[HOTE-803] feat: Add some improvements to E2E tests

[mikeeq]

Description

Context

Type of changes

• Refactoring (non-breaking change)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would change existing functionality)
• Bug fix (non-breaking change which fixes an issue)

Checklist

• I am familiar with the contributing guidelines
• I have followed the code style of the project
• I have added tests to cover my changes
• I have updated the documentation accordingly
• This PR is a result of pair or mob programming

---

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

• I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

[github-actions]

Lambdas Coverage Report

Lines	Statements	Branches	Functions
	98.44% (1646/1672)	92.37% (448/485)	97.05% (264/272)

[github-actions]

UI Coverage Report

Lines	Statements	Branches	Functions
	96.16% (5669/5895)	88.22% (682/773)	88.06% (214/243)

[Copilot]

Pull request overview

Updates the Playwright E2E GitHub Actions workflow to better align local CI startup with the repo’s local environment scripts and to surface flaky tests (tests that pass on retry) in CI output.

Changes:

• Switches local startup command from npm run start to npm run local:start in the E2E workflow.
• Adds a “Detect flaky tests” step that parses Playwright JSON results and emits GitHub warnings.
• Extends the job summary to include flaky test counts and details.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

[Copilot]

The 3-minute step timeout for npx playwright install --with-deps is likely too low on cache-miss runners (apt deps + browser downloads can exceed this), causing avoidable CI failures; increase/remove the timeout or apply it only to the download portion when cache is warm.

Suggested change

timeout-minutes: 3

[Copilot]

The flaky-test detection suppresses all jq parse/runtime errors (2>/dev/null), which can silently hide a broken/changed Playwright JSON schema and report “No flaky tests” incorrectly; capture jq’s exit code and emit a warning (or fail the step) when parsing fails.

[Copilot]

In the summary generation, jq ... 2>/dev/null || echo 0 treats JSON parse errors the same as “0 flaky tests”, which can make the job summary misleading; handle jq failures explicitly and surface a warning when the results file can’t be parsed.

Suggested change

	FLAKY_COUNT=$(jq '[.suites[]? | .. | .tests?[]? | select(.status == "flaky")] | length' "$RESULTS_FILE" 2>/dev/null || echo 0)
	if [ "$FLAKY_COUNT" -gt 0 ]; then
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "### :warning: Flaky Tests ($FLAKY_COUNT)" >> $GITHUB_STEP_SUMMARY
	echo "These tests failed initially but passed on retry:" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	jq -r '[.suites[]? | .. | .tests?[]? | select(.status == "flaky")] | .[] | "- **\(.title)** (\(.location.file):\(.location.line))"' "$RESULTS_FILE" 2>/dev/null >> $GITHUB_STEP_SUMMARY
	if FLAKY_COUNT=$(jq '[.suites[]? | .. | .tests?[]? | select(.status == "flaky")] | length' "$RESULTS_FILE" 2>/dev/null); then
	if [ "$FLAKY_COUNT" -gt 0 ]; then
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "### :warning: Flaky Tests ($FLAKY_COUNT)" >> $GITHUB_STEP_SUMMARY
	echo "These tests failed initially but passed on retry:" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	if FLAKY_DETAILS=$(jq -r '[.suites[]? | .. | .tests?[]? | select(.status == "flaky")] | .[] | "- **\(.title)** (\(.location.file):\(.location.line))"' "$RESULTS_FILE" 2>/dev/null); then
	printf '%s\n' "$FLAKY_DETAILS" >> $GITHUB_STEP_SUMMARY
	else
	echo ":warning: Could not parse flaky test details from $RESULTS_FILE" >> $GITHUB_STEP_SUMMARY
	fi
	fi
	else
	echo "" >> $GITHUB_STEP_SUMMARY
	echo ":warning: Could not parse flaky test results from $RESULTS_FILE" >> $GITHUB_STEP_SUMMARY

[Copilot]

Pull request overview

Copilot reviewed 10 out of 11 changed files in this pull request and generated 3 comments.

[Copilot]

grype-fs-scan and the additional grype hook both run a full filesystem Grype scan on every commit, which will double the runtime of pre-commit (and CI pre-commit) without adding coverage; consider keeping just one hook (ideally the scripted one) to avoid redundant scanning.

Suggested change

	- id: grype
	name: grype
	entry: bash -c 'echo $PWD; whereis grype; grype --version; grype "dir:$PWD" --quiet -o template -t $PWD/scripts/config/grype-table.tmpl --name hometest-service -c $PWD/scripts/config/grype.yaml'
	language: system
	pass_filenames: false

[Copilot]

The grype hook entry uses unquoted $PWD paths (e.g. -t $PWD/scripts/...), which will break if the repo path contains spaces and makes the hook less portable; quote those arguments or call scripts/grype-scan.sh instead of inlining a long bash -c command.

Suggested change

	entry: bash -c 'echo $PWD; whereis grype; grype --version; grype "dir:$PWD" --quiet -o template -t $PWD/scripts/config/grype-table.tmpl --name hometest-service -c $PWD/scripts/config/grype.yaml'
	entry: bash -c 'echo "$PWD"; whereis grype; grype --version; grype "dir:$PWD" --quiet -o template -t "$PWD/scripts/config/grype-table.tmpl" --name hometest-service -c "$PWD/scripts/config/grype.yaml"'

[Copilot]

The PR title/description focuses on E2E test improvements, but this change set also introduces dependency vulnerability scanning (Grype/OSV) and refactors local Terraform; update the PR description/title to reflect the broader scope so reviewers know what to focus on.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

Copilot reviewed 10 out of 11 changed files in this pull request and generated 3 comments.

[Copilot]

The grype pre-commit hook runs a long inline bash -c command with unquoted $PWD paths, which will break if the repo path contains spaces and makes the hook harder to maintain. Prefer calling the dedicated scripts/grype-scan.sh (or the existing scripts/reports/scan-vulnerabilities.sh) and ensure all paths are quoted; also drop the echo $PWD/whereis debug output unless it’s needed.

Suggested change

	entry: bash -c 'echo $PWD; whereis grype; grype --version; grype "dir:$PWD" --quiet -o template -t $PWD/scripts/config/grype-table.tmpl --name hometest-service -c $PWD/scripts/config/grype.yaml'
	language: system
	pass_filenames: false
	entry: scripts/grype-scan.sh
	language: script
	pass_filenames: false
	always_run: true
	require_serial: true

[Copilot]

Removing the [settings.aqua] cosign = false stanza changes how mise installs aqua-backed tools; in this repo grype/osv-scanner are still resolved via the aqua backend (see mise.lock), so this may reintroduce GitHub/cosign verification calls and break installs in CI or restricted networks. Consider restoring the setting or documenting/validating the new expected behaviour.

Suggested change

	[settings.aqua]
	cosign = false

[Copilot]

timeout-minutes: 3 for npx playwright install --with-deps is likely to cause intermittent CI failures on cache misses or slower runners because browser downloads can exceed 3 minutes. Consider increasing this timeout or making it conditional on the cache hit status.