Playwright automation: Employer Login and Job Post fixes

[aakarshitsharma06]

Changes:

• Added automation for Employer Login (TC3 - TC7)
• Fixed Employer Job Posting Flow
• Refactored test name prefixes to standard format
• Removed missing global applicants button assertion
• Updated login email used in job posting suite

Summary by CodeRabbit

• Bug Fixes

  • Removed the global applicants option from the employer job posting interface.

• Tests

  • Updated employer job posting test data.
  • Added end-to-end employer login tests covering successful login, one-time code flow, input validation, error messaging, and password-recovery navigation.

• Chores

  • Added a CI workflow to run Playwright end-to-end tests and upload test reports.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: f7d77fc5-a5c8-461f-93dc-40f512f8a03c

📥 Commits

Reviewing files that changed from the base of the PR and between 930c7fd and 30d7cce.

📒 Files selected for processing (1)

• .github/workflows/playwright.yml

---

📝 Walkthrough

Walkthrough

Removes a deprecated “allow global applicants” click from the employer page object, adds a Playwright employer login test suite, updates a job-post test email, and adds a GitHub Actions workflow to run Playwright E2E tests and upload the report.

Changes

Employer Authentication and CI

Layer / File(s)	Summary
Page Object Cleanup pages/AvuaEmployerPage.ts	Removed the "allow global applicants" button click action and added a small formatting change.
Employer Login Test Suite tests/employerLogin.spec.ts	Added Playwright tests covering valid login redirect to /employer/dashboard, disabled Sign in when fields empty, One-time code (OTP) flow and confirmation, handling of unregistered emails, disabled send-code state, and forgot-password navigation.
Job Posting Test Email Update tests/employerJobPost.spec.ts	Updated the hardcoded employer login email used by the job posting test.
Playwright CI Workflow .github/workflows/playwright.yml	Added GitHub Actions workflow to run Playwright tests, install Node and Playwright browsers, execute tests, and upload playwright-report/ as an artifact.

Sequence Diagram(s)

sequenceDiagram
  participant Developer
  participant GitHubActions
  participant Runner
  participant Playwright
  participant ArtifactStore
  Developer->>GitHubActions: push/PR/dispatch triggers workflow
  GitHubActions->>Runner: start ubuntu-latest job
  Runner->>Playwright: install browsers & deps
  Runner->>Playwright: run `npx playwright test`
  Playwright->>ArtifactStore: upload `playwright-report/`

Loading

🎯 3 (Moderate) | ⏱️ ~20 minutes

🐰 I hopped through CI and test delight,
Removed a click, made logins bright,
New suites that check OTP and sign,
Reports uploaded—playwrights align! 🎩🧪

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: adding Playwright automation for employer login and fixing job post flows, which aligns with the PR objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch staging

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/employerLogin.spec.ts`:
- Around line 4-5: Tests hardcode credentials causing security risk; replace the
inline constants EMAIL and PASS in tests/employerLogin.spec.ts (lines 4-5) with
environment-backed values (e.g., read process.env.EMPLOYER_TEST_EMAIL and
process.env.EMPLOYER_TEST_PASS) and add a fail-fast guard that throws or calls
fail if either env var is missing, and in tests/employerJobPost.spec.ts (lines
16-17) remove the local literal credentials and consume the same shared
env-backed credential source used by employerLogin.spec.ts (no change needed to
test logic beyond using the env variables or a shared helper), ensuring both
files reference the same env names so credential rotation is centralized.
- Around line 53-55: Replace the hard-coded email literal used for TC5 with a
deterministic, per-run unique non-existent address: generate a testEmail (for
example using Date.now() or a UUID) and use emailInput.fill(testEmail) instead
of the static 'user@company.com'; ensure the domain is a safe non-deliverable
host like example.com or a plus-addressing pattern (e.g.,
`nonexistent+${Date.now()}`@example.com``) so the address cannot collide with real
accounts.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 036dab7d-8502-418c-8562-e03daf6677b1

📥 Commits

Reviewing files that changed from the base of the PR and between 51dd208 and 4fdf0a8.

📒 Files selected for processing (3)

• pages/AvuaEmployerPage.ts
• tests/employerJobPost.spec.ts
• tests/employerLogin.spec.ts

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

.github/workflows/playwright.yml (1)

15-15: ⚡ Quick win

Use a fixed Node major version instead of lts/* for deterministic CI.

Line 15 uses node-version: lts/*, which can silently change and destabilize test runs. Pin to an explicit major (for example 22) and upgrade intentionally.

Suggested reliability diff

-        node-version: lts/*
+        node-version: '22'

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/playwright.yml at line 15, The workflow currently pins
Node with node-version: lts/* which can change unpredictably; replace the lts/*
value with a fixed major (e.g., node-version: "22") under the node-version key
in the Playwright workflow to ensure deterministic CI runs and update it
intentionally when upgrading Node.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/playwright.yml:
- Around line 12-13: Replace the floating action tags with fixed commit SHAs:
update the three `uses:` entries `actions/checkout@v4`, `actions/setup-node@v4`,
and `actions/upload-artifact@v4` to the corresponding repository commit SHAs
(e.g., `actions/checkout@<full-sha>`, `actions/setup-node@<full-sha>`,
`actions/upload-artifact@<full-sha>`); obtain the correct SHA for each action
from its GitHub repo (releases/tags or the default branch commit that matches
the v4 tag) and substitute the tag with that full 40-character commit SHA so the
workflow is pinned to immutable versions.
- Around line 12-15: Update the actions/checkout@v4 step to disable credential
persistence by adding persist-credentials: false under its with: block;
specifically modify the checkout step (uses: actions/checkout@v4) to include a
with: section containing persist-credentials: false so the job does not
automatically inject auth tokens into the workspace.

---

Nitpick comments:
In @.github/workflows/playwright.yml:
- Line 15: The workflow currently pins Node with node-version: lts/* which can
change unpredictably; replace the lts/* value with a fixed major (e.g.,
node-version: "22") under the node-version key in the Playwright workflow to
ensure deterministic CI runs and update it intentionally when upgrading Node.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 0105cf62-c9ad-4194-960d-53b30287fbe0

📥 Commits

Reviewing files that changed from the base of the PR and between 4fdf0a8 and f8abde5.

📒 Files selected for processing (1)

• .github/workflows/playwright.yml

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/playwright.yml:
- Around line 1-2: Add explicit least-privilege GITHUB_TOKEN permissions to the
workflow by adding a top-level permissions block and set contents: read (e.g.,
add "permissions: contents: read" under the workflow name) so the job does not
inherit broader repository defaults; update the existing Playwright workflow
file's top-level to include this permissions stanza and no other code changes
are required.
- Around line 9-14: The workflow defines the frontend_branch input but the
checkout step doesn't use it; update the actions/checkout step (the checkout
step that currently checks out the repo) to set ref: ${{
github.event.inputs.frontend_branch || github.ref }} so the manually-dispatched
frontend_branch input is honored (keep step name unchanged, only add the ref
expression to the existing actions/checkout invocation).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 73d7606f-64b1-48ff-b73d-30a020ea3b3c

📥 Commits

Reviewing files that changed from the base of the PR and between f8abde5 and 1f56df8.

📒 Files selected for processing (1)

• .github/workflows/playwright.yml

[coderabbitai]

♻️ Duplicate comments (1)

.github/workflows/playwright.yml (1)

20-20: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Disable checkout credential persistence on Line 20.

actions/checkout still uses default credential persistence; add persist-credentials: false to reduce token exposure risk in job context/artifacts.

What is the default value of `persist-credentials` for `actions/checkout` v4/v5, and what is the recommended hardening setting for least-privilege CI workflows?

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/playwright.yml at line 20, The checkout step currently
leaves credential persistence enabled (default persist-credentials: true for
actions/checkout v4/v5); update the checkout invocation that uses
actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 to add a with: block
setting persist-credentials: false to harden the job (ensure proper YAML
indentation), i.e. add the persist-credentials: false option to the
actions/checkout step to enforce least-privilege CI workflows.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In @.github/workflows/playwright.yml:
- Line 20: The checkout step currently leaves credential persistence enabled
(default persist-credentials: true for actions/checkout v4/v5); update the
checkout invocation that uses
actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 to add a with: block
setting persist-credentials: false to harden the job (ensure proper YAML
indentation), i.e. add the persist-credentials: false option to the
actions/checkout step to enforce least-privilege CI workflows.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 4629e215-dcb3-4735-b1fb-4f6b2852b7c8

📥 Commits

Reviewing files that changed from the base of the PR and between 1f56df8 and 930c7fd.

📒 Files selected for processing (1)

• .github/workflows/playwright.yml