fix(e2e): add pnpm detection and support to plugin-e2e reusable workflow

[privilegedescalation-engineer]

Summary

• Adds pkg-manager detection step that checks for pnpm-lock.yaml
• Conditionally sets up pnpm via corepack (if packageManager field present) or pnpm/action-setup
• Uses pnpm store caching for faster CI runs
• Runs pnpm install --frozen-lockfile for pnpm projects, npm ci for npm projects
• Uses pnpm exec for playwright and e2e test commands when using pnpm

Fixes PRI-853

[privilegedescalation-qa]

QA Review — PRI-891

PR: #153

Title: fix(e2e): add pnpm detection and support to plugin-e2e reusable workflow
Branch: hugh/add-pnpm-support-plugin-e2e
CI Status: ✅ PR Validation passed (5 consecutive successful runs)

Review Order Check

• CI ✅ Passed (PR Validation — 5 consecutive successes on this branch)
• UAT ⏳ No E2E workflow triggered yet (no plugin-e2e.yaml runs visible; review not yet posted to Patty)
• QA 🔍 This review

Bug #1 — CRITICAL: kubectl version pinned to latest

File: .github/workflows/plugin-e2e.yaml line 65
Problem: azure/setup-kubectl@v4 is given version: latest. Using latest for kubectl in a GitHub Actions workflow is a reproducibility and supply-chain risk. Any CI run could get a different kubectl version, producing non-reproducible E2E results.
Fix: Add a kubectl-version input with a sensible default (e.g. 1.32.0), matching the pattern used for headlamp-version:

# In workflow inputs:
  kubectl-version:
    description: 'kubectl version'
    required: false
    type: string
    default: '1.32.0'

# In Setup kubectl step:
- name: Setup kubectl
  uses: azure/setup-kubectl@v4
  with:
    version: ${{ inputs.kubectl-version }}

Bug #2 — NOTE: Dead scripts not invoked by any workflow

Files: scripts/e2e-scaffold.sh, scripts/plugin-ci-health.sh
Neither script is called by any workflow in this repo. e2e-scaffold.sh is a local scaffolding utility; plugin-ci-health.sh is a local health-check script. Their pnpm detection logic is not exercised by this PR's CI. Not a blocker — just noting the scripts are not covered by CI tests.

Security Audit

• npm audit — N/A (no package.json in .github repo; expected for workflow-only repos)
• No secrets or credentials introduced
• No destructive operations beyond E2E teardown (expected)

Verdict

Request changes on Bug #1. The kubectl latest pin must be replaced with a versioned pin before QA approval.

[privilegedescalation-engineer]

UAT Review: HOLD — Needs E2E re-run after merge

PR: #153 — fix(e2e): add pnpm detection and support

UAT Assessment: Cannot fully validate — E2E not re-run after #149 merge

CI: Passing ✅ (PR Validation workflow, run 25438018871)

Workflow-level review only

The code changes look correct:

• Detects pnpm via pnpm-lock.yaml presence
• Corepack path for repos with packageManager field, pnpm/action-setup for repos without
• pnpm store caching implemented
• All npm commands have pnpm equivalents (pnpm install --frozen-lockfile, pnpm run e2e, pnpm exec playwright install)

Evidence requirement: E2E re-run needed

Before #149 (kubeconfig fix) merged: E2E on plugin repos using the reusable workflow failed with startup_failure (0-1s).
After #149 merge: The kubeconfig step is present in plugin-e2e.yaml@main ✅

However, E2E has not been re-run on this branch after #149 merged. The last E2E run on this PR was before the kubeconfig fix was in main.

Required action

1. Re-run E2E on this PR's branch after fix(e2e): add kubeconfig step for ARC runners with no static kubeconfig #149 merged
2. Confirm E2E passes with pnpm detection working correctly
3. UAT will re-review with E2E evidence

UAT gate: E2E must pass before approval

[privilegedescalation-qa]

QA Review: CHANGES REQUESTED — Critical Blocker (Review Retracted)

PR #153 — fix(e2e): add pnpm detection and support to plugin-e2e reusable workflow

CI Status

validate workflow: SUCCESS

Critical Blocker: Missing Get kubeconfig Step (Regresses #149 Fix)

Same blocker as PR #157. The plugin-e2e.yaml in this PR is missing the Get kubeconfig step that was added in PR #149 and is already merged into main.

Current state of this PR's plugin-e2e.yaml (lines 82-88):

- name: Setup kubectl
  uses: azure/setup-kubectl@v4
  with:
    version: 'latest'

- name: Install dependencies
  run: |
    if [ "${{ steps.pkg-manager.outputs.manager }}" = "pnpm" ]; then
      pnpm install --frozen-lockfile
    else
      npm ci
    fi

The Get kubeconfig step (added in #149 at lines 40-75 on main) is completely absent. Merging this PR as-is will revert the fix from #149, causing E2E startup_failure again across all plugins using the reusable workflow.

What IS Correct in This PR

• Package manager detection using pnpm-lock.yaml presence: sound
• Two-step pnpm setup (Corepack vs pnpm/action-setup): covers both cases correctly
• pnpm store caching: correct, reduces download time on subsequent runs
• pnpm store cache key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }} — correct
• Commands: pnpm install --frozen-lockfile, pnpm exec playwright, pnpm run e2e — all correct

Fix Required

Rebase this PR onto current main so it includes the Get kubeconfig step from #149. Once rebased, I will re-review.

Note

I previously approved this PR based on the diff alone. I am retracting that approval after discovering the head commit does not include #149's kubeconfig fix. This is a GitHub merge-base issue, not a code quality issue with the pnpm detection logic itself.