E2E stability: gateway fixes, same-origin API, builder tests, Docker E2E config #40
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Student Assessments: enable View for Completed rows (link to latest result) - Teacher Analytics: replace offline no-op with Retry that refetches - Teacher Grading: disable Save during mutation and show “Saving…” - Admin Users: add bulk-actions helper when no selection - Student Notifications: show fallback note when bulk mark-read not available - Student Results route: simplify params typing to avoid awaiting params
…vs API runs - New config: frontend/playwright.api.config.ts (NEXT_PUBLIC_AUTH_MODE=api, gateway URL) - Scripts: test:e2e:mock and test:e2e:api - Smoke specs: Admin Users helper hint; Teacher analytics export buttons
- Workflow: split into e2e-mock and e2e-api jobs, bring up Docker, wait for gateway health, upload artifacts - Tests: student dashboard/assessments smoke, teacher grading queue smoke
…udent, teacher, admin) - Admin: settings, audit, health - Teacher: assessments list + edit navigation - Student: notifications, profile - Landing: role navigation buttons
- Seed: add ADMIN user (admin@pediafor.com) with same bcrypt hash as others (password) - E2E: global setup logs in via API and generates storageState for admin/teacher/student - E2E: add fixtures to consume storageState easily - Playwright API config: wire globalSetup
…or reliable auth - Admin specs use adminPage - Teacher specs use teacherPage - Student specs use studentPage
…ility - Analytics: accept exports or retry/heading - Student notifications: assert heading only - Student profile: avoid strict-mode violation on multiple save buttons - Student dashboard/results: assert dashboard; accept loading/empty/table - Teacher assessments: accept heading/actions or retry fallback
- Ensure '/api/assessments' and '/assessments' always rewrite to '/assessments' (even when mounted at '/') - Normalize '/api/auth' to '/auth' via function pathRewrite - Keep '/api/users' rewrite simple - Skip express.json on proxy routes to avoid corrupting proxied JSON bodies - Minor proxy consistency for submissions and grade routes
…normalize roles - api.ts: use same-origin '/api/*' for services; robust 401 refresh and redirect; added assessments sample-set and publish endpoints - hooks/useTeacher.ts: switch to '/api/*' endpoints; enable flags based on token to avoid unauth spam - auth-provider: normalize stored role to lowercase and guard role loading - teacher edit page: add 'Add sample set' button and state
…rigin API - root compose: ALLOWED_ORIGINS includes http://localhost:3001 and 3000 for gateway CORS - frontend compose: clear NEXT_PUBLIC_GATEWAY_URL and NEXT_PUBLIC_API_URL to force relative '/api' and avoid CORS
- Replace structuredClone with a safe deepClone fallback for JSDOM/older browsers - Cover add/remove question, type switching, option management, and submit via new unit tests
…lidation - POST /assessments and POST /assessments/:id/sample-set for faster authoring/demo flows - Allow non-UUID IDs (e.g., cuid) across routes - Publish assessment created event on create - Implement createSampleSet in service
…mpose - frontend: add test:e2e:docker script and playwright.docker.config.ts - add docker-compose.fullstack.yml and Windows fullstack manager script - docs: docker E2E testing guide and testing summary - test-assessment.json: sample payload for workflow runs
- Add frontend/test-results-docker/ and frontend/playwright-report-docker/ to .gitignore
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 21705761 | Triggered | Generic Private Key | edc11fc | docker-compose.fullstack.yml | View secret |
| 21939740 | Triggered | Generic Password | edc11fc | docker-compose.fullstack.yml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces comprehensive improvements to end-to-end (E2E) testing infrastructure, documentation, and workflow organization for the frontend and full-stack environments. The main changes include splitting E2E testing workflows into "mock" and "API" modes, adding extensive documentation for Docker-based E2E testing, and updating configuration and ignore files to support new testing artifacts. Additionally, legacy documentation has been deprecated in favor of more up-to-date resources.
E2E Testing Infrastructure and Workflow Enhancements:
.github/workflows/frontend-e2e.ymlinto two separate jobs:e2e-mock(for mock mode) ande2e-api(for API/integration mode). The newe2e-apijob starts the backend stack in Docker, waits for health checks, and runs Playwright tests against the real API, with separate artifact uploads for each mode. [1] [2] [3]Documentation Additions and Improvements:
DOCKER-TESTING-SUMMARY.mdanddocs/docker-e2e-testing.md, providing quick reference, setup instructions, architecture overview, troubleshooting, and best practices for running E2E tests in a full Docker environment. These docs include details on test coverage, service URLs, test credentials, and CI/CD integration. [1] [2]docs/frontend-requirements.mdin favor of newer, actively maintained documentation, guiding users to the new locations.Configuration and Compatibility Updates:
.gitignorein thefrontenddirectory to exclude new Playwright and test result artifacts generated by Docker-based and multi-mode testing (test-results-docker/,playwright-report-docker/, and Playwright auth files).ALLOWED_ORIGINSenvironment variable to thegateway-serviceindocker-compose.ymlto support CORS for both frontend and gateway URLs, improving compatibility when running frontend in Docker.