[test-qa-hourly] Verify EAS skips Playwright browser install#107
Merged
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
taiiiiiiiiiiii
commented
Jul 13, 2026
taiiiiiiiiiiii
left a comment
Contributor
Author
There was a problem hiding this comment.
Test QA run summary — 2026-07-14 03:58 JST
- Continued active Test QA PR #107 and reviewed its one-file test-only diff, latest
main, PR mergeability, Vercel previews, and GitHub Actions CI run #633. - CI is failing in
lint-test→Security audit (Node + Python). The Python audit reportsclick 8.3.1vulnerable asPYSEC-2026-2132; the reported fixed version is8.3.3. - Other checks:
coverage,deploy-gates, andcheck-dead-envpassed; deploy jobs skipped as expected for this PR. - No additional commit was pushed in this run. The safe fix requires regenerating
apps/analytics-engine/uv.lockwithclick>=8.3.3(for example,cd apps/analytics-engine && uv lock --upgrade-package click), then runninguv export --locked --no-dev --no-emit-project --format requirements.txt --no-header --output-file /tmp/analytics-engine-audit.txt && uvx --from pip-audit pip-audit -r /tmp/analytics-engine-audit.txt --disable-pip, followed by the focused app test and broader CI. - I did not weaken or bypass the audit with an ignore. This runtime can inspect and update GitHub files but cannot execute
uv lockor safely synthesize the generated lockfile without a checkout, so the dependency lock update remains the blocker. - Auto-merge was not attempted because required CI is failing.
- Repository hygiene note: PR #106 is also still open with the same Test QA matching policy; it should be merged or closed before further QA scope is added so only one ongoing Test QA PR remains.
taiiiiiiiiiiii
commented
Jul 13, 2026
taiiiiiiiiiiii
left a comment
Contributor
Author
There was a problem hiding this comment.
Test QA run summary — 2026-07-14 05:00 JST
- Rechecked open Test QA PRs, current diffs, mergeability, repository settings, and GitHub Actions for PR #107.
- Two matching active QA PRs remain open: #106 and #107. Per policy, no second PR was opened and no new QA scope was added.
- PR #107 is open, non-draft, mergeable, and contains only the intended test file, but required CI run #633 is still failed.
- Failure remains in
lint-test→ Python security audit:apps/analytics-enginelocksclick 8.3.1, affected byPYSEC-2026-2132; the CI-reported fixed version is8.3.3. - No commit was pushed because safely fixing this requires regenerating and validating
apps/analytics-engine/uv.lockwithuv, which is unavailable in this connector-only run. The correct focused fix remains:
cd apps/analytics-engine && uv lock --upgrade-package click - Required follow-up validation: Python security audit, the focused app test
pnpm --filter @zapengine/app test -- tests/install-playwright.test.ts, then full GitHub CI. - No gates were weakened and no ignore was added.
- Auto-merge was not attempted because required CI is failing; repository auto-merge is also disabled (
allow_auto_merge=false). - User review is recommended to merge/close #106 before extending #107, because both currently match the active Test QA PR policy.
taiiiiiiiiiiii
commented
Jul 13, 2026
taiiiiiiiiiiii
left a comment
Contributor
Author
There was a problem hiding this comment.
Test QA run summary — CI still blocked
- Rechecked open Test QA PRs #106 and #107, latest
main(5a00b97), #107's one-file test-only diff, mergeability, and CI run #633. - CI remains failed in
lint-testat the Python security audit becauseapps/analytics-engine/uv.lockpinsclick 8.3.1(PYSEC-2026-2132). - Verified the fixed PyPI release metadata for
click 8.3.3:- sdist SHA-256:
398329ad4837b2ff7cbe1dd166a4c0f8900c3ca3a218de04466f38f6497f18a2 - wheel SHA-256:
a2bf429bb3033c89fa4936ffb35d5cb471e3719e1f3c8a7c3fff0b8314305613
- sdist SHA-256:
- No commit was pushed. A safe lockfile fix still requires regenerating the complete
apps/analytics-engine/uv.lockwithuv lock --upgrade-package click, rather than hand-editing or weakening the audit gate. - Required validation after regeneration:
cd apps/analytics-engine && uv lock --upgrade-package click- run the repository's Python security audit command
pnpm --filter @zapengine/app test -- tests/install-playwright.test.ts- full GitHub CI
- Auto-merge remains ineligible while required CI is failing; repository auto-merge is also disabled.
- Active PR hygiene remains unresolved: both #106 and #107 match the Test QA PR policy, so one should be merged or closed before further QA scope is added.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds one focused regression test for the new Expo/EAS postinstall helper.
The test executes
scripts/install-playwright.mjswithEAS_BUILD=trueand verifies that the helper exits through the EAS skip path instead of attempting to download Chromium during native cloud builds.QA rationale
The Android Play release workflow recently changed
postinstallfrom a direct Playwright install to a conditional helper. Accidentally regressing this condition would make EAS native builds slower or fail while installing an unnecessary browser binary.Scope
apps/app/tests/Validation
Focused command intended for this change:
pnpm --filter @zapengine/app test -- tests/install-playwright.test.tsBroader repository validation is delegated to the PR's existing GitHub Actions gates because this run has GitHub connector access but no local checkout or command runner.