test: Add test to delete SBOM and Advisory

[mrrajan]

This PR includes,

• Test to Delete SBOM and Advisory
• Minor change to prompt file to run in headless mode

[sourcery-ai]

Reviewer's Guide

Adds end-to-end Playwright BDD scenarios and step definitions to cover deleting SBOMs and Advisories from both list and details pages, introduces a reusable ConfirmDialog helper, and slightly updates testing documentation and an existing SBOM sorting expectation.

Sequence diagram for deleting an SBOM from list/details pages

sequenceDiagram
  actor Tester
  participant BDDRunner
  participant Playwright as PlaywrightTest
  participant Browser
  participant App as WebApp
  participant ConfirmDialog

  Tester->>BDDRunner: Run BDD delete SBOM scenario
  BDDRunner->>Playwright: Execute step definitions
  Playwright->>Browser: Launch and open SBOM list page
  Browser->>App: GET /sboms
  App-->>Browser: Render SBOM list

  Note over Tester,Browser: Delete SBOM from list page
  Tester->>Playwright: Step: user deletes SBOM from list
  Playwright->>Browser: Click delete button for SBOM in list
  Browser->>App: Open confirm dialog
  App-->>Browser: Render confirm dialog
  Playwright->>ConfirmDialog: new ConfirmDialog(page)
  Playwright->>ConfirmDialog: confirm()
  ConfirmDialog->>Browser: Click confirm button
  Browser->>App: DELETE /sboms/{id}
  App-->>Browser: 200 OK and updated list
  Browser-->>Playwright: Updated SBOM list without deleted item

  Note over Tester,Browser: Delete SBOM from details page
  Tester->>Playwright: Step: user deletes SBOM from details
  Playwright->>Browser: Navigate to SBOM details page
  Browser->>App: GET /sboms/{id}
  App-->>Browser: Render SBOM details
  Playwright->>Browser: Click delete button on details page
  Browser->>App: Open confirm dialog
  App-->>Browser: Render confirm dialog
  Playwright->>ConfirmDialog: confirm()
  ConfirmDialog->>Browser: Click confirm button
  Browser->>App: DELETE /sboms/{id}
  App-->>Browser: 200 OK and redirect info
  Browser-->>Playwright: Navigate back to SBOM list without deleted item
  Playwright-->>Tester: Assert SBOM no longer visible

Loading

Sequence diagram for deleting an Advisory from list/details pages

sequenceDiagram
  actor Tester
  participant BDDRunner
  participant Playwright as PlaywrightTest
  participant Browser
  participant App as WebApp
  participant ConfirmDialog

  Tester->>BDDRunner: Run BDD delete Advisory scenario
  BDDRunner->>Playwright: Execute step definitions
  Playwright->>Browser: Open Advisory list page
  Browser->>App: GET /advisories
  App-->>Browser: Render Advisory list

  Note over Tester,Browser: Delete Advisory from list page
  Tester->>Playwright: Step: user deletes Advisory from list
  Playwright->>Browser: Click delete button for Advisory in list
  Browser->>App: Open confirm dialog
  App-->>Browser: Render confirm dialog
  Playwright->>ConfirmDialog: new ConfirmDialog(page)
  Playwright->>ConfirmDialog: confirm()
  ConfirmDialog->>Browser: Click confirm button
  Browser->>App: DELETE /advisories/{id}
  App-->>Browser: 200 OK and updated list
  Browser-->>Playwright: Updated Advisory list without deleted item

  Note over Tester,Browser: Delete Advisory from details page
  Tester->>Playwright: Step: user deletes Advisory from details
  Playwright->>Browser: Navigate to Advisory details page
  Browser->>App: GET /advisories/{id}
  App-->>Browser: Render Advisory details
  Playwright->>Browser: Click delete button on details page
  Browser->>App: Open confirm dialog
  App-->>Browser: Render confirm dialog
  Playwright->>ConfirmDialog: confirm()
  ConfirmDialog->>Browser: Click confirm button
  Browser->>App: DELETE /advisories/{id}
  App-->>Browser: 200 OK and redirect info
  Browser-->>Playwright: Navigate back to Advisory list without deleted item
  Playwright-->>Tester: Assert Advisory no longer visible

Loading

Class diagram for ConfirmDialog helper and step definitions

classDiagram
  class ConfirmDialog {
    - page
    + ConfirmDialog(page)
    + confirm()
    + cancel()
  }

  class SbomExplorerSteps {
    + openSbomList()
    + deleteSbomFromList(sbomName)
    + openSbomDetails(sbomName)
    + deleteSbomFromDetails(sbomName)
  }

  class AdvisoryExplorerSteps {
    + openAdvisoryList()
    + deleteAdvisoryFromList(advisoryName)
    + openAdvisoryDetails(advisoryName)
    + deleteAdvisoryFromDetails(advisoryName)
  }

  class SbomSearchSteps {
    + searchSbomByName(sbomName)
    + sortResultsBy(columnName)
    + verifyResultOrder(expectedOrder)
  }

  ConfirmDialog <.. SbomExplorerSteps : uses
  ConfirmDialog <.. AdvisoryExplorerSteps : uses
  SbomSearchSteps <.. SbomExplorerSteps : collaborates
  SbomSearchSteps <.. AdvisoryExplorerSteps : collaborates

Loading

File-Level Changes

Change	Details	Files
Add reusable ConfirmDialog helper for asserting and interacting with confirmation dialogs.	Introduce ConfirmDialog class that waits for the generic confirm dialog to be visible on build. Provide verifyTitle helper to assert dialog title text. Provide clickConfirm helper to validate and click the confirm button.	e2e/tests/ui/helpers/ConfirmDialog.ts
Extend advisory explorer step definitions and feature scenarios to cover deleting advisories from both details and list views.	Import AdvisoryListPage, ConfirmDialog, and DetailsPage into advisory step definitions. Add steps to trigger delete via row kebab menu on advisory list table. Add steps to trigger delete via actions menu on advisory details page and confirm via ConfirmDialog. Add Then steps to assert navigation back to advisory list and verify the advisory is no longer present using toolbar filter and empty-table assertion. Add two feature scenarios for deleting advisories from explorer (details) and list pages with concrete example advisory IDs.	e2e/tests/ui/features/@advisory-explorer/advisory-explorer.step.ts e2e/tests/ui/features/@advisory-explorer/advisory-explorer.feature
Extend SBOM search/list step definitions and feature scenarios to cover deleting SBOMs from the list view using the shared ConfirmDialog.	Import ConfirmDialog into SBOM search step definitions. Add steps to trigger delete via row kebab menu on SBOM list table and confirm via ConfirmDialog. Add Then step to assert navigation back to SBOM list and verify the SBOM is no longer present using toolbar filter and empty-table assertion. Add feature scenario outline to delete SBOMs from the list page with an example SBOM name.	e2e/tests/ui/features/@sbom-search/sbom-search.step.ts e2e/tests/ui/features/@sbom-search/sbom-search.feature
Extend SBOM explorer step definitions and feature scenarios to cover deleting SBOMs from the details view and adjust an existing sorting expectation.	Add step to trigger delete via actions button on the SBOM details page using DetailsPage helper. Add step to confirm deletion through ConfirmDialog and verify navigation back to SBOM list and SBOM absence via filter and empty-table assertion. Add feature scenario outline for deleting SBOMs from the explorer (details) page with an example SBOM name. Update existing sorting test to include CVSS in the list of sortable columns instead of leaving it commented out.	e2e/tests/ui/features/@sbom-explorer/sbom-explorer.step.ts e2e/tests/ui/features/@sbom-explorer/sbom-explorer.feature
Adjust Playwright tester chatmode documentation for running BDD tests.	Remove the --headed flag from the recommended npx playwright test command, keeping trace collection and name-based filtering.	.github/chatmodes/playwright-tester.chatmode.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 3 issues, and left some high level feedback:

• The step definition When User Clicks on Actions button and Selects Delete option from the drop down is implemented in both sbom-explorer.step.ts and advisory-explorer.step.ts with identical behavior; consider extracting this into a shared helper or a single step definition to avoid duplication and potential ambiguity.
• The logic for filtering and asserting an empty table after deletion is repeated in multiple step files for SBOMs and advisories; you could centralize this into a reusable helper (e.g., assertEntityNotPresentInTable) to keep the tests DRY and easier to maintain.
• In ConfirmDialog, you repeatedly look up the dialog and the confirm button by role/name; consider storing the dialog locator internally (and maybe parameterizing the confirm button label) so the helper is less brittle to UI text changes and avoids redundant queries.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The step definition `When User Clicks on Actions button and Selects Delete option from the drop down` is implemented in both `sbom-explorer.step.ts` and `advisory-explorer.step.ts` with identical behavior; consider extracting this into a shared helper or a single step definition to avoid duplication and potential ambiguity.
- The logic for filtering and asserting an empty table after deletion is repeated in multiple step files for SBOMs and advisories; you could centralize this into a reusable helper (e.g., `assertEntityNotPresentInTable`) to keep the tests DRY and easier to maintain.
- In `ConfirmDialog`, you repeatedly look up the dialog and the confirm button by role/name; consider storing the dialog locator internally (and maybe parameterizing the confirm button label) so the helper is less brittle to UI text changes and avoids redundant queries.

## Individual Comments

### Comment 1
<location> `e2e/tests/ui/features/@sbom-search/sbom-search.step.ts:74-71` </location>
<code_context>
   },
 );
+
+When(
+  "User Selects Delete option from the toggle option from Advisory List Page",
+  async ({ page }) => {
+    const firstRow = page.locator("table tbody tr").first();
+    const kebabToggle = firstRow.getByRole("button", { name: "Kebab toggle" });
+    await kebabToggle.click();
+    await page.getByRole("menuitem", { name: "Delete" }).click();
+  },
+);
+
</code_context>

<issue_to_address>
**issue (testing):** SBOM delete step should target the specific SBOM under test instead of the first row.

Because this always deletes the first row, parameterized scenarios can end up deleting a different SBOM than the one under test, leading to misleading passes/failures. Instead, have the step locate the row for the scenario’s SBOM (e.g., `getByRole('row', { name: sbomName })` or a `SbomListPage` helper) and trigger Delete from there.
</issue_to_address>

### Comment 2
<location> `.github/chatmodes/playwright-tester.chatmode.md:37` </location>
<code_context>
    - Automatically run test with:
       ```bash
       cd $PROJECT_ROOT/e2e
</code_context>

<issue_to_address>
**suggestion (typo):** Consider changing "run test" to "run tests" for grammatical correctness.

You could also phrase it as "Automatically run tests with:" to better match the plural and improve the sentence flow.

```suggestion
   - Automatically run tests with:
```
</issue_to_address>

### Comment 3
<location> `.github/chatmodes/playwright-tester.chatmode.md:42` </location>
<code_context>
-      npx playwright test --project='bdd' --trace on -g "scenario name here" --headed
+      npx playwright test --project='bdd' --trace on -g "scenario name here"
       ```
    - In case of test failures, the above command launched HTML server to host the test output Press `Ctrl+C` to stop the server

</code_context>

<issue_to_address>
**suggestion (typo):** Tense, article usage, and punctuation could be improved in this sentence.

Consider rephrasing to: "In case of test failures, the above command launches an HTML server to host the test output. Press `Ctrl+C` to stop the server."
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (testing): SBOM delete step should target the specific SBOM under test instead of the first row.

Because this always deletes the first row, parameterized scenarios can end up deleting a different SBOM than the one under test, leading to misleading passes/failures. Instead, have the step locate the row for the scenario’s SBOM (e.g., getByRole('row', { name: sbomName }) or a SbomListPage helper) and trigger Delete from there.

[sourcery-ai]

suggestion (typo): Consider changing "run test" to "run tests" for grammatical correctness.

You could also phrase it as "Automatically run tests with:" to better match the plural and improve the sentence flow.

Suggested change

	- Automatically run test with:
	- Automatically run tests with:

[sourcery-ai]

suggestion (typo): Tense, article usage, and punctuation could be improved in this sentence.

Consider rephrasing to: "In case of test failures, the above command launches an HTML server to host the test output. Press Ctrl+C to stop the server."

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 61.45%. Comparing base (21c7132) to head (c50c6a8).
⚠️ Report is 37 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #875      +/-   ##
==========================================
- Coverage   62.27%   61.45%   -0.83%     
==========================================
  Files         176      176              
  Lines        3144     3144              
  Branches      717      717              
==========================================
- Hits         1958     1932      -26     
- Misses        916      952      +36     
+ Partials      270      260      -10     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[carlosthe19916]

Thanks for the PR. I have added some comments below. I only added comments to the Advisory section but the same should be applicable to the sboms section

[carlosthe19916]

This can be replaced by:

const navigation = await Navigation.build(page);
await navigation.goToSidebar("Advisories");

[mrrajan]

This step verifies that the application automatically navigated to the “Advisories” screen by confirming that the header is visible

[mrrajan]

Thanks @carlosthe19916 Except one, I have committed other changes. Please let me know your thoughts.

[mrrajan]

This step verifies that the application automatically navigated to the “Advisories” screen by confirming that the header is visible

[carlosthe19916]

Thanks for the nice enhancements @mrrajan ! LGTM!

[mrrajan]

/backport

[trustify-ci-bot]

Backport failed for release/0.4.z, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin release/0.4.z
git worktree add -d .worktree/backport-875-to-release/0.4.z origin/release/0.4.z
cd .worktree/backport-875-to-release/0.4.z
git switch --create backport-875-to-release/0.4.z
git cherry-pick -x cbe30967323f9caecf9ffafda8f99496b7b7b77a