fix(frontend): remediate frontend + extension audit findings #5870
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: E2E Critical Smoke (In-Process) | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| workflow_dispatch: {} | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: e2e-smoke-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| e2e-smoke: | |
| name: e2e-smoke (${{ matrix.os }}, py${{ matrix.python-version }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| python-version: ["3.11"] | |
| env: | |
| # In-process e2e configuration | |
| E2E_INPROCESS: "1" | |
| AUTH_MODE: single_user | |
| TEST_MODE: "1" | |
| # Critical smoke should not require a live Redis service, especially on macOS runners. | |
| EMBEDDINGS_REDIS_ALLOW_STUB: "1" | |
| SINGLE_USER_API_KEY: test-api-key-for-e2e-testing-12345 | |
| SINGLE_USER_TEST_API_KEY: test-api-key-for-e2e-testing-12345 | |
| PYTEST_DISABLE_PLUGIN_AUTOLOAD: "1" | |
| TLDW_TEST_RUN_ID: e2e-smoke-${{ github.run_id }}-${{ github.run_attempt }}-${{ matrix.os }}-py${{ matrix.python-version }} | |
| USER_DB_BASE_DIR: Databases/user_databases_test/e2e-smoke-${{ github.run_id }}-${{ github.run_attempt }}-${{ matrix.os }}-py${{ matrix.python-version }} | |
| # Avoid matplotlib cache permission issues during imports | |
| MPLCONFIGDIR: ${{ github.workspace }}/.mpl-cache | |
| PIP_DISABLE_PIP_VERSION_CHECK: "1" | |
| PYTHONUNBUFFERED: "1" | |
| WORKFLOWS_EGRESS_ALLOWLIST: "93.184.216.34,does-not-resolve.invalid,example.com" | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Prepare cache dirs | |
| run: | | |
| mkdir -p "$MPLCONFIGDIR" | |
| - name: Cache pip | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ matrix.python-version }}-${{ hashFiles('**/pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pip-${{ matrix.python-version }}- | |
| ${{ runner.os }}-pip- | |
| - name: Install FFmpeg and PortAudio deps | |
| uses: ./.github/actions/setup-ffmpeg | |
| with: | |
| install-ffmpeg: 'false' | |
| install-portaudio: 'true' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip wheel | |
| # Install runtime dependencies plus only the pytest plugins used by this smoke lane. | |
| # The full dev extra pulls load-test tooling such as locust/gevent, which is not needed here. | |
| pip install -e . | |
| pip install "pytest>=9.0.3" "pytest-asyncio>=1.3.0" "pytest-xdist>=3.8.0" "pytest-timeout>=2.4.0" | |
| - name: Run critical e2e smoke tests (in-process) | |
| run: | | |
| python -m pytest \ | |
| -p pytest_asyncio.plugin \ | |
| -p tldw_Server_API.tests._plugins.e2e_fixtures \ | |
| -p tldw_Server_API.tests._plugins.e2e_state_fixtures \ | |
| -p tldw_Server_API.tests._plugins.media_fixtures \ | |
| -p tldw_Server_API.tests._plugins.postgres \ | |
| -p tldw_Server_API.tests.helpers.pgvector \ | |
| tldw_Server_API/tests/e2e/ --critical-only -q | |
| - name: Print server log (single-user) | |
| if: failure() | |
| env: | |
| SERVER_LABEL: single | |
| shell: bash | |
| run: | | |
| python - <<'PY' | |
| import pathlib, os | |
| label = os.environ.get("SERVER_LABEL", "server") | |
| log_path = pathlib.Path(f"server-{label}.log") | |
| if log_path.exists(): | |
| print("===== server log (single-user) =====") | |
| print(log_path.read_text(encoding="utf-8")) | |
| PY | |
| - name: Upload server log (single-user) | |
| if: failure() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: server-log-single-${{ matrix.os }}-py${{ matrix.python-version }} | |
| path: server-single.log | |
| - name: Run E2E tests (multi-user) - exclude Jobs | |
| env: | |
| AUTH_MODE: multi_user | |
| shell: bash | |
| run: | | |
| pytest -v -n 1 \ | |
| -p pytest_asyncio.plugin \ | |
| -p xdist.plugin \ | |
| -p pytest_timeout \ | |
| -p tldw_Server_API.tests._plugins.e2e_fixtures \ | |
| -p tldw_Server_API.tests._plugins.e2e_state_fixtures \ | |
| -p tldw_Server_API.tests._plugins.media_fixtures \ | |
| -p tldw_Server_API.tests._plugins.postgres \ | |
| -p tldw_Server_API.tests.helpers.pgvector \ | |
| -m "multi_user and not jobs" --timeout=600 \ | |
| tldw_Server_API/tests/e2e/test_multi_user_onboarding.py | |
| - name: Stop server (multi-user) | |
| if: always() | |
| env: | |
| SERVER_LABEL: multi | |
| shell: bash | |
| run: | | |
| if [ -f "tldw_Server_API/tests/scripts/server_lifecycle.py" ]; then | |
| python tldw_Server_API/tests/scripts/server_lifecycle.py stop || true | |
| else | |
| echo "server_lifecycle.py not found; skipping stop for '${SERVER_LABEL}'"; | |
| fi | |
| - name: Print server log (multi-user) | |
| if: failure() | |
| env: | |
| SERVER_LABEL: multi | |
| shell: bash | |
| run: | | |
| python - <<'PY' | |
| import pathlib, os | |
| label = os.environ.get("SERVER_LABEL", "server") | |
| log_path = pathlib.Path(f"server-{label}.log") | |
| if log_path.exists(): | |
| print("===== server log (multi-user) =====") | |
| print(log_path.read_text(encoding="utf-8")) | |
| PY | |
| - name: Upload server log (multi-user) | |
| if: failure() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: server-log-multi-${{ matrix.os }}-py${{ matrix.python-version }} | |
| path: server-multi.log |