test(e2e): freeze legacy nightly bash wiring#5156
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThis PR adds a test-level validation layer to lock down legacy E2E shell scripts. It introduces file-backed allowlists for top-level and nightly-wired legacy scripts, helper functions to enumerate and extract script references from workflows, and assertions to ensure both inventories remain frozen to their allowlists with file existence verification. ChangesE2E Legacy Script Freeze Coverage
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
PR Review AdvisorFindings: 0 needs attention, 0 worth checking, 0 nice ideas This is an automated advisory review. A human maintainer must make the final merge decision. |
|
Coordination update: #5126 has now folded in this deterministic guardrail shape and is green on The current #5126 foundation includes:
So I think this PR is best treated as superseded by #5126 once that re-review completes. Thank you for pushing the simpler shape; it is the one we adopted. |
wscurran
added
area: ci
## Summary Simplifies legacy E2E migration tracking now that #5106 retired the typed-shell/YAML scenario runner. The PR removes stale repo-local JSON migration ledgers, documents GitHub issues and PRs as the source of truth for migration state, adopts the #5156-style deterministic legacy bash workflow guard, and clarifies that NemoClaw owns one Vitest E2E system with fixtures/support code rather than a second framework. ## Related Issue Refs #5098 ## Changes - Removes `test/e2e-scenario/migration/legacy-inventory.json` so it no longer acts as a detailed script-by-script migration roadmap. - Removes the orphaned generated assertion inventory at `test/e2e/docs/parity-inventory.generated.json`; its recorded generator no longer exists, and it was already stale against migrated/deleted legacy scripts. - Adds deterministic workflow contract tests that freeze the current top-level `test/e2e/test-*.sh` legacy script set, freeze scheduled `nightly-e2e.yaml` legacy script wiring, and assert every nightly-wired legacy script still exists. - Replaces inventory validation with migration policy/source-of-truth checks that keep repo-local durable taxonomy and generated assertion ledgers out of migration docs. - Removes the PR Review Advisor PR-body deletion-evidence checker/contract; the advisor still blocks reintroducing retired migration ledgers. - Updates `MIGRATION.md`, `README.md`, `RETIREMENT.md`, and release-note wording to describe one Vitest E2E system, workflow allowlist guardrails, and fixture/support code rather than a second E2E framework or runner. - Renames the fast Vitest support project from `e2e-scenario-framework` to `e2e-vitest-support`, moves tests from `framework-tests/` to `support-tests/`, and renames the shared helper path to `test/e2e-scenario/fixtures/`. - Rewords the E2E scenario advisor prompt, summary, and sticky-comment text so it recommends Vitest-backed E2E scenario dispatches without teaching “scenario E2E” as a separate E2E class. - Fixes shared sandbox fixture helpers so `SandboxClient.exec()` uses `openshell sandbox exec -n <name>` and exposes `execShell()` / `upload()` for follow-on migrations. ## Type of Change - [ ] Code change (feature, bug fix, or refactor) - [x] Code change with doc updates - [ ] Doc only (prose changes, no code sample modifications) - [ ] Doc only (includes code sample changes) ## Verification - `npx vitest run --project e2e-vitest-support --silent=false --reporter=default` - `npx vitest run --project cli test/pr-workflow-contract.test.ts test/e2e-scenario-advisor.test.ts --silent=false --reporter=default` - `npx vitest run --project cli test/e2e-script-workflow.test.ts test/pr-review-advisor.test.ts --reporter=default` - `npx vitest run --project e2e-vitest-support test/e2e-scenario/support-tests/e2e-migration-policy.test.ts --reporter=default` - `npm run test-size:check -- test/e2e-script-workflow.test.ts` - `npx markdownlint-cli2 docs/about/release-notes.mdx test/e2e-scenario/docs/MIGRATION.md test/e2e-scenario/docs/README.md test/e2e-scenario/docs/RETIREMENT.md "!node_modules/**" "!skills/**"` - `node -e "JSON.parse(require("fs").readFileSync("tools/e2e-advisor/scenarios-schema.json","utf8"))"` - `npm run typecheck:cli` - `git diff --check` - Commit and push hooks passed with `SSH_AUTH_SOCK=/tmp/ssh-Nu4xGJZo0F/agent.712827`. - [ ] `npx prek run --all-files` passes - [ ] `npm test` passes - [x] Tests added or updated for new or changed behavior - [x] No secrets, API keys, or credentials committed - [x] Docs updated for user-facing behavior changes - [ ] `npm run docs` builds without warnings (doc changes only) - [ ] Doc pages follow the [style guide](https://github.com/NVIDIA/NemoClaw/blob/main/docs/CONTRIBUTING.md) (doc changes only) - [ ] New doc pages include SPDX header and frontmatter (new pages only) --- Signed-off-by: Carlos Villela <cvillela@nvidia.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Consolidated E2E test infra under a Vitest-driven fixtures/support layer and renamed the E2E support project. * **Documentation** * Updated migration guidance to use GitHub issues/PRs as the source of truth and clarified fixture-owned responsibilities and migration checklist. * **Tests** * Added migration-policy/source-of-truth tests; removed legacy repo-local migration ledger; updated scenario and PR-review advisor outputs to target Vitest E2E and to block reintroduced ledgers. * **New Features** * Fixture sandbox helpers added (shell-run/upload) and command usage normalized for named sandboxes. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Julie Yaunches <jyaunches@nvidia.com>
prekshivyas
left a comment
prekshivyas
left a comment
There was a problem hiding this comment.
Reviewed (code + 9-cat security). Test-only guardrail: freezes the legacy test/e2e/test-*.sh set (72-entry allowlist) and the nightly-wired subset (59-entry allowlist, each file-backed) to stop the bash E2E surface growing during the Vitest migration.
✅ Approve — I reproduced both allowlists byte-exact against the head SHA (empty diffs), and the path/URL resolution + the nightly-ref regex are correct with no blind spots (all refs live under jobs:). Security: all 9 pass — and it actually helps posture by pinning the existence of the security E2Es (test-network-policy.sh, test-credential-sanitization.sh, test-hermes-sandbox-secret-boundary.sh, …) in the nightly wiring, so silently dropping one would fail this test.
The deliberate maintenance friction (any add/remove of a legacy script now requires editing this file) is the stated, intended purpose.
|
Thanks for putting this guardrail together. This shape ended up being useful, but it has already been folded into #5126, which is now merged on main. At this point the remaining #5156 branch is superseded rather than separately mergeable: main has moved forward with later updates to , including follow-on allowlist changes and additional coverage/wiring assertions. Merging this PR now would risk dropping those newer updates. Closing as superseded by #5126. |
|
Small correction to the previous note: the omitted file path was test/e2e-script-workflow.test.ts. |
4 participants
Summary
test/e2e/test-*.shlegacy bash suite with an explicit allowlistnightly-e2e.yamllegacy script wiring with a separate allowlistRationale
This keeps the legacy bash E2E surface from growing while migration work moves toward Vitest/regression coverage. When a nightly-wired legacy script is intentionally retired, the retiring PR should remove it from
nightly-e2e.yamland update this allowlist in the same change.Validation
npx vitest run test/e2e-script-workflow.test.ts --reporter=default✅npm run test-size:check -- test/e2e-script-workflow.test.ts✅Note: pre-push full
testhook was not used for upload because this local worktree lacks full generated/dist artifacts and Docker; targeted validation above passed.Summary by CodeRabbit