chore: Backport commits to release branch by mrrajan · Pull Request #933 · guacsec/trustify-ui

mrrajan · 2026-02-25T15:12:13Z

The below commits cherry-picked to backport to release branch:

c903c86 - test: Align and update test steps (test: Align and update test steps #876)
1652a3c - test: Add test to delete SBOM and Advisory (test: Add test to delete SBOM and Advisory #875)
423546a - test: Add tests for SBOM correlation with package and vulnerability (test: Add tests for SBOM correlation with package and vulnerability #879)
98ff293 - chore: Optimize and clean up existing tests and step definitions (chore: Optimize and clean up existing tests and step definitions #902)
1e2843b - test: script for AIBOM and CBOM label validation (test: script for AIBOM and CBOM label validation #913)

Summary by Sourcery

Backport end-to-end test improvements and additional scenarios around SBOM, advisory, and vulnerability workflows to the release branch.

Enhancements:

Refine Playwright BDD step definitions and page objects to use shared fixtures, custom assertions, and fromCurrentPage builders for details and tab pages.
Introduce reusable helpers for generic table pagination and sorting verification across SBOM, advisory, and vulnerability views.
Add a dedicated DeletionConfirmDialog helper and dialog-specific matcher utilities for consistent confirmation dialog handling.
Align SBOM and advisory navigation to updated sidebar labels and table configurations, including explicit column sortability and row actions.

Tests:

Expand SBOM Explorer tests with SBOM deletion from explorer and list pages, vulnerability/advisory/package correlation flows, and label visibility for CBOM/AIBOM SBOMs.
Extend SBOM search tests to cover label editing via the list, CBOM/AIBOM label assertions, and label-based filtering of SBOMs.
Enhance SBOM scan tests with stronger assertions for navigation, upload controls, tooltips, vulnerability presence, affected package expansion, modal handling, and CSV download verification.
Update advisory explorer tests to use list-based navigation, validate vulnerabilities table pagination via generic steps, and cover advisory deletion from explorer and list pages.
Improve vulnerability explorer tests to rely on list-based navigation, tab page objects, and generic table pagination while tightening assertions for SBOM and advisory tables.
Consolidate and reuse the generic “An ingested SBOM is available” and list-page steps across SBOM-related test suites.

Signed-off-by: mrrajan <86094767+mrrajan@users.noreply.github.com.>

…uacsec#879) Signed-off-by: mrrajan <86094767+mrrajan@users.noreply.github.com.>

…csec#902)

sourcery-ai · 2026-02-25T15:12:21Z

Reviewer's Guide

Backported multiple Playwright BDD e2e enhancements to the release branch: refactors step definitions to use page objects and shared assertions, introduces reusable table/pagination/sorting steps, adds delete flows and SBOM/advisory/vulnerability correlation tests, and extends page objects and custom matchers to support these flows while normalizing feature files and navigation labels.

Sequence diagram for SBOM delete flow using ConfirmDialog and DialogMatchers

sequenceDiagram
  actor Tester
  participant SbomListPage
  participant ConfirmDialog
  participant DialogMatchers

  Tester->>SbomListPage: openSbomList
  Tester->>SbomListPage: selectSbomRow
  Tester->>SbomListPage: triggerDeleteAction
  SbomListPage-->>ConfirmDialog: show
  ConfirmDialog->>DialogMatchers: verifyDialogVisible
  DialogMatchers-->>ConfirmDialog: dialogIsVisible
  Tester->>ConfirmDialog: confirmDeletion
  ConfirmDialog->>DialogMatchers: verifyDialogClosed
  DialogMatchers-->>ConfirmDialog: dialogIsClosed
  SbomListPage-->>Tester: sbomRowRemovedFromTable

Class diagram for shared UI test infrastructure and page objects

classDiagram
  class DetailsPage {
  }

  class AdvisoryDetailsPage {
  }
  class PackageDetailsPage {
  }
  class SbomDetailsPage {
  }
  class VulnerabilityDetailsPage {
  }

  class VulnerabilitiesTab {
  }
  class SbomsTab {
  }
  class AdvisoriesTab {
  }

  class SbomListPage {
  }
  class VulnerabilityListPage {
  }

  class ConfirmDialog {
  }
  class DialogMatchers {
  }

  class AuthSteps {
  }
  class TableSteps {
  }
  class DetailsPageSteps {
  }
  class ListPageSteps {
  }

  DetailsPage <|-- AdvisoryDetailsPage
  DetailsPage <|-- PackageDetailsPage
  DetailsPage <|-- SbomDetailsPage
  DetailsPage <|-- VulnerabilityDetailsPage

  AdvisoryDetailsPage o-- VulnerabilitiesTab
  PackageDetailsPage o-- SbomsTab
  PackageDetailsPage o-- VulnerabilitiesTab
  SbomDetailsPage o-- VulnerabilitiesTab
  VulnerabilityDetailsPage o-- AdvisoriesTab
  VulnerabilityDetailsPage o-- SbomsTab

  SbomListPage o-- ConfirmDialog
  VulnerabilityListPage o-- ConfirmDialog

  DialogMatchers <.. ConfirmDialog

  AuthSteps <.. AdvisoryDetailsPage
  AuthSteps <.. PackageDetailsPage
  AuthSteps <.. SbomDetailsPage
  AuthSteps <.. VulnerabilityDetailsPage

  TableSteps <.. SbomListPage
  TableSteps <.. VulnerabilityListPage

  DetailsPageSteps <.. AdvisoryDetailsPage
  DetailsPageSteps <.. PackageDetailsPage
  DetailsPageSteps <.. SbomDetailsPage
  DetailsPageSteps <.. VulnerabilityDetailsPage

  ListPageSteps <.. SbomListPage
  ListPageSteps <.. VulnerabilityListPage

File-Level Changes

Change	Details	Files
Normalize and extend SBOM scan feature tests and step implementations using page objects and stronger assertions.	Reformatted scan-sbom.feature with consistent indentation and clarified step/Examples wording, including pagination and sorting descriptions. Updated scan-sbom.step.ts to use SbomScanPage page object for heading and Browse Files interactions, replaced arbitrary timeouts with role-based tooltip assertions, and strengthened vulnerability ID verification logic. Removed bespoke pagination/sorting steps in favor of generic table steps and simplified modal interaction and CSV download assertions.	`e2e/tests/ui/features/@sbom-scan/scan-sbom.feature` `e2e/tests/ui/features/@sbom-scan/scan-sbom.step.ts`
Refactor SBOM explorer tests to use richer page objects, generic table steps, and add delete/correlation coverage.	Updated sbom-explorer.step.ts to rely on SbomDetailsPage, VulnerabilitiesTab, VulnerabilityDetailsPage, PackageDetailsPage, and related tab page objects, adding type annotations and custom expect usage. Replaced inlined pagination/sorting helpers with generic table-level steps and removed duplicated logic. Enhanced label steps to use updated info tab DOM ids and to verify labels with clearer step wording. Added new steps and feature scenarios for deleting SBOMs from explorer and list pages, and for validating SBOM–vulnerability–advisory–package correlations and CBOM/AIBOM label visibility. Aligned sbom-explorer.feature scenario wording/indentation and switched pagination/sorting steps to the new generic ones.	`e2e/tests/ui/features/@sbom-explorer/sbom-explorer.step.ts` `e2e/tests/ui/features/@sbom-explorer/sbom-explorer.feature` `e2e/tests/ui/features/sbom-explorer.feature` `e2e/tests/ui/steps/table.ts` `e2e/tests/ui/helpers/DetailsPage.ts` `e2e/tests/ui/pages/sbom-details/SbomDetailsPage.ts` `e2e/tests/ui/pages/sbom-details/vulnerabilities/VulnerabilitiesTab.ts` `e2e/tests/ui/pages/package-details/PackageDetailsPage.ts` `e2e/tests/ui/pages/package-details/sboms/SbomsTab.ts` `e2e/tests/ui/pages/package-details/vulnerabilities/VulnerabilitiesTab.ts` `e2e/tests/ui/pages/vulnerability-details/VulnerabilityDetailsPage.ts` `e2e/tests/ui/pages/vulnerability-details/sboms/SbomsTab.ts` `e2e/tests/ui/pages/vulnerability-details/advisories/AdvisoriesTab.ts` `e2e/tests/ui/pages/vulnerability-list/VulnerabilityListPage.ts` `e2e/tests/ui/pages/sbom-list/SbomListPage.ts` `e2e/tests/ui/steps/list-page.ts` `e2e/tests/ui/assertions/DialogMatchers.ts` `e2e/tests/ui/pages/ConfirmDialog.ts`
Refactor advisory explorer tests to use Advisory page objects, new deletion flow, and generic pagination.	Switched advisory-explorer.step.ts to use AdvisoryDetailsPage and AdvisoryListPage page objects plus custom expect assertions, replacing SearchPage-based navigation and dedicated search with toolbar filters. Introduced steps for deleting advisories via list and details pages using a shared DeletionConfirmDialog and dialog matcher. Updated advisory-explorer.feature to use generic table pagination step, added new delete scenarios, and cleaned up scenario formatting/comments.	`e2e/tests/ui/features/@advisory-explorer/advisory-explorer.step.ts` `e2e/tests/ui/features/@advisory-explorer/advisory-explorer.feature` `e2e/tests/ui/pages/advisory-details/AdvisoryDetailsPage.ts`
Refactor vulnerability explorer tests to use Vulnerability page objects, tabs, and generic table helpers.	Reworked vulnerability-explorer.step.ts to import test/expect from shared fixtures/assertions, use VulnerabilityDetailsPage and VulnerabilityListPage, and rely on SbomsTab/AdvisoriesTab for table access instead of raw ToolbarTable in many places. Changed dedicated search to use list toolbar filters; tightened SBOM/advisory table sorting/column assertions using aria-sort and table helpers. Updated feature wording to match new step phrases (e.g., more descriptive search step names, generic advisory pagination, navigation to advisory details with type).	`e2e/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts` `e2e/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.feature`
Enhance SBOM search/list tests to use page objects, label modal, and label-based filtering, including CBOM/AIBOM.	Moved the generic "An ingested SBOM ... is available" step into a dedicated list-page step file using SbomListPage and custom table expectations. Refactored sbom-search.step.ts to use SbomListPage.fromCurrentPage and LabelsModal for editing labels, plus expect-based column assertions for vulnerabilities and labels. Added steps and scenarios to verify CBOM/AIBOM labels on list page and to filter list by Label, Filter text, and License; updated feature file accordingly with new scenarios and more precise step wording.	`e2e/tests/ui/features/@sbom-search/sbom-search.step.ts` `e2e/tests/ui/features/@sbom-search/sbom-search.feature` `e2e/tests/ui/steps/list-page.ts` `e2e/tests/ui/pages/sbom-list/SbomListPage.ts` `e2e/tests/ui/pages/LabelsModal.ts`
Introduce shared dialog, table, auth, and details-page utilities and hook all BDD steps into the Playwright test fixture and custom assertion layer.	Added DeletionConfirmDialog page object and DialogMatchers to encapsulate title/assertion logic for delete confirmation modals. Switched multiple step definition files (auth.ts, details-page.ts, table.ts, sbom-explorer.step.ts, advisory-explorer.step.ts, sbom-search.step.ts, vulnerability-explorer.step.ts, scan-sbom.step.ts) to use createBdd(test) with the project’s custom fixtures and assertion wrapper instead of raw Playwright imports. Added generic table pagination/sorting steps to table.ts to remove duplicated verifyPagination/verifySorting implementations across features. Tweaked chatmode docs to drop the --headed flag from the suggested Playwright command, aligning with CI usage.	`e2e/tests/ui/assertions/DialogMatchers.ts` `e2e/tests/ui/pages/ConfirmDialog.ts` `e2e/tests/ui/steps/table.ts` `e2e/tests/ui/steps/auth.ts` `e2e/tests/ui/steps/details-page.ts` `e2e/tests/ui/features/@sbom-explorer/sbom-explorer.step.ts` `e2e/tests/ui/features/@advisory-explorer/advisory-explorer.step.ts` `e2e/tests/ui/features/@sbom-search/sbom-search.step.ts` `e2e/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts` `e2e/tests/ui/features/@sbom-scan/scan-sbom.step.ts` `.github/chatmodes/playwright-tester.chatmode.md`

Tips and commands

Interacting with Sourcery

Trigger a new review: Comment @sourcery-ai review on the pull request.
Continue discussions: Reply directly to Sourcery's review comments.
Generate a GitHub issue from a review comment: Ask Sourcery to create an
issue from a review comment by replying to it. You can also reply to a
review comment with @sourcery-ai issue to create an issue from it.
Generate a pull request title: Write @sourcery-ai anywhere in the pull
request title to generate a title at any time. You can also comment
@sourcery-ai title on the pull request to (re-)generate the title at any time.
Generate a pull request summary: Write @sourcery-ai summary anywhere in
the pull request body to generate a PR summary at any time exactly where you
want it. You can also comment @sourcery-ai summary on the pull request to
(re-)generate the summary at any time.
Generate reviewer's guide: Comment @sourcery-ai guide on the pull
request to (re-)generate the reviewer's guide at any time.
Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
pull request to resolve all Sourcery comments. Useful if you've already
addressed all the comments and don't want to see them anymore.
Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
request to dismiss all existing Sourcery reviews. Especially useful if you
want to start fresh with a new review - don't forget to comment
@sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

Enable or disable review features such as the Sourcery-generated pull request
summary, the reviewer's guide, and others.
Change the review language.
Add, remove or edit custom review instructions.
Adjust other review settings.

Getting Help

Contact our support team for questions or feedback.
Visit our documentation for detailed guides and information.
Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

sourcery-ai

Hey - I've found 2 issues, and left some high level feedback:

In e2e/tests/ui/features/sbom-explorer.feature the step Then Pagination of "vulnerabilities" list works no longer matches the new generic step definition Pagination of {string} table works and also uses a different table name format than the rest ("vulnerabilities" vs "Vulnerability"), which is likely to cause an undefined or mis-targeted step; consider aligning this to Then Pagination of "Vulnerability" table works (or adjust the step definition accordingly).
The step Given User visits Vulnerability details Page of {string} is now defined both in @vulnerability-explorer/vulnerability-explorer.step.ts and @sbom-explorer/sbom-explorer.step.ts, which can cause ambiguous step resolution in Playwright BDD; it would be safer to centralize this shared step in a single file (or give one of them a distinct pattern).

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In `e2e/tests/ui/features/sbom-explorer.feature` the step `Then Pagination of "vulnerabilities" list works` no longer matches the new generic step definition `Pagination of {string} table works` and also uses a different table name format than the rest ("vulnerabilities" vs "Vulnerability"), which is likely to cause an undefined or mis-targeted step; consider aligning this to `Then Pagination of "Vulnerability" table works` (or adjust the step definition accordingly).
- The step `Given User visits Vulnerability details Page of {string}` is now defined both in `@vulnerability-explorer/vulnerability-explorer.step.ts` and `@sbom-explorer/sbom-explorer.step.ts`, which can cause ambiguous step resolution in Playwright BDD; it would be safer to centralize this shared step in a single file (or give one of them a distinct pattern).

## Individual Comments

### Comment 1
<location path="e2e/tests/ui/features/@sbom-explorer/sbom-explorer.step.ts" line_range="296-253" />
<code_context>
+  },
+);
+
+// Shared step - navigates to vulnerability details page
+// Also defined in @vulnerability-explorer/vulnerability-explorer.step.ts
+Given(
+  "User visits Vulnerability details Page of {string}",
+  async ({ page }, vulnerabilityID: string) => {
+    await VulnerabilityDetailsPage.build(page, vulnerabilityID);
+  },
</code_context>
<issue_to_address>
**issue (bug_risk):** This step definition duplicates the same "User visits Vulnerability details Page of {string}" step in vulnerability-explorer, which can cause ambiguous step errors.

The same `Given("User visits Vulnerability details Page of {string}", ...)` now exists in both `@sbom-explorer/sbom-explorer.step.ts` and `@vulnerability-explorer/vulnerability-explorer.step.ts`. Please either centralize this in a single/shared step file and reuse it, or adjust the step text so each definition is unique.
</issue_to_address>

### Comment 2
<location path=".github/chatmodes/playwright-tester.chatmode.md" line_range="42" />
<code_context>
-      npx playwright test --project='bdd' --trace on -g "scenario name here" --headed
+      npx playwright test --project='bdd' --trace on -g "scenario name here"
       ```
    - In case of test failures, the above command launched HTML server to host the test output Press `Ctrl+C` to stop the server

</code_context>
<issue_to_address>
**suggestion (typo):** Tighten grammar and punctuation in this sentence for clarity.

Suggest: "In case of test failures, the above command launches an HTML server to host the test output. Press `Ctrl+C` to stop the server."
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

sourcery-ai · 2026-02-25T15:13:59Z

e2e/tests/ui/features/@sbom-explorer/sbom-explorer.step.ts

+
+When(
+  "User clicks on the vulnerability row with ID {string}",
+  async ({ page }, vulnerabilityID: string) => {


issue (bug_risk): This step definition duplicates the same "User visits Vulnerability details Page of {string}" step in vulnerability-explorer, which can cause ambiguous step errors.

The same Given("User visits Vulnerability details Page of {string}", ...) now exists in both @sbom-explorer/sbom-explorer.step.ts and @vulnerability-explorer/vulnerability-explorer.step.ts. Please either centralize this in a single/shared step file and reuse it, or adjust the step text so each definition is unique.

sourcery-ai · 2026-02-25T15:13:59Z

.github/chatmodes/playwright-tester.chatmode.md

-      npx playwright test --project='bdd' --trace on -g "scenario name here" --headed
+      npx playwright test --project='bdd' --trace on -g "scenario name here"
      ```
   - In case of test failures, the above command launched HTML server to host the test output Press `Ctrl+C` to stop the server


suggestion (typo): Tighten grammar and punctuation in this sentence for clarity.

Suggest: "In case of test failures, the above command launches an HTML server to host the test output. Press Ctrl+C to stop the server."

Signed-off-by: mrrajan <86094767+mrrajan@users.noreply.github.com.>

carlosthe19916

As those are cherry-picks I cannot not really review the changes itself, but having CI to pass would be enough. I see CI failing, let's make sure no errors are encountered and we can merge this

…ec#831) Signed-off-by: Carlos Feria <2582866+carlosthe19916@users.noreply.github.com>