Skip to content

Add e2e SBOM and Advisory Upload tests#1005

Open
queria wants to merge 1 commit into
guacsec:mainfrom
queria:TC-4004
Open

Add e2e SBOM and Advisory Upload tests#1005
queria wants to merge 1 commit into
guacsec:mainfrom
queria:TC-4004

Conversation

@queria

@queria queria commented Apr 18, 2026

Copy link
Copy Markdown

Add comprehensive BDD test coverage for SBOM and advisory upload workflows in a shared @uploads directory with a single reusable step file. Covers navigation, page layout, single/multi file upload, invalid file handling, and file removal scenarios.

For FileUpload page object it allows optional invocation without ariaLabel for reusability between SBOM and Advisory pages - as they have only one upload element matching without aria label is sufficient.

Implements TC-4004

Assisted-by: Claude Code

Summary by Sourcery

Add shared BDD step definitions and feature scenarios to provide comprehensive end-to-end coverage of SBOM and advisory upload flows, including navigation, layout, file upload outcomes, and file removal.

New Features:

  • Introduce reusable BDD step definitions for upload workflows shared between SBOM and advisory features.
  • Add Gherkin feature files covering advisory upload scenarios, including navigation, layout verification, valid/invalid uploads, multi-file uploads, and file removal.
  • Add Gherkin feature files covering SBOM upload scenarios, including navigation, layout verification, valid/invalid uploads, multi-file uploads, and file removal.

Enhancements:

  • Update the FileUpload page object to support optional aria-label selection so it can be reused across different upload pages.
  • Extend AdvisoryUploadPage and SBOMUploadPage with constructors from the current page to simplify navigation in tests.

Tests:

  • Expand end-to-end test coverage for upload workflows to validate success, failure, and unsupported-file behaviors for both SBOM and advisory documents.

@sourcery-ai

sourcery-ai Bot commented Apr 18, 2026

Copy link
Copy Markdown
Contributor

Reviewer's Guide

Adds comprehensive BDD-based end-to-end coverage for SBOM and Advisory upload flows by introducing shared upload step definitions and feature files, and slightly generalizes the FileUpload page object plus upload pages to support reuse without aria labels or explicit navigation helpers.

File-Level Changes

Change Details Files
Generalize FileUpload page object to allow optional ariaLabel-based selection for reuse across upload pages.
  • Update FileUpload.build to accept an optional ariaLabel parameter
  • Choose selector with aria-label when provided, otherwise match the generic multiple-file-upload container
  • Ensure uploader locator visibility check remains before constructing FileUpload instance
e2e/tests/ui/pages/FileUpload.ts
Enhance advisory and SBOM upload page objects with helpers for constructing from current browser state.
  • Add fromCurrentPage factory to AdvisoryUploadPage that wraps the constructor without navigation
  • Add fromCurrentPage factory to SBOMUploadPage that wraps the constructor without navigation
e2e/tests/ui/pages/advisory-upload/AdvisoryUploadPage.ts
e2e/tests/ui/pages/sbom-upload/SBOMUploadPage.ts
Introduce shared BDD step definitions for advisory and SBOM upload workflows, covering navigation, upload actions, and assertions.
  • Create a shared @uploads upload.step.ts with Given/When/Then steps for navigating to upload pages and list pages
  • Implement shared upload steps for single/multiple file upload, file removal, and handling unsupported files using the FileUpload page object
  • Add common layout and behavior assertions including headings, breadcrumbs, supported formats text, upload area content, upload button visibility, summary status, per-file status, and unsupported file modal
e2e/tests/ui/features/@uploads/upload.step.ts
Add BDD feature coverage for Advisory upload scenarios using the shared upload steps.
  • Define Advisory Upload feature with authenticated background
  • Add scenarios for navigation from list to upload page, page layout verification, valid/invalid uploads, unsupported extension handling, multi-file uploads, mixed success/failure summary, and file removal updating summary
e2e/tests/ui/features/@uploads/advisory-upload.feature
Add BDD feature coverage for SBOM upload scenarios mirroring Advisory flows with SBOM-specific expectations.
  • Define SBOM Upload feature with authenticated background
  • Add scenarios for navigation from list to upload page via toolbar kebab, page layout verification, valid/invalid uploads, unsupported extension handling, multi-file uploads, mixed success/failure summary, and file removal updating summary
e2e/tests/ui/features/@uploads/sbom-upload.feature

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • The new FileUpload.build(page) variant that matches on the generic div.pf-v6-c-multiple-file-upload selector will become ambiguous if any page ever contains more than one uploader; consider asserting that only a single match exists or requiring a more specific selector/context to avoid flaky tests.
  • The step definition Then The Upload button is visible in the upload area reaches into fileUploader._uploader; exposing a dedicated method on FileUpload (e.g. getUploadButton() or assertUploadButtonVisible()) would keep the page object encapsulated and make future refactors safer.
  • The new fromCurrentPage factories on AdvisoryUploadPage and SBOMUploadPage are async but do not await anything and are thin wrappers around new; consider making them synchronous or inlining them where used to reduce indirection.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- The new `FileUpload.build(page)` variant that matches on the generic `div.pf-v6-c-multiple-file-upload` selector will become ambiguous if any page ever contains more than one uploader; consider asserting that only a single match exists or requiring a more specific selector/context to avoid flaky tests.
- The step definition `Then The Upload button is visible in the upload area` reaches into `fileUploader._uploader`; exposing a dedicated method on `FileUpload` (e.g. `getUploadButton()` or `assertUploadButtonVisible()`) would keep the page object encapsulated and make future refactors safer.
- The new `fromCurrentPage` factories on `AdvisoryUploadPage` and `SBOMUploadPage` are async but do not await anything and are thin wrappers around `new`; consider making them synchronous or inlining them where used to reduce indirection.

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Add comprehensive BDD test coverage for SBOM and advisory upload
workflows in a shared @uploads directory with a single reusable step
file. Covers navigation, page layout, single/multi file upload,
invalid file handling, and file removal scenarios.

Implements TC-4004

Assisted-by: Claude Code
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: No status

Development

Successfully merging this pull request may close these issues.

1 participant