Skip to content

ci(ui): guard e2e fork secrets#11739

Closed
HugoPBrito wants to merge 1 commit into
masterfrom
ci/oci-regionless-platform-11565
Closed

ci(ui): guard e2e fork secrets#11739
HugoPBrito wants to merge 1 commit into
masterfrom
ci/oci-regionless-platform-11565

Conversation

@HugoPBrito

@HugoPBrito HugoPBrito commented Jun 30, 2026

Copy link
Copy Markdown
Member

Context

This PR is the first slice of the exact upstream split of #11565.

The original PR #11565 is the source of truth. The four chained PRs together must contain the same line-level changes as #11565, with no extra or missing changes.

Description

This slice adds the platform/CI guard for UI E2E tests so forked pull requests without repository secrets do not fail on unavailable secret-dependent steps.

Changed files:

File Change
.github/workflows/ui-e2e-tests-v2.yml Adds fork-secret guards for the UI E2E workflow.

Steps to review

  1. Review only .github/workflows/ui-e2e-tests-v2.yml.
  2. Confirm the workflow behavior matches the platform change from feat: support regionless OCI provider setup #11565.
  3. Confirm this PR is the first chained slice and the next PR builds on this branch.

Checklist

Community Checklist
  • This feature/issue is listed in here or roadmap.prowler.com
  • Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

SDK/CLI

  • Are there new checks included in this PR? No
    • If so, do we need to update permissions for the provider? Please review this carefully.

UI

  • All issue/task requirements work as expected on the UI
  • If this PR adds or updates npm dependencies, include package-health evidence (maintenance, popularity, known vulnerabilities, license, release age) and explain why existing/native alternatives are insufficient.
  • Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
  • Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
  • Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
  • Ensure new entries are added to CHANGELOG.md, if applicable.

API

  • All issue/task requirements work as expected on the API
  • Endpoint response output (if applicable)
  • EXPLAIN ANALYZE output for new/modified queries or indexes (if applicable)
  • Performance test results (if applicable)
  • Any other relevant evidence of the implementation (if applicable)
  • Verify if API specs need to be regenerated.
  • Check if version updates are required (e.g., specs, uv, etc.).
  • Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Chain Context

Field Value
Chain OCI regionless provider setup split from #11565
Tracker PR #11565
Position 1 of 4
Base master
Depends on None
Follow-up #11740
Review budget 16 / 400
Starts at master
Ends with Platform CI guard for UI E2E fork secrets

Chain Overview

master
 └── 📍 #11739 Platform CI guard
      └── #11740 SDK regionless OCI setup
           └── #11741 API regionless OCI credentials
                └── #11742 UI regionless OCI credentials

Scope

Autonomy

  • CI is expected to pass for this PR branch
  • This PR has one deliverable scope
  • This PR can be rolled back without unrelated changes
  • Tests, docs, or manual verification cover this unit

@HugoPBrito HugoPBrito requested a review from a team as a code owner June 30, 2026 14:12
@github-actions github-actions Bot added the github_actions Pull requests that update GitHub Actions code label Jun 30, 2026
@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

The UI E2E workflow adds PR_HEAD_REPOSITORY and BASE_REPOSITORY environment variables and inserts a precondition step that checks for required E2E secrets. Forked PRs with missing secrets skip E2E tests via exit 0 with a summary message; non-fork contexts fail with exit 1.

Changes

UI E2E Workflow Fork-Aware Secret Gate

Layer / File(s) Summary
Fork-aware secrets precondition gate
.github/workflows/ui-e2e-tests-v2.yml
Adds PR_HEAD_REPOSITORY/BASE_REPOSITORY env vars and a conditional secret check: forked PRs with missing secrets record a skip message and exit 0; internal PRs with missing secrets exit 1.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Suggested reviewers

  • cesararroba
🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning No description was provided, so the required Context, Description, Steps to review, and checklist sections are missing. Add the template sections with motivation, change summary, review steps, and checklist items, including any issue link and applicable notes.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main CI change: guarding UI E2E secrets for forked PRs.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci/oci-regionless-platform-11565

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions

Copy link
Copy Markdown
Contributor

Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

@github-actions

Copy link
Copy Markdown
Contributor

✅ All necessary CHANGELOG.md files have been updated.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ui-e2e-tests-v2.yml:
- Around line 239-256: Move the forked-PR secrets check out of the Run E2E tests
step in the ui-e2e-tests-v2 workflow so it short-circuits before the expensive
setup runs. Add an earlier guard around the e2e-tests job itself, or introduce a
lightweight precondition step/job that checks PR_HEAD_REPOSITORY against
BASE_REPOSITORY and the required E2E_* secrets before the API image build,
Docker startup, UI build, and Playwright install steps. Keep the existing
skip/summary behavior for forked PRs, but ensure the job never reaches the heavy
setup when the secrets are unavailable.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 18ac11fb-0b76-4885-a05e-12ac379bc7ac

📥 Commits

Reviewing files that changed from the base of the PR and between 34e8e3c and 76063d0.

📒 Files selected for processing (1)
  • .github/workflows/ui-e2e-tests-v2.yml

Comment on lines 239 to +256
- name: Run E2E tests
working-directory: ./ui
env:
PR_HEAD_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name }}
BASE_REPOSITORY: ${{ github.repository }}
run: |
if [[ -z "${E2E_ADMIN_USER}" || -z "${E2E_ADMIN_PASSWORD}" || -z "${E2E_NEW_USER_PASSWORD}" ]]; then
if [[ "${PR_HEAD_REPOSITORY}" != "${BASE_REPOSITORY}" ]]; then
echo "Required E2E secrets are unavailable for forked PRs. Skipping E2E tests for this PR context."
echo "## E2E Tests Skipped" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Required E2E secrets are unavailable for forked PRs, so auth/signup E2E tests cannot run." >> $GITHUB_STEP_SUMMARY
exit 0
fi

echo "Required E2E secrets are missing for an internal PR context."
exit 1
fi

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀 Performance & Scalability | 🔵 Trivial

Forked PRs still run the full expensive setup before this gate.

The secrets gate lives in the "Run E2E tests" step, so a forked PR (which legitimately lacks the secrets) executes all upstream work — building the API image (Lines 151-156), starting Docker services, installing dependencies, building the UI (Line 223), and installing Playwright browsers (Line 237) — only to exit 0 immediately here. That is a large amount of wasted runner time per fork PR.

Since this PR is scoped to match #11565 line-for-line, this likely belongs in a follow-up, but consider promoting the fork/secret check to an earlier guard (e.g., a job-level if or a lightweight precondition job that gates e2e-tests) so forked PRs short-circuit before the heavy steps run.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ui-e2e-tests-v2.yml around lines 239 - 256, Move the
forked-PR secrets check out of the Run E2E tests step in the ui-e2e-tests-v2
workflow so it short-circuits before the expensive setup runs. Add an earlier
guard around the e2e-tests job itself, or introduce a lightweight precondition
step/job that checks PR_HEAD_REPOSITORY against BASE_REPOSITORY and the required
E2E_* secrets before the API image build, Docker startup, UI build, and
Playwright install steps. Keep the existing skip/summary behavior for forked
PRs, but ensure the job never reaches the heavy setup when the secrets are
unavailable.

@HugoPBrito

Copy link
Copy Markdown
Member Author

Superseded by #11569.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant