Initial commit adding integration tests.

[jrbenny35]

Works on #1539 #1556

Adds a total of 6 tests. 3 are visual regression tests that use a base image screenshot, The others are using selenium to validate the page loads the correct data

1. should load correct number of breaches from an email input: Checks the number of breaches shown matches the number.
2. should allow secondary email to be added: Flow that logs in and adds an email from the user dashboard.
3. should load the latest breach card: Checks breach card loads on home page

[pdehaan]

Q: Do we need "tests/integration/results/allure-results/wdio-0-0-allure-reporter.log"?

LOL at all the floating headers in the screenshots.

I'm not sure the Breaches_Page baselines will really work in the long run. It seems like any recent breach will cause the items to reorder and we'll need to regen the baselines after each freshly added breach. Possibly multiple times after we upload a new breach logo to the CDN.

Even the Home_Page baseline has a recent breach card. Not sure how viable it would be to hide that DOM element before taking/comparing images, or if that would defeat the purpose and reduce confidence (less brittle test that doesn't test a core thing). 🤷‍♂

[pdehaan]

Was this just to appease the ESLint gods, or was this needed for something else?

[jrbenny35]

For eslint. The $ is needed for wdio though

[pdehaan]

Ah, OK. You can also define [per-glob] globals in the ESLint config file (.eslintrc.js in root of project) instead of needing to define in each template.

For example, in the .eslintrc.js overrides: section, you can tweak the tests/**/*.js glob (around L32) and inject your $, $$, and browser globals there — if that is easier.

    {
      files: [
        'tests/**/*.js',
      ],
      env: {
        jest: true,
      },
+     globals: {
+       "$": "readonly",
+       "$$": "readonly",
+       "browser": "readonly",
+     },
    },

[jrbenny35]

Well that's pretty neat!

[pdehaan]

n-th child!
Not sure if we want to put a more convenient class/handle on that submit button to make this any easier on you.
Or not sure if we can abuse the system with something like:

$(".input-group-button > input[type='submit']).click(); // if this even works

I'd be reluctant to bend it too far and try reading the button's label, since that will change with different locales (ie: input[value='Check for Breaches'] feels a bit risky risky).

[jrbenny35]

Classes on everything would make it easier but I know that is boring so..this works, and if it gets updated it's an easy change

[pdehaan]

👍

[jrbenny35]

Sometimes the email doesn't show as monitor passes the email you used for checking breaches into the fxa sign in

[pdehaan]

This looks great, @jrbenny35!
Thanks for all your hard work on this!

[pdehaan]

Should this be uncommented (like in L7 of previous file)?

[jrbenny35]

I am thinking retries aren't so bad, as there are multiple things that could go wrong. What do you think @pdehaan

[pdehaan]

👍 on retries, and 2 is a good number.

[groovecoder]

I'm always nervous about adding shell scripts to repos. Can we add this WITHOUT executable permission, and then have the docker file change it to executable?

[pdehaan]

OK, after marinating on this overnight and giving it a few Bing searches, what about something like this: https://www.npmjs.com/package/wait-on

wait-on is a cross-platform command line utility which will wait for files, ports, sockets, and http(s) resources to become available (or not available using reverse mode). Functionality is also available via a Node.js API. Cross-platform - runs everywhere Node.js runs (linux, unix, mac OS X, windows)

I've never used it in a project yet, but 🤷‍♂.

Our current implementation looks something like this:

command: ["./scripts/wait-for-it.sh", "postgres:5432", "--", "npm", "run", "db:migrate"]

Not sure if that would be similar to:

command: ["wait-on", "tcp:5432", "&&", "npm", "run", "db:migrate"]

Or if we just add another npm script in package.json which does "ci:db:migrate" so the command looks less scary.

[jrbenny35]

Not sure what would be best here. I am open to suggestions.

[pdehaan]

@jrbenny35 and I were noodling on this a bit, and we might be able to remove the +x flag on the .sh file and just invoke this script using bash ./wait-for-it.sh. Testing locally, that seems to still work in a simple test case even though the file is non-executable.

[groovecoder]

for a future enhancement, we might want to run tests with mobile-dimension window sizes. or do we use another mechanism for testing mobile browsers/dimensions?

[jrbenny35]

For mobile I'll have to set a screensize as well. We could maybe have another *.conf.js for mobile that has that set differently.

[pdehaan]

@groovecoder did you have a specific device/viewport in mind?
Somewhere between an Alcatel Go Flip 2 and a Samsung Galaxy S20 Ultra 5G Turbo: Hyper Fighting edition?

[jrbenny35]

I usually use an iPhone 'Plus' model

[pdehaan]

Looks like the latest iPhone [11 Pro Max], has the following viewport:

    'viewport': {
      'width': 414,
      'height': 896,
      'deviceScaleFactor': 3,
      'isMobile': true
    }

— per the playwright deviceDescriptors file.

[pdehaan]

For mobile I'll have to set a screensize as well. We could maybe have another *.conf.js for mobile that has that set differently.

I think all that would need to change is the browser.setWindowSize(w, h) dimensions, correct?
Wondering if we could convert that into ENV vars (maybe with a desktop fallback). That way we wouldn't need any new config files and we could possibly hack something like this:

"test:integration:mobile": "BROWSER_WIDTH=414 BROWSER_HEIGHT=896 wdio tests/integration/wdio.conf.js",

Then, above we'd just need to change to this psesudo-code mess:

// NOTE: Env vars come in as strings, iirc, so we cast them to numbers here.
browser.setWindowSize(
    Number(process.env.BROWSER_WIDTH) || 1920,
    Number(process.env.BROWSER_HEIGHT) || 1080
);

[jrbenny35]

This is good thinking. @groovecoder thoughts on this?

[jrbenny35]

I'm not sure the Breaches_Page baselines will really work in the long run. It seems like any recent breach will cause the items to reorder and we'll need to regen the baselines after each freshly added breach. Possibly multiple times after we upload a new breach logo to the CDN.

Even the Home_Page baseline has a recent breach card. Not sure how viable it would be to hide that DOM element before taking/comparing images, or if that would defeat the purpose and reduce confidence (less brittle test that doesn't test a core thing). man_shrugging

I wonder how exact it is. I think it is worth having but if it comparing words, then yeah, that will be a problem. That is why I wanted to use a range. It calculates a percentage based on how "off" the page is.

[pdehaan]

It calculates a percentage based on how "off" the page is.

AAAHHHH... OK, my misunderstanding. The tool we used at a different company measured by pixels so we could only have 0-5 pixels different from a baseline, not 0-5%. I say we run with it for a bit and see how it works in the long run.

[jrbenny35]

It calculates a percentage based on how "off" the page is.

AAAHHHH... OK, my misunderstanding. The tool we used at a different company measured by pixels so we could only have 0-5 pixels different from a baseline, not 0-5%. I say we run with it for a bit and see how it works in the long run.

I agree. If the words make up for 10% or less, I think we are still good (as we discussed on slack).

[pdehaan]

From @jrbenny35 in a Slack channel:

there is a new breach added to monitor, the visual tests failed with 6.55% diff

[jrbenny35]

From @jrbenny35 in a Slack channel:

there is a new breach added to monitor, the visual tests failed with 6.55% diff

The homepage failed with a 5.8ish% diff and the "Breaches" page failed with 6.55%. If this keeps gets worse with more breaches, we will have to revist this and maybe create a better baseline.

[pdehaan]

If this keeps gets worse with more breaches, we will have to revisit this and maybe create a better baseline.

Yeah, I can imagine the /breaches/ endpoint will be a hot mess(tm). Currently the breaches are sorted by the breach date (which isn't a displayed field, making the ordering appear completely random). So if a breach is new added to the site, it could be displayed first (invalidating the order of all 15 items), or could appear 8th in the list (invalidating only 7-8 of the 15 displayed items), or could be displayed as the 200th most recent breach, which is then hidden behind the "Show All" button, and may not even appear in the image diff (depending on whether you baseline before or after hitting the "Show All" button).

So the fact the "Slickwraps" breach is currently the lastest breach date and date added (putting it in the first slot of the /breaches/ page), seems to be our worst case scenario -- image-diff-wise speaking.

[jrbenny35]

If you want to try these locally you will need to follow these instructions:

1. Copy .env-dist to .env.
2. Set the following env variables: FXA_ENABLED=1, HIBP_KANON_API_TOKEN=token123, HIBP_API_TOKEN=token123, MONITOR_FXA_PASSWORD=password. Replace the values in "token123" and "password" with the correct ones.
3. In the same shell instance, start the server and build the docker image docker-compose -f tests/integration/docker-compose.yml up --build -d.
4. Run the tests: npm run test:integration.

I can provide the MONITOR_FXA_PASSWORD on slack if needed. @groovecoder has it too.

[pdehaan]

Ah, interesting! looks like geckodriver is on npm too: https://www.npmjs.com/package/geckodriver (by our very own vladikoff!)

[jrbenny35]

Should I link that instead?

[pdehaan]

No, sorry, that was just me thinking out loud and bookmarking it for future reference. It'd only make sense to switch if we added it as a project dependency in package.json and got rid of the explicit dependency of having it preinstalled. But I'd have to audit the npm install to see how big that bundle is. In fact, I can do that right now.

Looks like running npm i geckodriver -D in a fresh directory adds about 9.7 MB of node_modules goodness, including the following files in ./node_modules/geckodriver/:

-rwxr-xr-x   5.0M 10 Oct 15:53 geckodriver
-rw-r--r--   1.9M  5 Mar 10:26 geckodriver.tar.gz

But let's just leave this as-is for now and can refactor in the future after this lands.

[jrbenny35]

Good info to have though!

[jrbenny35]

@groovecoder @lesleyjanenorton would love to land this this week

[jrbenny35]

@groovecoder @lesleyjanenorton any updates?

[pdehaan]

@groovecoder @lesleyjanenorton Do either of you have any bandwidth to assist with this? We've rebased and are still seeing the test failure on Travis-CI (https://travis-ci.org/github/mozilla/blurts-server/jobs/666489293?utm_medium=notification&utm_source=github_status) but I'm still unclear if it's related to our PR since it doesn't look like we've touched any of the failing code. Although @jrbenny35 rebased and it looks like we should be in sync w/ latest changes to master branch.

I'm at a bit of a loss.

[groovecoder]

One last change requested. I can't speak much to how we should write all the page tests, so I'm assuming @pdehaan is making the thorough review of that code.

[pdehaan]

I assume these are OK to change? (I know it's just a dist file, but wanted to confirm these aren't critical creds that need to be regenerated now).

[groovecoder]

Yup, these are the values I have on my local file and it's working.

[pdehaan]

Are these OK to be "naked", or should they be empty strings, a la =""?

[jrbenny35]

Yes, according to, https://www.npmjs.com/package/dotenv

[pdehaan]

Curious, should this be "true"? I think breach resolutions are enabled in production. Curious what effect this would have, apart from the logged in admin being slightly different.

[groovecoder]

The breach detail pages will also be different for logged-in users.

[pdehaan]

Awesome work @jrbenny35, as always!
Re-reviewed the latest changes and left a few random thoughts and comments.
@groovecoder Can you give this one last 👀 before we merge this into the big code repo in the sky?

[groovecoder]

Update to eslintrc looks good. Thanks.