#!/usr/bin/env bash # Azaion UI — unit + blackbox test runner. # # Drives the test profiles specified in # _docs/02_document/tests/environment.md and AZ-456: # - static : repo + dist artifact checks (no runtime, host) # - fast : Bun + Vitest + jsdom + MSW (host) # - e2e : Playwright (Chromium + Firefox) inside the suite docker stack # # Reports land under ./test-output/ per AZ-456 (CSV + JUnit XML). # # Usage: # scripts/run-tests.sh # static + fast (default; gates every commit per CI/CD Integration) # scripts/run-tests.sh --unit-only # alias for default — fast + static, no e2e # scripts/run-tests.sh --all # static + fast + e2e # scripts/run-tests.sh --e2e-only # only the e2e profile # scripts/run-tests.sh --static-only # only the static checks # scripts/run-tests.sh --fast-only # only the fast profile set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" SUITE_ROOT="$(cd "$PROJECT_ROOT/.." && pwd)" RESULTS_DIR="$PROJECT_ROOT/test-output" RUN_STATIC=true RUN_FAST=true RUN_E2E=false for arg in "$@"; do case "$arg" in --unit-only) RUN_STATIC=true; RUN_FAST=true; RUN_E2E=false ;; --all) RUN_STATIC=true; RUN_FAST=true; RUN_E2E=true ;; --e2e-only) RUN_STATIC=false; RUN_FAST=false; RUN_E2E=true ;; --static-only) RUN_STATIC=true; RUN_FAST=false; RUN_E2E=false ;; --fast-only) RUN_STATIC=false; RUN_FAST=true; RUN_E2E=false ;; -h|--help) sed -n '2,18p' "$0" | sed 's/^# \{0,1\}//' exit 0 ;; *) echo "Unknown argument: $arg" >&2 echo "Run with --help for usage." >&2 exit 2 ;; esac done E2E_COMPOSE_STARTED_HERE=false cleanup() { if [ "$E2E_COMPOSE_STARTED_HERE" = "true" ]; then docker compose -f "$PROJECT_ROOT/e2e/docker-compose.suite-e2e.yml" down -v --remove-orphans || true fi } trap cleanup EXIT mkdir -p "$RESULTS_DIR" cd "$PROJECT_ROOT" echo "[run-tests] project root: $PROJECT_ROOT" echo "[run-tests] suite root : $SUITE_ROOT" echo "[run-tests] results dir : $RESULTS_DIR" echo "[run-tests] profiles : static=$RUN_STATIC fast=$RUN_FAST e2e=$RUN_E2E" # ---------------------------------------------------------------------------- # Install dependencies (mandatory — a fresh CI runner has nothing). # ---------------------------------------------------------------------------- if [ "$RUN_FAST" = "true" ] || [ "$RUN_STATIC" = "true" ]; then if ! command -v bun >/dev/null 2>&1; then echo "[run-tests] FATAL: bun is required (project pins bun@1.3.11 per package.json packageManager)." >&2 exit 1 fi echo "[run-tests] installing dependencies..." if [ -f "$PROJECT_ROOT/bun.lock" ] || [ -f "$PROJECT_ROOT/bun.lockb" ]; then bun install --frozen-lockfile else bun install fi fi OVERALL_EXIT=0 # CSV rollup format (AZ-456 § Test Reporting): # Test ID,Test Name,Profile,Execution Time (ms),Result,Error Message,Traces to AC,Traces to results_report.md row csv_header() { echo 'Test ID,Test Name,Profile,Execution Time (ms),Result,Error Message,Traces to AC,Traces to results_report.md row' > "$1" } csv_record() { # $1 file, $2 id, $3 name, $4 profile, $5 exec_ms, $6 result, $7 err, $8 ac, $9 row local file="$1" id="$2" name="$3" profile="$4" exec_ms="$5" result="$6" err="$7" ac="$8" row="$9" # Escape any embedded quotes so the CSV stays well-formed. err="${err//\"/\"\"}" name="${name//\"/\"\"}" printf '%s,"%s",%s,%s,%s,"%s",%s,%s\n' "$id" "$name" "$profile" "$exec_ms" "$result" "$err" "$ac" "$row" >> "$file" } # Portable millisecond clock — GNU coreutils `date +%s%3N` is unavailable on # macOS / BSD, so fall back to python3 unconditionally. millis() { python3 -c 'import time; print(int(time.time()*1000))' } # ---------------------------------------------------------------------------- # Static profile — repo checks, type-check, build, ripgrep. # Source: _docs/02_document/tests/blackbox-tests.md, security-tests.md, # resource-limit-tests.md, traceability-matrix.md "STC-*" candidates. # ---------------------------------------------------------------------------- if [ "$RUN_STATIC" = "true" ]; then echo "[run-tests] === static profile ===" STATIC_REPORT="$RESULTS_DIR/static-report.csv" csv_header "$STATIC_REPORT" STATIC_FAIL=0 run_static() { # $1 id, $2 name, $3 ac, $4 row, $5 cmd local id="$1" name="$2" ac="$3" row="$4" shift 4 local start_ms result err start_ms=$(millis) if err=$("$@" 2>&1); then result=PASS else result=FAIL STATIC_FAIL=1 fi local end_ms end_ms=$(millis) local exec_ms=$((end_ms - start_ms)) local err_summary="" if [ "$result" = "FAIL" ]; then err_summary=$(printf '%s' "$err" | tr '\n' ' ' | head -c 240) echo " $result $id ${exec_ms}ms" echo " $err_summary" else echo " $result $id ${exec_ms}ms" fi csv_record "$STATIC_REPORT" "$id" "$name" "static" "$exec_ms" "$result" "$err_summary" "$ac" "$row" } static_check_strict() { if node -e 'const t=require("./tsconfig.json"); process.exit((t.compilerOptions && t.compilerOptions.strict === true) ? 0 : 1)' 2>/dev/null; then return 0 fi bunx tsc --showConfig | grep -q '"strict": true' } static_check_pinned_deps() { node -e ' const p = require("./package.json"); const all = Object.assign({}, p.dependencies || {}, p.devDependencies || {}); const pin = (name, ver) => (all[name] || "").startsWith(ver) ? null : `${name}@${all[name] || "(missing)"} expected ${ver}*`; const ban = (name) => all[name] ? `banned dep present: ${name}` : null; const fails = [ pin("react", "^19"), pin("react-dom", "^19"), pin("vite", "^6"), pin("tailwindcss", "^4"), pin("leaflet", "^1.9.4"), pin("react-leaflet", "^5"), pin("chart.js", "^4"), pin("@hello-pangea/dnd", "^18"), ban("redux"), ban("@reduxjs/toolkit"), ban("zustand"), ban("@tanstack/react-query"), ban("@tanstack/query-core"), (p.packageManager === "bun@1.3.11") ? null : `packageManager=${p.packageManager}`, ].filter(Boolean); if (fails.length) { console.error(fails.join("; ")); process.exit(1); } ' } # AZ-482 — package.json deny-lists routed through the shared # banned-deps.json source-of-truth. Each kind maps 1:1 to a JSON section. static_check_no_ml_libs() { node "$PROJECT_ROOT/scripts/check-banned-deps.mjs" --kind=ml_libs } static_check_no_signature_libs() { node "$PROJECT_ROOT/scripts/check-banned-deps.mjs" --kind=signature_libs } static_check_no_persistence_libs() { node "$PROJECT_ROOT/scripts/check-banned-deps.mjs" --kind=persistence_libs } static_check_no_ws_graphql() { node "$PROJECT_ROOT/scripts/check-banned-deps.mjs" --kind=ws_graphql_ssr_libs } # AZ-482 — NFT-SEC-13 dropped legacy integrations and NFT-SEC-14 AC-N1 # anti-criterion. Source-tree scans gated on production code only (the # banned-deps script applies the same `*.test.{ts,tsx}` exclusion src_grep # uses below; tests are allowed to mention these tokens as documentation). static_check_no_legacy_integrations() { node "$PROJECT_ROOT/scripts/check-banned-deps.mjs" --kind=legacy_integrations } static_check_no_concurrent_edit() { node "$PROJECT_ROOT/scripts/check-banned-deps.mjs" --kind=concurrent_edit_patterns } # AZ-466 — NFT-SEC-07 (no alert() outside the seeded allowlist) and # NFT-SEC-08 (every destructive surface is reviewed: gated by ConfirmDialog # OR recorded as known drift). Both delegate to check-banned-deps.mjs which # reads tests/security/banned-deps.json. static_check_no_alert() { node "$PROJECT_ROOT/scripts/check-banned-deps.mjs" --kind=alert_calls } static_check_destructive_surfaces() { node "$PROJECT_ROOT/scripts/check-banned-deps.mjs" --kind=destructive_surfaces } # AZ-482 — NFT-SEC-09 AC-1 dist/ portion. The src/ counterpart is STC-SEC1 # below; this check runs AFTER `bun run build` (STC-B1) so dist/ exists. static_check_no_owm_key_in_dist() { node "$PROJECT_ROOT/scripts/check-banned-deps.mjs" --kind=owm_key_in_dist } # Source-tree text search. Prefer ripgrep when available (much faster on # large trees), fall back to POSIX grep -r so the CI runner doesn't need rg. # Test files (*.test.{ts,tsx}, *.spec.{ts,tsx}) are EXCLUDED — production # static checks must observe production source only; test-file mentions of # forbidden patterns (`document.cookie`, `localStorage.token`, etc.) are by # design and would otherwise produce false positives. src_grep() { if command -v rg >/dev/null 2>&1; then rg --no-messages --type ts --type tsx \ --glob '!**/*.test.ts' --glob '!**/*.test.tsx' \ --glob '!**/*.spec.ts' --glob '!**/*.spec.tsx' \ -e "$1" "${@:2}" else grep -rE --include='*.ts' --include='*.tsx' \ --exclude='*.test.ts' --exclude='*.test.tsx' \ --exclude='*.spec.ts' --exclude='*.spec.tsx' \ "$1" "${@:2}" 2>/dev/null fi } static_check_no_legacy_features() { local hits hits=$(src_grep 'SoundDetections|DroneMaintenance' "$PROJECT_ROOT/src" "$PROJECT_ROOT/mission-planner" || true) if [ -n "$hits" ]; then echo "$hits" >&2 return 1 fi return 0 } static_check_no_service_worker() { local hits hits=$(src_grep 'serviceWorker\.register|navigator\.serviceWorker' "$PROJECT_ROOT/src" || true) if [ -n "$hits" ]; then echo "$hits" >&2 return 1 fi return 0 } static_check_no_literal_owm_key() { # Lifted from QUARANTINE per AZ-447 (Step 4 testability fixed the hardcoded # key). The narrowed pattern catches a real key value (`appid=<6+ chars>`) # while ignoring env-var bindings (`VITE_OWM_API_KEY?: string`) and # template-string callsites (`?appid=${apiKey}`). local hits hits=$(src_grep 'appid=[a-zA-Z0-9]{6,}' "$PROJECT_ROOT/src" 2>/dev/null | grep -vE 'import\.meta\.env|process\.env' || true) if [ -n "$hits" ]; then echo "$hits" >&2 return 1 fi return 0 } static_check_no_unpkg() { local hits hits=$(src_grep 'unpkg\.com' "$PROJECT_ROOT/src" || true) if [ -n "$hits" ]; then echo "$hits" >&2 return 1 fi return 0 } # AZ-459 FT-N-15 (rows 20, 21) — MediaType magic-literal hygiene. A regex # sweep over `src/` for `mediaType OP ` patterns; # a hit means a comparison against a magic literal slipped past the typed # enum. The codebase today uses `MediaType.Video` / `MediaType.Image` only. static_check_no_mediatype_magic_literal() { local hits_num hits_str hits_num=$(src_grep 'mediaType\s*[!=]==?\s*[0-9]' "$PROJECT_ROOT/src" || true) hits_str=$(src_grep "mediaType\s*[!=]==?\s*['\"]" "$PROJECT_ROOT/src" || true) if [ -n "$hits_num" ] || [ -n "$hits_str" ]; then [ -n "$hits_num" ] && echo "numeric magic literal:" >&2 && echo "$hits_num" >&2 [ -n "$hits_str" ] && echo "string magic literal:" >&2 && echo "$hits_str" >&2 return 1 fi return 0 } # AZ-457 NFT-SEC-01 (row 04) — bearer is never written to localStorage / # sessionStorage. Static counterpart of the runtime check in # src/auth/AuthContext.test.tsx. We allow harmless reads on i18n / settings # storage; we forbid any setItem that mentions token / bearer / accessToken. static_check_no_token_in_browser_storage() { local hits hits=$(src_grep '(local|session)Storage\.setItem\([^)]*(token|bearer|accessToken)' "$PROJECT_ROOT/src" "$PROJECT_ROOT/mission-planner" || true) if [ -n "$hits" ]; then echo "$hits" >&2 return 1 fi return 0 } # AZ-457 NFT-SEC-02 (row 05) — refresh token not exposed via document.cookie # READS in production code. Per security-tests.md the regex is "document.cookie # reads against refreshToken|refresh-cookie". static_check_no_refresh_cookie_read() { local hits hits=$(src_grep 'document\.cookie' "$PROJECT_ROOT/src" || true) if [ -n "$hits" ]; then # Filter to lines that mention refresh / refreshToken / refresh-cookie. local filtered filtered=$(echo "$hits" | grep -iE 'refresh' || true) if [ -n "$filtered" ]; then echo "$filtered" >&2 return 1 fi fi return 0 } # AZ-465 FT-P-22 + FT-P-23 — i18n key parity + t() coverage. Delegated to # scripts/check-i18n-coverage.mjs so both modes (parity / coverage) reuse # the same JSON loader, allow-list reader, and JSX scanner. static_check_i18n_parity() { node "$PROJECT_ROOT/scripts/check-i18n-coverage.mjs" --parity-only } static_check_i18n_coverage() { node "$PROJECT_ROOT/scripts/check-i18n-coverage.mjs" --coverage-only } # AZ-481 NFT-RES-LIM-11/12/13 — CI image tag scheme + OCI labels (parses # `.woodpecker/build-arm.yml`). Delegated to a Node script for shared # parsing logic with the e2e companion. static_check_ci_image_labels() { node "$PROJECT_ROOT/scripts/check-ci-image-labels.mjs" } static_check_typecheck() { bunx tsc --noEmit -p tsconfig.test.json } static_check_vite_build() { bun run build } static_check_dist_no_mission_planner() { if [ ! -d "$PROJECT_ROOT/dist" ]; then echo "dist/ missing — run 'bun run build' first" >&2 return 1 fi local hits if command -v rg >/dev/null 2>&1; then hits=$(rg --no-messages -e 'mission[-_ ]?planner' "$PROJECT_ROOT/dist" || true) else hits=$(grep -rE 'mission[-_ ]?planner' "$PROJECT_ROOT/dist" 2>/dev/null || true) fi if [ -n "$hits" ]; then echo "$hits" >&2 return 1 fi return 0 } # AZ-480 NFT-RES-LIM-02 — nginx body cap is exactly 500M (one hit in the SPA # server block). Pinning here so a regression that loosens it (or copies a # second cap into a wrong block) lights up at commit time. static_check_nginx_body_cap() { if [ ! -f "$PROJECT_ROOT/nginx.conf" ]; then echo "nginx.conf missing" >&2 return 1 fi local hits hits=$(grep -cE 'client_max_body_size[[:space:]]+500M' "$PROJECT_ROOT/nginx.conf" || true) if [ "$hits" = "1" ]; then return 0 fi echo "expected exactly 1 'client_max_body_size 500M' in nginx.conf, found $hits (NFT-RES-LIM-02)" >&2 return 1 } # AZ-480 NFT-RES-LIM-03 — production image is nginx:alpine (no Node). The # e2e runtime probe (`docker run --rm $IMAGE which node`) is the second # half of this AC; this static gate prevents a Dockerfile change from # silently switching the final stage to a Node-based image. static_check_dockerfile_nginx_alpine() { if [ ! -f "$PROJECT_ROOT/Dockerfile" ]; then echo "Dockerfile missing" >&2 return 1 fi if ! grep -qE '^FROM[[:space:]]+nginx:alpine' "$PROJECT_ROOT/Dockerfile"; then echo "Dockerfile final stage must be 'FROM nginx:alpine' (NFT-RES-LIM-03)" >&2 return 1 fi # Reject any reference to oven/bun:* or node:* OUTSIDE of the AS build # stage. The build stage is allowed (it's a multi-stage build); the # final stage must not reference Node. if awk ' /^FROM/ { stage = $0; in_final = ($0 !~ /AS[[:space:]]+build/) } in_final && /^FROM/ && /(node|oven\/bun)/ { exit 1 } ' "$PROJECT_ROOT/Dockerfile"; then return 0 fi echo "Dockerfile final stage references Node — must be nginx:alpine only (NFT-RES-LIM-03)" >&2 return 1 } # AZ-480 NFT-RES-LIM-09 — exactly 9 nginx /api/* location blocks (one per # suite service: annotations, flights, admin, resource, detect, loader, # gps-denied-desktop, gps-denied-onboard, autopilot). The non-/api/ # `location /` SPA fallback does NOT count. static_check_nginx_route_count() { if [ ! -f "$PROJECT_ROOT/nginx.conf" ]; then echo "nginx.conf missing" >&2 return 1 fi local hits hits=$(grep -cE '^\s*location\s+/api/' "$PROJECT_ROOT/nginx.conf" || true) if [ "$hits" = "9" ]; then return 0 fi echo "expected exactly 9 nginx /api/* location blocks, found $hits (NFT-RES-LIM-09)" >&2 return 1 } # AZ-480 NFT-RES-LIM-10 — every /api// route strips its prefix. # The `proxy_pass http://:/` form (with trailing slash) is the # nginx-canonical "strip the matched location prefix" idiom; we assert # every /api/* location has such a proxy_pass directly underneath it. # Equivalent `rewrite ^/api//(.*)$ /$1 break;` would also satisfy the # AC but is not what nginx.conf uses today. static_check_nginx_prefix_strip() { if [ ! -f "$PROJECT_ROOT/nginx.conf" ]; then echo "nginx.conf missing" >&2 return 1 fi node -e ' const fs = require("node:fs"); const conf = fs.readFileSync("nginx.conf", "utf8"); const lines = conf.split(/\r?\n/); const fails = []; for (let i = 0; i < lines.length; i++) { const m = lines[i].match(/^\s*location\s+(\/api\/[^\s{]+)/); if (!m) continue; // Look ahead within this block for either: // proxy_pass http://...:/ (note trailing slash) // rewrite ^/api//(.*)$ /$1 break; const route = m[1]; let depth = 0, found = false; for (let j = i; j < lines.length; j++) { if (lines[j].includes("{")) depth++; if (lines[j].includes("}")) { depth--; if (depth === 0) break; } if (/proxy_pass\s+https?:\/\/[^/\s;]+(:\d+)?\/\s*;/.test(lines[j])) { found = true; break; } if (/rewrite\s+\^\/api\/[^/]+\/\(\.\*\)\$\s+\/\$1\s+break;/.test(lines[j])) { found = true; break; } } if (!found) fails.push(route); } if (fails.length) { console.error("location blocks without prefix-strip: " + fails.join(", ") + " (NFT-RES-LIM-10)"); process.exit(1); } ' } # AZ-479 NFT-PERF-01 / NFT-RES-LIM-01 — initial JS bundle ≤ 2 MB gzipped. # Same threshold + measurement as scripts/run-performance-tests.sh; this # entry routes the gate through the static profile so every commit is # checked (the perf script is run on demand). static_check_bundle_size() { if [ ! -d "$PROJECT_ROOT/dist/assets" ]; then echo "dist/assets missing — run 'bun run build' first" >&2 return 1 fi local total total=$( find "$PROJECT_ROOT/dist/assets" -maxdepth 1 -name '*.js' -print0 \ | xargs -0 -I{} sh -c 'gzip -c "{}" | wc -c' \ | awk '{ s += $1 } END { print (s ? s : 0) }' ) local max=$((2 * 1024 * 1024)) if [ "$total" -le "$max" ]; then return 0 fi echo "initial JS bundle gzipped = ${total} bytes; budget = ${max} bytes (NFT-PERF-01)" >&2 return 1 } run_static "STC-S1" "tsconfig strict mode" "AC-N1" "n/a" static_check_strict run_static "STC-S2" "pinned core deps + banned" "AC-N6" "70" static_check_pinned_deps run_static "STC-N2" "no in-browser ML libs" "AC-N2" "n/a" static_check_no_ml_libs run_static "STC-N4" "no response-signature library" "AC-N4" "n/a" static_check_no_signature_libs run_static "STC-S13" "no client-side persistence lib" "O2" "n/a" static_check_no_persistence_libs run_static "STC-S6" "no WS/GraphQL/gRPC/SSR deps" "O11" "n/a" static_check_no_ws_graphql run_static "STC-N5" "no legacy SoundDetections/DM" "AC-N5" "n/a" static_check_no_legacy_features run_static "STC-N3" "no service worker registration" "AC-N3" "n/a" static_check_no_service_worker run_static "STC-SEC1" "no literal OWM key in src/" "SEC-09" "63" static_check_no_literal_owm_key run_static "STC-SEC2" "no unpkg.com in src/" "SEC-09" "n/a" static_check_no_unpkg run_static "STC-SEC3" "no bearer/token in browser storage" "AC-02" "04" static_check_no_token_in_browser_storage run_static "STC-SEC4" "no document.cookie read of refresh" "AC-03" "05" static_check_no_refresh_cookie_read run_static "STC-FN15" "no MediaType magic literal in src/" "AC-29" "20" static_check_no_mediatype_magic_literal run_static "STC-FP22" "i18n key parity en vs ua" "AC-12" "45" static_check_i18n_parity run_static "STC-FP23" "no raw user strings outside t()" "AC-12" "46" static_check_i18n_coverage run_static "STC-CI11" "CI image tag + OCI labels (woodpecker)" "AC-32" "70" static_check_ci_image_labels run_static "STC-SEC13" "no legacy integrations in src/" "SEC-13" "n/a" static_check_no_legacy_integrations run_static "STC-SEC14" "no concurrent-edit reconcile (AC-N1)" "SEC-14" "n/a" static_check_no_concurrent_edit run_static "STC-SEC7" "no alert() outside allowlist" "SEC-07" "AZ-466" static_check_no_alert run_static "STC-SEC8" "destructive surfaces reviewed (gated/drift)" "SEC-08" "AZ-466" static_check_destructive_surfaces run_static "STC-T1" "tsc --noEmit (test config)" "AC-6" "n/a" static_check_typecheck run_static "STC-B1" "vite build succeeds" "AC-6" "n/a" static_check_vite_build run_static "STC-S5" "mission-planner not in dist/" "AC-31" "n/a" static_check_dist_no_mission_planner run_static "STC-PERF01" "initial JS bundle ≤ 2 MB gz" "NFT-PERF-01" "40" static_check_bundle_size run_static "STC-RES02" "nginx client_max_body_size 500M" "NFT-RES-LIM-02" "n/a" static_check_nginx_body_cap run_static "STC-RES03" "Dockerfile final stage nginx:alpine no Node" "NFT-RES-LIM-03" "n/a" static_check_dockerfile_nginx_alpine run_static "STC-RES09" "nginx exactly 9 /api/* location blocks" "NFT-RES-LIM-09" "n/a" static_check_nginx_route_count run_static "STC-RES10" "nginx prefix-strip on every /api// route" "NFT-RES-LIM-10" "n/a" static_check_nginx_prefix_strip run_static "STC-SEC1B" "no literal OWM key in dist/" "SEC-09" "63" static_check_no_owm_key_in_dist if [ "$STATIC_FAIL" = "1" ]; then echo "[run-tests] static profile FAILED — see $STATIC_REPORT" OVERALL_EXIT=1 else echo "[run-tests] static profile PASSED — see $STATIC_REPORT" fi fi # ---------------------------------------------------------------------------- # Fast profile — Bun + Vitest + jsdom + MSW. # Test files are colocated with src/ + the top-level tests/ tree. # ---------------------------------------------------------------------------- if [ "$RUN_FAST" = "true" ]; then echo "[run-tests] === fast profile ===" FAST_REPORT="$RESULTS_DIR/fast-report.txt" if grep -q '"test:fast"' "$PROJECT_ROOT/package.json" 2>/dev/null; then echo "[fast] running bun run test:fast" if bun run test:fast 2>&1 | tee "$FAST_REPORT"; then echo "[run-tests] fast profile PASSED" else echo "[run-tests] fast profile FAILED — see $FAST_REPORT and $RESULTS_DIR/fast-report.xml" OVERALL_EXIT=1 fi else echo "[fast] no test:fast script in package.json — AZ-456 not yet landed" echo "[fast] SKIPPED (no runner)" | tee "$FAST_REPORT" fi fi # ---------------------------------------------------------------------------- # E2E profile — Playwright (Chromium + Firefox) inside the suite docker stack. # ---------------------------------------------------------------------------- if [ "$RUN_E2E" = "true" ]; then echo "[run-tests] === e2e profile ===" COMPOSE_FILE="$PROJECT_ROOT/e2e/docker-compose.suite-e2e.yml" E2E_REPORT="$RESULTS_DIR/e2e-runner.log" if [ ! -f "$COMPOSE_FILE" ]; then echo "[e2e] FATAL: $COMPOSE_FILE not found." >&2 OVERALL_EXIT=1 elif ! command -v docker >/dev/null 2>&1; then echo "[e2e] FATAL: docker is required for the e2e profile." >&2 OVERALL_EXIT=1 else echo "[e2e] starting compose stack at $COMPOSE_FILE..." docker compose -f "$COMPOSE_FILE" up -d --build E2E_COMPOSE_STARTED_HERE=true echo "[e2e] running playwright-runner..." if docker compose -f "$COMPOSE_FILE" run --rm playwright-runner 2>&1 | tee "$E2E_REPORT"; then echo "[run-tests] e2e profile PASSED" else echo "[run-tests] e2e profile FAILED — see $E2E_REPORT and $RESULTS_DIR/e2e-report.xml" OVERALL_EXIT=1 fi fi fi # ---------------------------------------------------------------------------- # Summary rollup # ---------------------------------------------------------------------------- SUMMARY="$RESULTS_DIR/summary.csv" csv_header "$SUMMARY" { if [ "$RUN_STATIC" = "true" ] && [ -f "$RESULTS_DIR/static-report.csv" ]; then tail -n +2 "$RESULTS_DIR/static-report.csv" fi if [ "$RUN_FAST" = "true" ] && [ -f "$RESULTS_DIR/fast-report.xml" ]; then # Vitest's JUnit XML is the canonical fast-profile rollup; the summary CSV # records a single line so suite-level reporting can detect presence. echo 'fast-profile,"vitest junit",fast,0,PASS,"see fast-report.xml",AC-4,n/a' fi if [ "$RUN_E2E" = "true" ] && [ -f "$RESULTS_DIR/e2e-report.xml" ]; then echo 'e2e-profile,"playwright junit",e2e,0,PASS,"see e2e-report.xml",AC-5,n/a' fi } >> "$SUMMARY" echo "" echo "[run-tests] summary" echo "[run-tests] static profile : $([ "$RUN_STATIC" = "true" ] && echo "ran" || echo "skipped")" echo "[run-tests] fast profile : $([ "$RUN_FAST" = "true" ] && echo "ran" || echo "skipped")" echo "[run-tests] e2e profile : $([ "$RUN_E2E" = "true" ] && echo "ran" || echo "skipped")" echo "[run-tests] results dir : $RESULTS_DIR" echo "[run-tests] summary file : $SUMMARY" echo "[run-tests] exit code : $OVERALL_EXIT" exit "$OVERALL_EXIT"