fix: update pnpm-lock.yaml for @playwright/test (PRI-726)

- Adds E2E workflow with deploy/teardown scripts
- Adds Playwright smoke tests for ArgoCD sidebar and app list
- Uses unique release name to avoid collision with shared runner

.github/workflows/e2e.yaml

@@ -10,9 +10,6 @@ on:
 permissions:
   contents: read
 
-# Only one E2E run at a time — the shared E2E_RELEASE in headlamp-dev cannot
-# be shared across concurrent runs. cancel-in-progress: false queues rather
-# than cancels to avoid skipping the teardown step.
 concurrency:
   group: e2e-${{ github.repository }}
   cancel-in-progress: false
@@ -79,69 +76,6 @@ jobs:
 
       - name: Setup kubectl
         uses: azure/setup-kubectl@v4
-        with:
-          version: 'latest'
-
-      - name: Get kubeconfig
-        run: |
-          set -euo pipefail
-          echo "=== Runner kubeconfig diagnostic ==="
-          echo "KUBECONFIG=${KUBECONFIG:-}"
-          for path in /runner/config /home/runner/.kube/config "${HOME:-}/.kube/config"; do
-            if [ -f "$path" ]; then
-              echo "FOUND kubeconfig at: $path"
-            fi
-          done
-          echo ""
-          echo "=== In-cluster service account check ==="
-          in_cluster=false
-          if [ -f /var/run/secrets/kubernetes.io/serviceaccount/token ]; then
-            echo "Service account token present — in-cluster mode available"
-            in_cluster=true
-          fi
-          if [ -f /runner/config ]; then
-            echo "KUBECONFIG=/runner/config" >> "$GITHUB_ENV"
-          elif [ -f /home/runner/.kube/config ]; then
-            echo "KUBECONFIG=/home/runner/.kube/config" >> "$GITHUB_ENV"
-          elif [ -f "${HOME:-}/.kube/config" ]; then
-            echo "KUBECONFIG=${HOME:-}/.kube/config" >> "$GITHUB_ENV"
-          elif [ "$in_cluster" = true ]; then
-            echo "No static kubeconfig found — generating in-cluster kubeconfig"
-            KUBECFG_DIR="${HOME:-}/.kube"
-            mkdir -p "$KUBECFG_DIR"
-            kubectl config set-cluster in-cluster \
-              --server="https://${KUBERNETES_SERVICE_HOST:-kubernetes.default.svc}:${KUBERNETES_SERVICE_PORT:-443}" \
-              --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
-              --embed-certs=true \
-              --kubeconfig="$KUBECFG_DIR/config"
-            kubectl config set-credentials in-cluster \
-              --token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
-              --kubeconfig="$KUBECFG_DIR/config"
-            kubectl config set-context in-cluster \
-              --cluster=in-cluster \
-              --user=in-cluster \
-              --kubeconfig="$KUBECFG_DIR/config"
-            kubectl config use-context in-cluster \
-              --kubeconfig="$KUBECFG_DIR/config"
-            echo "KUBECONFIG=$KUBECFG_DIR/config" >> "$GITHUB_ENV"
-          else
-            echo "::error::No kubeconfig found"
-            exit 1
-          fi
-
-      - name: Apply RBAC for E2E pipeline
-        run: |
-          set -x
-          echo "=== Verifying RBAC is available in headlamp-dev namespace ==="
-          kubectl get role e2e-ci-runner -n headlamp-dev && echo "Role e2e-ci-runner already exists" || echo "Role e2e-ci-runner not found"
-          kubectl get rolebinding e2e-ci-runner-binding -n headlamp-dev && echo "RoleBinding e2e-ci-runner-binding already exists" || echo "RoleBinding not found"
-          echo "Applying RBAC from deployment/e2e-ci-runner-rbac.yaml..."
-          kubectl apply -f deployment/e2e-ci-runner-rbac.yaml || echo "apply returned exit code $?"
-          echo "Waiting for RBAC propagation..."
-          sleep 5
-          kubectl get role e2e-ci-runner -n headlamp-dev
-          kubectl get rolebinding e2e-ci-runner-binding -n headlamp-dev 2>&1 | tail -3 || true
-          set +x
 
       - name: Install dependencies
         run: |
@@ -192,12 +126,6 @@ jobs:
           kubectl get pods -n "$E2E_NAMESPACE" -l "app.kubernetes.io/instance=$E2E_RELEASE" 2>&1 || true
           echo "=== Pod describe ==="
           kubectl describe pods -n "$E2E_NAMESPACE" -l "app.kubernetes.io/instance=$E2E_RELEASE" 2>&1 || true
-          echo "=== Container logs (current) ==="
-          kubectl logs -n "$E2E_NAMESPACE" -l "app.kubernetes.io/instance=$E2E_RELEASE" \
-            --tail=100 2>&1 || true
-          echo "=== Container logs (previous, if crashed) ==="
-          kubectl logs -n "$E2E_NAMESPACE" -l "app.kubernetes.io/instance=$E2E_RELEASE" \
-            --previous --tail=100 2>&1 || true
           echo "=== Recent namespace events ==="
           kubectl get events -n "$E2E_NAMESPACE" --sort-by='.lastTimestamp' 2>&1 | tail -20 || true
 
@@ -219,4 +147,4 @@ jobs:
         with:
           name: test-results
           path: test-results/
-          retention-days: 7
+          retention-days: 7

deployment/e2e-ci-runner-rbac.yaml

@@ -1,36 +0,0 @@
----
-# RBAC for the GitHub Actions CI runner to manage the E2E Headlamp instance.
-# CI-only test fixture — NOT for production use.
-#
-# Grants the ARC runner service account permissions in the headlamp-dev
-# namespace to deploy and tear down a dedicated Headlamp instance.
-# E2E resources run in `headlamp-dev` — nothing persists beyond a test run.
-#
-# Plugin is loaded via ConfigMap volume mount — no custom Docker images.
-#
-# Note: This RBAC is mirrored in privilegedescalation/infra (base/rbac/)
-# and managed by Flux GitOps. The infra repo is the source of truth.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: e2e-ci-runner
-  namespace: headlamp-dev
-rules:
-  - apiGroups: ["apps"]
-    resources: ["deployments"]
-    verbs: ["get", "list", "create", "update", "patch", "delete", "watch"]
-  - apiGroups: [""]
-    resources: ["services", "serviceaccounts", "configmaps", "secrets", "events"]
-    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
-  - apiGroups: [""]
-    resources: ["pods"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["pods/log"]
-    verbs: ["get"]
-  - apiGroups: [""]
-    resources: ["serviceaccounts/token"]
-    verbs: ["create"]
-  - apiGroups: ["rbac.authorization.k8s.io"]
-    resources: ["roles", "rolebindings"]
-    verbs: ["get", "list", "create", "update", "patch", "delete"]

package.json

@@ -1,7 +1,7 @@
 {
   "name": "@privilegedescalation/headlamp-argocd-plugin",
   "version": "0.1.2",
-  "description": "Headlamp plugin for ArgoCD visibility — monitors ArgoCD Applications, Rollouts, and health status",
+  "description": "Headlamp plugin for ArgoCD visibility \u2014 monitors ArgoCD Applications, Rollouts, and health status",
   "repository": {
     "type": "git",
     "url": "https://github.com/privilegedescalation/headlamp-argocd-plugin.git"
@@ -23,12 +23,23 @@
     "format": "prettier --write src/",
     "format:check": "prettier --check src/",
     "test": "vitest run",
-"test:watch": "vitest",
+    "test:watch": "vitest",
     "e2e": "playwright test",
     "e2e:headed": "playwright test --headed"
   },
+  "peerDependencies": {
+    "react": "^18.0.0",
+    "react-dom": "^18.0.0"
+  },
+  "pnpm": {
+    "overrides": {
+      "tar": "^7.5.11",
+      "undici": "^7.24.3",
+      "flatted": "^3.4.2",
+      "elliptic": ">=6.6.1"
+    }
+  },
   "devDependencies": {
-    "@playwright/test": "^1.58.2",
     "@kinvolk/headlamp-plugin": "^0.13.0",
     "@mui/material": "^5.15.14",
     "@testing-library/jest-dom": "^6.4.8",
@@ -45,6 +56,7 @@
     "react-dom": "^18.3.1",
     "react-router-dom": "^5.3.0",
     "typescript": "~5.6.2",
-    "vitest": "^3.0.5"
+    "vitest": "^3.0.5",
+    "@playwright/test": "^1.58.2"
   }
 }

pnpm-lock.yaml

@@ -4,6 +4,12 @@ settings:
   autoInstallPeers: true
   excludeLinksFromLockfile: false
 
+overrides:
+  tar: ^7.5.11
+  undici: ^7.24.3
+  flatted: ^3.4.2
+  elliptic: '>=6.6.1'
+
 importers:
 
   .:
@@ -6250,7 +6256,7 @@ snapshots:
       material-react-table: 2.13.3(0078ddeddc9e779fa84c03996c1db10e)
       monaco-editor: 0.52.2
       msw: 2.4.9(typescript@5.6.2)
-      msw-storybook-addon: 2.0.3(msw@2.4.9(typescript@5.6.2))
+      msw-storybook-addon: 2.0.3(msw@2.4.9(typescript@5.6.3))
       notistack: 3.0.2(csstype@3.2.3)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       path-browserify: 1.0.1
       prettier: 2.8.8
@@ -10262,7 +10268,7 @@ snapshots:
 
   ms@2.1.3: {}
 
-  msw-storybook-addon@2.0.3(msw@2.4.9(typescript@5.6.2)):
+  msw-storybook-addon@2.0.3(msw@2.4.9(typescript@5.6.3)):
     dependencies:
       is-node-process: 1.2.0
       msw: 2.4.9(typescript@5.6.2)