chore: test shared maestro actions from WalletConnect/actions#461
chore: test shared maestro actions from WalletConnect/actions#461ignaciosantise wants to merge 5 commits intomainfrom
Conversation
Point CI E2E workflow at WalletConnect/actions/maestro/* composite actions (feat/maestro-pay-actions branch) to test the shared Pay test flows. - iOS: uses maestro/pay-tests, maestro/setup, and maestro/run actions - Android: uses maestro/pay-tests and maestro/setup before emulator runner, keeps inline maestro test command in the script block Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Claude finished @ignaciosantise's task in 1m 40s —— View job Code Review
No breaking changes or data classification issues found. Found 2 issue(s)Issue 1: Mutable action ref will need update before production mergeID: ci-e2e-walletkit-mutable-action-ref-a3f1 Context:
Recommendation: After validation, pin to a SHA or the stable uses: WalletConnect/actions/maestro/pay-tests@<SHA>Issue 2: Android script hardcodes absolute Maestro binary pathID: ci-e2e-walletkit-android-hardcoded-maestro-path-b7c2 Context:
Recommendation: Rely on the PATH addition from the setup action and remove the absolute prefix: script: |
adb install ...
maestro test --env APP_ID=... |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| - name: Install app on Simulator | ||
| run: xcrun simctl install "$DEVICE_ID" "$APP_PATH" | ||
|
|
||
| - name: Copy shared Pay test flows |
There was a problem hiding this comment.
🤖 Auto Review Issue: Mutable action ref will need update before production merge
Severity: MEDIUM
Category: security
Tool: Claude Auto Review
Context:
- Pattern: All three action references use
@feat/maestro-pay-actions— a mutable branch ref - Risk: Branch refs can be force-pushed or repointed; any change to
WalletConnect/actions@feat/maestro-pay-actionswill silently affect this workflow on next run - Impact: Unexpected behavior changes or supply-chain risk if the branch is tampered with
- Trigger: Noted as intentional for this validation PR; must be updated to
@master(or a pinned SHA) before merging tomain
Recommendation: After validation, pin to a SHA or the stable @master ref:
uses: WalletConnect/actions/maestro/pay-tests@<SHA>There was a problem hiding this comment.
Pull request overview
Updates the WalletKit E2E GitHub Actions workflow to validate running Maestro pay tests via shared composite actions hosted in WalletConnect/actions, as a precursor to merging those shared actions upstream.
Changes:
- Switched iOS job from inline Maestro install/test commands to shared
maestro/pay-tests,maestro/setup, andmaestro/runactions. - Switched Android job Maestro installation + shared pay flows to shared
maestro/pay-testsandmaestro/setupactions (keeping inlinemaestro testunder the emulator runner).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - name: Copy shared Pay test flows | ||
| uses: WalletConnect/actions/maestro/pay-tests@feat/maestro-pay-actions | ||
|
|
||
| - name: Install Maestro | ||
| run: | | ||
| curl -fsSL "https://get.maestro.mobile.dev" | bash | ||
| echo "$HOME/.maestro/bin" >> "$GITHUB_PATH" | ||
| uses: WalletConnect/actions/maestro/setup@feat/maestro-pay-actions | ||
|
|
||
| - name: Run Maestro tests | ||
| id: maestro | ||
| run: | | ||
| set -o pipefail | ||
| maestro test \ | ||
| --env APP_ID="${{ env.MAESTRO_APP_ID }}" \ | ||
| --env WPAY_CUSTOMER_KEY_MULTI_KYC="${{ secrets.WPAY_CUSTOMER_KEY_MULTI_KYC }}" \ | ||
| --env WPAY_MERCHANT_ID_MULTI_KYC="${{ secrets.WPAY_MERCHANT_ID_MULTI_KYC }}" \ | ||
| --env WPAY_CUSTOMER_KEY_MULTI_NOKYC="${{ secrets.WPAY_CUSTOMER_KEY_MULTI_NOKYC }}" \ | ||
| --env WPAY_MERCHANT_ID_MULTI_NOKYC="${{ secrets.WPAY_MERCHANT_ID_MULTI_NOKYC }}" \ | ||
| --env WPAY_CUSTOMER_KEY_SINGLE_NOKYC="${{ secrets.WPAY_CUSTOMER_KEY_SINGLE_NOKYC }}" \ | ||
| --env WPAY_MERCHANT_ID_SINGLE_NOKYC="${{ secrets.WPAY_MERCHANT_ID_SINGLE_NOKYC }}" \ | ||
| --include-tags "${{ env.MAESTRO_TAGS }}" \ | ||
| --test-output-dir maestro-artifacts \ | ||
| --debug-output maestro-artifacts \ | ||
| .maestro/ 2>&1 | tee maestro-output.log | ||
|
|
||
| - name: Upload Maestro artifacts | ||
| if: always() | ||
| uses: actions/upload-artifact@v4 | ||
| uses: WalletConnect/actions/maestro/run@feat/maestro-pay-actions |
There was a problem hiding this comment.
These steps reference WalletConnect/actions using a mutable branch ref (@feat/maestro-pay-actions) while also passing secrets into the action inputs. For supply-chain safety and reproducibility, pin the action to a commit SHA (even during validation), then update the pinned SHA (or switch to a tag) when the shared actions are merged.
| wpay-customer-key-multi-kyc: ${{ secrets.WPAY_CUSTOMER_KEY_MULTI_KYC }} | ||
| wpay-merchant-id-multi-kyc: ${{ secrets.WPAY_MERCHANT_ID_MULTI_KYC }} | ||
| artifact-name: maestro-ios-artifacts | ||
|
|
There was a problem hiding this comment.
The previous workflow always uploaded Maestro logs/artifacts via a dedicated actions/upload-artifact step (with if: always()). Now iOS artifact handling is delegated entirely to the external maestro/run action. Please ensure that action uploads artifacts even when the Maestro run fails (i.e., uses if: always() internally), or reintroduce an explicit upload-artifact step here so failure cases still produce logs for debugging.
| - name: Upload Maestro iOS artifacts | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: maestro-ios-artifacts-fallback | |
| if-no-files-found: ignore | |
| path: | | |
| ~/.maestro/tests/** | |
| ~/.maestro/logs/** | |
| .maestro/** |
| - name: Copy shared Pay test flows | ||
| uses: WalletConnect/actions/maestro/pay-tests@feat/maestro-pay-actions | ||
|
|
||
| - name: Install Maestro | ||
| run: | | ||
| curl -fsSL "https://get.maestro.mobile.dev" | bash | ||
| echo "$HOME/.maestro/bin" >> "$GITHUB_PATH" | ||
| uses: WalletConnect/actions/maestro/setup@feat/maestro-pay-actions |
There was a problem hiding this comment.
Same concern as iOS: these steps use a mutable branch ref (@feat/maestro-pay-actions) for an external action. Pin to a commit SHA to avoid the workflow behavior changing unexpectedly between runs and to reduce supply-chain risk.
Pay test flows now live in WalletConnect/actions repo as the single source of truth. Added scripts/setup-maestro-pay-tests.sh to download them for local development. CI uses the maestro/pay-tests composite action to copy them at build time. The .gitignore prevents downloaded pay flows from being committed. Usage: ./scripts/setup-maestro-pay-tests.sh [branch] Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Reads WPAY secrets from .env.maestro file and passes them to maestro. Usage: cp .env.maestro.example .env.maestro # fill in secrets ./scripts/setup-maestro-pay-tests.sh # download flows ./scripts/run-maestro-pay-tests.sh # run all pay tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Process substitution with source <(...) doesn't export variables properly in all bash contexts. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The run script now automatically downloads shared test flows from WalletConnect/actions if they're not already present. No need to run setup-maestro-pay-tests.sh separately. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Summary
ci_e2e_walletkit.yamlat the shared Maestro composite actions fromWalletConnect/actions@feat/maestro-pay-actions(feat(maestro): shared WalletConnect Pay E2E test actions WalletConnect/actions#77)maestro/pay-tests,maestro/setup,maestro/runmaestro/pay-testsandmaestro/setupbefore the emulator runner, keeps inlinemaestro testin the script blockPurpose
This is a validation PR to confirm the shared actions work end-to-end before merging WalletConnect/actions#77 to master. Once validated, the action refs will be updated from
@feat/maestro-pay-actionsto@master.Test plan
workflow_dispatchfor iOS — confirm shared flows are copied, Maestro installs, tests passworkflow_dispatchfor Android — confirm same🤖 Generated with Claude Code