Skip to content

fix(frontend): remediate frontend + extension audit findings #5870

fix(frontend): remediate frontend + extension audit findings

fix(frontend): remediate frontend + extension audit findings #5870

Workflow file for this run

name: E2E Critical Smoke (In-Process)
on:
pull_request:
types: [opened, synchronize, reopened]
workflow_dispatch: {}
permissions:
contents: read
concurrency:
group: e2e-smoke-${{ github.ref }}
cancel-in-progress: true
jobs:
e2e-smoke:
name: e2e-smoke (${{ matrix.os }}, py${{ matrix.python-version }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest]
python-version: ["3.11"]
env:
# In-process e2e configuration
E2E_INPROCESS: "1"
AUTH_MODE: single_user
TEST_MODE: "1"
# Critical smoke should not require a live Redis service, especially on macOS runners.
EMBEDDINGS_REDIS_ALLOW_STUB: "1"
SINGLE_USER_API_KEY: test-api-key-for-e2e-testing-12345
SINGLE_USER_TEST_API_KEY: test-api-key-for-e2e-testing-12345
PYTEST_DISABLE_PLUGIN_AUTOLOAD: "1"
TLDW_TEST_RUN_ID: e2e-smoke-${{ github.run_id }}-${{ github.run_attempt }}-${{ matrix.os }}-py${{ matrix.python-version }}
USER_DB_BASE_DIR: Databases/user_databases_test/e2e-smoke-${{ github.run_id }}-${{ github.run_attempt }}-${{ matrix.os }}-py${{ matrix.python-version }}
# Avoid matplotlib cache permission issues during imports
MPLCONFIGDIR: ${{ github.workspace }}/.mpl-cache
PIP_DISABLE_PIP_VERSION_CHECK: "1"
PYTHONUNBUFFERED: "1"
WORKFLOWS_EGRESS_ALLOWLIST: "93.184.216.34,does-not-resolve.invalid,example.com"
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v6
with:
python-version: ${{ matrix.python-version }}
- name: Prepare cache dirs
run: |
mkdir -p "$MPLCONFIGDIR"
- name: Cache pip
uses: actions/cache@v5
with:
path: |
~/.cache/pip
key: ${{ runner.os }}-pip-${{ matrix.python-version }}-${{ hashFiles('**/pyproject.toml') }}
restore-keys: |
${{ runner.os }}-pip-${{ matrix.python-version }}-
${{ runner.os }}-pip-
- name: Install FFmpeg and PortAudio deps
uses: ./.github/actions/setup-ffmpeg
with:
install-ffmpeg: 'false'
install-portaudio: 'true'
- name: Install dependencies
run: |
python -m pip install --upgrade pip wheel
# Install runtime dependencies plus only the pytest plugins used by this smoke lane.
# The full dev extra pulls load-test tooling such as locust/gevent, which is not needed here.
pip install -e .
pip install "pytest>=9.0.3" "pytest-asyncio>=1.3.0" "pytest-xdist>=3.8.0" "pytest-timeout>=2.4.0"
- name: Run critical e2e smoke tests (in-process)
run: |
python -m pytest \
-p pytest_asyncio.plugin \
-p tldw_Server_API.tests._plugins.e2e_fixtures \
-p tldw_Server_API.tests._plugins.e2e_state_fixtures \
-p tldw_Server_API.tests._plugins.media_fixtures \
-p tldw_Server_API.tests._plugins.postgres \
-p tldw_Server_API.tests.helpers.pgvector \
tldw_Server_API/tests/e2e/ --critical-only -q
- name: Print server log (single-user)
if: failure()
env:
SERVER_LABEL: single
shell: bash
run: |
python - <<'PY'
import pathlib, os
label = os.environ.get("SERVER_LABEL", "server")
log_path = pathlib.Path(f"server-{label}.log")
if log_path.exists():
print("===== server log (single-user) =====")
print(log_path.read_text(encoding="utf-8"))
PY
- name: Upload server log (single-user)
if: failure()
uses: actions/upload-artifact@v7
with:
name: server-log-single-${{ matrix.os }}-py${{ matrix.python-version }}
path: server-single.log
- name: Run E2E tests (multi-user) - exclude Jobs
env:
AUTH_MODE: multi_user
shell: bash
run: |
pytest -v -n 1 \
-p pytest_asyncio.plugin \
-p xdist.plugin \
-p pytest_timeout \
-p tldw_Server_API.tests._plugins.e2e_fixtures \
-p tldw_Server_API.tests._plugins.e2e_state_fixtures \
-p tldw_Server_API.tests._plugins.media_fixtures \
-p tldw_Server_API.tests._plugins.postgres \
-p tldw_Server_API.tests.helpers.pgvector \
-m "multi_user and not jobs" --timeout=600 \
tldw_Server_API/tests/e2e/test_multi_user_onboarding.py
- name: Stop server (multi-user)
if: always()
env:
SERVER_LABEL: multi
shell: bash
run: |
if [ -f "tldw_Server_API/tests/scripts/server_lifecycle.py" ]; then
python tldw_Server_API/tests/scripts/server_lifecycle.py stop || true
else
echo "server_lifecycle.py not found; skipping stop for '${SERVER_LABEL}'";
fi
- name: Print server log (multi-user)
if: failure()
env:
SERVER_LABEL: multi
shell: bash
run: |
python - <<'PY'
import pathlib, os
label = os.environ.get("SERVER_LABEL", "server")
log_path = pathlib.Path(f"server-{label}.log")
if log_path.exists():
print("===== server log (multi-user) =====")
print(log_path.read_text(encoding="utf-8"))
PY
- name: Upload server log (multi-user)
if: failure()
uses: actions/upload-artifact@v7
with:
name: server-log-multi-${{ matrix.os }}-py${{ matrix.python-version }}
path: server-multi.log