fix(e2e): scope rate_limit_attempts cleanup to exclude brute-force #531
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Accessibility Testing | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main] | |
| env: | |
| FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true | |
| jobs: | |
| accessibility: | |
| runs-on: ubuntu-latest | |
| env: | |
| NEXT_PUBLIC_SUPABASE_URL: ${{ secrets.NEXT_PUBLIC_SUPABASE_URL }} | |
| NEXT_PUBLIC_SUPABASE_ANON_KEY: ${{ secrets.NEXT_PUBLIC_SUPABASE_ANON_KEY }} | |
| SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.SUPABASE_SERVICE_ROLE_KEY }} | |
| TEST_USER_PRIMARY_EMAIL: ${{ vars.TEST_USER_PRIMARY_EMAIL }} | |
| TEST_USER_PRIMARY_PASSWORD: ${{ secrets.TEST_USER_PRIMARY_PASSWORD }} | |
| # Pre-baked encryption keys so auth.setup.ts skips the slow UI-based | |
| # Argon2id derivation path. Without this, auth.setup falls back to | |
| # clicking "Unlock" on the re-auth modal and waiting up to 120s for | |
| # the modal to hide — and production-mode Argon2id (64MB, 3 iters, | |
| # 4 lanes) routinely exceeds that under headless CI load. | |
| E2E_ENCRYPTION_KEYS: ${{ secrets.E2E_ENCRYPTION_KEYS }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10.16.1 | |
| - uses: actions/setup-node@v5 | |
| with: | |
| node-version: '22' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Build application | |
| run: pnpm run build | |
| env: | |
| # Inline fast-mode Argon2id into the bundle (1MB, 1 iter, 1 lane | |
| # instead of prod 64MB/3/4). NEXT_PUBLIC_* vars are baked at build | |
| # time, so this must be set on the build step, not the test step. | |
| # Without this flag, production Argon2id runs in the browser and | |
| # exceeds the 120s auth.setup re-auth modal timeout under CI load. | |
| NEXT_PUBLIC_E2E_TEST_MODE: 'true' | |
| - name: Install Playwright browsers | |
| run: pnpm exec playwright install --with-deps chromium | |
| - name: Run accessibility tests (axe-playwright) | |
| run: pnpm run test:a11y:ci | |
| - name: Run component accessibility tests (happy-dom) | |
| run: | | |
| # Run all accessibility tests except: | |
| # - Card (requires jsdom for canvas API) | |
| # RouteBuilder now included - OOM fixed via module aliases (see docs/specs/051-ci-test-memory) | |
| FILES=$(find src/components -name "*.accessibility.test.tsx" -type f \ | |
| ! -name "Card.accessibility.test.tsx" \ | |
| | tr '\n' ' ') | |
| echo "Running $(echo $FILES | wc -w) happy-dom accessibility test files" | |
| pnpm exec vitest run $FILES --no-file-parallelism --pool vmThreads | |
| env: | |
| NODE_OPTIONS: '--max-old-space-size=2048' | |
| - name: Run Card accessibility tests (jsdom) | |
| run: | | |
| echo "Running Card accessibility tests with jsdom" | |
| pnpm exec vitest run src/components/atomic/Card/Card.accessibility.test.tsx --project jsdom | |
| env: | |
| NODE_OPTIONS: '--max-old-space-size=2048' | |
| - name: Comment PR with results | |
| if: github.event_name == 'pull_request' && failure() | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: '❌ Accessibility tests failed. Please check the [workflow logs](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details.' | |
| }) |