test: add Playwright E2E tests for dashboard + fix CI workflow

New tests (e2e/dashboard.spec.ts):
- Dashboard auth: redirect to login, login form renders
- Dashboard pages: content/videos/sponsors/settings return valid responses
- API routes: webhook endpoints return 401 without auth, opt-out returns 400

CI fixes (.github/workflows/ci.yml):
- Node.js 20 → 22 to match project requirements
- Trigger on main branch (not just dev)
- Run Playwright against production URL instead of localhost

Author: Miriad

.github/workflows/ci.yml

@@ -2,16 +2,16 @@ name: CI
 
 on:
   push:
-    branches: [dev]
+    branches: [dev, main]
   pull_request:
-    branches: [dev]
+    branches: [dev, main]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 env:
-  NODE_VERSION: "20"
+  NODE_VERSION: "22"
 
 jobs:
   ci:
@@ -71,12 +71,7 @@ jobs:
         run: pnpm exec playwright test
         env:
           CI: true
-          PLAYWRIGHT_BASE_URL: http://localhost:3000
-          NEXT_PUBLIC_SANITY_PROJECT_ID: ${{ secrets.NEXT_PUBLIC_SANITY_PROJECT_ID }}
-          NEXT_PUBLIC_SANITY_DATASET: ${{ secrets.NEXT_PUBLIC_SANITY_DATASET }}
-          NEXT_PUBLIC_SANITY_API_VERSION: ${{ secrets.NEXT_PUBLIC_SANITY_API_VERSION }}
-          NEXT_PUBLIC_SUPABASE_URL: ${{ secrets.NEXT_PUBLIC_SUPABASE_URL }}
-          NEXT_PUBLIC_SUPABASE_ANON_KEY: ${{ secrets.NEXT_PUBLIC_SUPABASE_ANON_KEY }}
+          PLAYWRIGHT_BASE_URL: https://codingcat.dev
 
       - name: Upload Playwright report
         uses: actions/upload-artifact@v4

e2e/dashboard.spec.ts

@@ -0,0 +1,71 @@
+import { expect, test } from "@playwright/test";
+
+test.describe("Dashboard auth", () => {
+	test("unauthenticated /dashboard redirects to /dashboard/login", async ({
+		page,
+	}) => {
+		await page.goto("/dashboard");
+		// Supabase auth proxy should redirect unauthenticated users to login
+		await expect(page).toHaveURL(/\/dashboard\/login/);
+	});
+
+	test("/dashboard/login renders a login form", async ({ page }) => {
+		await page.goto("/dashboard/login");
+		await expect(page.locator("body")).not.toBeEmpty();
+		// Should have email and password inputs
+		await expect(
+			page.locator('input[type="email"], input[name="email"]').first(),
+		).toBeVisible();
+		await expect(
+			page.locator('input[type="password"], input[name="password"]').first(),
+		).toBeVisible();
+	});
+});
+
+test.describe("Dashboard pages exist", () => {
+	const routes = [
+		"/dashboard/content",
+		"/dashboard/videos",
+		"/dashboard/sponsors",
+		"/dashboard/settings",
+	];
+
+	for (const route of routes) {
+		test(`${route} returns a valid response`, async ({ page }) => {
+			const response = await page.goto(route);
+			expect(response).not.toBeNull();
+			// Should not be a 404 — redirects (302) to login are fine
+			expect(response!.status()).not.toBe(404);
+		});
+	}
+});
+
+test.describe("API routes respond", () => {
+	test("POST /api/webhooks/sanity-content returns 401 without auth", async ({
+		request,
+	}) => {
+		const response = await request.post("/api/webhooks/sanity-content");
+		expect(response.status()).toBe(401);
+	});
+
+	test("POST /api/webhooks/sanity-distribute returns 401 without auth", async ({
+		request,
+	}) => {
+		const response = await request.post("/api/webhooks/sanity-distribute");
+		expect(response.status()).toBe(401);
+	});
+
+	test("POST /api/webhooks/sponsor-inbound returns 401 without auth", async ({
+		request,
+	}) => {
+		const response = await request.post("/api/webhooks/sponsor-inbound");
+		expect(response.status()).toBe(401);
+	});
+
+	test("GET /api/sponsor/opt-out returns 400 without token", async ({
+		request,
+	}) => {
+		const response = await request.get("/api/sponsor/opt-out");
+		expect(response.status()).toBe(400);
+	});
+});