Skip Keycloak-required e2e tests when VITE_KEYCLOAK_URL is unset (preview-env auth pattern) #115

New issue

Open

opened 2026-04-25 02:01:44 +00:00 by forgejo_admin · 0 comments

forgejo_admin commented

2026-04-25 02:01:44 +00:00

Contributor

Type

Bug

Lineage

Discovered while auditing pipeline #128 failures after PR #111 switches Playwright to local webServer (preview at http://localhost:4173). 3 e2e tests assume keycloak.login() will fire and redirect to a URL containing keycloak or /realms/. The preview env has no VITE_KEYCLOAK_URL configured, so the redirect never happens, the page stays on /edit, and the form renders. Tests fail.

Repo

forgejo_admin/pal-e-app

What Broke

Three Playwright tests fail consistently in pipeline #128 (and any pipeline running against the local preview without Keycloak):

e2e/auth.spec.ts:45 — Auth boundary — unauthenticated › /notes/{slug}/edit redirects to Keycloak when unauthenticated
e2e/note-edit.spec.ts:4 — Note edit page — structure › edit page redirects to Keycloak when not authenticated
e2e/note-edit.spec.ts:18 — Note edit page — structure › edit page does not render edit form when unauthenticated

These tests were authored assuming Keycloak is reachable. After #111's preview-webServer switch (closes #112), they run in an env without Keycloak.

Repro Steps

Check out main (or 110-revert-rename once #111 merges).
Run npx playwright test e2e/auth.spec.ts:45 e2e/note-edit.spec.ts:4 e2e/note-edit.spec.ts:18.
All three fail because the page stays on /edit and form renders.

Expected Behavior

Tests should skip cleanly when no Keycloak is configured, and continue to assert auth behavior when one IS configured. Default fix: at module-load in each spec file, check process.env.VITE_KEYCLOAK_URL (or equivalent — there is no test helper today). If absent, test.skip() the 3 auth-dependent tests with a clear reason. Pipeline goes green.

Environment

Repo: forgejo_admin/pal-e-app at SHA ≥ 4454c8d (PR #109)
Test framework: Playwright + chromium, 1 worker on CI, 1 retry
Test target: local preview at http://localhost:4173 (per #111/#112 switch)
Keycloak: NOT configured in preview env — VITE_KEYCLOAK_URL unset
Pipelines exhibiting failure: #128 (and prior since #111 branch built)

Acceptance Criteria

Pipeline run with these 3 tests in skipped (not failed) when no Keycloak configured
Tests still execute (and are expected to pass) when VITE_KEYCLOAK_URL is set
No other tests regress
Skip reason documented inline so future maintainers understand why

Out of Scope

Wiring VITE_KEYCLOAK_URL into CI preview env (separate, larger scope; would require Keycloak availability + secret plumbing)
Building a Playwright Keycloak mock helper (separate ticket if pursued)
Other 3 e2e failures in pipeline #128 — those are tracked in pal-e-app#114

pal-e-app#111 — preview-webServer switch that surfaced this gap
pal-e-app#112 — preview-webServer parent ticket
pal-e-app#114 — the OTHER 3 e2e failures (UI-side, not auth-side)
pal-e-app#96 — circular dependency that #111 fixes

### Type Bug ### Lineage Discovered while auditing pipeline #128 failures after PR #111 switches Playwright to local `webServer` (preview at `http://localhost:4173`). 3 e2e tests assume `keycloak.login()` will fire and redirect to a URL containing `keycloak` or `/realms/`. The preview env has no `VITE_KEYCLOAK_URL` configured, so the redirect never happens, the page stays on `/edit`, and the form renders. Tests fail. ### Repo `forgejo_admin/pal-e-app` ### What Broke Three Playwright tests fail consistently in pipeline #128 (and any pipeline running against the local preview without Keycloak): 1. `e2e/auth.spec.ts:45` — `Auth boundary — unauthenticated › /notes/{slug}/edit redirects to Keycloak when unauthenticated` 2. `e2e/note-edit.spec.ts:4` — `Note edit page — structure › edit page redirects to Keycloak when not authenticated` 3. `e2e/note-edit.spec.ts:18` — `Note edit page — structure › edit page does not render edit form when unauthenticated` These tests were authored assuming Keycloak is reachable. After #111's preview-webServer switch (closes #112), they run in an env without Keycloak. ### Repro Steps 1. Check out `main` (or `110-revert-rename` once #111 merges). 2. Run `npx playwright test e2e/auth.spec.ts:45 e2e/note-edit.spec.ts:4 e2e/note-edit.spec.ts:18`. 3. All three fail because the page stays on `/edit` and form renders. ### Expected Behavior Tests should skip cleanly when no Keycloak is configured, and continue to assert auth behavior when one IS configured. Default fix: at module-load in each spec file, check `process.env.VITE_KEYCLOAK_URL` (or equivalent — there is no test helper today). If absent, `test.skip()` the 3 auth-dependent tests with a clear reason. Pipeline goes green. ### Environment - Repo: `forgejo_admin/pal-e-app` at SHA ≥ `4454c8d` (PR #109) - Test framework: Playwright + chromium, 1 worker on CI, 1 retry - Test target: local preview at `http://localhost:4173` (per #111/#112 switch) - Keycloak: NOT configured in preview env — `VITE_KEYCLOAK_URL` unset - Pipelines exhibiting failure: #128 (and prior since #111 branch built) ### Acceptance Criteria - [ ] Pipeline run with these 3 tests in `skipped` (not `failed`) when no Keycloak configured - [ ] Tests still execute (and are expected to pass) when `VITE_KEYCLOAK_URL` is set - [ ] No other tests regress - [ ] Skip reason documented inline so future maintainers understand why ### Out of Scope - Wiring `VITE_KEYCLOAK_URL` into CI preview env (separate, larger scope; would require Keycloak availability + secret plumbing) - Building a Playwright Keycloak mock helper (separate ticket if pursued) - Other 3 e2e failures in pipeline #128 — those are tracked in `pal-e-app#114` ### Related - `pal-e-app#111` — preview-webServer switch that surfaced this gap - `pal-e-app#112` — preview-webServer parent ticket - `pal-e-app#114` — the OTHER 3 e2e failures (UI-side, not auth-side) - `pal-e-app#96` — circular dependency that #111 fixes

Commenting is not possible because the repository is archived.