feat(e2e): consolidate E2E infra + add waitForSidebar (PRI-701) #66
@@ -0,0 +1,99 @@
|
|||||||
|
name: E2E Tests
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [main]
|
||||||
|
pull_request:
|
||||||
|
branches: [main]
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
|
concurrency:
|
||||||
|
group: e2e-${{ github.repository }}
|
||||||
|
cancel-in-progress: false
|
||||||
|
|
||||||
|
env:
|
||||||
|
E2E_NAMESPACE: headlamp-dev
|
||||||
|
E2E_RELEASE: headlamp-e2e
|
||||||
|
HEADLAMP_VERSION: v0.40.1
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
e2e:
|
||||||
|
runs-on: runners-privilegedescalation
|
||||||
|
timeout-minutes: 15
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
|
- name: Setup Node.js
|
||||||
|
uses: actions/setup-node@v6
|
||||||
|
with:
|
||||||
|
node-version: '22'
|
||||||
|
|
||||||
|
- name: Setup pnpm
|
||||||
|
uses: pnpm/action-setup@v4
|
||||||
|
with:
|
||||||
|
run_install: false
|
||||||
|
|
||||||
|
- name: Setup kubectl
|
||||||
|
uses: azure/setup-kubectl@v4
|
||||||
|
|
||||||
|
- name: Install dependencies
|
||||||
|
run: pnpm install --frozen-lockfile
|
||||||
|
|
||||||
|
- name: Build plugin
|
||||||
|
run: pnpm build
|
||||||
|
|
||||||
|
- name: Deploy E2E Headlamp instance
|
||||||
|
run: scripts/deploy-e2e-headlamp.sh
|
||||||
|
|
||||||
|
- name: Load E2E environment
|
||||||
|
run: |
|
||||||
|
if [ -f .env.e2e ]; then
|
||||||
|
cat .env.e2e >> "$GITHUB_ENV"
|
||||||
|
else
|
||||||
|
echo "::error::deploy-e2e-headlamp.sh did not produce .env.e2e"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Install Playwright browsers
|
||||||
|
run: pnpm exec playwright install --with-deps chromium
|
||||||
|
|
||||||
|
- name: Run E2E tests
|
||||||
|
run: pnpm run e2e
|
||||||
|
env:
|
||||||
|
HEADLAMP_URL: ${{ env.HEADLAMP_URL }}
|
||||||
|
HEADLAMP_TOKEN: ${{ env.HEADLAMP_TOKEN }}
|
||||||
|
|
||||||
|
- name: Collect deployment diagnostics on failure
|
||||||
|
if: failure()
|
||||||
|
run: |
|
||||||
|
echo "=== Pod state ==="
|
||||||
|
kubectl get pods -n "$E2E_NAMESPACE" -l "app.kubernetes.io/instance=$E2E_RELEASE" 2>&1 || true
|
||||||
|
echo "=== Pod describe ==="
|
||||||
|
kubectl describe pods -n "$E2E_NAMESPACE" -l "app.kubernetes.io/instance=$E2E_RELEASE" 2>&1 || true
|
||||||
|
echo "=== Recent namespace events ==="
|
||||||
|
kubectl get events -n "$E2E_NAMESPACE" --sort-by='.lastTimestamp' 2>&1 | tail -20 || true
|
||||||
|
|
||||||
|
- name: Teardown E2E instance
|
||||||
|
if: always()
|
||||||
|
run: scripts/teardown-e2e-headlamp.sh
|
||||||
|
|
||||||
|
- name: Upload Playwright report
|
||||||
|
uses: actions/upload-artifact@v7
|
||||||
|
if: failure()
|
||||||
|
with:
|
||||||
|
name: playwright-report
|
||||||
|
path: playwright-report/
|
||||||
|
retention-days: 7
|
||||||
|
|
||||||
|
- name: Upload test results
|
||||||
|
uses: actions/upload-artifact@v7
|
||||||
|
if: failure()
|
||||||
|
with:
|
||||||
|
name: test-results
|
||||||
|
path: test-results/
|
||||||
|
retention-days: 7
|
||||||
@@ -0,0 +1,35 @@
|
|||||||
|
---
|
||||||
|
# RBAC for the GitHub Actions CI runner to manage the E2E Headlamp instance.
|
||||||
|
# CI-only test fixture — NOT for production use.
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: e2e-ci-runner
|
||||||
|
namespace: headlamp-dev
|
||||||
|
rules:
|
||||||
|
- apiGroups: ["apps"]
|
||||||
|
resources: ["deployments"]
|
||||||
|
verbs: ["get", "list", "create", "update", "patch", "delete", "watch"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["services", "serviceaccounts", "configmaps", "secrets", "events"]
|
||||||
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["pods"]
|
||||||
|
verbs: ["get", "list", "watch"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["serviceaccounts/token"]
|
||||||
|
verbs: ["create"]
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: e2e-ci-runner-binding
|
||||||
|
namespace: headlamp-dev
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: runners-privilegedescalation-gha-rs-no-permission
|
||||||
|
namespace: arc-runners
|
||||||
|
roleRef:
|
||||||
|
kind: Role
|
||||||
|
name: e2e-ci-runner
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
+26
-15
@@ -1,34 +1,40 @@
|
|||||||
import { test, expect } from '@playwright/test';
|
import { test, expect } from '@playwright/test';
|
||||||
|
|
||||||
|
async function waitForSidebar(page: import('@playwright/test').Page) {
|
||||||
|
const sidebar = page.getByRole('navigation', { name: 'Navigation' });
|
||||||
|
await expect(sidebar).toBeVisible({ timeout: 15_000 });
|
||||||
|
await page.waitForLoadState('networkidle');
|
||||||
|
return sidebar;
|
||||||
|
}
|
||||||
|
|
||||||
test.describe('Sealed Secrets plugin smoke tests', () => {
|
test.describe('Sealed Secrets plugin smoke tests', () => {
|
||||||
test('sidebar contains sealed-secrets entry', async ({ page }) => {
|
test('sidebar contains sealed-secrets entry', async ({ page }) => {
|
||||||
await page.goto('/');
|
await page.goto('/');
|
||||||
const sidebar = page.getByRole('navigation', { name: 'Navigation' });
|
const sidebar = await waitForSidebar(page);
|
||||||
await expect(sidebar).toBeVisible({ timeout: 15_000 });
|
|
||||||
await expect(sidebar.getByRole('button', { name: /sealed.secrets/i })).toBeVisible();
|
await expect(sidebar.getByRole('button', { name: /sealed.secrets/i })).toBeVisible();
|
||||||
});
|
});
|
||||||
|
|
||||||
test('sidebar sealed-secrets entry is clickable and navigates to list view', async ({ page }) => {
|
test('sidebar sealed-secrets entry is clickable and navigates to list view', async ({ page }) => {
|
||||||
await page.goto('/');
|
await page.goto('/');
|
||||||
const sidebar = page.getByRole('navigation', { name: 'Navigation' });
|
const sidebar = await waitForSidebar(page);
|
||||||
await expect(sidebar).toBeVisible({ timeout: 15_000 });
|
|
||||||
|
|
||||||
const sealedSecretsEntry = sidebar.getByRole('button', { name: /sealed.secrets/i });
|
const sealedSecretsEntry = sidebar.getByRole('button', { name: /sealed.secrets/i });
|
||||||
await expect(sealedSecretsEntry).toBeVisible();
|
await expect(sealedSecretsEntry).toBeVisible();
|
||||||
await sealedSecretsEntry.click();
|
await sealedSecretsEntry.click();
|
||||||
|
|
||||||
|
await page.waitForLoadState('networkidle');
|
||||||
await expect(page).toHaveURL(/\/sealedsecrets/);
|
await expect(page).toHaveURL(/\/sealedsecrets/);
|
||||||
await expect(page.getByRole('heading', { name: /sealed.secrets/i })).toBeVisible();
|
await expect(page.getByRole('heading', { name: /sealed.secrets/i })).toBeVisible();
|
||||||
});
|
});
|
||||||
|
|
||||||
test('sealed secrets list page renders table or empty state', async ({ page }) => {
|
test('sealed secrets list page renders table or empty state', async ({ page }) => {
|
||||||
await page.goto('/c/main/sealedsecrets');
|
await page.goto('/c/main/sealedsecrets');
|
||||||
|
await waitForSidebar(page);
|
||||||
|
|
||||||
await expect(page.getByRole('heading', { name: /sealed.secrets/i })).toBeVisible({
|
await expect(page.getByRole('heading', { name: /sealed.secrets/i })).toBeVisible({
|
||||||
timeout: 15_000,
|
timeout: 15_000,
|
||||||
});
|
});
|
||||||
|
|
||||||
// Either a populated table or an empty-state indicator must be visible
|
|
||||||
const hasTable = await page.locator('table').first().isVisible().catch(() => false);
|
const hasTable = await page.locator('table').first().isVisible().catch(() => false);
|
||||||
const hasEmptyState = await page
|
const hasEmptyState = await page
|
||||||
.locator('text=/no.*sealed|no.*secret|0 item|empty/i')
|
.locator('text=/no.*sealed|no.*secret|0 item|empty/i')
|
||||||
@@ -40,6 +46,7 @@ test.describe('Sealed Secrets plugin smoke tests', () => {
|
|||||||
|
|
||||||
test('sealing keys page renders table or empty state', async ({ page }) => {
|
test('sealing keys page renders table or empty state', async ({ page }) => {
|
||||||
await page.goto('/c/main/sealedsecrets/keys');
|
await page.goto('/c/main/sealedsecrets/keys');
|
||||||
|
await waitForSidebar(page);
|
||||||
|
|
||||||
await expect(page.getByRole('heading', { name: /sealing.key/i })).toBeVisible({
|
await expect(page.getByRole('heading', { name: /sealing.key/i })).toBeVisible({
|
||||||
timeout: 15_000,
|
timeout: 15_000,
|
||||||
@@ -56,33 +63,37 @@ test.describe('Sealed Secrets plugin smoke tests', () => {
|
|||||||
|
|
||||||
test('navigation between sealed-secrets views works', async ({ page }) => {
|
test('navigation between sealed-secrets views works', async ({ page }) => {
|
||||||
await page.goto('/c/main/sealedsecrets');
|
await page.goto('/c/main/sealedsecrets');
|
||||||
await expect(page.getByRole('heading', { name: /sealed.secrets/i })).toBeVisible({
|
const sidebar = await waitForSidebar(page);
|
||||||
timeout: 15_000,
|
|
||||||
});
|
const sealedBtn = sidebar.getByRole('button', { name: /sealed.secrets/i }).first();
|
||||||
|
await sealedBtn.click();
|
||||||
|
await page.waitForLoadState('networkidle');
|
||||||
|
|
||||||
|
await expect(page.getByRole('heading', { name: /sealed.secrets/i }).first()).toBeVisible({ timeout: 15_000 });
|
||||||
|
|
||||||
// Navigate to Sealing Keys via sidebar
|
|
||||||
const sidebar = page.getByRole('navigation', { name: 'Navigation' });
|
|
||||||
const keysLink = sidebar.getByRole('link', { name: /sealing.key/i });
|
const keysLink = sidebar.getByRole('link', { name: /sealing.key/i });
|
||||||
await expect(keysLink).toBeVisible();
|
await expect(keysLink).toBeVisible();
|
||||||
await keysLink.click();
|
await keysLink.click();
|
||||||
|
|
||||||
|
await page.waitForLoadState('networkidle');
|
||||||
await expect(page).toHaveURL(/\/sealedsecrets\/keys$/);
|
await expect(page).toHaveURL(/\/sealedsecrets\/keys$/);
|
||||||
await expect(page.getByRole('heading', { name: /sealing.key/i })).toBeVisible();
|
await expect(page.getByRole('heading', { name: /sealing.key/i }).first()).toBeVisible();
|
||||||
|
|
||||||
// Navigate back to All Sealed Secrets
|
|
||||||
const allSecretsLink = sidebar.getByRole('link', { name: /all sealed secrets/i });
|
const allSecretsLink = sidebar.getByRole('link', { name: /all sealed secrets/i });
|
||||||
await expect(allSecretsLink).toBeVisible();
|
await expect(allSecretsLink).toBeVisible();
|
||||||
await allSecretsLink.click();
|
await allSecretsLink.click();
|
||||||
|
|
||||||
|
await page.waitForLoadState('networkidle');
|
||||||
await expect(page).toHaveURL(/\/sealedsecrets(?!\/keys)/);
|
await expect(page).toHaveURL(/\/sealedsecrets(?!\/keys)/);
|
||||||
await expect(page.getByRole('heading', { name: /sealed.secrets/i })).toBeVisible();
|
await expect(page.getByRole('heading', { name: /sealed.secrets/i }).first()).toBeVisible();
|
||||||
});
|
});
|
||||||
|
|
||||||
test('plugin settings page shows sealed-secrets plugin entry', async ({ page }) => {
|
test('plugin settings page shows sealed-secrets plugin entry', async ({ page }) => {
|
||||||
await page.goto('/settings/plugins');
|
await page.goto('/settings/plugins');
|
||||||
|
await page.waitForLoadState('networkidle');
|
||||||
|
await page.waitForSelector('table', { timeout: 10_000 }).catch(() => {});
|
||||||
|
|
||||||
// Wait for plugin list to load — plugin scripts load asynchronously
|
const pluginEntry = page.locator('text=/sealed.secrets/i').first();
|
||||||
const pluginEntry = page.locator('text=sealed-secrets').first();
|
|
||||||
await expect(pluginEntry).toBeVisible({ timeout: 30_000 });
|
await expect(pluginEntry).toBeVisible({ timeout: 30_000 });
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -5,7 +5,7 @@
|
|||||||
# a ConfigMap volume mount. No custom Docker images — the plugin is built
|
# a ConfigMap volume mount. No custom Docker images — the plugin is built
|
||||||
# in CI and injected as a ConfigMap.
|
# in CI and injected as a ConfigMap.
|
||||||
#
|
#
|
||||||
# E2E resources are deployed to the `privilegedescalation-dev` namespace. Nothing
|
# E2E resources are deployed to the `headlamp-dev` namespace. Nothing
|
||||||
# persists beyond the test run — teardown cleans up all created resources.
|
# persists beyond the test run — teardown cleans up all created resources.
|
||||||
#
|
#
|
||||||
# Prerequisites:
|
# Prerequisites:
|
||||||
@@ -14,7 +14,7 @@
|
|||||||
# - RBAC applied: kubectl apply -f deployment/e2e-ci-runner-rbac.yaml
|
# - RBAC applied: kubectl apply -f deployment/e2e-ci-runner-rbac.yaml
|
||||||
#
|
#
|
||||||
# Environment:
|
# Environment:
|
||||||
# E2E_NAMESPACE — namespace for E2E Headlamp (default: privilegedescalation-dev)
|
# E2E_NAMESPACE — namespace for E2E Headlamp (default: headlamp-dev)
|
||||||
# E2E_RELEASE — release/resource name prefix (default: headlamp-e2e)
|
# E2E_RELEASE — release/resource name prefix (default: headlamp-e2e)
|
||||||
# HEADLAMP_VERSION — Headlamp image tag (default: latest)
|
# HEADLAMP_VERSION — Headlamp image tag (default: latest)
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
@@ -22,7 +22,7 @@ set -euo pipefail
|
|||||||
REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
|
REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
|
||||||
DIST_DIR="$REPO_ROOT/dist"
|
DIST_DIR="$REPO_ROOT/dist"
|
||||||
|
|
||||||
E2E_NAMESPACE="${E2E_NAMESPACE:-privilegedescalation-dev}"
|
E2E_NAMESPACE="${E2E_NAMESPACE:-headlamp-dev}"
|
||||||
E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e}"
|
E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e}"
|
||||||
HEADLAMP_VERSION="${HEADLAMP_VERSION:-latest}"
|
HEADLAMP_VERSION="${HEADLAMP_VERSION:-latest}"
|
||||||
|
|
||||||
|
|||||||
@@ -4,13 +4,13 @@
|
|||||||
# Tears down the dedicated E2E Headlamp instance deployed by deploy-e2e-headlamp.sh.
|
# Tears down the dedicated E2E Headlamp instance deployed by deploy-e2e-headlamp.sh.
|
||||||
#
|
#
|
||||||
# Environment:
|
# Environment:
|
||||||
# E2E_NAMESPACE — namespace to clean up (default: privilegedescalation-dev)
|
# E2E_NAMESPACE — namespace to clean up (default: headlamp-dev)
|
||||||
# E2E_RELEASE — release/resource name prefix (default: headlamp-e2e)
|
# E2E_RELEASE — release/resource name prefix (default: headlamp-e2e)
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
|
REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
|
||||||
|
|
||||||
E2E_NAMESPACE="${E2E_NAMESPACE:-privilegedescalation-dev}"
|
E2E_NAMESPACE="${E2E_NAMESPACE:-headlamp-dev}"
|
||||||
E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e}"
|
E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e}"
|
||||||
|
|
||||||
echo "=== E2E Headlamp Teardown ==="
|
echo "=== E2E Headlamp Teardown ==="
|
||||||
|
|||||||
Reference in New Issue
Block a user