run healer

Author: workcontrolgit

.env.dev.example

@@ -0,0 +1,13 @@
+# Development environment template — copy to .env.dev and fill in values
+ANGULAR_APP_URL=http://localhost:4200
+API_APP_URL=https://localhost:44378/api/v1
+IDENTITY_SERVER_URL=https://localhost:44310
+
+TEST_USER_EMPLOYEE_USERNAME=
+TEST_USER_EMPLOYEE_PASSWORD=
+
+TEST_USER_MANAGER_USERNAME=
+TEST_USER_MANAGER_PASSWORD=
+
+TEST_USER_HRADMIN_USERNAME=
+TEST_USER_HRADMIN_PASSWORD=

.env.example

@@ -0,0 +1,13 @@
+# Test User Credentials
+# Copy this file to .env and fill in real values.
+# Get values from Azure Key Vault:
+#   az keyvault secret show --vault-name <vault> --name playwright-employee-username --query value -o tsv
+
+TEST_USER_EMPLOYEE_USERNAME=
+TEST_USER_EMPLOYEE_PASSWORD=
+
+TEST_USER_MANAGER_USERNAME=
+TEST_USER_MANAGER_PASSWORD=
+
+TEST_USER_HRADMIN_USERNAME=
+TEST_USER_HRADMIN_PASSWORD=

.env.prod.example

@@ -0,0 +1,13 @@
+# Production environment template — copy to .env.prod and fill in values
+ANGULAR_APP_URL=https://mango-flower-0ced4011e.4.azurestaticapps.net
+API_APP_URL=https://app-talent-api-dev.azurewebsites.net/api/v1
+IDENTITY_SERVER_URL=https://app-talent-ids-dev.azurewebsites.net
+
+TEST_USER_EMPLOYEE_USERNAME=
+TEST_USER_EMPLOYEE_PASSWORD=
+
+TEST_USER_MANAGER_USERNAME=
+TEST_USER_MANAGER_PASSWORD=
+
+TEST_USER_HRADMIN_USERNAME=
+TEST_USER_HRADMIN_PASSWORD=

.github/workflows/playwright.yml

@@ -34,10 +34,27 @@ jobs:
       - name: Install Playwright Browsers
         run: npx playwright install --with-deps ${{ matrix.project }}
 
+      - name: Run auth setup (pre-authenticate all roles via PKCE)
+        run: npx playwright test --project=setup
+        env:
+          CI: true
+          TEST_USER_EMPLOYEE_USERNAME: ${{ secrets.TEST_USER_EMPLOYEE_USERNAME }}
+          TEST_USER_EMPLOYEE_PASSWORD: ${{ secrets.TEST_USER_EMPLOYEE_PASSWORD }}
+          TEST_USER_MANAGER_USERNAME: ${{ secrets.TEST_USER_MANAGER_USERNAME }}
+          TEST_USER_MANAGER_PASSWORD: ${{ secrets.TEST_USER_MANAGER_PASSWORD }}
+          TEST_USER_HRADMIN_USERNAME: ${{ secrets.TEST_USER_HRADMIN_USERNAME }}
+          TEST_USER_HRADMIN_PASSWORD: ${{ secrets.TEST_USER_HRADMIN_PASSWORD }}
+
       - name: Run Playwright tests
         run: npx playwright test --project=${{ matrix.project }}
         env:
           CI: true
+          TEST_USER_EMPLOYEE_USERNAME: ${{ secrets.TEST_USER_EMPLOYEE_USERNAME }}
+          TEST_USER_EMPLOYEE_PASSWORD: ${{ secrets.TEST_USER_EMPLOYEE_PASSWORD }}
+          TEST_USER_MANAGER_USERNAME: ${{ secrets.TEST_USER_MANAGER_USERNAME }}
+          TEST_USER_MANAGER_PASSWORD: ${{ secrets.TEST_USER_MANAGER_PASSWORD }}
+          TEST_USER_HRADMIN_USERNAME: ${{ secrets.TEST_USER_HRADMIN_USERNAME }}
+          TEST_USER_HRADMIN_PASSWORD: ${{ secrets.TEST_USER_HRADMIN_PASSWORD }}
 
       - name: Upload HTML Report
         uses: actions/upload-artifact@v4

.gitignore

@@ -1,4 +1,12 @@
 
+# Credentials — never commit real values (commit only *.example files)
+.env
+.env.dev
+.env.prod
+
+# Playwright auth state — contains JWT tokens, regenerated by auth.setup.ts
+/.auth/
+
 # Playwright
 node_modules/
 /test-results/

.mcp.json

@@ -0,0 +1,13 @@
+{
+  "mcpServers": {
+    "playwright-test": {
+      "command": "cmd",
+      "args": [
+        "/c",
+        "npx",
+        "playwright",
+        "run-test-mcp-server"
+      ]
+    }
+  }
+}

config/environments.json

@@ -16,11 +16,12 @@
     "description": "Staging environment for testing"
   },
   "production": {
-    "angularUrl": "https://app.example.com",
-    "apiUrl": "https://api.example.com",
-    "apiBaseUrl": "https://api.example.com/api/v1",
-    "identityServerUrl": "https://sts.example.com",
+    "angularUrl": "https://mango-flower-0ced4011e.4.azurestaticapps.net",
+    "apiUrl": "https://app-talent-api-dev.azurewebsites.net",
+    "apiBaseUrl": "https://app-talent-api-dev.azurewebsites.net/api/v1",
+    "identityServerUrl": "https://app-talent-ids-dev.azurewebsites.net",
+    "identityServerAdminUrl": "https://app-talent-admin-dev.azurewebsites.net",
     "timeout": 45000,
-    "description": "Production environment (use with caution)"
+    "description": "Production environment — Azure hosted"
   }
 }

config/test-config.ts

@@ -5,6 +5,66 @@
  * Modify these values in one place to affect all tests.
  */
 
+/**
+ * Load environment-specific credentials before any constant is evaluated.
+ *
+ * Placing dotenv loading here (rather than only in playwright.config.ts) ensures
+ * that worker processes which import this module directly also pick up the .env
+ * file, because module imports in playwright.config.ts are evaluated before the
+ * dotenv.config() call in that file executes.
+ *
+ * Select environment with APP_ENV:
+ *   APP_ENV=dev   → .env.dev   (local development)
+ *   APP_ENV=prod  → .env.prod  (production)
+ *   (none)        → .env       (default)
+ */
+import dotenv from 'dotenv';
+import path from 'path';
+
+const _env = process.env.APP_ENV;
+const _envFile = _env ? `.env.${_env}` : '.env';
+dotenv.config({ path: path.resolve(__dirname, '..', _envFile) });
+
+/**
+ * Test User Credentials
+ *
+ * Loaded from environment variables — never hardcoded.
+ * Local dev: copy .env.example to .env and fill in values.
+ * CI: injected automatically via GitHub Secrets.
+ */
+export const TEST_USERS = {
+  employee: {
+    username: process.env.TEST_USER_EMPLOYEE_USERNAME || '',
+    password: process.env.TEST_USER_EMPLOYEE_PASSWORD || '',
+    role: 'employee' as const,
+  },
+  manager: {
+    username: process.env.TEST_USER_MANAGER_USERNAME || '',
+    password: process.env.TEST_USER_MANAGER_PASSWORD || '',
+    role: 'manager' as const,
+  },
+  hradmin: {
+    username: process.env.TEST_USER_HRADMIN_USERNAME || '',
+    password: process.env.TEST_USER_HRADMIN_PASSWORD || '',
+    role: 'hradmin' as const,
+  },
+} as const;
+
+/**
+ * Fail fast if credentials are missing — prevents cryptic login failures.
+ */
+export function assertCredentialsLoaded(): void {
+  const missing = (Object.entries(TEST_USERS) as [string, { username: string; password: string }][])
+    .filter(([, u]) => !u.username || !u.password)
+    .map(([role]) => role);
+  if (missing.length > 0) {
+    throw new Error(
+      `Missing credentials for roles: ${missing.join(', ')}. ` +
+      `Copy .env.example to .env and fill in values, or set GitHub Secrets for CI.`
+    );
+  }
+}
+
 /**
  * Application URLs
  */
@@ -192,3 +252,16 @@ export function getUrl(path: string): string {
 export function getApiUrl(endpoint: string): string {
   return `${APP_URLS.api}${endpoint}`;
 }
+
+/**
+ * Returns a RegExp that matches any URL on the Angular app host.
+ * Use instead of hardcoded /localhost:4200/ so tests work across environments.
+ *
+ * @example
+ * await expect(page).toHaveURL(getAngularUrlPattern());
+ * await page.waitForURL(getAngularUrlPattern());
+ */
+export function getAngularUrlPattern(): RegExp {
+  const host = new URL(APP_URLS.angular).host.replace(/\./g, '\\.');
+  return new RegExp(host);
+}

config/test-users.json

@@ -1,8 +1,6 @@
 {
   "employee": {
     "username": "antoinette16",
-    "password": "Pa$$word123",
-    "email": "antoinette16@ethereal.email",
     "role": "Employee",
     "roles": ["Employee"],
     "permissions": ["read"],
@@ -13,8 +11,6 @@
   },
   "manager": {
     "username": "rosamond33",
-    "password": "Pa$$word123",
-    "email": "rosamond33@ethereal.email",
     "role": "Manager",
     "roles": ["Employee", "Manager"],
     "permissions": ["read", "write"],
@@ -26,8 +22,6 @@
   },
   "hradmin": {
     "username": "ashtyn1",
-    "password": "Pa$$word123",
-    "email": "ashtyn1@ethereal.email",
     "role": "HRAdmin",
     "roles": ["Employee", "Manager", "HRAdmin"],
     "permissions": ["read", "write", "delete", "admin"],

fixtures/api.fixtures.ts

@@ -2,6 +2,7 @@ import { APIRequestContext, Page, Browser, chromium } from '@playwright/test';
 import type { EmployeeData, DepartmentData } from './data.fixtures';
 import { loginAsRole, getTokenFromProfile } from './auth.fixtures';
 import testUsers from '../config/test-users.json';
+import { APP_URLS } from '../config/test-config';
 
 /**
  * API Fixtures
@@ -13,7 +14,7 @@ import testUsers from '../config/test-users.json';
  * - Token acquisition for roles
  */
 
-const API_BASE_URL = 'https://localhost:44378/api/v1';
+const API_BASE_URL = APP_URLS.api;
 
 /**
  * Gets an access token for a specific role using browser-based authentication