fix(frontend): remediate frontend + extension audit findings #4144
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Frontend E2E Tiers | |
| on: | |
| pull_request: | |
| branches: [main, dev] | |
| paths: | |
| - 'apps/packages/ui/src/**' | |
| - 'apps/tldw-frontend/**' | |
| - 'tldw_Server_API/**' | |
| workflow_dispatch: | |
| inputs: | |
| tier: | |
| description: 'Which tier to run (critical, features, admin, journeys, all-tiers)' | |
| required: false | |
| default: 'critical' | |
| type: choice | |
| options: | |
| - critical | |
| - features | |
| - admin | |
| - journeys | |
| - all-tiers | |
| permissions: | |
| contents: read | |
| env: | |
| SKIP_WXT_PREPARE: '1' | |
| concurrency: | |
| group: frontend-e2e-tiers-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| # ── Tier 1 + Journeys (critical path — always runs on PR) ───────────── | |
| critical: | |
| name: E2E Critical (Tier 1 + Journeys) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| if: >- | |
| github.event_name == 'pull_request' || | |
| (github.event_name == 'workflow_dispatch' && | |
| contains(fromJSON('["critical","all-tiers"]'), github.event.inputs.tier)) | |
| services: | |
| redis: | |
| image: mirror.gcr.io/library/redis:8-alpine@sha256:9eb6a7ba3d344e1958c7e1589fa3dee90373a934e8159c634562a91d622759a0 | |
| ports: ['6379:6379'] | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| env: | |
| AUTH_MODE: single_user | |
| TEST_MODE: '1' | |
| SINGLE_USER_API_KEY: test-api-key-for-e2e-testing-12345 | |
| REDIS_URL: redis://127.0.0.1:6379/0 | |
| TLDW_WEB_AUTOSTART: 'true' | |
| TLDW_WEB_URL: http://localhost:8080 | |
| TLDW_SERVER_URL: http://127.0.0.1:8000 | |
| TLDW_API_KEY: test-api-key-for-e2e-testing-12345 | |
| NEXT_PUBLIC_TLDW_DEPLOYMENT_MODE: advanced | |
| NEXT_PUBLIC_API_URL: http://127.0.0.1:8000 | |
| PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION: python | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| - name: Install FFmpeg and PortAudio (Linux) | |
| uses: ./.github/actions/setup-ffmpeg | |
| with: | |
| install-ffmpeg: 'false' | |
| install-portaudio: 'true' | |
| - name: Setup Python and backend | |
| uses: ./.github/actions/setup-python-deps | |
| with: | |
| python-version: '3.12' | |
| use-uv: 'true' | |
| cache-dependency-path: | | |
| pyproject.toml | |
| uv.lock | |
| extras: dev | |
| - name: Start backend server | |
| run: | | |
| python -m uvicorn tldw_Server_API.app.main:app \ | |
| --host 0.0.0.0 --port 8000 & | |
| # Wait for server to be ready | |
| for i in $(seq 1 30); do | |
| curl -sf http://127.0.0.1:8000/api/v1/health && break | |
| sleep 2 | |
| done | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: '20' | |
| - uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: '1.3.2' | |
| - name: Install frontend dependencies | |
| working-directory: apps | |
| run: bun install | |
| - name: Install Playwright browsers | |
| working-directory: apps/tldw-frontend | |
| run: bunx playwright install --with-deps chromium | |
| - name: Run critical E2E tests | |
| working-directory: apps/tldw-frontend | |
| run: bun run e2e:critical --reporter=list | |
| continue-on-error: true | |
| id: e2e_critical | |
| - name: Retry critical E2E tests | |
| if: steps.e2e_critical.outcome == 'failure' | |
| working-directory: apps/tldw-frontend | |
| run: bun run e2e:critical --reporter=list | |
| - name: Upload test artifacts | |
| if: failure() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: e2e-critical-results | |
| path: apps/tldw-frontend/test-results/ | |
| retention-days: 7 | |
| # ── Tier 2 + 3 (features — on dispatch or full suite) ───────────────── | |
| features: | |
| name: E2E Features (Tier 2 + 3) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| if: >- | |
| github.event_name == 'workflow_dispatch' && | |
| contains(fromJSON('["features","all-tiers"]'), github.event.inputs.tier) | |
| services: | |
| redis: | |
| image: mirror.gcr.io/library/redis:8-alpine@sha256:9eb6a7ba3d344e1958c7e1589fa3dee90373a934e8159c634562a91d622759a0 | |
| ports: ['6379:6379'] | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| env: | |
| AUTH_MODE: single_user | |
| TEST_MODE: '1' | |
| SINGLE_USER_API_KEY: test-api-key-for-e2e-testing-12345 | |
| REDIS_URL: redis://127.0.0.1:6379/0 | |
| TLDW_WEB_AUTOSTART: 'true' | |
| TLDW_WEB_URL: http://localhost:8080 | |
| TLDW_SERVER_URL: http://127.0.0.1:8000 | |
| TLDW_API_KEY: test-api-key-for-e2e-testing-12345 | |
| NEXT_PUBLIC_TLDW_DEPLOYMENT_MODE: advanced | |
| NEXT_PUBLIC_API_URL: http://127.0.0.1:8000 | |
| PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION: python | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| - name: Install FFmpeg and PortAudio (Linux) | |
| uses: ./.github/actions/setup-ffmpeg | |
| with: | |
| install-ffmpeg: 'false' | |
| install-portaudio: 'true' | |
| - name: Setup Python and backend | |
| uses: ./.github/actions/setup-python-deps | |
| with: | |
| python-version: '3.12' | |
| use-uv: 'true' | |
| cache-dependency-path: | | |
| pyproject.toml | |
| uv.lock | |
| extras: dev | |
| - name: Start backend server | |
| run: | | |
| python -m uvicorn tldw_Server_API.app.main:app \ | |
| --host 0.0.0.0 --port 8000 & | |
| for i in $(seq 1 30); do | |
| curl -sf http://127.0.0.1:8000/api/v1/health && break | |
| sleep 2 | |
| done | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: '20' | |
| - uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: '1.3.2' | |
| - name: Install frontend dependencies | |
| working-directory: apps | |
| run: bun install | |
| - name: Install Playwright browsers | |
| working-directory: apps/tldw-frontend | |
| run: bunx playwright install --with-deps chromium | |
| - name: Run feature E2E tests | |
| working-directory: apps/tldw-frontend | |
| run: bun run e2e:features --reporter=list | |
| - name: Upload test artifacts | |
| if: failure() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: e2e-features-results | |
| path: apps/tldw-frontend/test-results/ | |
| retention-days: 7 | |
| # ── Tier 4 + 5 (admin/specialized — on dispatch or full suite) ──────── | |
| admin: | |
| name: E2E Admin (Tier 4 + 5) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| if: >- | |
| github.event_name == 'workflow_dispatch' && | |
| contains(fromJSON('["admin","all-tiers"]'), github.event.inputs.tier) | |
| services: | |
| redis: | |
| image: mirror.gcr.io/library/redis:8-alpine@sha256:9eb6a7ba3d344e1958c7e1589fa3dee90373a934e8159c634562a91d622759a0 | |
| ports: ['6379:6379'] | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| env: | |
| AUTH_MODE: single_user | |
| TEST_MODE: '1' | |
| SINGLE_USER_API_KEY: test-api-key-for-e2e-testing-12345 | |
| REDIS_URL: redis://127.0.0.1:6379/0 | |
| TLDW_WEB_AUTOSTART: 'true' | |
| TLDW_WEB_URL: http://localhost:8080 | |
| TLDW_SERVER_URL: http://127.0.0.1:8000 | |
| TLDW_API_KEY: test-api-key-for-e2e-testing-12345 | |
| NEXT_PUBLIC_TLDW_DEPLOYMENT_MODE: advanced | |
| NEXT_PUBLIC_API_URL: http://127.0.0.1:8000 | |
| PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION: python | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| - name: Install FFmpeg and PortAudio (Linux) | |
| uses: ./.github/actions/setup-ffmpeg | |
| with: | |
| install-ffmpeg: 'false' | |
| install-portaudio: 'true' | |
| - name: Setup Python and backend | |
| uses: ./.github/actions/setup-python-deps | |
| with: | |
| python-version: '3.12' | |
| use-uv: 'true' | |
| cache-dependency-path: | | |
| pyproject.toml | |
| uv.lock | |
| extras: dev | |
| - name: Start backend server | |
| run: | | |
| python -m uvicorn tldw_Server_API.app.main:app \ | |
| --host 0.0.0.0 --port 8000 & | |
| for i in $(seq 1 30); do | |
| curl -sf http://127.0.0.1:8000/api/v1/health && break | |
| sleep 2 | |
| done | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: '20' | |
| - uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: '1.3.2' | |
| - name: Install frontend dependencies | |
| working-directory: apps | |
| run: bun install | |
| - name: Install Playwright browsers | |
| working-directory: apps/tldw-frontend | |
| run: bunx playwright install --with-deps chromium | |
| - name: Run admin E2E tests | |
| working-directory: apps/tldw-frontend | |
| run: bun run e2e:admin --reporter=list | |
| - name: Upload test artifacts | |
| if: failure() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: e2e-admin-results | |
| path: apps/tldw-frontend/test-results/ | |
| retention-days: 7 |