WIP: full e2e tests #525
Draft
WIP: full e2e tests #525
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
The test-runner container doesn't have launchpad installed, so mounting the full tests directory caused pytest to load the main conftest.py which imports launchpad. Fixed by: - Copy e2e tests to /app/e2e_tests to avoid parent conftest.py discovery - Add standalone e2e conftest.py that doesn't import launchpad - Add missing build deps (gcc, g++, librdkafka-dev) for confluent-kafka - Add missing deps to mock API (curl for healthcheck, python-multipart for uploads) - Update fixture path to match new directory structure Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The e2e tests require Docker services (mock-sentry-api) that only exist in the dedicated e2e job's docker-compose environment. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add sanitize_id helper to validate artifact_id parameters contain only safe characters (alphanumeric, hyphens, underscores). This fixes CodeQL path injection warnings in the mock API server. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The preprod-artifact-events topic must exist before Launchpad starts, otherwise the Kafka consumer fails with UNKNOWN_TOPIC_OR_PART error. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The wait_for_processing function was returning as soon as artifact metadata was present, but the size analysis file is uploaded after the metadata update. Now wait for both to be complete. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The analysis results use download_size and install_size, not total_size. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace regex-based sanitize_id with safe_path() that: 1. Constructs the target path 2. Resolves it to absolute path (removes .., symlinks) 3. Validates it stays within the base directory This pattern is recognized by CodeQL as a proper path traversal sanitizer. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The e2e mock server is test code that runs in an isolated Docker container. Exclude it from CodeQL to avoid false positives on path handling in test utilities. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Instead of trying to sanitize user input, hash the artifact_id to create safe filenames. This ensures user-controlled data never directly becomes part of file paths. Also removes unused CodeQL config file. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.