feat(ci): implement tiered CI testing strategy

[ggfevans]

User description

Summary

Implements tiered CI testing to cut PR feedback loops from ~20 min to ~5 min (#1276):

• PR validation: lint + unit + smoke E2E (chromium only) — ~5 min, blocking
• Weekly health: full E2E across all 6 browser projects — Mon 6am UTC, creates/updates issue on failure
• Release gate: full E2E before GitHub Release creation — skippable via workflow_dispatch for hotfixes

Changes

• playwright.smoke.config.ts — conditional webServer (local build when no SMOKE_TEST_URL, remote URL when set); added basic-workflow.spec.ts to test match
• package.json — added test:e2e:ci-smoke script
• .github/workflows/test.yml — removed push: main trigger, chromium-only, smoke E2E
• .github/workflows/test-full.yml — new weekly + callable full E2E with dedup issue notification
• .github/workflows/release.yml — added full E2E gate with skip_tests hotfix escape

Sibling issue alignment

• Does NOT touch deploy-prod.yml (chore(release): harden deploy-prod trigger and tag/ref guards #1279), claude.yml (chore(security): tighten Claude workflow trust boundary and permissions #1280), code-health.yml (chore(metrics): replace weekly code-health issue spam with rolling reports #1281), or octocov.yml (chore(metrics): make Octocov publication non-mutating and failure-visible #1282)
• Uses automated + ci-failure labels compatible with chore(metrics): replace weekly code-health issue spam with rolling reports #1281's rolling reports pattern

Test plan

• npm run test:e2e:ci-smoke passes locally (9 tests, 28s, chromium only)
• PR triggers smoke-only E2E in test.yml (~5 min)
• Manual workflow_dispatch on test-full.yml runs all 6 browser projects
• Release with skip_tests: true bypasses E2E gate

Closes #1276

🤖 Generated with Claude Code

---

CodeAnt-AI Description

Run fast smoke tests on PRs, weekly full cross-browser E2E, and a gated full-test release workflow

What Changed

• Pull requests now run a short CI tier: lint, unit tests, and Chromium-only smoke E2E (local build) for ~5 minute feedback
• Full end-to-end test suite now runs on a scheduled weekly job (Monday 06:00 UTC) across browsers and creates/updates an issue when it fails
• Release creation is gated by the full E2E workflow but can be manually dispatched with a "skip_tests" option for emergency hotfixes
• New npm script to run the CI smoke tests and smoke test config will either build/serve locally in CI or target a live URL when SMOKE_TEST_URL is set
• Test workflow no longer runs full E2E on every push to main and now installs only Chromium for PR smoke runs

Impact

✅ Faster PR feedback
✅ Fewer full E2E runs consuming CI minutes
✅ Clearer release gating with an emergency bypass

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

CodeAnt AI is reviewing your PR.

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a3a970e and 87354ac.

📒 Files selected for processing (3)

• .github/workflows/release.yml
• .github/workflows/test.yml
• playwright.smoke.config.ts

---

📝 Walkthrough

Walkthrough

This PR refactors GitHub Actions test workflows to separate full end-to-end tests (scheduled weekly) from smoke tests (run on pull requests), introduces a new full-test job in the release workflow, and adds an option to skip tests during release via workflow_dispatch input.

Changes

Cohort / File(s)	Summary
Release Workflow Updates .github/workflows/release.yml	Added workflow_dispatch input to optionally skip tests, new full-test job that conditionally runs .github/workflows/test-full.yml, updated create-release job to depend on full-test with success/skipped condition, and added warning step when tests are skipped.
Test Workflow Separation .github/workflows/test-full.yml, .github/workflows/test.yml	Introduced new comprehensive E2E test workflow (test-full.yml) running on schedule and via dispatch/call with full browser setup, artifact upload, and failure issue creation. Simplified test.yml by removing main branch push trigger, removing webkit browser, and converting to smoke tests only.
Playwright Smoke Config playwright.smoke.config.ts	Added conditional baseURL and webServer configuration supporting both local development (localhost:4173) and deployed CI environments via SMOKE_TEST_URL variable. Extended test suite to include basic-workflow.spec.ts alongside smoke.spec.ts.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant GitHub as GitHub Actions
    participant FullTest as Full-Test Job
    participant Release as Create-Release Job
    participant Issue as GitHub Issues API

    User->>GitHub: Trigger release workflow (with/without skip_tests)
    
    alt skip_tests = 'true'
        GitHub->>Release: Skip full-test, proceed to create-release
        Release->>Release: Emit warning: Tests skipped
    else skip_tests = 'false' (default)
        GitHub->>FullTest: Run full-test job (trigger test-full.yml)
        FullTest->>FullTest: Checkout, setup Node, run linting<br/>Run E2E tests, upload artifacts
        
        alt Tests Pass
            FullTest->>GitHub: result = 'success'
            GitHub->>Release: Proceed (needs.full-test.result = 'success')
        else Tests Fail
            FullTest->>Issue: Create/comment issue with<br/>test failure details & run link
            FullTest->>GitHub: result = 'failure'
            GitHub->>Release: Block release
        end
    end
    
    Release->>Release: Create release

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• #489: Modifies Playwright smoke-test configuration and smoke test workflow definitions with overlapping file changes.
• #1284: Alters .github/workflows/test.yml trigger strategy and job structure in potentially conflicting ways.

Suggested labels

size:M

Poem

🐰 Workflows split with grace and care,
Smoke tests swift through GitHub air,
Full tests weekly, thorough and true,
Release gates decide what to do! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Linked Issues check	❓ Inconclusive	The PR partially addresses #1276's objectives by implementing tiered testing and workflow improvements, but does not deliver the full audit requirements (workflow inventory, comprehensive findings report, or complete hardening assessment).	This PR implements a specific solution from the broader #1276 audit scope. Clarify whether this completes the issue or if additional follow-up issues are needed to address remaining audit objectives (inventory, security review, observability enhancements).

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat(ci): implement tiered CI testing strategy' clearly and concisely summarizes the main change: introducing a tiered CI testing approach to optimize test execution and reduce feedback loops.
Description check	✅ Passed	The description is comprehensive and directly related to the changeset, explaining the tiered CI strategy, specific workflow changes, test plan, and alignment with issue #1276.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with implementing the tiered CI testing strategy described in the PR objectives and explicitly avoids modifying other workflows mentioned as out-of-scope.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/tiered-ci-testing

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codeant-ai]

Nitpicks 🔍

🔒 No security issues identified

⚡ Recommended areas for review Reuse Server Logic reuseExistingServer: !process.env.CI relies on JavaScript truthiness of process.env.CI (a string). If CI environment variables are set to 'false' (string) this will still be truthy and flip logic incorrectly. Use an explicit boolean check to avoid surprises. Test Matching testMatch is set to exact filenames. This can miss tests placed in subfolders or with different relative paths. Confirm the chosen patterns cover all intended smoke tests and won't break when files are moved into nested folders.

[codeant-ai]

CodeAnt AI finished reviewing your PR.

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/release.yml:
- Around line 7-12: Add a visible annotation when the emergency hotfix escape
hatch (workflow_dispatch input skip_tests) is used by updating the
create-release job to emit a warning or summary if tests were bypassed;
specifically detect the test gate outcome (e.g., check needs.full-test.result ==
'skipped' or the job result that indicates skip) and run a step that uses GitHub
Actions logging (warning/notice) or adds a workflow summary entry stating
"Release created with skip_tests=true - full E2E tests were bypassed" so
reviewers and auditors can easily see when the safety gate was ignored.

In `@package.json`:
- Around line 22-23: The package.json contains duplicate scripts
"test:e2e:ci-smoke" and "test:e2e:smoke" that both run "playwright test --config
playwright.smoke.config.ts"; either consolidate them into a single script
(remove one and update references to use the remaining script) or make the
CI-specific script explicit by setting the CI environment variable and/or
SMOKE_TEST_URL when invoking Playwright (e.g., have "test:e2e:ci-smoke" set
CI=true or provide SMOKE_TEST_URL before calling the same command) so the intent
is clear and maintenance overhead is reduced; update any CI/job definitions or
README references to the chosen script name accordingly.

In `@playwright.smoke.config.ts`:
- Around line 43-51: Add a webServer timeout to the conditional webServer config
so builds that hang fail fast; inside the object returned when smokeTestUrl is
falsy (the webServer object that currently contains command, port,
reuseExistingServer), add a timeout property (milliseconds) — e.g., 120000 — to
limit how long "command: 'npm run build && npm run preview'" can run before
Playwright fails the setup.

---

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c560ab0 and a3a970e.

📒 Files selected for processing (5)

• .github/workflows/release.yml
• .github/workflows/test-full.yml
• .github/workflows/test.yml
• package.json
• playwright.smoke.config.ts