Skip to content

[test-qa-hourly] Verify EAS skips Playwright browser install#107

Merged
david30907d merged 1 commit into
mainfrom
test-qa/ongoing-coverage-20260714
Jul 14, 2026
Merged

[test-qa-hourly] Verify EAS skips Playwright browser install#107
david30907d merged 1 commit into
mainfrom
test-qa/ongoing-coverage-20260714

Conversation

@taiiiiiiiiiiii

Copy link
Copy Markdown
Contributor

Summary

Adds one focused regression test for the new Expo/EAS postinstall helper.

The test executes scripts/install-playwright.mjs with EAS_BUILD=true and verifies that the helper exits through the EAS skip path instead of attempting to download Chromium during native cloud builds.

QA rationale

The Android Play release workflow recently changed postinstall from a direct Playwright install to a conditional helper. Accidentally regressing this condition would make EAS native builds slower or fail while installing an unnecessary browser binary.

Scope

  • Test-only change
  • One new Vitest file under apps/app/tests/
  • No CI gates, implementation behavior, docs, agent files, or secrets changed

Validation

Focused command intended for this change:

pnpm --filter @zapengine/app test -- tests/install-playwright.test.ts

Broader repository validation is delegated to the PR's existing GitHub Actions gates because this run has GitHub connector access but no local checkout or command runner.

@vercel

vercel Bot commented Jul 13, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
zap-engine-frontend Ready Ready Preview, Comment Jul 13, 2026 6:06pm
zap-engine-landing-page Ready Ready Preview, Comment Jul 13, 2026 6:06pm

@taiiiiiiiiiiii taiiiiiiiiiiii left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test QA run summary — 2026-07-14 03:58 JST

  • Continued active Test QA PR #107 and reviewed its one-file test-only diff, latest main, PR mergeability, Vercel previews, and GitHub Actions CI run #633.
  • CI is failing in lint-testSecurity audit (Node + Python). The Python audit reports click 8.3.1 vulnerable as PYSEC-2026-2132; the reported fixed version is 8.3.3.
  • Other checks: coverage, deploy-gates, and check-dead-env passed; deploy jobs skipped as expected for this PR.
  • No additional commit was pushed in this run. The safe fix requires regenerating apps/analytics-engine/uv.lock with click>=8.3.3 (for example, cd apps/analytics-engine && uv lock --upgrade-package click), then running uv export --locked --no-dev --no-emit-project --format requirements.txt --no-header --output-file /tmp/analytics-engine-audit.txt && uvx --from pip-audit pip-audit -r /tmp/analytics-engine-audit.txt --disable-pip, followed by the focused app test and broader CI.
  • I did not weaken or bypass the audit with an ignore. This runtime can inspect and update GitHub files but cannot execute uv lock or safely synthesize the generated lockfile without a checkout, so the dependency lock update remains the blocker.
  • Auto-merge was not attempted because required CI is failing.
  • Repository hygiene note: PR #106 is also still open with the same Test QA matching policy; it should be merged or closed before further QA scope is added so only one ongoing Test QA PR remains.

@taiiiiiiiiiiii taiiiiiiiiiiii left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test QA run summary — 2026-07-14 05:00 JST

  • Rechecked open Test QA PRs, current diffs, mergeability, repository settings, and GitHub Actions for PR #107.
  • Two matching active QA PRs remain open: #106 and #107. Per policy, no second PR was opened and no new QA scope was added.
  • PR #107 is open, non-draft, mergeable, and contains only the intended test file, but required CI run #633 is still failed.
  • Failure remains in lint-test → Python security audit: apps/analytics-engine locks click 8.3.1, affected by PYSEC-2026-2132; the CI-reported fixed version is 8.3.3.
  • No commit was pushed because safely fixing this requires regenerating and validating apps/analytics-engine/uv.lock with uv, which is unavailable in this connector-only run. The correct focused fix remains:
    cd apps/analytics-engine && uv lock --upgrade-package click
  • Required follow-up validation: Python security audit, the focused app test pnpm --filter @zapengine/app test -- tests/install-playwright.test.ts, then full GitHub CI.
  • No gates were weakened and no ignore was added.
  • Auto-merge was not attempted because required CI is failing; repository auto-merge is also disabled (allow_auto_merge=false).
  • User review is recommended to merge/close #106 before extending #107, because both currently match the active Test QA PR policy.

@taiiiiiiiiiiii taiiiiiiiiiiii left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test QA run summary — CI still blocked

  • Rechecked open Test QA PRs #106 and #107, latest main (5a00b97), #107's one-file test-only diff, mergeability, and CI run #633.
  • CI remains failed in lint-test at the Python security audit because apps/analytics-engine/uv.lock pins click 8.3.1 (PYSEC-2026-2132).
  • Verified the fixed PyPI release metadata for click 8.3.3:
    • sdist SHA-256: 398329ad4837b2ff7cbe1dd166a4c0f8900c3ca3a218de04466f38f6497f18a2
    • wheel SHA-256: a2bf429bb3033c89fa4936ffb35d5cb471e3719e1f3c8a7c3fff0b8314305613
  • No commit was pushed. A safe lockfile fix still requires regenerating the complete apps/analytics-engine/uv.lock with uv lock --upgrade-package click, rather than hand-editing or weakening the audit gate.
  • Required validation after regeneration:
    1. cd apps/analytics-engine && uv lock --upgrade-package click
    2. run the repository's Python security audit command
    3. pnpm --filter @zapengine/app test -- tests/install-playwright.test.ts
    4. full GitHub CI
  • Auto-merge remains ineligible while required CI is failing; repository auto-merge is also disabled.
  • Active PR hygiene remains unresolved: both #106 and #107 match the Test QA PR policy, so one should be merged or closed before further QA scope is added.

@david30907d
david30907d merged commit 38e1707 into main Jul 14, 2026
8 of 9 checks passed
@david30907d
david30907d deleted the test-qa/ongoing-coverage-20260714 branch July 14, 2026 02:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants