akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

fix: update CI workflows to enhance execution reliability and prevent security test leakage

Browse Source
This commit is contained in:
GitHub Actions
2026-02-09 06:09:45 +00:00
parent 5de0492a2b
commit 6caa82935e
5 changed files with 282 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
.github/workflows/e2e-tests-split.yml vendored
View File

@@ -316,6 +316,8 @@ jobs:
- name: Run Chromium Security Enforcement Tests
run: |
set -euo pipefail
STATUS=0
echo "════════════════════════════════════════════"
echo "Chromium Security Enforcement Tests"
echo "Cerberus: ENABLED"
@@ -329,7 +331,8 @@ jobs:
npx playwright test \
--project=chromium \
tests/security-enforcement/ \
tests/security/
tests/security/ \
tests/integration/multi-feature-workflows.spec.ts || STATUS=$?
SHARD_END=$(date +%s)
echo "SHARD_END=$SHARD_END" >> "$GITHUB_ENV"
@@ -337,6 +340,8 @@ jobs:
echo "════════════════════════════════════════════"
echo "Chromium Security Complete | Duration: ${SHARD_DURATION}s"
echo "════════════════════════════════════════════"
echo "PLAYWRIGHT_STATUS=$STATUS" >> "$GITHUB_ENV"
exit "$STATUS"
env:
PLAYWRIGHT_BASE_URL: http://127.0.0.1:8080
CI: true
@@ -500,6 +505,8 @@ jobs:
- name: Run Firefox Security Enforcement Tests
run: |
set -euo pipefail
STATUS=0
echo "════════════════════════════════════════════"
echo "Firefox Security Enforcement Tests"
echo "Cerberus: ENABLED"
@@ -513,7 +520,8 @@ jobs:
npx playwright test \
--project=firefox \
tests/security-enforcement/ \
tests/security/
tests/security/ \
tests/integration/multi-feature-workflows.spec.ts || STATUS=$?
SHARD_END=$(date +%s)
echo "SHARD_END=$SHARD_END" >> "$GITHUB_ENV"
@@ -521,6 +529,8 @@ jobs:
echo "════════════════════════════════════════════"
echo "Firefox Security Complete | Duration: ${SHARD_DURATION}s"
echo "════════════════════════════════════════════"
echo "PLAYWRIGHT_STATUS=$STATUS" >> "$GITHUB_ENV"
exit "$STATUS"
env:
PLAYWRIGHT_BASE_URL: http://127.0.0.1:8080
CI: true
@@ -684,6 +694,8 @@ jobs:
- name: Run WebKit Security Enforcement Tests
run: |
set -euo pipefail
STATUS=0
echo "════════════════════════════════════════════"
echo "WebKit Security Enforcement Tests"
echo "Cerberus: ENABLED"
@@ -697,7 +709,8 @@ jobs:
npx playwright test \
--project=webkit \
tests/security-enforcement/ \
tests/security/
tests/security/ \
tests/integration/multi-feature-workflows.spec.ts || STATUS=$?
SHARD_END=$(date +%s)
echo "SHARD_END=$SHARD_END" >> "$GITHUB_ENV"
@@ -705,6 +718,8 @@ jobs:
echo "════════════════════════════════════════════"
echo "WebKit Security Complete | Duration: ${SHARD_DURATION}s"
echo "════════════════════════════════════════════"
echo "PLAYWRIGHT_STATUS=$STATUS" >> "$GITHUB_ENV"
exit "$STATUS"
env:
PLAYWRIGHT_BASE_URL: http://127.0.0.1:8080
CI: true
@@ -855,6 +870,8 @@ jobs:
- name: Run Chromium Non-Security Tests (Shard ${{ matrix.shard }}/${{ matrix.total-shards }})
run: |
set -euo pipefail
STATUS=0
echo "════════════════════════════════════════════"
echo "Chromium Non-Security Tests - Shard ${{ matrix.shard }}/${{ matrix.total-shards }}"
echo "Cerberus: DISABLED"
@@ -868,6 +885,9 @@ jobs:
npx playwright test \
--project=chromium \
--shard=${{ matrix.shard }}/${{ matrix.total-shards }} \
--ignore tests/security-enforcement/ \
--ignore tests/security/ \
--ignore tests/integration/multi-feature-workflows.spec.ts \
tests/core \
tests/dns-provider-crud.spec.ts \
tests/dns-provider-types.spec.ts \
@@ -875,7 +895,7 @@ jobs:
tests/manual-dns-provider.spec.ts \
tests/monitoring \
tests/settings \
tests/tasks
tests/tasks || STATUS=$?
SHARD_END=$(date +%s)
echo "SHARD_END=$SHARD_END" >> "$GITHUB_ENV"
@@ -883,6 +903,8 @@ jobs:
echo "════════════════════════════════════════════"
echo "Chromium Shard ${{ matrix.shard }} Complete | Duration: ${SHARD_DURATION}s"
echo "════════════════════════════════════════════"
echo "PLAYWRIGHT_STATUS=$STATUS" >> "$GITHUB_ENV"
exit "$STATUS"
env:
PLAYWRIGHT_BASE_URL: http://127.0.0.1:8080
CI: true
@@ -1035,6 +1057,8 @@ jobs:
- name: Run Firefox Non-Security Tests (Shard ${{ matrix.shard }}/${{ matrix.total-shards }})
run: |
set -euo pipefail
STATUS=0
echo "════════════════════════════════════════════"
echo "Firefox Non-Security Tests - Shard ${{ matrix.shard }}/${{ matrix.total-shards }}"
echo "Cerberus: DISABLED"
@@ -1048,6 +1072,9 @@ jobs:
npx playwright test \
--project=firefox \
--shard=${{ matrix.shard }}/${{ matrix.total-shards }} \
--ignore tests/security-enforcement/ \
--ignore tests/security/ \
--ignore tests/integration/multi-feature-workflows.spec.ts \
tests/core \
tests/dns-provider-crud.spec.ts \
tests/dns-provider-types.spec.ts \
@@ -1055,7 +1082,7 @@ jobs:
tests/manual-dns-provider.spec.ts \
tests/monitoring \
tests/settings \
tests/tasks
tests/tasks || STATUS=$?
SHARD_END=$(date +%s)
echo "SHARD_END=$SHARD_END" >> "$GITHUB_ENV"
@@ -1063,6 +1090,8 @@ jobs:
echo "════════════════════════════════════════════"
echo "Firefox Shard ${{ matrix.shard }} Complete | Duration: ${SHARD_DURATION}s"
echo "════════════════════════════════════════════"
echo "PLAYWRIGHT_STATUS=$STATUS" >> "$GITHUB_ENV"
exit "$STATUS"
env:
PLAYWRIGHT_BASE_URL: http://127.0.0.1:8080
CI: true
@@ -1215,6 +1244,8 @@ jobs:
- name: Run WebKit Non-Security Tests (Shard ${{ matrix.shard }}/${{ matrix.total-shards }})
run: |
set -euo pipefail
STATUS=0
echo "════════════════════════════════════════════"
echo "WebKit Non-Security Tests - Shard ${{ matrix.shard }}/${{ matrix.total-shards }}"
echo "Cerberus: DISABLED"
@@ -1228,6 +1259,9 @@ jobs:
npx playwright test \
--project=webkit \
--shard=${{ matrix.shard }}/${{ matrix.total-shards }} \
--ignore tests/security-enforcement/ \
--ignore tests/security/ \
--ignore tests/integration/multi-feature-workflows.spec.ts \
tests/core \
tests/dns-provider-crud.spec.ts \
tests/dns-provider-types.spec.ts \
@@ -1235,7 +1269,7 @@ jobs:
tests/manual-dns-provider.spec.ts \
tests/monitoring \
tests/settings \
tests/tasks
tests/tasks || STATUS=$?
SHARD_END=$(date +%s)
echo "SHARD_END=$SHARD_END" >> "$GITHUB_ENV"
@@ -1243,6 +1277,8 @@ jobs:
echo "════════════════════════════════════════════"
echo "WebKit Shard ${{ matrix.shard }} Complete | Duration: ${SHARD_DURATION}s"
echo "════════════════════════════════════════════"
echo "PLAYWRIGHT_STATUS=$STATUS" >> "$GITHUB_ENV"
exit "$STATUS"
env:
PLAYWRIGHT_BASE_URL: http://127.0.0.1:8080
CI: true
@@ -1335,37 +1371,71 @@ jobs:
steps:
- name: Check test results
run: |
CHROMIUM_SEC="${{ needs.e2e-chromium-security.result }}"
FIREFOX_SEC="${{ needs.e2e-firefox-security.result }}"
WEBKIT_SEC="${{ needs.e2e-webkit-security.result }}"
CHROMIUM="${{ needs.e2e-chromium.result }}"
FIREFOX="${{ needs.e2e-firefox.result }}"
WEBKIT="${{ needs.e2e-webkit.result }}"
uses: actions/github-script@v7
env:
EFFECTIVE_BROWSER: ${{ inputs.browser || 'all' }}
EFFECTIVE_CATEGORY: ${{ inputs.test_category || 'all' }}
NEEDS_JSON: ${{ toJson(needs) }}
with:
script: |
const needs = JSON.parse(process.env.NEEDS_JSON || '{}');
const effectiveBrowser = process.env.EFFECTIVE_BROWSER || 'all';
const effectiveCategory = process.env.EFFECTIVE_CATEGORY || 'all';
echo "Security Enforcement Results:"
echo " Chromium Security: $CHROMIUM_SEC"
echo " Firefox Security: $FIREFOX_SEC"
echo " WebKit Security: $WEBKIT_SEC"
echo ""
echo "Non-Security Results:"
echo " Chromium: $CHROMIUM"
echo " Firefox: $FIREFOX"
echo " WebKit: $WEBKIT"
const shouldRunSecurity = effectiveCategory === 'security' || effectiveCategory === 'all';
const shouldRunNonSecurity = effectiveCategory === 'non-security' || effectiveCategory === 'all';
# Allow skipped jobs (workflow_dispatch with specific browser/category)
if [[ "$CHROMIUM_SEC" == "skipped" ]]; then CHROMIUM_SEC="success"; fi
if [[ "$FIREFOX_SEC" == "skipped" ]]; then FIREFOX_SEC="success"; fi
if [[ "$WEBKIT_SEC" == "skipped" ]]; then WEBKIT_SEC="success"; fi
if [[ "$CHROMIUM" == "skipped" ]]; then CHROMIUM="success"; fi
if [[ "$FIREFOX" == "skipped" ]]; then FIREFOX="success"; fi
if [[ "$WEBKIT" == "skipped" ]]; then WEBKIT="success"; fi
const shouldRun = {
chromiumSecurity: (effectiveBrowser === 'chromium' || effectiveBrowser === 'all') && shouldRunSecurity,
firefoxSecurity: (effectiveBrowser === 'firefox' || effectiveBrowser === 'all') && shouldRunSecurity,
webkitSecurity: (effectiveBrowser === 'webkit' || effectiveBrowser === 'all') && shouldRunSecurity,
chromium: (effectiveBrowser === 'chromium' || effectiveBrowser === 'all') && shouldRunNonSecurity,
firefox: (effectiveBrowser === 'firefox' || effectiveBrowser === 'all') && shouldRunNonSecurity,
webkit: (effectiveBrowser === 'webkit' || effectiveBrowser === 'all') && shouldRunNonSecurity,
};
if [[ "$CHROMIUM_SEC" == "success" && "$FIREFOX_SEC" == "success" && "$WEBKIT_SEC" == "success" && \
"$CHROMIUM" == "success" && "$FIREFOX" == "success" && "$WEBKIT" == "success" ]]; then
echo "✅ All browser tests passed or were skipped"
exit 0
else
echo "❌ One or more browser tests failed"
exit 1
fi
const results = {
chromiumSecurity: needs['e2e-chromium-security']?.result || 'skipped',
firefoxSecurity: needs['e2e-firefox-security']?.result || 'skipped',
webkitSecurity: needs['e2e-webkit-security']?.result || 'skipped',
chromium: needs['e2e-chromium']?.result || 'skipped',
firefox: needs['e2e-firefox']?.result || 'skipped',
webkit: needs['e2e-webkit']?.result || 'skipped',
};
core.info('Security Enforcement Results:');
core.info(` Chromium Security: ${results.chromiumSecurity}`);
core.info(` Firefox Security: ${results.firefoxSecurity}`);
core.info(` WebKit Security: ${results.webkitSecurity}`);
core.info('');
core.info('Non-Security Results:');
core.info(` Chromium: ${results.chromium}`);
core.info(` Firefox: ${results.firefox}`);
core.info(` WebKit: ${results.webkit}`);
const failures = [];
const invalidResults = new Set(['skipped', 'failure', 'cancelled']);
const labels = {
chromiumSecurity: 'Chromium Security',
firefoxSecurity: 'Firefox Security',
webkitSecurity: 'WebKit Security',
chromium: 'Chromium',
firefox: 'Firefox',
webkit: 'WebKit',
};
for (const [key, shouldRunJob] of Object.entries(shouldRun)) {
const result = results[key];
if (shouldRunJob && invalidResults.has(result)) {
failures.push(`${labels[key]} expected to run but result was ${result}`);
}
}
if (failures.length > 0) {
core.error('One or more expected browser jobs did not succeed:');
failures.forEach((failure) => core.error(`- ${failure}`));
core.setFailed('Expected E2E jobs did not complete successfully.');
} else {
core.info('All expected browser tests succeeded');
}