ahmido
0a1377c5f5
## Summary - add Spec 288 no-legacy route/helper and provider-core/role-authority guard coverage - extend the pinned Spec 281 and Spec 285 browser smokes plus lane/report classification wording for classification-only fallout handling - add the Spec 288 artifact package and contributor-facing quality-gate guidance while keeping Package Execution deferred to Spec 289 ## Validation - `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/Spec288NoLegacyRouteAndHelperGuardTest.php tests/Feature/Guards/Spec288ProviderCoreAndRoleAuthorityGuardTest.php tests/Feature/Guards/AdminWorkspaceRoutesGuardTest.php tests/Feature/Guards/ProviderBoundaryPlatformCoreGuardTest.php tests/Feature/ProviderConnections/LegacyRedirectTest.php tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php tests/Feature/Rbac/ProviderConnectionWorkspaceFirstPolicyTest.php tests/Feature/Filament/ManagedEnvironmentAccessScopeManagementTest.php tests/Feature/Guards/BrowserLaneIsolationTest.php tests/Feature/Guards/CiLaneFailureClassificationContractTest.php tests/Feature/Guards/CiHeavyBrowserWorkflowContractTest.php tests/Unit/Auth/NoRoleStringChecksTest.php)` - `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail artisan test --compact tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php)` - `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail bin pint --dirty --format agent)` Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #347
69 lines
5.2 KiB
PHP
69 lines
5.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use Tests\Support\TestLaneManifest;
|
|
|
|
it('keeps heavy-governance manual and scheduled execution inside the dedicated workflow file with schedule gating', function (): void {
|
|
$manualProfile = TestLaneManifest::workflowProfile('heavy-governance-manual');
|
|
$scheduledProfile = TestLaneManifest::workflowProfile('heavy-governance-scheduled');
|
|
$noLegacyFamily = TestLaneManifest::family('no-legacy-guardrail');
|
|
$workflowContents = (string) file_get_contents(repo_path($manualProfile['filePath']));
|
|
|
|
expect(file_exists(repo_path($manualProfile['filePath'])))->toBeTrue()
|
|
->and($manualProfile['filePath'])->toBe($scheduledProfile['filePath'])
|
|
->and($manualProfile['laneBindings'])->toBe(['heavy-governance'])
|
|
->and(TestLaneManifest::lane('heavy-governance')['scopeBoundaryNote'])->toContain('full-suite repair ownership')
|
|
->and($noLegacyFamily['targetLaneId'])->toBe('heavy-governance')
|
|
->and($noLegacyFamily['hotspotFiles'])->toContain(
|
|
'tests/Feature/Guards/Spec288NoLegacyRouteAndHelperGuardTest.php',
|
|
'tests/Feature/Guards/Spec288ProviderCoreAndRoleAuthorityGuardTest.php',
|
|
)
|
|
->and($scheduledProfile['scheduleCron'])->toBe('17 4 * * 1-5')
|
|
->and($workflowContents)->toContain('workflow_dispatch:')
|
|
->and($workflowContents)->toContain('schedule:')
|
|
->and($workflowContents)->toContain('permissions:')
|
|
->and($workflowContents)->toContain('actions: read')
|
|
->and($workflowContents)->toContain('contents: read')
|
|
->and($workflowContents)->toContain('17 4 * * 1-5')
|
|
->and($workflowContents)->toContain("vars.TENANTATLAS_ENABLE_HEAVY_GOVERNANCE_SCHEDULE == '1'")
|
|
->and($workflowContents)->toContain('workflow_id=heavy-governance-manual')
|
|
->and($workflowContents)->toContain('workflow_id=heavy-governance-scheduled')
|
|
->and($workflowContents)->toContain('./scripts/platform-test-lane heavy-governance --workflow-id=${{ steps.context.outputs.workflow_id }} --trigger-class=${{ steps.context.outputs.trigger_class }}')
|
|
->and($workflowContents)->toContain('TENANTATLAS_GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}')
|
|
->and($workflowContents)->toContain('./scripts/platform-test-report heavy-governance --workflow-id=${{ steps.context.outputs.workflow_id }} --trigger-class=${{ steps.context.outputs.trigger_class }} --fetch-latest-history')
|
|
->and($workflowContents)->toContain('./scripts/platform-test-artifacts heavy-governance .gitea-artifacts/heavy-governance --workflow-id=${{ steps.context.outputs.workflow_id }} --trigger-class=${{ steps.context.outputs.trigger_class }}')
|
|
->and($workflowContents)->not->toContain('pull_request:', './scripts/platform-test-lane browser');
|
|
});
|
|
|
|
it('keeps browser manual and scheduled execution isolated from pull-request and confidence validation', function (): void {
|
|
$manualProfile = TestLaneManifest::workflowProfile('browser-manual');
|
|
$scheduledProfile = TestLaneManifest::workflowProfile('browser-scheduled');
|
|
$browserFamily = TestLaneManifest::family('browser-smoke');
|
|
$workflowContents = (string) file_get_contents(repo_path($manualProfile['filePath']));
|
|
|
|
expect(file_exists(repo_path($manualProfile['filePath'])))->toBeTrue()
|
|
->and($manualProfile['filePath'])->toBe($scheduledProfile['filePath'])
|
|
->and($manualProfile['laneBindings'])->toBe(['browser'])
|
|
->and(TestLaneManifest::lane('browser')['scopeBoundaryNote'])->toContain('classification-only')
|
|
->and($browserFamily['hotspotFiles'])->toContain(
|
|
'tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php',
|
|
'tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php',
|
|
)
|
|
->and($scheduledProfile['scheduleCron'])->toBe('43 4 * * 1-5')
|
|
->and($workflowContents)->toContain('workflow_dispatch:')
|
|
->and($workflowContents)->toContain('schedule:')
|
|
->and($workflowContents)->toContain('permissions:')
|
|
->and($workflowContents)->toContain('actions: read')
|
|
->and($workflowContents)->toContain('contents: read')
|
|
->and($workflowContents)->toContain('43 4 * * 1-5')
|
|
->and($workflowContents)->toContain("vars.TENANTATLAS_ENABLE_BROWSER_SCHEDULE == '1'")
|
|
->and($workflowContents)->toContain('workflow_id=browser-manual')
|
|
->and($workflowContents)->toContain('workflow_id=browser-scheduled')
|
|
->and($workflowContents)->toContain('./scripts/platform-test-lane browser --workflow-id=${{ steps.context.outputs.workflow_id }} --trigger-class=${{ steps.context.outputs.trigger_class }}')
|
|
->and($workflowContents)->toContain('TENANTATLAS_GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}')
|
|
->and($workflowContents)->toContain('./scripts/platform-test-report browser --workflow-id=${{ steps.context.outputs.workflow_id }} --trigger-class=${{ steps.context.outputs.trigger_class }} --fetch-latest-history')
|
|
->and($workflowContents)->toContain('./scripts/platform-test-artifacts browser .gitea-artifacts/browser --workflow-id=${{ steps.context.outputs.workflow_id }} --trigger-class=${{ steps.context.outputs.trigger_class }}')
|
|
->and($workflowContents)->not->toContain('pull_request:', './scripts/platform-test-lane confidence');
|
|
});
|