Add E2E tests for ServiceNow IDP app

Author: mraible

.github/workflows/e2e.yml

@@ -0,0 +1,167 @@
+name: ServiceNow IDP App E2E Tests
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+# Serialize E2E tests to prevent deployment and UI collisions
+concurrency:
+  group: e2e-tests-${{ github.repository }}
+  cancel-in-progress: false  # Let running tests finish before starting new ones
+
+permissions:
+  contents: read
+
+jobs:
+  e2e:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    if: github.actor != 'dependabot[bot]'
+    env:
+      FOUNDRY_API_CLIENT_ID: ${{ secrets.FOUNDRY_API_CLIENT_ID }}
+      FOUNDRY_API_CLIENT_SECRET: ${{ secrets.FOUNDRY_API_CLIENT_SECRET }}
+      FOUNDRY_CID: ${{ secrets.FOUNDRY_CID }}
+      FOUNDRY_CLOUD_REGION: ${{ secrets.FOUNDRY_CLOUD_REGION }}
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8  # v5.0.0
+
+      - name: Set up Homebrew
+        uses: Homebrew/actions/setup-homebrew@1ccc07ccd8b9519f44d3e5eaa1b41dd90310adf0  # master
+
+      - name: Install required tools
+        run: |
+          brew tap crowdstrike/foundry-cli
+          brew install crowdstrike/foundry-cli/foundry yq
+
+      - name: Create directory for Foundry CLI
+        run: mkdir -p ~/.config/foundry
+
+      - name: Prepare app manifest
+        run: |
+          # Remove IDs from manifest
+          yq -i 'del(.. | select(has("id")).id) | del(.. | select(has("app_id")).app_id)' manifest.yml
+
+          # Generate unique app name with length safety
+          REPO_NAME="${{ github.event.repository.name }}"
+          ACTOR="${{ github.actor }}"
+          SHORT_ACTOR="${ACTOR/dependabot\[bot\]/deps}"
+          UNIQUE_NAME="${REPO_NAME}-${SHORT_ACTOR}-$(date +"%m%d%H%M")"
+
+          # Truncate if too long by removing foundry- prefix
+          if [ ${#UNIQUE_NAME} -gt 50 ]; then
+            REPO_BASE="${REPO_NAME#foundry-}"
+            UNIQUE_NAME="${REPO_BASE}-${SHORT_ACTOR}-$(date +"%m%d%H%M")"
+          fi
+
+          # Export for yq and set the manifest name
+          export UNIQUE_NAME
+          yq -i '.name = env(UNIQUE_NAME)' manifest.yml
+
+          # Set app name as environment variable
+          APP_NAME=$(yq '.name' manifest.yml)
+          echo "APP_NAME=$APP_NAME" >> $GITHUB_ENV
+
+          echo "Prepared manifest with app name: $APP_NAME"
+
+      - name: Deploy app to Falcon
+        run: |
+          foundry apps deploy --change-type=major --change-log="e2e deploy"
+          echo "App deployment initiated"
+
+      - name: Wait for deployment and release app
+        run: |
+          echo "Waiting for deployment to complete..."
+          timeout=300  # 5 minute timeout
+          elapsed=0
+
+          while [ $elapsed -lt $timeout ]; do
+            if foundry apps list-deployments | grep -i "successful"; then
+              echo "Deployment successful, releasing app..."
+              foundry apps release --change-type=major --notes="e2e release"
+              echo "App released successfully"
+
+              # Brief wait for release to complete - E2E tests handle app discovery with retries
+              echo "Allowing brief time for release to complete..."
+              sleep 15
+
+              # Verify deployment status and get app details
+              echo "Verifying final deployment status..."
+              foundry apps list-deployments
+
+              echo "Final deployed app name: $APP_NAME"
+
+              exit 0
+            fi
+
+            if foundry apps list-deployments | grep -i "failed"; then
+              echo "Deployment failed"
+              exit 1
+            fi
+
+            sleep 5
+            elapsed=$((elapsed + 5))
+          done
+
+          echo "Deployment timeout after ${timeout} seconds"
+          exit 1
+
+      # Parallelize Node setup while deployment happens
+      - name: Install Node LTS
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903  # v6
+        with:
+          node-version: 22
+          cache: 'npm'
+          cache-dependency-path: e2e/package-lock.json
+
+      - name: Install dependencies
+        run: npm ci
+        working-directory: e2e
+
+      - name: Install Playwright browsers
+        run: npx playwright install chromium --with-deps
+        working-directory: e2e
+
+      - name: Make envfile
+        uses: SpicyPizza/create-envfile@6da099c0b655bd3abd8273c4e2fe7c59e63fa88a  # v2
+        with:
+          envkey_FALCON_USERNAME: ${{ secrets.FALCON_USERNAME }}
+          envkey_FALCON_PASSWORD: ${{ secrets.FALCON_PASSWORD }}
+          envkey_FALCON_AUTH_SECRET: ${{ secrets.FALCON_AUTH_SECRET }}
+          envkey_APP_NAME: $APP_NAME
+          directory: e2e
+
+      - name: Run Playwright tests
+        run: npx dotenvx run --quiet -- npx playwright test
+        working-directory: e2e
+        env:
+          CI: true
+
+      - name: Upload Playwright report
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4  # v5
+        if: ${{ !cancelled() }}
+        with:
+          name: playwright-report-${{ env.APP_NAME }}
+          path: e2e/playwright-report/
+          retention-days: 7
+
+      - name: Upload test results and screenshots
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4  # v5
+        if: ${{ !cancelled() }}
+        with:
+          name: playwright-test-results-${{ env.APP_NAME }}
+          path: e2e/test-results/
+          retention-days: 7
+
+      - name: Delete app from Falcon
+        if: always()
+        run: |
+          echo "Deleting app: $APP_NAME"
+          foundry apps delete -f || echo "App deletion failed, may already be deleted"

e2e/.env.sample

@@ -0,0 +1,8 @@
+# Falcon Authentication
+FALCON_USERNAME=[email protected]
+FALCON_PASSWORD=your-password
+FALCON_AUTH_SECRET=your-totp-secret
+FALCON_BASE_URL=https://falcon.us-2.crowdstrike.com
+
+# App Configuration
+APP_NAME=foundry-sample-servicenow-idp

e2e/.gitignore

@@ -0,0 +1,14 @@
+# .dotenvx
+.env
+.env.keys
+
+# IntelliJ IDEA
+.idea
+
+# Playwright
+node_modules/
+/test-results/
+/playwright/
+/playwright-report/
+/blob-report/
+/playwright/.cache/

e2e/README.md

@@ -0,0 +1,52 @@
+# E2E Tests
+
+End-to-end tests for the ServiceNow IDP Foundry app using Playwright.
+
+## Tests Included
+
+- **Workflow Verification**: Verifies that the app's workflows are deployed and accessible in Fusion SOAR
+
+## About This App
+
+This app synchronizes ServiceNow Configuration Management Database (CMDB) configuration rules with Identity Protection policies. It includes two workflows for synchronizing policy rules and managing checkpoints. The E2E tests verify that both workflows are properly deployed and discoverable.
+
+## Setup
+
+```bash
+npm ci
+npx playwright install chromium
+cp .env.sample .env
+# Edit .env with your credentials
+```
+
+## Run Tests
+
+```bash
+npm test              # All tests
+npm run test:debug    # Debug mode
+npm run test:ui       # Interactive UI
+```
+
+## Environment Variables
+
+```env
+APP_NAME=foundry-sample-servicenow-idp
+FALCON_BASE_URL=https://falcon.us-2.crowdstrike.com
+FALCON_USERNAME=your-username
+FALCON_PASSWORD=your-password
+FALCON_AUTH_SECRET=your-mfa-secret
+```
+
+**Important:** The `APP_NAME` must exactly match the app name as deployed in Falcon.
+
+## Test Flow
+
+1. **Setup**: Authenticates and installs the app
+2. **Workflow Verification**:
+   - Searches for both workflows
+   - Verifies both workflows are discoverable in Fusion SOAR
+3. **Teardown**: Uninstalls the app
+
+## CI/CD
+
+Tests run automatically in GitHub Actions on push/PR to main. The workflow deploys the app, runs tests, and cleans up.

e2e/constants/AuthFile.ts

@@ -0,0 +1 @@
+export const AuthFile = 'playwright/.auth/user.json';