- Print cache contents and Playwright CLI version for diagnostics
- Search for expected browser executables and force reinstall with --force if absent
- Add headless-launch verification via Node to fail fast with clear logs
- Add step to delete ~/.cache/ms-playwright before installing browsers
- Guarantees correct browser version for each run
- Prevents mismatched or missing browser binaries (chromium_headless_shell-1208, etc.)
- Should resolve browser not found errors for all browsers
- Removed restore-keys fallback from Playwright cache
- Only exact cache matches (same package-lock.json hash) are used
- This prevents restoring incompatible browser versions when Playwright updates
- Added cache-hit check to skip install when cache is valid
- Firefox and WebKit were failing because old cache was restored but browsers were incompatible
Job names now show: 'E2E chromium (Shard 1/4)' instead of 'E2E Tests (Shard 1/4)'
Makes it easier to identify which browser/shard is passing or failing
- Artifact names now include browser: playwright-report-{browser}-shard-{N}
- Docker logs include browser: docker-logs-{browser}-shard-{N}
- Install step always runs (idempotent) to ensure version match
- Fixed artifact name conflicts when 3 browsers share same shard number
- Updated summary and PR comment to reflect new naming
- Introduced a new wrapper function for query client to facilitate testing.
- Added comprehensive tests for upload, commit, and cancel operations.
- Improved error handling in tests to capture and assert error states.
- Enhanced session management and state reset functionality in tests.
- Implemented polling behavior tests for import status and preview queries.
- Ensured that upload previews are prioritized over status query previews.
- Validated cache invalidation and state management after commit and cancel actions.
The "Save Docker Image as Artifact" and "Upload Image Artifact" steps
were running even when skip_build=true, causing CI failures on Renovate
dependency update PRs.
Add skip_build check to artifact saving step condition
Add skip_build check to artifact upload step condition
Aligns artifact steps with existing build skip logic
Adds automated workflow that creates a PR from nightly → main every
Monday at 9:00 AM UTC for scheduled release promotion.
Features:
Pre-flight health check verifies critical workflows are passing
Skips PR creation if nightly has no new commits
Detects existing PRs and adds comments instead of duplicates
Labels PRs with 'automated' and 'weekly-promotion'
Creates GitHub issue on failure for visibility
Manual trigger via workflow_dispatch with reason input
NO auto-merge - requires human review and approval
This gives early-week visibility into nightly changes and prevents
Friday surprises from untested code reaching main.
- Updated Docker Compose files to use digest-pinned images for CI contexts.
- Enhanced Dockerfile to pin Go tool installations and verify external downloads with SHA256 checksums.
- Added Renovate configuration for tracking Go tool versions and digest updates.
- Introduced a new design document outlining the architecture and data flow for dependency tracking.
- Created tasks and requirements documentation to ensure compliance with the new digest pinning policy.
- Updated security documentation to reflect the new digest pinning policy and exceptions.
Add missing emergency token environment variable to all E2E test workflows to
fix security teardown failures in CI. Without this token, the emergency reset
endpoint returns 501 "not configured", causing test teardown to fail and
leaving ACL enabled, which blocks 83 subsequent tests.
Changes:
Add CHARON_EMERGENCY_TOKEN to docker-build.yml test-image job
Add CHARON_EMERGENCY_TOKEN to e2e-tests.yml e2e-tests job
Add CHARON_EMERGENCY_TOKEN to playwright.yml playwright job
Verified:
Docker build strategy already optimal (build once, push to both GHCR + Docker Hub)
Testing strategy correct (test once by digest, validates both registries)
All workflows now have environment parity with local development setup
Requires GitHub repository secret:
Name: CHARON_EMERGENCY_TOKEN
Value: 64-char hex token (e.g., from openssl rand -hex 32)
Related:
Emergency endpoint rate limiting removal (proper fix)
Local emergency token configuration (.env, docker-compose.local.yml)
Security test suite teardown mechanism
Refs #550
