SW-1336: Add reusable E2E workflow for CodeBuild-based testing#13
Open
darwinboersma wants to merge 27 commits intomainfrom
Open
SW-1336: Add reusable E2E workflow for CodeBuild-based testing#13darwinboersma wants to merge 27 commits intomainfrom
darwinboersma wants to merge 27 commits intomainfrom
Conversation
Generic workflow that any tetrascience repo can call to run E2E tests via the shared tdp-backend-e2e CodeBuild project. Handles environment resolution, OIDC auth, S3 source upload, CodeBuild trigger, and result polling. Callers only need to provide their buildspec, env vars, and secrets.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
Adds a reusable GitHub Actions workflow to run E2E tests by uploading the caller repo source to S3, triggering the shared tdp-backend-e2e CodeBuild project, and polling for completion. This centralizes the common plumbing (env resolution, AWS auth, build start/wait) so downstream repos can invoke E2E runs with minimal YAML.
Changes:
- Introduces a reusable workflow (
workflow_call) with inputs for environment selection, buildspec path, env var injection, and CodeBuild overrides (image/compute/timeout). - Checks out shared environment configuration from
tetrascience/ts-cloudformation-serviceand derives account/region/base URL/SSM environment for the run. - Uploads source to S3, starts CodeBuild with env overrides, and polls until success/failure/timeout.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
- Move ${{ }} expressions into env vars to prevent code injection
- Add permissions block (id-token: write, contents: read)
- Align job timeout with inputs.timeout_minutes + 5 min buffer
- Only include JFrog env vars when secrets are non-empty
- Use env vars for all step inputs that could be user-controlled
Collaborator
Author
|
All review comments have been addressed in the latest commits:
|
All tetrascience repos need JFrog for private ts-lib-* packages. Remove the conditional logic since they're always present.
New `deploy_before_e2e` input (default true) pushes the current commit to the target environment branch, waits for the CI workflow to complete, then runs E2E tests. Callers can disable with `deploy_before_e2e: false` to skip the deploy and test against whatever is currently deployed.
The environments config will be on the default branch after the infra PR merges. No need to expose this as a permanent input.
There was a problem hiding this comment.
Pull request overview
Adds a reusable GitHub Actions workflow that standardizes running E2E tests via the shared tdp-e2e AWS CodeBuild project, including optional “deploy then test” orchestration.
Changes:
- Introduces a
workflow_callreusable workflow with inputs for environment selection, buildspec path, and optional CodeBuild overrides (image/compute/timeout). - Adds optional deploy step that force-pushes the caller commit to an environment branch and waits for a CI workflow run to complete.
- Implements environment resolution from
ts-cloudformation-service, uploads the repo source to S3, triggers CodeBuild, and polls for completion.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
…rnally
Callers pass {"KEY": "value"} instead of [{"name":"KEY","value":"value"}].
The workflow converts to CodeBuild's array format via jq.
…permissions - Use --force-with-lease instead of --force for deploy push - Add set -euo pipefail to Start CodeBuild and Wait steps - Add error handling for empty buildStatus in wait loop - Increase gh run list --limit from 5 to 20 - Drop contents: write to contents: read (PAT handles the push)
Needed while ts-cloudformation-service#3706 hasn't merged yet. Defaults to empty (uses default branch). Callers can override to test against a feature branch.
Default buildspec handles JFrog registry, Node/yarn setup, SSM token fetch, and runs the test command (default: yarn test:e2e). Callers can override test_command or provide a custom buildspec file for non-standard setups (e.g. Playwright).
Replaces the messy inline heredoc with a proper buildspec file at buildspecs/e2e-default.yml. The workflow copies it into the source tree before zipping so CodeBuild can find it. Callers can still override with their own buildspec file path.
After the build completes, fetch the full CloudWatch log stream and print it in the GHA step output. Also write a summary with test results and log link to $GITHUB_STEP_SUMMARY for the PR check view.
There was a problem hiding this comment.
Pull request overview
Adds a reusable GitHub Actions workflow to run end-to-end tests via a shared AWS CodeBuild project, reducing per-repo workflow boilerplate and standardizing deploy→test orchestration across tetrascience/* repositories.
Changes:
- Introduces reusable workflow
.github/workflows/e2e-codebuild.ymlto optionally deploy to an env branch, upload source to S3, start CodeBuild, poll for completion, and surface logs/results. - Adds a shared default CodeBuild buildspec (
buildspecs/e2e-default.yml) for Node/Yarn setup, JFrog registry config, and running the E2E command. - Expands README with usage examples, inputs/secrets documentation, and “how it works” details.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
buildspecs/e2e-default.yml |
New default buildspec used when callers don’t supply their own. |
README.md |
Documents the new e2e-codebuild workflow, inputs, secrets, and examples. |
.github/workflows/e2e-codebuild.yml |
New reusable workflow that handles deploy coordination + CodeBuild-based E2E execution. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
…nges New check-changes job compares changed files against deploy_paths globs. Deploy only runs if service code changed. E2E always runs.
deploy_paths is required and determines whether deploy runs. No need for a separate boolean toggle.
Required input but empty string is valid — means "never deploy, just run E2E against current deployment".
Callers who need a different command can provide their own buildspec.
Default buildspec hardcodes yarn test:e2e. Callers who need a different command provide their own buildspec.
Defaults to "." (repo root) for backwards compatibility. Enables publishing packages that live in a subdirectory (e.g. src/client/ for generated API clients).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
e2e-codebuild.yml) that anytetrascience/*repo can call to run E2E tests via the sharedtdp-e2eCodeBuild projectbuildspecs/e2e-default.yml) handles Node/yarn/JFrog setup, SSM token fetch, and test execution — no buildspec needed in caller reposimage_override(e.g. Playwright image),compute_type_override,test_command,timeout_minutesDependencies
Test plan
🤖 Generated with Claude Code