image to ECR
###############################################################################
publish-image:
name: Publish image to ECR
needs: [success-gate]
runs-on: ubuntu-22.04-arm
if: ${{ github.ref == 'refs/heads/main' }}
steps:
- name: Check out code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Build and publish docker image
uses: ./.github/actions/publish-image
with:
role-to-assume: ${{ secrets.AWS_TOOLS_ACCOUNT_ROLE }}
architecture: arm64
ecr-repository: ukhsa-data-dashboard/front-end
image-tag: ${{ github.sha }}
###############################################################################
# Deploy
###############################################################################
trigger-deployments:
name: Trigger deployments
needs: [publish-image]
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/main' }}
steps:
- name: Check out code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Generate ephemeral deployment token
id: generate-deployment-token
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1
with:
client-id: ${{ secrets.DEPLOYMENT_TOKEN_FACTORY_APP_ID }}
private-key: ${{ secrets.DEPLOYMENT_TOKEN_FACTORY_PRIVATE_KEY }}
skip-token-revoke: false
# Although this is the default, this is explicitly set so that
# we know the token gets revoked after the job has finished
repositories: "data-dashboard-infra"
- uses: ./.github/actions/trigger-deployments
with:
token: ${{ steps.generate-deployment-token.outputs.token }}