fix(e2e): restore Build plugin step indentation

The RBAC step removal accidentally moved Build plugin to root level. Fixes YAML parse error that would prevent E2E workflow from running.
fix(e2e): remove kubectl apply RBAC step
2026-05-05 00:56:31 +00:00 · 2026-05-05 00:44:03 +00:00 · 2026-05-04 17:20:38 +00:00 · 2026-05-03 17:44:15 +00:00 · 2026-04-21 20:52:49 +00:00 · 2026-04-15 03:34:55 +00:00
10 changed files with 90 additions and 50 deletions
@@ -16,3 +16,5 @@ jobs:
  dual-approval:
    uses: privilegedescalation/.github/.github/workflows/dual-approval-check.yaml@main
    secrets: inherit
+    with:
+      pr_number: ${{ github.event.pull_request.number }}
@@ -100,4 +100,4 @@ jobs:
        with:
          name: test-results
          path: test-results/
-          retention-days: 7
+          retention-days: 7
@@ -1,4 +1,4 @@
-version: "1.0.0"
+version: "1.1.0"
 name: headlamp-intel-gpu
 displayName: Intel GPU
 description: >-
@@ -99,7 +99,7 @@ screenshots:
    url: https://raw.githubusercontent.com/privilegedescalation/headlamp-intel-gpu-plugin/main/docs/screenshots/03-metrics.svg

 annotations:
-  headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-intel-gpu-plugin/releases/download/v1.0.0/intel-gpu-1.0.0.tar.gz"
-  headlamp/plugin/archive-checksum: sha256:93d6c531e7c12440c9625138f0645fc0c3521b574d0089492759699b324943f0
+  headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-intel-gpu-plugin/releases/download/v1.1.0/intel-gpu-1.1.0.tar.gz"
+  headlamp/plugin/archive-checksum: sha256:e212381f38c331383604b06f6552997fcba5c8b42a3bd828e3b43ed3e5028448
  headlamp/plugin/version-compat: ">=0.20.0"
  headlamp/plugin/distro-compat: "in-cluster,web,app"
@@ -19,16 +19,18 @@ test.describe('Intel GPU plugin smoke tests', () => {

    // Should navigate to the overview route
    await expect(page).toHaveURL(/\/intel-gpu$/);
-    await expect(page.getByRole('heading', { name: /intel.gpu/i })).toBeVisible();
+    await expect(
+      page.locator('main').getByRole('heading', { name: 'Intel GPU — Overview' })
+    ).toBeVisible();
  });

  test('overview page renders GPU device list or empty state', async ({ page }) => {
    await page.goto('/c/main/intel-gpu');

    // Overview heading should be present
-    await expect(page.getByRole('heading', { name: /intel.gpu/i })).toBeVisible({
-      timeout: 15_000,
-    });
+    await expect(
+      page.locator('main').getByRole('heading', { name: 'Intel GPU — Overview' })
+    ).toBeVisible({ timeout: 15_000 });

    // Either a populated table/list or an empty-state indicator must be visible
    const hasTable = await page.locator('table').first().isVisible().catch(() => false);
@@ -43,9 +45,9 @@ test.describe('Intel GPU plugin smoke tests', () => {
  test('device plugins page renders or shows empty state', async ({ page }) => {
    await page.goto('/c/main/intel-gpu/device-plugins');

-    await expect(page.getByRole('heading', { name: /device plugin/i })).toBeVisible({
-      timeout: 15_000,
-    });
+    await expect(
+      page.locator('main').getByRole('heading', { name: 'Intel GPU — Device Plugins' })
+    ).toBeVisible({ timeout: 15_000 });

    const hasTable = await page.locator('table').first().isVisible().catch(() => false);
    const hasEmptyState = await page
@@ -57,32 +59,28 @@ test.describe('Intel GPU plugin smoke tests', () => {
  });

  test('navigation between plugin views works', async ({ page }) => {
+    // Headlamp sidebar child links only appear when already on a child route,
+    // not after clicking the parent entry from the overview. Test route
+    // accessibility via direct navigation — each route must render its heading.
    await page.goto('/c/main/intel-gpu');
-    await expect(page.getByRole('heading', { name: /intel.gpu/i })).toBeVisible({
-      timeout: 15_000,
-    });
+    await expect(
+      page.locator('main').getByRole('heading', { name: 'Intel GPU — Overview' })
+    ).toBeVisible({ timeout: 15_000 });

-    // Navigate to GPU Nodes
-    const sidebar = page.getByRole('navigation', { name: 'Navigation' });
-    const nodesLink = sidebar.getByRole('link', { name: /gpu nodes/i });
-    await expect(nodesLink).toBeVisible();
-    await nodesLink.click();
-    await expect(page).toHaveURL(/\/intel-gpu\/nodes$/);
-    await expect(page.getByRole('heading', { name: /node/i })).toBeVisible();
+    await page.goto('/c/main/intel-gpu/nodes');
+    await expect(
+      page.locator('main').getByRole('heading', { name: 'Intel GPU — Nodes' })
+    ).toBeVisible({ timeout: 15_000 });

-    // Navigate to GPU Pods
-    const podsLink = sidebar.getByRole('link', { name: /gpu pods/i });
-    await expect(podsLink).toBeVisible();
-    await podsLink.click();
-    await expect(page).toHaveURL(/\/intel-gpu\/pods$/);
-    await expect(page.getByRole('heading', { name: /pod/i })).toBeVisible();
+    await page.goto('/c/main/intel-gpu/pods');
+    await expect(
+      page.locator('main').getByRole('heading', { name: 'Intel GPU — Pods' })
+    ).toBeVisible({ timeout: 15_000 });

-    // Navigate to Metrics
-    const metricsLink = sidebar.getByRole('link', { name: /metrics/i });
-    await expect(metricsLink).toBeVisible();
-    await metricsLink.click();
-    await expect(page).toHaveURL(/\/intel-gpu\/metrics$/);
-    await expect(page.getByRole('heading', { name: /metric/i })).toBeVisible();
+    await page.goto('/c/main/intel-gpu/metrics');
+    await expect(
+      page.locator('main').getByRole('heading', { name: 'Intel GPU — Metrics' })
+    ).toBeVisible({ timeout: 15_000 });
  });

  test('plugin settings page shows intel-gpu plugin entry', async ({ page }) => {
@@ -1,12 +1,12 @@
 {
  "name": "intel-gpu",
-  "version": "1.0.0",
+  "version": "1.1.0",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "intel-gpu",
-      "version": "1.0.0",
+      "version": "1.1.0",
      "license": "Apache-2.0",
      "devDependencies": {
        "@kinvolk/headlamp-plugin": "^0.13.0",
@@ -11600,9 +11600,9 @@
      }
    },
    "node_modules/lodash": {
-      "version": "4.17.23",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
-      "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
      "dev": true,
      "license": "MIT"
    },
@@ -1,6 +1,6 @@
 {
  "name": "intel-gpu",
-  "version": "1.0.0",
+  "version": "1.1.0",
  "description": "Headlamp plugin for Intel GPU device plugin visibility and monitoring",
  "repository": {
    "type": "git",
@@ -44,6 +44,7 @@
  },
  "overrides": {
    "tar": "^7.5.11",
-    "undici": "^7.24.3"
+    "undici": "^7.24.3",
+    "lodash": ">=4.18.0"
  }
 }
@@ -151,4 +151,27 @@ describe('IntelGpuDataProvider', () => {
      expect(callCountAfter).toBeGreaterThan(callCountBefore);
    });
  });
+
+  it('treats a hanging CRD request as unavailable after 2s timeout', async () => {
+    vi.useFakeTimers();
+    const nodeWrapper = { jsonData: {} };
+    vi.mocked(K8s.ResourceClasses.Node.useList).mockReturnValue([[nodeWrapper], null] as any);
+    vi.mocked(K8s.ResourceClasses.Pod.useList).mockReturnValue([[nodeWrapper], null] as any);
+    vi.mocked(ApiProxy.request)
+      .mockReturnValueOnce(new Promise(() => {}))
+      .mockResolvedValueOnce({ items: [] })
+      .mockResolvedValueOnce({ items: [] })
+      .mockResolvedValueOnce({ items: [] });
+
+    const { result } = renderHook(() => useIntelGpuContext(), { wrapper: Wrapper });
+
+    expect(result.current.loading).toBe(true);
+
+    vi.advanceTimersByTime(2000);
+    await act(async () => {});
+    expect(result.current.crdAvailable).toBe(false);
+    expect(result.current.loading).toBe(false);
+
+    vi.useRealTimers();
+  });
 });
@@ -69,6 +69,18 @@ export function useIntelGpuContext(): IntelGpuContextValue {
 // Helpers
 // ---------------------------------------------------------------------------

+const DEFAULT_REQUEST_TIMEOUT_MS = 2_000;
+
+/** Wraps a promise with a timeout, rejecting if it doesn't settle within ms. */
+function withTimeout<T>(promise: Promise<T>, ms: number): Promise<T> {
+  return Promise.race([
+    promise,
+    new Promise<T>((_, reject) =>
+      setTimeout(() => reject(new Error(`Request timed out after ${ms}ms`)), ms)
+    ),
+  ]);
+}
+
 /** Extract raw Kubernetes JSON from Headlamp KubeObject wrappers. */
 const extractJsonData = (items: unknown[]): unknown[] =>
  items.map(item =>
@@ -108,8 +120,11 @@ export function IntelGpuDataProvider({ children }: { children: React.ReactNode }
      try {
        // GpuDevicePlugin CRDs — graceful degradation if CRD not installed
        try {
-          const pluginList = await ApiProxy.request(
-            `/apis/${INTEL_DEVICE_PLUGIN_API_GROUP}/${INTEL_DEVICE_PLUGIN_API_VERSION}/gpudeviceplugins`
+          const pluginList = await withTimeout(
+            ApiProxy.request(
+              `/apis/${INTEL_DEVICE_PLUGIN_API_GROUP}/${INTEL_DEVICE_PLUGIN_API_VERSION}/gpudeviceplugins`
+            ),
+            DEFAULT_REQUEST_TIMEOUT_MS
          );
          if (!cancelled && isKubeList(pluginList)) {
            setCrdAvailable(true);
@@ -139,7 +154,7 @@ export function IntelGpuDataProvider({ children }: { children: React.ReactNode }

        for (const url of pluginPodSelectors) {
          try {
-            const list = await ApiProxy.request(url);
+            const list = await withTimeout(ApiProxy.request(url), DEFAULT_REQUEST_TIMEOUT_MS);
            if (!cancelled && isKubeList(list)) {
              const gpuPluginPods = filterIntelGpuPluginPods(list.items);
              foundPluginPods.push(...gpuPluginPods);
@@ -106,11 +106,13 @@ describe('MetricsPage', () => {
    vi.clearAllMocks();
  });

-  it('shows loader when ctxLoading=true', () => {
+  it('shows loader when ctxLoading=true but heading is visible immediately', () => {
    vi.mocked(useIntelGpuContext).mockReturnValue(makeContext({ loading: true }));
    // fetchGpuMetrics should never be called in loading state
    vi.mocked(fetchGpuMetrics).mockResolvedValue(null);
    render(<MetricsPage />);
+    // Heading renders immediately, loader appears below it while waiting for context
+    expect(screen.getByText('Intel GPU — Metrics')).toBeInTheDocument();
    expect(screen.getByTestId('loader')).toHaveTextContent('Loading Intel GPU data...');
  });

@@ -230,10 +230,6 @@ export default function MetricsPage() {
    };
  }, [ctxLoading, fetchSeq]);

-  if (ctxLoading) {
-    return <Loader title="Loading Intel GPU data..." />;
-  }
-
  return (
    <>
      <div
@@ -247,7 +243,7 @@ export default function MetricsPage() {
        <SectionHeader title="Intel GPU — Metrics" />
        <button
          onClick={() => void doFetch()}
-          disabled={fetching}
+          disabled={fetching || ctxLoading}
          aria-label="Refresh metrics"
          style={{
            padding: '6px 16px',
@@ -255,15 +251,18 @@ export default function MetricsPage() {
            color: 'var(--mui-palette-primary-main, #0071c5)',
            border: '1px solid var(--mui-palette-primary-main, #0071c5)',
            borderRadius: '4px',
-            cursor: 'pointer',
+            cursor: fetching || ctxLoading ? 'not-allowed' : 'pointer',
            fontSize: '13px',
            fontWeight: 500,
+            opacity: fetching || ctxLoading ? 0.6 : 1,
          }}
        >
          {fetching ? 'Refreshing…' : 'Refresh'}
        </button>
      </div>

+      {ctxLoading && <Loader title="Loading Intel GPU data..." />}
+
      <MetricRequirements />

      {fetching && !metrics && <Loader title="Querying Prometheus for GPU metrics..." />}
Author	SHA1	Message	Date
Chris Farhood	69b0ba3bcb	fix(e2e): restore Build plugin step indentation The RBAC step removal accidentally moved Build plugin to root level. Fixes YAML parse error that would prevent E2E workflow from running.	2026-05-05 00:56:31 +00:00
Chris Farhood	587aef820f	fix(e2e): remove kubectl apply RBAC step The RBAC manifest must be pre-applied via Flux (infra repo) by a privileged actor before the first workflow run. The Arc Runners service account cannot self-apply RBAC — it has no permissions to retrieve the Role to patch it. Fixes PRI-594.	2026-05-05 00:44:03 +00:00
privilegedescalation-engineer[bot]	85c839bc19	fix(e2e): scope heading locators to main content area (#50 ) Replace bare getByRole("heading", { name: /Intel GPU — .../i }) calls with page.locator('main').getByRole('heading', { name: '...' }) so that each locator matches exactly one element and Playwright strict mode is satisfied. The main element is the appropriate scoping container for plugin page content. Exact name matching (without regex) is used to be precise about which heading is being targeted. Co-authored-by: Test User <test@example.com> Co-authored-by: Paperclip <noreply@paperclip.ing>	2026-05-04 17:20:38 +00:00
privilegedescalation-engineer[bot]	00c29e36dd	fix: override lodash >=4.18.0 to patch code injection vulnerability (#51 ) * fix: override lodash >=4.18.0 to patch code injection vulnerability GHSA-r5fr-rjxr-66jc is a code injection vulnerability in lodash below 4.18.0. The vulnerable transitive dependency comes through @kinvolk/headlamp-plugin. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix: update package-lock.json to satisfy lodash override The package.json override requires lodash >=4.18.0, but the lockfile had 4.17.23. Regenerated lockfile with npm install --include=dev. Co-Authored-By: Paperclip <noreply@paperclip.ing> * fix(e2e): scope heading locators to main content area Cherry-picked from PR #50 to fix E2E test failures on lodash PR. Co-Authored-By: Paperclip <noreply@paperclip.ing> --------- Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> Co-authored-by: Paperclip <noreply@paperclip.ing>	2026-05-03 17:44:15 +00:00
privilegedescalation-engineer[bot]	823e590513	release: v1.1.0 (#49 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-04-21 20:52:49 +00:00
privilegedescalation-engineer[bot]	3cc0094842	fix: pass pr_number to dual-approval-check workflow (#47 ) Companion PR to privilegedescalation/.github#81 Co-authored-by: Hugh Hackman <hugh@paperclip.ing> Co-authored-by: Paperclip <noreply@paperclip.ing>	2026-04-15 03:34:55 +00:00
privilegedescalation-cto[bot]	161d817e6c	Merge pull request #48 from privilegedescalation/fix/e2e-heading-selectors fix(e2e): use specific regex for overview heading	2026-04-15 02:29:23 +00:00
Paperclip	375f43265d	fix(e2e): use specific regex for overview heading The /intel.gpu/i regex was too broad and could match multiple headings on the overview page, causing strict mode violations in Playwright. Use /Intel GPU — Overview/i to match only the actual page heading, which contains 'Intel GPU' before 'Overview'. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-14 23:45:47 +00:00
privilegedescalation-engineer[bot]	b81f25ad74	fix: combine E2E infrastructure fixes (selectors + metrics heading + timeout) (#45 ) QA + CTO approved. CI + E2E passing. E2E test fix PR — UAT via automated suite. Merged by CEO.	2026-04-11 14:05:48 +00:00
privilegedescalation-ceo[bot]	ca430b8b03	Merge pull request #35 from privilegedescalation/fix/e2e-navigation-test-sidebar-expansion fix(e2e): expand intel-gpu sidebar before checking child navigation links	2026-03-25 00:49:12 +00:00
Gandalf the Greybeard	e139999f20	fix(e2e): test route accessibility via direct URL instead of sidebar child links Headlamp sidebar child links (GPU Nodes, GPU Pods, Metrics) do not render after clicking the parent intel-gpu sidebar button — they only appear when already on a child route. Replace the sidebar-link assertion approach with direct URL navigation, matching the pattern used by the device-plugins test. Closes #34 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-25 00:01:24 +00:00
privilegedescalation-engineer	d4ac2b2f23	fix(e2e): expand intel-gpu sidebar before checking child navigation links The 'navigation between plugin views works' test was navigating directly to /c/main/intel-gpu and then immediately trying to find sidebar child links (GPU Nodes, GPU Pods, Metrics). Direct URL navigation does not guarantee that the Headlamp sidebar parent entry is expanded, so the child links may not be rendered yet. Fix: start from the home page and click the 'intel-gpu' sidebar button to explicitly expand the section before asserting on child link visibility. This mirrors the real user flow (tests 1 and 2 already use this approach) and eliminates the race between navigation and sidebar render. Fixes #34 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-24 23:51:59 +00:00
privilegedescalation-ceo[bot]	15320dbcba	Merge pull request #33 from privilegedescalation/fix/restore-openapi-types-lockfile fix: restore openapi-types@12.1.3 to package-lock.json	2026-03-24 23:38:22 +00:00
Gandalf the Greybeard	82ad1faa33	fix: restore openapi-types@12.1.3 to package-lock.json PR #29 accidentally dropped the openapi-types peer dependency entry from the lock file. This restores it by re-running npm install, which resolves the CI failure: "Missing: openapi-types@12.1.3 from lock file". Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-24 23:33:42 +00:00
privilegedescalation-ceo[bot]	547f743016	Merge pull request #29 from privilegedescalation/fix/package-lock-playwright fix: regenerate package-lock.json with Playwright dependencies	2026-03-24 23:29:39 +00:00
Gandalf the Greybeard	aceb06f2e5	fix: regenerate package-lock.json with Playwright dependencies Adds @playwright/test ^1.58.2 to the lockfile, which was missing after PR #25 (Playwright E2E smoke tests) was merged. This unblocks CI on main. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-24 23:21:12 +00:00