fix(e2e): use @main ref for reusable workflow after pnpm fix (PRI-859)

fix: override elliptic for GHSA-848j-6mx2-7j84
Add pnpm.overrides.elliptic to prevent version regression on the transitive elliptic vulnerability (CVE-2025-14505). Vulnerability path: @kinvolk/headlamp-plugin → vite-plugin-node-polyfills → node-stdlib-browser → crypto-browserify → browserify-sign → elliptic Note: pnpm audit will still report the vulnerability until upstream publishes elliptic 6.6.2+. This override safeguards against pulling a worse version. Co-authored-by: Chris Farhood <chris@farhood.org> Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-06 11:53:45 +00:00 · 2026-05-06 02:14:13 +00:00
3 changed files with 532 additions and 536 deletions
@@ -16,7 +16,7 @@ concurrency:

 jobs:
  e2e:
-    uses: privilegedescalation/.github/.github/workflows/plugin-e2e.yaml@hugh/add-pnpm-support-plugin-e2e
+    uses: privilegedescalation/.github/.github/workflows/plugin-e2e.yaml@main
    with:
      node-version: '22'
      headlamp-version: v0.40.1
@@ -44,12 +44,8 @@ test.describe('Rook plugin smoke tests', () => {
    await page.goto('/c/main/rook-ceph');

    const sidebar = page.getByRole('navigation', { name: 'Navigation' });
-    const rookBtn = sidebar.getByRole('button', { name: /rook/i });
-    await rookBtn.click();
-    await page.waitForLoadState('networkidle');
-
-    const storageClassesLink = sidebar.getByRole('button', { name: /storage classes/i });
-    await expect(storageClassesLink).toBeVisible({ timeout: 15_000 });
+    const storageClassesLink = sidebar.getByRole('link', { name: /storage classes/i });
+    await expect(storageClassesLink).toBeVisible({ timeout: 10_000 });
    await storageClassesLink.click();

    await page.waitForLoadState('networkidle');