Merge branch 'main' into feat/add-creator-field-to-master-api-keys

# Conflicts:
#	api/tests/integration/api_keys/test_viewset.py
#	frontend/web/components/AdminAPIKeys.js

Author: matthewelwell

.depot/workflows/api-pull-request.yml

@@ -0,0 +1,76 @@
+# Depot CI Migration
+# Source: .github/workflows/api-pull-request.yml
+#
+# No changes were necessary.
+
+name: API Pull Request
+permissions:
+  contents: read # For actions/checkout
+  id-token: write # For Codecov OIDC
+on:
+  pull_request:
+    paths:
+      - api/**
+      - docker/api/**
+      - .depot/**
+      - .release-please-manifest.json
+    types: [opened, synchronize, reopened, ready_for_review]
+  push:
+    paths:
+      - api/**
+      - docker/api/**
+      - .depot/**
+      - .release-please-manifest.json
+    branches:
+      - main
+defaults:
+  run:
+    working-directory: api
+env:
+  DOTENV_OVERRIDE_FILE: .env-ci
+jobs:
+  test:
+    runs-on: depot-ubuntu-latest-16
+    name: API Unit Tests
+    strategy:
+      max-parallel: 3
+      matrix:
+        python-version: ["3.11", "3.12", "3.13"]
+    steps:
+      - name: Cloning repo
+        uses: actions/checkout@v5
+      - name: Install Poetry
+        run: make install-poetry
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: poetry
+      - name: Install Dependencies
+        run: make install-packages
+      - name: Check for missing migrations
+        env:
+          opts: --no-input --dry-run --check
+        run: make django-make-migrations
+      - uses: liskin/gh-problem-matcher-wrap@v2
+        with:
+          action: add
+          linters: mypy
+      - name: Check for new typing errors
+        run: make typecheck
+      - uses: liskin/gh-problem-matcher-wrap@v2
+        with:
+          action: remove
+          linters: mypy
+      - name: Check autogenerated documentation
+        uses: nickcharlton/diff-check@v1.0.0
+        with:
+          command: make -C api generate-docs
+      - name: Run Tests
+        run: make test
+      - name: Upload Coverage
+        uses: codecov/codecov-action@v5
+        env:
+          PYTHON: ${{ matrix.python-version }}
+        with:
+          env_vars: PYTHON
+          use_oidc: true

.github/actions/e2e-tests/action.yml

@@ -26,13 +26,26 @@ runs:
         node-version-file: frontend/.nvmrc
         cache-dependency-path: frontend/package-lock.json
 
+    - name: Cache Playwright browsers
+      uses: actions/cache@v4
+      with:
+        path: ~/.cache/ms-playwright
+        key: ${{ runner.os }}-playwright-${{ hashFiles('frontend/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.os }}-playwright-
+
     - name: NPM Install
       working-directory: frontend
       run: |
         npm ci
       shell: bash
 
-    - name: Test with Chromedriver
+    - name: Install Playwright browsers
+      working-directory: frontend
+      run: npm run test:install
+      shell: bash
+
+    - name: Run E2E tests
       uses: nick-fields/retry@v3
       with:
         shell: bash

.github/workflows/.reusable-docker-build.yml

@@ -148,10 +148,11 @@ jobs:
 
       - name: Scan ${{ steps.image-tag.outputs.image-tag }} image
         id: trivy
-        uses: Flagsmith/actions/trivy-scan-image@v0.3.0
+        uses: Flagsmith/actions/trivy-scan-image@v0.4.1
         if: inputs.scan
         with:
           image-tag: ${{ steps.image-tag.outputs.image-tag }}
+          artifact-name: ${{ inputs.image-name }}-trivy-results
           category: ${{ inputs.image-name }}
           # `query` value contained path:{image_name} before but not all Trivy findings
           # conform to that. There's no category filter at the moment; for the time being,

.github/workflows/.reusable-docker-e2e-tests.yml

@@ -14,7 +14,7 @@ on:
         required: true
       args:
         type: string
-        description: Additional arguments to testcafe
+        description: Additional arguments to playwright
         required: false
         default: ''
       concurrency:
@@ -44,6 +44,7 @@ jobs:
       contents: read
       packages: read
       id-token: write
+      pull-requests: write
 
     env:
       GCR_TOKEN: ${{ secrets.GCR_TOKEN }}
@@ -52,6 +53,17 @@ jobs:
       - name: Cloning repo
         uses: actions/checkout@v5
 
+      - name: Determine test type
+        id: test-type
+        run: |
+          if [[ '${{ inputs.args }}' == *"@enterprise"* ]]; then
+            echo "type=private-cloud" >> $GITHUB_OUTPUT
+            echo "label=private-cloud" >> $GITHUB_OUTPUT
+          else
+            echo "type=oss" >> $GITHUB_OUTPUT
+            echo "label=oss" >> $GITHUB_OUTPUT
+          fi
+
       - name: Login to Github Container Registry
         if: ${{ env.GCR_TOKEN }}
         uses: docker/login-action@v3
@@ -67,22 +79,89 @@ jobs:
         run: depot pull-token | docker login -u x-token --password-stdin registry.depot.dev
 
       - name: Run tests on dockerised frontend
-        uses: nick-fields/retry@v3
-        with:
-          shell: bash
-          command: |
-            cd frontend
-            make test
-          max_attempts: 2
-          retry_on: error
-          timeout_minutes: 20
-          on_retry_command: |
-            cd frontend
-            docker compose down --remove-orphans || true
+        working-directory: frontend
+        run: make test
         env:
           opts: ${{ inputs.args }}
           API_IMAGE: ${{ inputs.api-image }}
           E2E_IMAGE: ${{ inputs.e2e-image }}
           E2E_CONCURRENCY: ${{ inputs.concurrency }}
+          E2E_RETRIES: 2
           SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }}
           GITHUB_ACTION_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+        timeout-minutes: 20
+
+      - name: Cleanup E2E services
+        if: always()
+        working-directory: frontend
+        run: docker compose down --remove-orphans || true
+
+      - name: Copy results.json to HTML report
+        if: always()
+        run: |
+          cp frontend/e2e/test-results/results.json frontend/e2e/playwright-report/ || true
+
+      - name: Upload HTML report
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: playwright-html-report-${{ steps.test-type.outputs.type }}-${{ github.run_id }}-${{ github.run_attempt }}-${{ strategy.job-index }}
+          path: frontend/e2e/playwright-report/
+          retention-days: 30
+          if-no-files-found: warn
+
+      - name: Set artifact URL
+        if: failure() && github.event_name == 'pull_request'
+        id: artifact-url
+        run: |
+          echo "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}#artifacts" >> $GITHUB_OUTPUT
+
+      - name: Send Slack notification and upload report
+        if: failure()
+        working-directory: frontend
+        run: |
+          cd e2e
+          zip -r playwright-report.zip playwright-report/ || echo "Failed to zip report"
+          cd ..
+          npm install --no-save @slack/web-api
+          npx -y tsx e2e/slack-e2e-reporter.ts
+        env:
+          SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }}
+          GITHUB_ACTION_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+          GITHUB_REF_NAME: ${{ github.ref_name }}
+          GITHUB_HEAD_REF: ${{ github.head_ref }}
+          TEST_TYPE: ${{ steps.test-type.outputs.label }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          PR_TITLE: ${{ github.event.pull_request.title }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+
+      - name: Generate test report summary (success)
+        id: report-summary-success
+        if: success() && github.event_name == 'pull_request'
+        uses: daun/playwright-report-summary@v3
+        with:
+          report-file: frontend/e2e/playwright-report/results.json
+          comment-title: 'Playwright Test Results (${{ steps.test-type.outputs.label }} - ${{ inputs.runs-on }})'
+          create-comment: false
+          custom-info: |
+            **🔄 Run:** [#${{ github.run_number }} (attempt ${{ github.run_attempt }})](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})
+
+      - name: Generate test report summary (failure)
+        id: report-summary-failure
+        if: failure() && github.event_name == 'pull_request'
+        uses: daun/playwright-report-summary@v3
+        with:
+          report-file: frontend/e2e/playwright-report/results.json
+          comment-title: 'Playwright Test Results (${{ steps.test-type.outputs.label }} - ${{ inputs.runs-on }})'
+          create-comment: false
+          custom-info: |
+            **📦 Artifacts:** [View test results and HTML report](${{ steps.artifact-url.outputs.url }})
+            **🔄 Run:** [#${{ github.run_number }} (attempt ${{ github.run_attempt }})](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})
+
+      - name: Comment PR with test results
+        if: always() && github.event_name == 'pull_request' && (steps.report-summary-success.outputs.summary || steps.report-summary-failure.outputs.summary)
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: playwright-e2e-results
+          append: true
+          message: ${{ steps.report-summary-success.outputs.summary || steps.report-summary-failure.outputs.summary }}

.github/workflows/frontend-test-staging.yml

@@ -15,22 +15,6 @@ jobs:
       - name: Cloning repo
         uses: actions/checkout@v5
 
-      # Temporarily install Firefox 143.0 to avoid test failures as superior versions cause frontend e2e tests to hang
-      # To be removed once upstream issue correctly resolved
-      - name: Install Firefox 143.0
-        run: |
-          sudo apt-get remove -y firefox || true
-          sudo rm -rf /usr/bin/firefox /usr/lib/firefox*
-          
-          ARCH=$(uname -m)
-          wget -O /tmp/firefox.tar.xz "https://ftp.mozilla.org/pub/firefox/releases/143.0/linux-${ARCH}/en-US/firefox-143.0.tar.xz"
-          sudo tar -xJf /tmp/firefox.tar.xz -C /opt
-          sudo ln -s /opt/firefox/firefox /usr/local/bin/firefox
-          rm /tmp/firefox.tar.xz
-          
-          firefox --version
-
-
       - name: Run E2E tests against staging
         uses: ./.github/actions/e2e-tests
         with:

.github/workflows/platform-docker-build-e2e-image.yml

@@ -94,9 +94,9 @@ jobs:
         runs-on: [depot-ubuntu-latest-16, depot-ubuntu-latest-arm-16]
         args:
           - api-image: ${{ needs.docker-build-api.outputs.image }}
-            args: --meta-filter category=oss
+            args: --grep @oss
           - api-image: ${{ needs.docker-build-private-cloud-api.outputs.image }}
-            args: --meta-filter category=oss,category=enterprise
+            args: --grep "@oss|@enterprise"
 
   # Publish to dockerhub
 

.github/workflows/platform-docker-build-test-publish.yml

@@ -101,7 +101,7 @@ jobs:
 
       - name: Scan ${{ matrix.image-name }}:main image
         id: trivy
-        uses: Flagsmith/actions/trivy-scan-image@v0.4.0
+        uses: Flagsmith/actions/trivy-scan-image@v0.4.1
         with:
           image-tag: ${{ env.REGISTRY_URL }}/flagsmith/${{ matrix.image-name }}:main
           category: ${{ matrix.image-name }}

.github/workflows/platform-docker-trivy-scan.yml

@@ -150,7 +150,7 @@ jobs:
       runs-on: ${{ matrix.runs-on }}
       e2e-image: ${{ needs.docker-build-e2e.outputs.image }}
       api-image: ${{ needs.docker-build-api.outputs.image }}
-      args: --meta-filter category=oss
+      args: --grep @oss
     secrets:
       GCR_TOKEN: ${{ needs.permissions-check.outputs.can-write == 'true' && secrets.GITHUB_TOKEN || '' }}
       SLACK_TOKEN: ${{ needs.permissions-check.outputs.can-write == 'true' && secrets.SLACK_TOKEN || '' }}
@@ -167,7 +167,7 @@ jobs:
       runs-on: ${{ matrix.runs-on }}
       e2e-image: ${{ needs.docker-build-e2e.outputs.image }}
       api-image: ${{ needs.docker-build-private-cloud.outputs.image }}
-      args: --meta-filter category=oss,category=enterprise
+      args: --grep "@oss|@enterprise"
     secrets:
       GCR_TOKEN: ${{ needs.permissions-check.outputs.can-write == 'true' && secrets.GITHUB_TOKEN || '' }}
       SLACK_TOKEN: ${{ needs.permissions-check.outputs.can-write == 'true' && secrets.SLACK_TOKEN || '' }}

.github/workflows/platform-pull-request.yml

@@ -33,10 +33,10 @@ jobs:
         run: poetry run python manage.py updateflagsmithenvironment
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v8
         with:
           commit-message: Update API Flagsmith Defaults
-          branch: chore/update-api-flagsmith-environment
           delete-branch: true
-          title: 'chore: update Flagsmith environment document'
+          title: 'chore: Update Flagsmith environment document'
           labels: api
+          token: ${{ secrets.UPDATE_ENVIRONMENT_DOCUMENT_WORKFLOW_GH_PAT }}