Skip to content

Let's include E2E tests for the website #900

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Let's include E2E tests for the website #900

wants to merge 6 commits into from

Conversation

@UlisesGascon
Copy link
Member

@UlisesGascon UlisesGascon commented Nov 15, 2025
edited
Loading

Motivation

We currently don’t have a reliable way to test UI changes on the website beyond building and manually checking it. Manual testing is error-prone. This PR introduces new tests using E2E testing with headless browsers, which run the web app, query the DOM, click elements, and so on.

It’s also difficult to cover all pieces with traditional tests. After discussing with @KoolTheba, we decided to include visual regression tests (snapshot vs snapshot). This lets the testing framework detect UI changes with adjustable sensitivity.

Snapshot testing can vary significantly between machines, so we introduced Chromatic to run these tests consistently and provide a dashboard where we can review and approve or reject changes.

Main Changes

  • Added a pipeline that runs E2E tests using headless browsers and pushes UI differences to Chromatic.
  • Added simple tests supporting Playwright using different actions and resolutions.
  • Added network request mocks, useful for scenarios like viewer: show checks missing from API with a ? #799.

Assumptions

  • We are okay using a new third-party service (free tier) for visual regression tests in CI. Tests can also run locally without any third-party service by setting the ENABLE_SNAPSHOTS environment variable.
  • This is likely a first iteration of the approach; we can refine or simplify it later.
  • The dependencies are installed directly on the CI when running this pipeline or manually when you want to run this tests locally. So no changes where made on the yarn.lock or package.json files.

⚠️ Blockers

  • enable secrets: GitHub Actions seems unable to read secrets. The same settings work in CI but not in PR runs. We need to fix this before merging (cc: @spencerschrock).

Notes

Important

I made many changes while writing this. It would be very helpful if you run everything locally following the instructions to confirm the docs make sense and are easy to follow.

Screenshots

Local UI

All tests:

Screenshot from 2025-11-15 12-56-55 when running tests locally

One test suite in detail:

Screenshot from 2025-11-15 12-57-13

If you run snapshots:

Screenshot from 2025-11-15 12-48-24

When discrepancies appear:

Screenshot from 2025-11-15 12-39-14 Screenshot from 2025-11-15 12-58-39

Chromatic UI

Our dashboard:

image

@UlisesGascon
feat: add playwright configuration
ef3245e 
Signed-off-by: Ulises Gascon <[email protected]>

Main Changes:
- Git Ignore e2e temporary folders
- Add basic Playwright configuration compatible with local and CI environments
- Include auto-build and serve the application when the tests are running
@UlisesGascon
test: add mock data for HTTP requests made by the website
d693062 
Signed-off-by: Ulises Gascon <[email protected]>
@UlisesGascon
test: add e2e tests for home and viewer
39e9312 
Signed-off-by: Ulises Gascon <[email protected]>

Main Changes:
- Include E2E tests for Home page
- Include E2E tests for Viewer page
- Include support for mocking http requests
- Add test snapshot to prevent visual regressions
- Include DOM exceptions for videos on the testing environment
@UlisesGascon UlisesGascon self-assigned this Nov 15, 2025
@netlify
Copy link

netlify bot commented Nov 15, 2025
edited
Loading

Deploy Preview for ossf-scorecard ready!

Name Link
🔨 Latest commit f5736ce
🔍 Latest deploy log https://app.netlify.com/projects/ossf-scorecard/deploys/6918a116f4acdc0008c4fdde
😎 Deploy Preview https://deploy-preview-900--ossf-scorecard.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@UlisesGascon UlisesGascon force-pushed the e2e-tests branch 2 times, most recently from 4aa8b64 to b2a6b64 Compare November 15, 2025 12:44
@UlisesGascon UlisesGascon force-pushed the e2e-tests branch 18 times, most recently from 4cda181 to 3a3ee6b Compare November 15, 2025 15:44
@UlisesGascon UlisesGascon marked this pull request as ready for review November 15, 2025 16:21
@UlisesGascon UlisesGascon requested review from a team as code owners November 15, 2025 16:21
@spencerschrock
Copy link
Member

spencerschrock commented Nov 17, 2025

  • enable secrets: GitHub Actions seems unable to read secrets

That is a limitation of GitHub Actions (link):

With the exception of GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@justaugustus justaugustus Awaiting requested review from justaugustus

@spencerschrock spencerschrock Awaiting requested review from spencerschrock

@KoolTheba KoolTheba Awaiting requested review from KoolTheba

At least 1 approving review is required to merge this pull request.

Assignees

@UlisesGascon UlisesGascon

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@UlisesGascon @spencerschrock