Skip to content

fix(frontend): remediate frontend + extension audit findings #4144

fix(frontend): remediate frontend + extension audit findings

fix(frontend): remediate frontend + extension audit findings #4144

name: Frontend E2E Tiers
on:
pull_request:
branches: [main, dev]
paths:
- 'apps/packages/ui/src/**'
- 'apps/tldw-frontend/**'
- 'tldw_Server_API/**'
workflow_dispatch:
inputs:
tier:
description: 'Which tier to run (critical, features, admin, journeys, all-tiers)'
required: false
default: 'critical'
type: choice
options:
- critical
- features
- admin
- journeys
- all-tiers
permissions:
contents: read
env:
SKIP_WXT_PREPARE: '1'
concurrency:
group: frontend-e2e-tiers-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
# ── Tier 1 + Journeys (critical path — always runs on PR) ─────────────
critical:
name: E2E Critical (Tier 1 + Journeys)
runs-on: ubuntu-latest
timeout-minutes: 30
if: >-
github.event_name == 'pull_request' ||
(github.event_name == 'workflow_dispatch' &&
contains(fromJSON('["critical","all-tiers"]'), github.event.inputs.tier))
services:
redis:
image: mirror.gcr.io/library/redis:8-alpine@sha256:9eb6a7ba3d344e1958c7e1589fa3dee90373a934e8159c634562a91d622759a0
ports: ['6379:6379']
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
env:
AUTH_MODE: single_user
TEST_MODE: '1'
SINGLE_USER_API_KEY: test-api-key-for-e2e-testing-12345
REDIS_URL: redis://127.0.0.1:6379/0
TLDW_WEB_AUTOSTART: 'true'
TLDW_WEB_URL: http://localhost:8080
TLDW_SERVER_URL: http://127.0.0.1:8000
TLDW_API_KEY: test-api-key-for-e2e-testing-12345
NEXT_PUBLIC_TLDW_DEPLOYMENT_MODE: advanced
NEXT_PUBLIC_API_URL: http://127.0.0.1:8000
PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION: python
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Install FFmpeg and PortAudio (Linux)
uses: ./.github/actions/setup-ffmpeg
with:
install-ffmpeg: 'false'
install-portaudio: 'true'
- name: Setup Python and backend
uses: ./.github/actions/setup-python-deps
with:
python-version: '3.12'
use-uv: 'true'
cache-dependency-path: |
pyproject.toml
uv.lock
extras: dev
- name: Start backend server
run: |
python -m uvicorn tldw_Server_API.app.main:app \
--host 0.0.0.0 --port 8000 &
# Wait for server to be ready
for i in $(seq 1 30); do
curl -sf http://127.0.0.1:8000/api/v1/health && break
sleep 2
done
- uses: actions/setup-node@v6
with:
node-version: '20'
- uses: oven-sh/setup-bun@v2
with:
bun-version: '1.3.2'
- name: Install frontend dependencies
working-directory: apps
run: bun install
- name: Install Playwright browsers
working-directory: apps/tldw-frontend
run: bunx playwright install --with-deps chromium
- name: Run critical E2E tests
working-directory: apps/tldw-frontend
run: bun run e2e:critical --reporter=list
continue-on-error: true
id: e2e_critical
- name: Retry critical E2E tests
if: steps.e2e_critical.outcome == 'failure'
working-directory: apps/tldw-frontend
run: bun run e2e:critical --reporter=list
- name: Upload test artifacts
if: failure()
uses: actions/upload-artifact@v7
with:
name: e2e-critical-results
path: apps/tldw-frontend/test-results/
retention-days: 7
# ── Tier 2 + 3 (features — on dispatch or full suite) ─────────────────
features:
name: E2E Features (Tier 2 + 3)
runs-on: ubuntu-latest
timeout-minutes: 30
if: >-
github.event_name == 'workflow_dispatch' &&
contains(fromJSON('["features","all-tiers"]'), github.event.inputs.tier)
services:
redis:
image: mirror.gcr.io/library/redis:8-alpine@sha256:9eb6a7ba3d344e1958c7e1589fa3dee90373a934e8159c634562a91d622759a0
ports: ['6379:6379']
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
env:
AUTH_MODE: single_user
TEST_MODE: '1'
SINGLE_USER_API_KEY: test-api-key-for-e2e-testing-12345
REDIS_URL: redis://127.0.0.1:6379/0
TLDW_WEB_AUTOSTART: 'true'
TLDW_WEB_URL: http://localhost:8080
TLDW_SERVER_URL: http://127.0.0.1:8000
TLDW_API_KEY: test-api-key-for-e2e-testing-12345
NEXT_PUBLIC_TLDW_DEPLOYMENT_MODE: advanced
NEXT_PUBLIC_API_URL: http://127.0.0.1:8000
PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION: python
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Install FFmpeg and PortAudio (Linux)
uses: ./.github/actions/setup-ffmpeg
with:
install-ffmpeg: 'false'
install-portaudio: 'true'
- name: Setup Python and backend
uses: ./.github/actions/setup-python-deps
with:
python-version: '3.12'
use-uv: 'true'
cache-dependency-path: |
pyproject.toml
uv.lock
extras: dev
- name: Start backend server
run: |
python -m uvicorn tldw_Server_API.app.main:app \
--host 0.0.0.0 --port 8000 &
for i in $(seq 1 30); do
curl -sf http://127.0.0.1:8000/api/v1/health && break
sleep 2
done
- uses: actions/setup-node@v6
with:
node-version: '20'
- uses: oven-sh/setup-bun@v2
with:
bun-version: '1.3.2'
- name: Install frontend dependencies
working-directory: apps
run: bun install
- name: Install Playwright browsers
working-directory: apps/tldw-frontend
run: bunx playwright install --with-deps chromium
- name: Run feature E2E tests
working-directory: apps/tldw-frontend
run: bun run e2e:features --reporter=list
- name: Upload test artifacts
if: failure()
uses: actions/upload-artifact@v7
with:
name: e2e-features-results
path: apps/tldw-frontend/test-results/
retention-days: 7
# ── Tier 4 + 5 (admin/specialized — on dispatch or full suite) ────────
admin:
name: E2E Admin (Tier 4 + 5)
runs-on: ubuntu-latest
timeout-minutes: 30
if: >-
github.event_name == 'workflow_dispatch' &&
contains(fromJSON('["admin","all-tiers"]'), github.event.inputs.tier)
services:
redis:
image: mirror.gcr.io/library/redis:8-alpine@sha256:9eb6a7ba3d344e1958c7e1589fa3dee90373a934e8159c634562a91d622759a0
ports: ['6379:6379']
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
env:
AUTH_MODE: single_user
TEST_MODE: '1'
SINGLE_USER_API_KEY: test-api-key-for-e2e-testing-12345
REDIS_URL: redis://127.0.0.1:6379/0
TLDW_WEB_AUTOSTART: 'true'
TLDW_WEB_URL: http://localhost:8080
TLDW_SERVER_URL: http://127.0.0.1:8000
TLDW_API_KEY: test-api-key-for-e2e-testing-12345
NEXT_PUBLIC_TLDW_DEPLOYMENT_MODE: advanced
NEXT_PUBLIC_API_URL: http://127.0.0.1:8000
PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION: python
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Install FFmpeg and PortAudio (Linux)
uses: ./.github/actions/setup-ffmpeg
with:
install-ffmpeg: 'false'
install-portaudio: 'true'
- name: Setup Python and backend
uses: ./.github/actions/setup-python-deps
with:
python-version: '3.12'
use-uv: 'true'
cache-dependency-path: |
pyproject.toml
uv.lock
extras: dev
- name: Start backend server
run: |
python -m uvicorn tldw_Server_API.app.main:app \
--host 0.0.0.0 --port 8000 &
for i in $(seq 1 30); do
curl -sf http://127.0.0.1:8000/api/v1/health && break
sleep 2
done
- uses: actions/setup-node@v6
with:
node-version: '20'
- uses: oven-sh/setup-bun@v2
with:
bun-version: '1.3.2'
- name: Install frontend dependencies
working-directory: apps
run: bun install
- name: Install Playwright browsers
working-directory: apps/tldw-frontend
run: bunx playwright install --with-deps chromium
- name: Run admin E2E tests
working-directory: apps/tldw-frontend
run: bun run e2e:admin --reporter=list
- name: Upload test artifacts
if: failure()
uses: actions/upload-artifact@v7
with:
name: e2e-admin-results
path: apps/tldw-frontend/test-results/
retention-days: 7