Skip to content

test: e2e playwright implementation#1389

Open
mikehardy wants to merge 9 commits into
mainfrom
test/e2e-playwright-design
Open

test: e2e playwright implementation#1389
mikehardy wants to merge 9 commits into
mainfrom
test/e2e-playwright-design

Conversation

@mikehardy

@mikehardy mikehardy commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Implements Playwright e2e smoke tests for every monorepo example (five UI examples + custom-auth-server HTTP smoke), runnable locally via pnpm test:e2e and in CI.

Start with developer-docs/decisions.md — the AD log is the most important part of this PR to review. In particular, please scrutinize the Angular dependency-management changes that unblock the angular-example smoke (they have the largest non-e2e impact):

  • @firebase-oss/ui-angular provideFirebaseUI factory now receives FirebaseApps via DI deps instead of calling inject() inside the factory (packages/angular/src/lib/provider.ts)
  • angular-example marks @firebase-oss/ui-angular as a pnpm injected workspace dependency so Angular resolves peers correctly at build/serve time (examples/angular/package.json)
  • Root pnpm-workspace.yaml blocks @angular/fire's optional firebase-tools peer from entering the lockfile (e2e uses npx; CI uses global install) — see AD-4 emulator tooling notes and the work-queue Phase 2b rationale in playwright-e2e-smoke.md

Also worth a pass: AD-3 (MVP scope), AD-4 (serial runner + shared emulator), AD-6 (custom-auth-server on :4001), AD-7 (separate e2e workflow + broad triggers), AD-8 (production-artifact e2e deferred).

What's included

Documentation (developer-docs/ OKF bundle)

  • Policy, index, architecture (examples inventory, testing strategy), playbooks, decisions (AD-1–AD-8)
  • Playwright work queue with phase/gate tracker through Phase 4 complete
  • AGENTS.md entry point; links from CONTRIBUTING.md and LOCAL_DEVELOPMENT.md

E2E framework (e2e/, scripts/e2e-run.mjs)

  • Playwright workspace package; @playwright/test pinned via pnpm catalog
  • Serial runner (pnpm test:e2e) and per-example debug scripts (pnpm test:e2e:<example>)
  • globalSetup / globalTeardown: build:packages, auth-only emulator config, shared Auth emulator on :9099
  • Parameterized UI smoke (S1–S3): form render, empty-submit validation, forgot-password screen UI
  • custom-auth-server HTTP boot smoke on :4001
  • One Tap blocked via page.route; interim V8 coverage artifacts (best-effort, not a gate)

Example / package fixes

  • Angular: injected workspace dep + provider factory fix (see above)
  • Next.js examples: forgot-password handler wired for S3
  • Removed stray examples/nextjs-ssr/package-lock.json

CI

  • New .github/workflows/e2e.yaml — Chromium, Playwright browser cache, artifact upload
  • test.yaml / lint.yaml: pnpm 10.34.4, pinned action SHAs, contents: read permissions (zizmor)

Deferred (documented, not in this PR)

  • Production-artifact e2e (AD-8)
  • Auth-behavior E2E env flags (AD-5) — no flakiness observed
  • Phase 6 dependency hardening / Istanbul line coverage (work queue)

Test plan

  • pnpm test:e2e green locally
  • CI: Test, Lint, E2E, zizmor all green on latest push
  • Review decisions.md — especially Angular dependency changes
  • Review playwright-e2e-smoke.md orchestration model
  • Spot-check smoke assertions match intended MVP scope (AD-3)

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a comprehensive developer documentation bundle under the developer-docs/ directory, adhering to the Open Knowledge Format (OKF) v0.1. It includes a documentation policy, architectural decisions (AD-1 to AD-5), an examples inventory, a testing strategy, a playbook for dependency updates, and a work queue for Playwright e2e smoke tests. It also updates root files like .gitignore, AGENTS.md, CONTRIBUTING.md, and LOCAL_DEVELOPMENT.md to reference this new bundle. The review feedback correctly identifies that multiple internal markdown links use absolute paths starting with / (e.g., /decisions.md), which will break when rendered on GitHub or in local markdown viewers. These should be updated to use relative paths as suggested.

Comment thread developer-docs/index.md Outdated
Comment thread developer-docs/architecture/examples-inventory.md Outdated
Comment thread developer-docs/architecture/examples-inventory.md Outdated
Comment thread developer-docs/architecture/testing-strategy.md Outdated
Comment thread developer-docs/decisions.md Outdated
Comment thread developer-docs/decisions.md Outdated
Comment thread developer-docs/documentation-policy.md Outdated
Comment thread developer-docs/playbooks/dependency-update-verification.md Outdated
Comment thread developer-docs/work-queues/index.md Outdated
Comment thread developer-docs/work-queues/playwright-e2e-smoke.md Outdated
@mikehardy mikehardy force-pushed the test/e2e-playwright-design branch from 5c80e84 to 54d2d62 Compare July 1, 2026 16:45
@mikehardy mikehardy force-pushed the test/e2e-playwright-design branch from 54d2d62 to 266423f Compare July 3, 2026 02:37
Comment thread .github/workflows/e2e.yaml Fixed
@wiz-9635d3485b

wiz-9635d3485b Bot commented Jul 3, 2026

Copy link
Copy Markdown

Wiz Scan Summary

Scanner Findings
Vulnerability Finding Vulnerabilities -
Data Finding Sensitive Data -
Secret Finding Secrets -
IaC Misconfiguration IaC Misconfigurations -
SAST Finding SAST Findings -
Software Management Finding Software Management Findings -
Total -

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

@mikehardy mikehardy force-pushed the test/e2e-playwright-design branch from 409e138 to 046d91d Compare July 3, 2026 04:14
@mikehardy mikehardy force-pushed the test/e2e-playwright-design branch from 046d91d to 04530b9 Compare July 3, 2026 04:18
@mikehardy

This comment was marked as outdated.

@mikehardy mikehardy force-pushed the test/e2e-playwright-design branch from 0b55d65 to 93911c1 Compare July 3, 2026 12:57
mikehardy added 4 commits July 3, 2026 11:57
Wire non-browser boot smoke for the Express example (AD-6): ui|http
example kind, serial runner entry, and spec-managed lifecycle on :4001.
Update testing-strategy and AD-6 as durable owners; defer Phase 5 auth
flags (no flakiness observed).
Comment thread e2e/tests/sign-in-handlers.spec.ts Fixed
CI (e2e.yaml): path filters for scripts/** and firebase.json; frozen lockfile;
pnpm/action-setup before setup-node so store cache restores; Playwright browser
cache without restore-keys; Auth emulator started by Playwright globalSetup;
HTML/JSON/coverage artifacts uploaded every run.

E2E runtime: webServer timeouts 240s (angular) and 180s (nextjs); global
expect.timeout 30s; serial emulator via E2E_KEEP_EMULATOR and runner postflight;
e2e package test runs full serial runner; S3 asserts per-example forgot-password
route; custom-auth-server spawn node build/index.js directly (see package.json
start) to avoid pnpm SIGTERM noise on teardown.

Emulator config: e2e/firebase.emulator.json is auth-only — no global
webframeworks experiment mutation during pnpm test:e2e.

Coverage: V8 precise coverage summary uses weightedExecUnits (byte-range × count);
shared reset in e2e/fixtures/coverage-artifacts.mjs; raw.jsonl compresses well
in upload-artifact zip.

Toolchain: firebase-tools version parsed from test.yaml at e2e globalSetup;
root packageManager pnpm@10.34.4 (Phase 6 bump target).

Lockfile: exclude @angular/fire optional firebase-tools peer via pnpm-workspace
overrides; emulator tooling remains npx/global CLI; remove stray
examples/nextjs-ssr/package-lock.json.

Docs: LOCAL_DEVELOPMENT and dependency playbook document test:e2e; AD-4 top-level
webServer; AD-7 broad path triggers; examples-inventory owns ports/commands;
testing-strategy reflects globalSetup emulator; documentation-policy root links
fixed; remove session log and redundant OKF index stubs per documentation-policy.

CI: correct upload-artifact SHA (v4.6.1); pin pnpm 10.34.4 in e2e/lint/test
workflows to match packageManager; e2e path triggers include test.yaml.

E2E: S3 asserts rendered forgot-password UI only (no URL check per AD-3);
globalSetup spawns firebase-tools via npx argv (shell: false); strict TS for
firebase-tools version parse; V8 weightedExecUnits skips unexecuted ranges.
@mikehardy mikehardy force-pushed the test/e2e-playwright-design branch from 74365f3 to 483d996 Compare July 3, 2026 19:39
@mikehardy mikehardy marked this pull request as ready for review July 3, 2026 20:04
deps: [FirebaseApps, [new Optional(), Auth]],
useFactory: () => {
const apps = inject(FirebaseApps);
useFactory: (apps: FirebaseApps) => {

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an important difference that needs a look. This seemed like the cleanest way to get the dependency injected in the API without fancy tricks. We're still in pre-release so the break between previous style should be okay?

- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wiz flags a file if it has problems and you touch it - I touched this (and tset.yaml) to pin the pnpm version, so I had to then pin all the SHAs for actions in order to satisfy wiz

@@ -0,0 +1,59 @@
---
type: Decision Log
title: Architecture decisions

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These can be changed at any time, but imply a refactor cycle (and possibly a semver major for API differences) if they are changed.

Recording architecture decisions that become fundamental assumptions in the code is best done overtly rather than by code implication though, hopefully this format works

timestamp: string;
};

export async function startV8Coverage(page: Page): Promise<CDPSession | null> {

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lcov is more useful but this PR is large enough, deferred for later.

@@ -0,0 +1,8 @@
{

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this allows for the experimental web feature support in the emulators to be turned on in an e2e / ci focused way by using a config here, instead of turning it on in a developer's host machine global config (which is a bit presumptious)


return (
<SignInAuthScreen
onForgotPasswordClick={() => {

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this was needed for parity with the other examples so we could generically route in all of them to fogot password during e2e smoke

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants