Update Cypress configuration, dependencies, and improve test reliability

[ashiduDissanayake]

Changed test command in package.json to use --e2e for Cypress runs.
Updated test specifications to reflect new file structure in package.json.
Upgraded Cypress version from 9.7.0 to 14.3.2 for enhanced features and stability.
Replaced aws-sdk with @aws-sdk/client-s3 and added archiver and nodemailer dependencies.
Modified local test script to align with new file naming conventions.
Updated Node.js setup script in test.sh to use Node.js 22.x.
update the gitaction to v7 from v4.

Summary by CodeRabbit

• Chores
  • Upgraded Cypress to 14.3.2, migrated tests to E2E (.cy.js) patterns and updated test scripts.
  • CI workflow bumped to Node.js 22 and updated Cypress action; test spec glob updated to new e2e path.
  • Moved test configuration from JSON to JS, integrated Mochawesome + JUnit reporting, and added reporter registration.
  • Standardized timeouts to environment variables, refined selectors, improved test cleanup, and updated test-related dependencies.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Node in CI bumped to 22, Cypress Action upgraded to v7 and Cypress to 14.x. Added tests/cypress.config.js and removed tests/cypress.json. Tests moved to cypress/e2e/**/*.cy.js; many tests and support code now read timeouts from Cypress.env('largeTimeout') with selector and teardown tweaks.

Changes

Cohort / File(s)	Summary
CI / Workflow .github/workflows/ui-test.yml	Node setup updated to 22.x; Cypress Action bumped v4 → v7; test spec glob changed to cypress/e2e/**/*.cy.js.
Cypress config & support tests/cypress.config.js, tests/cypress.json, tests/cypress/support/e2e.js	Added tests/cypress.config.js (defineConfig) and reporter/plugin setup; removed legacy tests/cypress.json; registered mochawesome and set default Cypress.env('largeTimeout') if missing.
Test runner scripts & deps tests/package.json, tests/test.sh, tests/test.local.sh	Scripts moved to cypress run --e2e with new spec globs; Cypress bumped to 14.3.2; Node setup script updated to setup_22.x; test dependencies changed (e.g., aws-sdk → @aws-sdk/client-s3, added archiver, nodemailer).
Global timeout & selectors tests/cypress/support/..., tests/cypress/support/commands.js, tests/cypress/support/functions/publisher/PublisherMenu.js, tests/cypress/support/pages/...	Replaced widespread Cypress.config().largeTimeout with Cypress.env('largeTimeout'); added selector fallbacks (area-label/aria-label) and other selector robustness improvements.
Bulk e2e tests tests/cypress/e2e/admin/**/*.cy.js, tests/cypress/e2e/devportal/**/*.cy.js, tests/cypress/e2e/publisher/**/*.cy.js, tests/cypress/integration/e2e/...	Many tests updated to new .cy.js paths and env-based timeouts; numerous waits, intercepts, and scroll/visibility adjustments applied for stability.
Targeted test logic changes tests/cypress/e2e/devportal/000-general/03-self-signup.cy.js, tests/cypress/e2e/publisher/000-general/03-create-and-publish-graphql-api-with-all-information.cy.js, tests/cypress/e2e/publisher/019-read-only-user/...cy.js	Self-signup: removed exclusive tests, changed config handling and teardown flows. GraphQL test: const→let for dynamic names, added applicationCreated guard and dynamic role naming. Read-only test: added network intercepts and UI stability tweaks.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐇 I hopped through configs and nudged each test suite,

Switched to .cy files and made timeouts from env true.
Node now runs twenty-two, reporters set to sing,
I danced through selectors — a tidy little spring.
A joyful little hop for CI and QA too.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: updating Cypress configuration, upgrading dependencies, and improving test reliability through timeout handling refactoring.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can disable sequence diagrams in the walkthrough.

Disable the reviews.sequence_diagrams setting to disable sequence diagrams in the walkthrough.

[Copilot]

Pull request overview

This PR upgrades the Cypress test stack and CI runtime to modern versions, migrating configuration to cypress.config.js and updating scripts/spec patterns to match a new e2e file layout while improving test stability via better waits/timeouts.

Changes:

• Upgrade Cypress (9.7.0 → 14.3.2) and migrate cypress.json → cypress.config.js with new specPattern/excludeSpecPattern.
• Update test scripts/spec targeting to cypress/e2e/**/*.cy.js and switch many timeouts to Cypress.env('largeTimeout').
• Update CI/runtime dependencies: Node.js 22 in scripts and GitHub Actions, bump cypress-io/github-action to v7, and replace/add supporting npm deps.

Reviewed changes

Copilot reviewed 53 out of 130 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
tests/test.sh	Updates Node.js install script to use Node 22.x for test runs.
tests/test.local.sh	Points local Cypress run at the new e2e .cy.js spec path.
tests/package.json	Updates Cypress command patterns, upgrades Cypress, and adjusts dependencies (AWS SDK v3 client, archiver, nodemailer).
tests/cypress/support/pages/carbon/AddNewUserStep1Page.js	Switches large timeout sourcing from config to env.
tests/cypress/support/functions/publisher/PublisherMenu.js	Switches network wait timeouts from config to env for reliability.
tests/cypress/support/commands.js	Broad timeout sourcing updates to env across custom commands.
tests/cypress/integration/publisher/022-gateway-policies/00-gateway-policy.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/020-prototyped-apis/02-can-try-out-resources-with-key-when-security-enabled.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/020-prototyped-apis/01-cannot-try-out-resources-without-key-when-security-enabled.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/020-prototyped-apis/00-try-out-resources-without-key-when-security-disabled.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/019-read-only-user/00-verify-that-read-only-user-cannot-create-update-api.spec.js	Improves reliability with intercept-based waits and env-based timeouts.
tests/cypress/integration/publisher/018-third-party-api/00-publish-third-party-api.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/017-api-policies/01-api-specific-policy.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/014-comments/01-add-nested-comments-to-api.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/013-api-product/06-download-api-product.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/013-api-product/05-create-new-version-of-api-product.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/013-api-product/04-lifecycle-support-for-api-products.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/013-api-product/03-undeploy-new-revision-of-api-product.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/013-api-product/02-create-a-new-revision-for-the-api-product-and-deploy.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/013-api-product/01-create-product-and-update-underline-api.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/012-documents/02-view-generated-document-not-rest.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/011-lifecycle/04-depricate-old-versions.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/011-lifecycle/01-block-demote-to-created-depricate-api.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/009-api-definition/01-download-swagger.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/008-business-info/00-business-info.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/006-subscriptions/01-subscribtion-blocking.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/005-design-config/03-add-tags-for-the-api.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/005-design-config/00-add-thumbnail-image.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/004-endpoints/08-usage-warning-certificates.spec.skip.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/004-endpoints/07-mock-api-and-test.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/004-endpoints/06-Import-delete-certificates.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/004-endpoints/03-add-failover.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/004-endpoints/01-add-soap-endpoints-production-sandbox.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/003-run-time-configs/01-select-transport-types.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/002-api-resources/02-add-assign-global-scopes-for-api.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/001-api-create/07-create-and-publish-api-from-scratch.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/001-api-create/03-create-api-with-swagger-url-super-tenant.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/publisher/000-general/03-create-and-publish-graphql-api-with-all-information.spec.js	Improves test isolation/data generation and updates timeouts to env-based largeTimeout.
tests/cypress/integration/devportal/004-api-product/00-api-product-invoke-with-keys.spec..skipjs	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/devportal/003-test/00-tryout-api-invocations-from-swagger-console.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/devportal/002-subscriptions/03-change-subscription-tier-on-an-application.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/devportal/002-subscriptions/02-subscribe-via-wizard.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/devportal/002-subscriptions/01-subscribe-unsubscribe-to-app-from-app.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/devportal/001-applications/05-test-application-sharing.spec.js	Adds tenant config fixture usage and improves session cleanup, plus env-based timeouts.
tests/cypress/integration/devportal/000-general/04-change-password-of-a-user.spec.js	Updates timeouts to env-based largeTimeout and removes debug call.
tests/cypress/integration/devportal/000-general/03-self-signup.spec.js	Adjusts tenant config modification strategy and removes .only from tests.
tests/cypress/integration/devportal/000-general/01-anonymous-user-view-public-apis.spec.js	Updates timeout sourcing in jQuery lookup loop.
tests/cypress/integration/admin/09-add-edit-delete-km.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/admin/08-add-api-categories.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress/integration/admin/05-add-custom-throttle-policies.spec.js	Updates timeouts to env-based largeTimeout.
tests/cypress.json	Removes legacy Cypress v9 cypress.json configuration file.
tests/cypress.config.js	Adds Cypress v10+ config with env largeTimeout and new spec/exclusion patterns.
.github/workflows/ui-test.yml	Updates Node version to 22 and bumps Cypress GitHub Action to v7 with new spec glob.

Comments suppressed due to low confidence (1)

tests/package.json:1

• Please verify these dependency versions exist/publish on npm. As of my knowledge cutoff (Aug 2025), nodemailer was on major v6, and archiver was also not on v7; if these versions are typos or not available in your registry, installs/CI will fail. If you intended latest, consider pinning to an existing published version.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 13

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (12)

tests/cypress/e2e/publisher/020-prototyped-apis/02-can-try-out-resources-with-key-when-security-enabled.cy.js (1)

35-35: ⚠️ Potential issue | 🟠 Major

Remove .only modifier from test case.

The PR objectives state that accidental .only usage should be removed, but this file still contains it.only. When the describe.skip is eventually removed, this will cause CI to execute only this single test, skipping all other tests in the suite.

🐛 Proposed fix

-    it.only("try out resources enabling the security without credentials", () => {
+    it("try out resources enabling the security without credentials", () => {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/020-prototyped-apis/02-can-try-out-resources-with-key-when-security-enabled.cy.js`
at line 35, The test uses it.only which limits the test run; change the test
declaration from it.only("try out resources enabling the security without
credentials", ...) to a normal it(...) by removing the .only modifier so the
test suite runs all tests as intended; locate the it.only occurrence in the spec
(the test with the title "try out resources enabling the security without
credentials") and remove ".only".

tests/cypress/e2e/publisher/005-design-config/00-add-thumbnail-image.cy.js (1)

33-38: ⚠️ Potential issue | 🔴 Critical

Remove it.only to enable full test suite execution.

The it.only modifier will cause all other tests to be skipped during test runs.

Proposed fix

-    it.only("Upload thumbnail", {
+    it("Upload thumbnail", {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/cypress/e2e/publisher/005-design-config/00-add-thumbnail-image.cy.js`
around lines 33 - 38, The test currently uses it.only in the declaration
it.only("Upload thumbnail", { retries: { runMode: 3, openMode: 0 } }, () => {
... }) which prevents other tests from running; change it.only to it (i.e.,
it("Upload thumbnail", { retries: { runMode: 3, openMode: 0 } }, () => { ... }))
so the full test suite runs while preserving the retries configuration and test
body.

tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js (2)

34-34: ⚠️ Potential issue | 🔴 Critical

Remove it.only to enable full test suite execution.

Proposed fix

-    it.only("Creating inline document", () => {
+    it("Creating inline document", () => {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js`
at line 34, Remove the isolated test marker by replacing "it.only" with "it" for
the test titled "Creating inline document" so the suite runs all tests; locate
the test declaration that currently reads it.only("Creating inline document",
...) and change it to it("Creating inline document", ...).

---

70-73: ⚠️ Potential issue | 🟡 Minor

Fix cleanup mismatch: use dynamic apiId instead of hardcoded genApiId in the after hook.

The test creates an API via cy.createGraphqlAPIfromFile and receives a dynamic apiId, which is used throughout the test (lines 36, 54). However, the after hook attempts to delete the hardcoded genApiId = 'sample-apiid-gendoc' instead of the actual API created. This leaves the dynamically created API uncleaned and attempts to delete a non-existent or wrong API ID.

Store the returned apiId from the GraphQL API creation and use it in the cleanup hook instead.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js`
around lines 70 - 73, The after hook currently calls Utils.deleteAPI(genApiId)
using a hardcoded genApiId; modify the test to capture and store the dynamic
apiId returned by cy.createGraphqlAPIfromFile (the same apiId used at lines
where createGraphqlAPIfromFile and assertions run) into a variable (e.g., apiId)
accessible to the after hook, then call Utils.deleteAPI(apiId) in the after
function so the actual created API is deleted instead of the hardcoded genApiId.

tests/cypress/e2e/publisher/014-comments/01-add-nested-comments-to-api.cy.js (1)

29-29: ⚠️ Potential issue | 🔴 Critical

Remove it.only to allow complete test suite execution.

Proposed fix

-  it.only("Add nested comments to to the api", () => {
+  it("Add nested comments to to the api", () => {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/cypress/e2e/publisher/014-comments/01-add-nested-comments-to-api.cy.js`
at line 29, The test currently uses it.only in the spec "Add nested comments to
to the api" which prevents the full Cypress suite from running; remove the .only
so the test reads it("Add nested comments to to the api", ...) (or otherwise
delete the ".only" token) in the test declaration to allow the complete test
suite to execute normally.

tests/test.sh (1)

101-118: ⚠️ Potential issue | 🔴 Critical

This still provisions Node 12, not Node 22.

Line 103 updates the NodeSource bootstrap script, but Lines 114-118 immediately download and symlink Node 12.22.3 over /usr/bin/node, /usr/bin/npm, and /usr/bin/npx. So the job will still execute on Node 12, which defeats this upgrade and can break the Cypress 14 toolchain.

Proposed fix

 curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -
 chmod 644 /usr/share/keyrings/nodesource.gpg
-curl -sL https://deb.nodesource.com/setup_22.x | sudo -E bash -
+curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
+sudo apt-get install -y nodejs
 npm -v
 if [[ $? -ne 0 ]]
 then
     echo "NPM exists and removing existing version."
     sudo apt-get purge nodejs -y
     sudo apt-get purge npm -y
 else
     echo "NPM Deos NOT exists and installing existing version."
 fi
 
-wget https://nodejs.org/dist/v12.22.3/node-v12.22.3-linux-x64.tar.xz
-tar -xvf node-v12.22.3-linux-x64.tar.xz
-sudo ln -s $HOME/node-v12.22.3-linux-x64/bin/node /usr/bin/node
-sudo ln -s $HOME/node-v12.22.3-linux-x64/bin/npm /usr/bin/npm
-sudo ln -s $HOME/node-v12.22.3-linux-x64/bin/npx /usr/bin/npx
 sudo apt-get install libgtk2.0-0 libgtk-3-0 libgbm-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 libxtst6 xauth xvfb -y

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/test.sh` around lines 101 - 118, The script runs the NodeSource setup
for Node 22 (curl ... setup_22.x) but then force-installs Node 12 by downloading
node-v12.22.3 and symlinking it; remove or replace that manual download/symlink
block (the wget + tar + ln -s lines referencing node-v12.22.3-linux-x64 and
/usr/bin/node/npm/npx) so the system-installed Node 22 from the NodeSource setup
is used instead — either delete those lines and run sudo apt-get install -y
nodejs after curl ... setup_22.x or update the downloaded tarball and symlinks
to a matching Node 22 release (e.g., node-v22.x) if you must use a tarball.

tests/cypress/e2e/devportal/000-general/01-anonymous-user-view-public-apis.cy.js (1)

50-63: ⚠️ Potential issue | 🟠 Major

Replace the synchronous Cypress.$() polling with a retryable Cypress command.

Line 53 does not reliably wait for the API: Cypress.$() is synchronous jQuery, so it does not honor the { timeout: ... } option, and the second parameter (apiName) is treated as jQuery's context argument rather than matching text. The loop just queues cy.reload() calls without proper waiting between attempts, so the test can miss the API even after publication completes.

Use cy.contains('a', apiName, { timeout: Cypress.env('largeTimeout') }) instead, which is a proper Cypress command that retries on failure and correctly matches the text content.

Current code (lines 50–63)

                        let remainingAttempts = 15;
                        let attemptCount = 0;
                        for (; attemptCount < remainingAttempts; attemptCount++) {
                            let $apis = Cypress.$('a', apiName, { timeout: Cypress.env('largeTimeout') });
                            if ($apis.length) {
                                // At least one with api name was found.
                                // Return a jQuery object.
                                cy.log('apis: ' + $apis.text());
                                break;
                            }
                            cy.reload();
                        }
                        if (attemptCount == (remainingAttempts - 1)) {
                            throw Error('Table was not found.');

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/devportal/000-general/01-anonymous-user-view-public-apis.cy.js`
around lines 50 - 63, The current polling loop uses synchronous Cypress.$('a',
apiName, ...) (with variables remainingAttempts and attemptCount) which doesn't
honor timeouts or match text; replace this with a retryable Cypress command: use
cy.contains('a', apiName, { timeout: Cypress.env('largeTimeout') }) (or chain
.should(...) as needed) instead of the Cypress.$ call and remove the manual
for-loop and cy.reload() pattern so Cypress will automatically retry until the
element appears; keep the log via cy.log if desired and throw a clear error only
after the cy.contains command fails (allowing Cypress's built-in timeout to
surface).

tests/cypress/e2e/devportal/002-subscriptions/03-change-subscription-tier-on-an-application.cy.js (1)

27-27: ⚠️ Potential issue | 🟡 Minor

Remove .only modifier for consistency.

Although the parent describe.skip prevents this test from running, the .only modifier should be removed for code cleanliness and to prevent issues if the skip is later removed.

Proposed fix

-    it.only("Change subscription tier", () => {
+    it("Change subscription tier", () => {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/devportal/002-subscriptions/03-change-subscription-tier-on-an-application.cy.js`
at line 27, The test is marked with it.only ("it.only(\"Change subscription
tier\", ...)") which should be removed for consistency; change the test
declaration to a normal it("Change subscription tier", ...) (remove the ".only"
token) and scan the file for any other accidental ".only" usages to ensure no
focused tests remain (leave the parent describe.skip as-is).

tests/cypress/e2e/publisher/009-api-definition/01-download-swagger.cy.js (1)

29-29: ⚠️ Potential issue | 🔴 Critical

Remove .only modifier to prevent skipping other tests in CI.

The it.only() will cause all other tests to be skipped during CI runs.

Proposed fix

-    it.only("Download swagger", () => {
+    it("Download swagger", () => {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/cypress/e2e/publisher/009-api-definition/01-download-swagger.cy.js` at
line 29, The test currently uses the focused modifier it.only in the spec
(it.only("Download swagger", ...)), which causes other tests to be skipped in
CI; remove the .only so the test reads it("Download swagger", ...) to restore
normal test discovery and ensure the full suite runs in CI, then run the Cypress
suite locally/CI to verify no other focused tests remain.

tests/cypress/e2e/publisher/011-lifecycle/04-depricate-old-versions.cy.js (1)

52-52: ⚠️ Potential issue | 🔴 Critical

Remove .only modifier to prevent skipping other tests in CI.

The it.only() will cause all other tests in this file and potentially other test files to be skipped during CI runs. The PR commit messages mention removing accidental .only usage, but this instance remains.

Proposed fix

-  it.only("Depricate old versions of api before publishing", () => {
+  it("Depricate old versions of api before publishing", () => {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/cypress/e2e/publisher/011-lifecycle/04-depricate-old-versions.cy.js` at
line 52, The test is accidentally marked with a focused modifier; remove the
`.only` from the test declaration `it.only("Depricate old versions of api before
publishing", ...)` so it becomes a normal test (`it("Depricate old versions of
api before publishing", ...)`) to ensure the rest of the test suite runs in CI.

tests/cypress/e2e/publisher/008-business-info/00-business-info.cy.js (1)

26-26: ⚠️ Potential issue | 🔴 Critical

Remove .only modifier to prevent skipping other tests in CI.

The it.only() will cause all other tests to be skipped during CI runs.

Proposed fix

-    it.only("Add business information", () => {
+    it("Add business information", () => {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/cypress/e2e/publisher/008-business-info/00-business-info.cy.js` at line
26, The test uses the exclusive mocha/jest modifier it.only which will skip
other tests in CI; edit the test declaration to remove the .only (change
it.only("Add business information", ...) to it("Add business information", ...))
and scan the test suite for any other usages of it.only/describe.only to ensure
no exclusive modifiers remain before merging.

tests/cypress/e2e/publisher/011-lifecycle/01-block-demote-to-created-depricate-api.cy.js (1)

30-30: ⚠️ Potential issue | 🔴 Critical

Remove .only() modifier - this will skip all other tests in the suite.

The it.only() on line 30 will cause Cypress to only run this single test, excluding all other tests. This is likely a debugging artifact.

🐛 Proposed fix

-    it.only("Block demote retire api", {
+    it("Block demote retire api", {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/011-lifecycle/01-block-demote-to-created-depricate-api.cy.js`
at line 30, Remove the debugging modifier by replacing the test declaration
using it.only(...) with a normal it(...) call so the whole Cypress suite runs;
locate the test named "Block demote retire api" (the it.only invocation) and
remove the ".only" modifier from that function call.

🧹 Nitpick comments (11)

tests/cypress/e2e/publisher/020-prototyped-apis/02-can-try-out-resources-with-key-when-security-enabled.cy.js (2)

33-34: Consider removing the empty before hook.

The before hook is empty and serves no purpose. Removing it improves readability.

♻️ Suggested removal

-    before(function () {
-    })

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/020-prototyped-apis/02-can-try-out-resources-with-key-when-security-enabled.cy.js`
around lines 33 - 34, The empty Mocha/Cypress hook before(function () { }) in
the test file should be removed to improve readability; locate the empty before
hook in the spec (the before(...) declaration around the top of the test) and
delete it, ensuring no other hooks or tests rely on it (leave other hooks like
beforeEach/after unchanged).

---

97-100: Consider refactoring the intercept pattern.

The current pattern uses cy.intercept(...).then() which doesn't actually wait for the request. The assertion inside .then() runs immediately after setting up the intercept, not after the request completes. If the intent is to verify that the request occurs, consider using .as() with cy.wait():

♻️ Suggested refactor

-                    cy.intercept('**/applications/').then((res) => {
-                        // Check if the application exists
-                        cy.get("#selected-application", { timeout: Cypress.env('largeTimeout') }).should('exist');
-                    });
+                    cy.intercept('**/applications/').as('getApplications');
+                    // Check if the application exists
+                    cy.get("#selected-application", { timeout: Cypress.env('largeTimeout') }).should('exist');

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/020-prototyped-apis/02-can-try-out-resources-with-key-when-security-enabled.cy.js`
around lines 97 - 100, The intercept pattern using
cy.intercept('**/applications/').then(...) doesn't wait for the network call;
change it to alias the interception (use
cy.intercept('**/applications/').as('getApplications')) and then call
cy.wait('@getApplications') before asserting that the "#selected-application"
element exists so the assertion runs after the request completes; ensure you
keep the same route matcher and replace the .then(...) block with the .as() +
cy.wait() sequence.

tests/cypress/e2e/devportal/000-general/03-self-signup.cy.js (1)

208-225: Make user cleanup idempotent as well.

The role cleanup is now guarded, but the user cleanup still assumes every create path succeeded. If one of the earlier tests fails before creating a user, cy.deleteUser(...) can fail in after() and hide the original failure.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/cypress/e2e/devportal/000-general/03-self-signup.cy.js` around lines
208 - 225, The user cleanup calls (cy.deleteUser(superTenant1Username),
cy.deleteUser(tenant1Username), etc.) are not idempotent and can fail if a user
was never created; change these to guarded deletions by either checking
existence first or using a new helper like cy.deleteUserIfExists that
returns/continues on not-found—implement the guard around every cy.deleteUser
call (for superTenant* and tenant* variables) similar to the existing
cy.searchAndDeleteRoleIfExist pattern so the after() hook ignores missing users
and does not mask earlier test failures.

tests/cypress/e2e/publisher/013-api-product/05-create-new-version-of-api-product.cy.js (1)

67-68: Keep the longer timeout on the actual text assertions.

These pairs split the extended-timeout query from the content check. Cypress only carries a query's custom timeout into assertions chained off that same query; a second cy.get() starts a new query with the default timeout. The flaky part here is usually the text update, so this can still fail early. (docs.cypress.io)

Suggested change

-                cy.get('#itest-api-name-version', { timeout: Cypress.env('largeTimeout') });
-                cy.get('#itest-api-name-version').contains(version);
+                cy.get('#itest-api-name-version', { timeout: Cypress.env('largeTimeout') })
+                    .should('contain', version);
...
-                        cy.get('#itest-api-name-version', { timeout: Cypress.env('largeTimeout') });
-                        cy.get('#itest-api-name-version').contains(productName);
+                        cy.get('#itest-api-name-version', { timeout: Cypress.env('largeTimeout') })
+                            .should('contain', productName);

Also applies to: 98-99

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/013-api-product/05-create-new-version-of-api-product.cy.js`
around lines 67 - 68, The timeout is lost because you call
cy.get('#itest-api-name-version', { timeout: Cypress.env('largeTimeout') }) and
then start a new cy.get() for the contains assertion; change the assertions to
chain contains off the same get so the extended timeout applies (e.g., use
cy.get('#itest-api-name-version', { timeout: Cypress.env('largeTimeout')
}).contains(version)), and make the same change for the other occurrence around
the '#itest-api-name-version' checks (the pair at lines corresponding to the
second occurrence).

tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js (1)

63-63: Modified code is inside a commented-out test block.

The change on line 63 is within a multi-line comment (lines 59-68). If this test is intended to be disabled, consider removing it entirely or tracking it as technical debt. If it should be enabled, the comment markers need to be removed.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js`
at line 63, The selector click using genApiName is currently inside a
commented-out test block (the multi-line comment wrapping the test), so either
remove the entire commented test block if the test should remain disabled or
uncomment the test to enable it; locate the test function that references
genApiName (the test containing cy.get(`[area-label="Go to ${genApiName}"]`))
and either delete the surrounding comment markers or delete the whole commented
block, then run the test to ensure the selector and Cypress.env('largeTimeout')
usage in that test are correct.

tests/cypress/e2e/publisher/013-api-product/06-download-api-product.cy.js (1)

42-46: Replace the fixed sleeps with readiness checks.

These cy.wait(5000) calls still make the flow slower and flaky under CI load. Waiting for the radio button or file input to become actionable will be more deterministic.

Suggested refactor

-        cy.visit(`/publisher/apis/create/openapi`, { timeout: Cypress.env('largeTimeout') }).wait(5000);
-        cy.get('#open-api-file-select-radio').click();
-        cy.wait(5000);
+        cy.visit(`/publisher/apis/create/openapi`, { timeout: Cypress.env('largeTimeout') });
+        cy.get('#open-api-file-select-radio', { timeout: Cypress.env('largeTimeout') }).click();
+        cy.get('input[type="file"]', { timeout: Cypress.env('largeTimeout') }).should('be.visible');

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/cypress/e2e/publisher/013-api-product/06-download-api-product.cy.js`
around lines 42 - 46, Replace fixed 5s sleeps with deterministic readiness
checks: after cy.visit(...) wait for the page element to be actionable (e.g.,
cy.get('#open-api-file-select-radio', { timeout: Cypress.env('largeTimeout')
}).should('be.visible')) before clicking, replace the subsequent cy.wait(5000)
with cy.get('#browse-to-upload-btn').should('be.visible').and('not.be.disabled')
(or .should('be.enabled')) before invoking .then(...), and remove the other
cy.wait(5000) calls so the flow waits for element states instead of fixed
timing.

.github/workflows/ui-test.yml (1)

77-82: Keep CI spec discovery aligned with tests/cypress.config.js.

This hard-codes .cy.js only, while the new config accepts .cy.{js,jsx,ts,tsx}. A non-JS spec would run locally via cypress run --e2e but be silently skipped in CI. Prefer letting the config drive discovery, or mirror the same glob here.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ui-test.yml around lines 77 - 82, The CI step labeled
"Cypress run" currently hard-codes spec: 'cypress/e2e/**/*.cy.js' which misses
.cy.jsx/.cy.ts/.cy.tsx files and can silently skip tests; update the workflow
step (the "Cypress run" action input) to either remove the spec input so Cypress
uses tests/cypress.config.js for discovery, or change the spec glob to mirror
the config (e.g., cypress/e2e/**/*.cy.{js,jsx,ts,tsx}) so non-JS specs are
included.

tests/cypress/e2e/publisher/019-read-only-user/00-verify-that-read-only-user-cannot-create-update-api.cy.js (1)

87-96: Consider removing the redundant hardcoded wait.

Line 90 adds a cy.wait(2000) immediately after waiting for the @getOperationPolicies intercept. If the intercept wait resolves successfully and waitUntillLoadingComponentsExit() is called, the additional 2-second wait may be unnecessary and slows down the test.

♻️ Proposed fix

            cy.wait("@getOperationPolicies", { timeout: Cypress.env("largeTimeout") });
-            cy.wait(2000);
            APIMenuPage.waitUntillLoadingComponentsExit();

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/019-read-only-user/00-verify-that-read-only-user-cannot-create-update-api.cy.js`
around lines 87 - 96, Remove the redundant hardcoded cy.wait(2000) after the
"@getOperationPolicies" intercept; rely on cy.wait("@getOperationPolicies", {
timeout: Cypress.env("largeTimeout") }) followed by
APIMenuPage.waitUntillLoadingComponentsExit() to synchronize, so delete the
cy.wait(2000) line between those calls and leave the intercept, visit, and
APIMenuPage.waitUntillLoadingComponentsExit() intact to keep proper waiting
before interacting with the element (e.g., the cy.get("[id='post/testuri']")
click).

tests/cypress/e2e/publisher/013-api-product/01-create-product-and-update-underline-api.cy.js (1)

20-22: Global error suppression masks all uncaught exceptions.

The Cypress.on('uncaught:exception') handler at the describe level will suppress all uncaught exceptions for all tests in this file. This could hide legitimate application errors. Consider scoping this to specific tests where it's needed or adding a comment explaining why it's necessary.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/013-api-product/01-create-product-and-update-underline-api.cy.js`
around lines 20 - 22, The global Cypress.on('uncaught:exception') handler in
this test file is suppressing all uncaught exceptions; narrow its scope by
removing the top-level handler and instead attach it only where needed (e.g.,
inside the specific it() or a beforeEach() for the test that expects non-fatal
exceptions) or add a concise comment above Cypress.on('uncaught:exception')
explaining why global suppression is required; update the handler placement
around the specific test(s) that need it and ensure you restore default behavior
after that test if necessary.

tests/cypress/e2e/publisher/013-api-product/03-undeploy-new-revision-of-api-product.cy.js (1)

19-19: Consider updating the describe block name to match the test purpose.

The describe block is named "Mock the api response and test it" but the test actually creates an API product, deploys it, then undeploys it. Consider renaming for clarity.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/013-api-product/03-undeploy-new-revision-of-api-product.cy.js`
at line 19, The describe block title ("Mock the api response and test it") is
misleading; update the describe(...) string to clearly reflect the test flow
(creating an API product, deploying it, and undeploying the new revision) so
readers understand the spec purpose — locate the describe call in
03-undeploy-new-revision-of-api-product.cy.js and replace the text with
something like "Create, deploy and undeploy a new revision of an API product" or
similar descriptive title.

tests/cypress/e2e/publisher/011-lifecycle/01-block-demote-to-created-depricate-api.cy.js (1)

44-60: Consider removing commented-out code block.

This large block of commented code appears to be an alternative implementation that's no longer used. Consider removing it to improve maintainability, or add a comment explaining why it's being preserved.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/011-lifecycle/01-block-demote-to-created-depricate-api.cy.js`
around lines 44 - 60, Remove the large commented-out Cypress block (the lines
starting with cy.get('[data-testid="left-menu-itemlifecycle"]')... through the
cy.get('button[data-testid="Redeploy"]').then(...) block) to clean up the test
file, or if it must be retained for context, replace the block with a short
explanatory comment stating why the alternate implementation is kept (e.g.,
flakiness workaround or historical reference) and include the related
data-testid tokens ('left-menu-itemlifecycle', 'Publish', 'Redeploy') in that
comment for traceability.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/cypress.config.js`:
- Around line 30-33: The e2e.setupNodeEvents isn't registering the mochawesome
reporter's Node hooks, so call the mochawesome plugin in setupNodeEvents (e.g.,
invoke require('cypress-mochawesome-reporter/plugin')(on) inside the
setupNodeEvents function or ensure the existing
require('./cypress/plugins/index.js')(on, config) delegates to that call) to
register before:run/after:run tasks; update the setupNodeEvents implementation
(function name: setupNodeEvents) to load and invoke the
cypress-mochawesome-reporter plugin with the on object so report generation
works.

In `@tests/cypress/e2e/devportal/000-general/04-change-password-of-a-user.cy.js`:
- Line 30: Replace the accidental focused test by removing the .only modifier on
the test declaration for "Change the password from devportal" so Cypress runs
the full suite; locate the `it.only("Change the password from devportal", ...)`
invocation in the test file and change it to a normal `it("Change the password
from devportal", ...)` (or the equivalent test function used in the project)
ensuring no other `.only` remains in the file.

In
`@tests/cypress/e2e/devportal/001-applications/05-test-application-sharing.cy.js`:
- Around line 42-43: Before mutating the tenant config with
cy.updateTenantConfig(carbonUsername, carbonPassword, 'carbon.super',
tenantConfigJson), read and save the current config (e.g., call
cy.getTenantConfig or cy.request to fetch existing config) and restore it in an
after or afterEach hook; update this spec to store the original config into a
variable (before the update) and call cy.updateTenantConfig(carbonUsername,
carbonPassword, 'carbon.super', originalConfig) in the teardown so the change
made by tenantConfigJson is reverted for subsequent specs and retries.
- Around line 162-167: The afterEach cleanup currently calls
cy.window().then(win => win.sessionStorage.clear()), which can throw if the page
is already broken and mask the original failure; replace this with a guarded
call by checking for window availability and sessionStorage before clearing (or
wrap the cy.window() chain in a conditional/error-suppressing stub) so that
cy.clearCookies() and cy.clearLocalStorage() remain executed without introducing
a second error; specifically update the cleanup to use a safe guard around
cy.window() / win.sessionStorage.clear() (or remove it if cookies/localStorage
are sufficient for SSO scope) to avoid masking test failures.

In
`@tests/cypress/e2e/publisher/000-general/03-create-and-publish-graphql-api-with-all-information.cy.js`:
- Around line 283-287: The teardown guard currently checks only applicationName
(which is set before creation) so cleanup runs even if creation failed; add a
boolean flag (e.g., applicationCreated) initialized false, set it to true only
after the successful creation step (the test step that calls
cy.createApplication or wherever the app is actually created), and update the
after() hook to call cy.deleteApplication(applicationName) and
cy.logoutFromDevportal() only when applicationCreated is true; keep
applicationName as-is but use this new flag to gate cleanup.

In
`@tests/cypress/e2e/publisher/001-api-create/07-create-and-publish-api-from-scratch.cy.js`:
- Around line 33-36: The test is using it.only which prevents other tests from
running; open the test case "Create and and publish api from scratch" in the
spec where it.only appears and remove the .only so the call is it("Create and
and publish api from scratch", ...) instead of it.only(...); ensure there are no
other .only usages in the file (search for "it.only", "describe.only",
"context.only") and run the suite to confirm full test execution.

In
`@tests/cypress/e2e/publisher/003-run-time-configs/01-select-transport-types.cy.js`:
- Around line 41-43: The assertion on the '#http-transport' element incorrectly
passes a timeout object to .should(); remove the redundant second argument so
the code uses cy.get('#http-transport', {timeout:
Cypress.env('largeTimeout')}).should('not.be.checked') instead—locate the
cy.get(...) call for '#http-transport' and drop the extra {timeout: ...} passed
into .should to rely on the timeout already applied to cy.get.

In
`@tests/cypress/e2e/publisher/004-endpoints/01-add-soap-endpoints-production-sandbox.cy.js`:
- Line 29: The test declaration uses it.only on the test titled "Add production
sandbox endpoints for SOAP", which will cause Cypress to run only this test and
skip the rest; replace it.only(...) with a normal it(...) declaration (i.e.,
remove the .only modifier) so the test suite runs all tests as intended,
locating the change at the test declaration line that currently reads
it.only("Add production sandbox endpoints for SOAP", () => {.

In
`@tests/cypress/e2e/publisher/013-api-product/05-create-new-version-of-api-product.cy.js`:
- Around line 84-87: The second network wait uses the default Cypress timeout
which can cause flakiness; update the call to cy.wait('@getSwagger') (triggered
after clicking `#checkbox-list-label-${testApiID}`) to include the same extended
timeout as the first wait by passing { timeout: Cypress.env('largeTimeout') } so
both `@swaggerGet` and `@getSwagger` use the large timeout.

In
`@tests/cypress/e2e/publisher/020-prototyped-apis/00-try-out-resources-without-key-when-security-disabled.cy.js`:
- Around line 93-94: The test incorrectly restarts the selector chain by calling
a second cy.get(...) and uses the nonstandard attribute area-label; update the
assertions to scope to the row element (e.g., keep the initial cy.get('table >
tbody > tr', { timeout: Cypress.env('largeTimeout') }) and then chain .find(...)
or use .eq(...)/.within() so the PRE-RELEASED check and click operate on the
same row) and change the attribute selector from area-label to the correct
aria-label (i.e., target `[aria-label="Go to ${apiName}"]`); ensure you replace
both the should('contain.text', 'PRE-RELEASED') and the click() call to use the
scoped finder so they act on the same element.

In
`@tests/cypress/e2e/publisher/020-prototyped-apis/01-cannot-try-out-resources-without-key-when-security-enabled.cy.js`:
- Around line 81-82: Replace the incorrect attribute selector `area-label` with
`aria-label` and stop chaining .get().get() which loses the row context; instead
scope the lookup to the specific row element returned by the first selector (for
example, use the row element’s .find(...) or .within(...) to locate
`[aria-label="Go to ${apiName}"]`) so both the .should('contain.text',
'PRE-RELEASED') assertion and the .click() operate on the element inside the
same row; update the occurrences that use the pattern `cy.get('table > tbody >
tr').get(`[area-label="Go to ${apiName}"]`)` accordingly.

In
`@tests/cypress/e2e/publisher/020-prototyped-apis/02-can-try-out-resources-with-key-when-security-enabled.cy.js`:
- Around line 86-87: The selector typo uses "area-label" instead of the correct
accessibility attribute "aria-label", causing the Cypress queries in the two
cy.get calls that use `[area-label="Go to ${apiName}"]` to fail; update both
selectors to `[aria-label="Go to ${apiName}"]` in the test so the queries (the
two cy.get(...).get(`[area-label="Go to ${apiName}"]`) occurrences) correctly
locate and interact with the element.

In `@tests/cypress/support/commands.js`:
- Line 638: The selector in the Cypress command that clicks the third-party API
link uses the wrong attribute name `area-label`; update the selector in the
relevant function (e.g., viewThirdPartyApi / the cy.get call that currently
reads `[area-label="Go to ${apiName}"]`) to use `aria-label` instead so it
becomes `[aria-label="Go to ${apiName}"]`, leaving the rest of the call
(including the timeout) unchanged.

---

Outside diff comments:
In
`@tests/cypress/e2e/devportal/000-general/01-anonymous-user-view-public-apis.cy.js`:
- Around line 50-63: The current polling loop uses synchronous Cypress.$('a',
apiName, ...) (with variables remainingAttempts and attemptCount) which doesn't
honor timeouts or match text; replace this with a retryable Cypress command: use
cy.contains('a', apiName, { timeout: Cypress.env('largeTimeout') }) (or chain
.should(...) as needed) instead of the Cypress.$ call and remove the manual
for-loop and cy.reload() pattern so Cypress will automatically retry until the
element appears; keep the log via cy.log if desired and throw a clear error only
after the cy.contains command fails (allowing Cypress's built-in timeout to
surface).

In
`@tests/cypress/e2e/devportal/002-subscriptions/03-change-subscription-tier-on-an-application.cy.js`:
- Line 27: The test is marked with it.only ("it.only(\"Change subscription
tier\", ...)") which should be removed for consistency; change the test
declaration to a normal it("Change subscription tier", ...) (remove the ".only"
token) and scan the file for any other accidental ".only" usages to ensure no
focused tests remain (leave the parent describe.skip as-is).

In `@tests/cypress/e2e/publisher/005-design-config/00-add-thumbnail-image.cy.js`:
- Around line 33-38: The test currently uses it.only in the declaration
it.only("Upload thumbnail", { retries: { runMode: 3, openMode: 0 } }, () => {
... }) which prevents other tests from running; change it.only to it (i.e.,
it("Upload thumbnail", { retries: { runMode: 3, openMode: 0 } }, () => { ... }))
so the full test suite runs while preserving the retries configuration and test
body.

In `@tests/cypress/e2e/publisher/008-business-info/00-business-info.cy.js`:
- Line 26: The test uses the exclusive mocha/jest modifier it.only which will
skip other tests in CI; edit the test declaration to remove the .only (change
it.only("Add business information", ...) to it("Add business information", ...))
and scan the test suite for any other usages of it.only/describe.only to ensure
no exclusive modifiers remain before merging.

In `@tests/cypress/e2e/publisher/009-api-definition/01-download-swagger.cy.js`:
- Line 29: The test currently uses the focused modifier it.only in the spec
(it.only("Download swagger", ...)), which causes other tests to be skipped in
CI; remove the .only so the test reads it("Download swagger", ...) to restore
normal test discovery and ensure the full suite runs in CI, then run the Cypress
suite locally/CI to verify no other focused tests remain.

In
`@tests/cypress/e2e/publisher/011-lifecycle/01-block-demote-to-created-depricate-api.cy.js`:
- Line 30: Remove the debugging modifier by replacing the test declaration using
it.only(...) with a normal it(...) call so the whole Cypress suite runs; locate
the test named "Block demote retire api" (the it.only invocation) and remove the
".only" modifier from that function call.

In `@tests/cypress/e2e/publisher/011-lifecycle/04-depricate-old-versions.cy.js`:
- Line 52: The test is accidentally marked with a focused modifier; remove the
`.only` from the test declaration `it.only("Depricate old versions of api before
publishing", ...)` so it becomes a normal test (`it("Depricate old versions of
api before publishing", ...)`) to ensure the rest of the test suite runs in CI.

In
`@tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js`:
- Line 34: Remove the isolated test marker by replacing "it.only" with "it" for
the test titled "Creating inline document" so the suite runs all tests; locate
the test declaration that currently reads it.only("Creating inline document",
...) and change it to it("Creating inline document", ...).
- Around line 70-73: The after hook currently calls Utils.deleteAPI(genApiId)
using a hardcoded genApiId; modify the test to capture and store the dynamic
apiId returned by cy.createGraphqlAPIfromFile (the same apiId used at lines
where createGraphqlAPIfromFile and assertions run) into a variable (e.g., apiId)
accessible to the after hook, then call Utils.deleteAPI(apiId) in the after
function so the actual created API is deleted instead of the hardcoded genApiId.

In
`@tests/cypress/e2e/publisher/014-comments/01-add-nested-comments-to-api.cy.js`:
- Line 29: The test currently uses it.only in the spec "Add nested comments to
to the api" which prevents the full Cypress suite from running; remove the .only
so the test reads it("Add nested comments to to the api", ...) (or otherwise
delete the ".only" token) in the test declaration to allow the complete test
suite to execute normally.

In
`@tests/cypress/e2e/publisher/020-prototyped-apis/02-can-try-out-resources-with-key-when-security-enabled.cy.js`:
- Line 35: The test uses it.only which limits the test run; change the test
declaration from it.only("try out resources enabling the security without
credentials", ...) to a normal it(...) by removing the .only modifier so the
test suite runs all tests as intended; locate the it.only occurrence in the spec
(the test with the title "try out resources enabling the security without
credentials") and remove ".only".

In `@tests/test.sh`:
- Around line 101-118: The script runs the NodeSource setup for Node 22 (curl
... setup_22.x) but then force-installs Node 12 by downloading node-v12.22.3 and
symlinking it; remove or replace that manual download/symlink block (the wget +
tar + ln -s lines referencing node-v12.22.3-linux-x64 and /usr/bin/node/npm/npx)
so the system-installed Node 22 from the NodeSource setup is used instead —
either delete those lines and run sudo apt-get install -y nodejs after curl ...
setup_22.x or update the downloaded tarball and symlinks to a matching Node 22
release (e.g., node-v22.x) if you must use a tarball.

---

Nitpick comments:
In @.github/workflows/ui-test.yml:
- Around line 77-82: The CI step labeled "Cypress run" currently hard-codes
spec: 'cypress/e2e/**/*.cy.js' which misses .cy.jsx/.cy.ts/.cy.tsx files and can
silently skip tests; update the workflow step (the "Cypress run" action input)
to either remove the spec input so Cypress uses tests/cypress.config.js for
discovery, or change the spec glob to mirror the config (e.g.,
cypress/e2e/**/*.cy.{js,jsx,ts,tsx}) so non-JS specs are included.

In `@tests/cypress/e2e/devportal/000-general/03-self-signup.cy.js`:
- Around line 208-225: The user cleanup calls
(cy.deleteUser(superTenant1Username), cy.deleteUser(tenant1Username), etc.) are
not idempotent and can fail if a user was never created; change these to guarded
deletions by either checking existence first or using a new helper like
cy.deleteUserIfExists that returns/continues on not-found—implement the guard
around every cy.deleteUser call (for superTenant* and tenant* variables) similar
to the existing cy.searchAndDeleteRoleIfExist pattern so the after() hook
ignores missing users and does not mask earlier test failures.

In
`@tests/cypress/e2e/publisher/011-lifecycle/01-block-demote-to-created-depricate-api.cy.js`:
- Around line 44-60: Remove the large commented-out Cypress block (the lines
starting with cy.get('[data-testid="left-menu-itemlifecycle"]')... through the
cy.get('button[data-testid="Redeploy"]').then(...) block) to clean up the test
file, or if it must be retained for context, replace the block with a short
explanatory comment stating why the alternate implementation is kept (e.g.,
flakiness workaround or historical reference) and include the related
data-testid tokens ('left-menu-itemlifecycle', 'Publish', 'Redeploy') in that
comment for traceability.

In
`@tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js`:
- Line 63: The selector click using genApiName is currently inside a
commented-out test block (the multi-line comment wrapping the test), so either
remove the entire commented test block if the test should remain disabled or
uncomment the test to enable it; locate the test function that references
genApiName (the test containing cy.get(`[area-label="Go to ${genApiName}"]`))
and either delete the surrounding comment markers or delete the whole commented
block, then run the test to ensure the selector and Cypress.env('largeTimeout')
usage in that test are correct.

In
`@tests/cypress/e2e/publisher/013-api-product/01-create-product-and-update-underline-api.cy.js`:
- Around line 20-22: The global Cypress.on('uncaught:exception') handler in this
test file is suppressing all uncaught exceptions; narrow its scope by removing
the top-level handler and instead attach it only where needed (e.g., inside the
specific it() or a beforeEach() for the test that expects non-fatal exceptions)
or add a concise comment above Cypress.on('uncaught:exception') explaining why
global suppression is required; update the handler placement around the specific
test(s) that need it and ensure you restore default behavior after that test if
necessary.

In
`@tests/cypress/e2e/publisher/013-api-product/03-undeploy-new-revision-of-api-product.cy.js`:
- Line 19: The describe block title ("Mock the api response and test it") is
misleading; update the describe(...) string to clearly reflect the test flow
(creating an API product, deploying it, and undeploying the new revision) so
readers understand the spec purpose — locate the describe call in
03-undeploy-new-revision-of-api-product.cy.js and replace the text with
something like "Create, deploy and undeploy a new revision of an API product" or
similar descriptive title.

In
`@tests/cypress/e2e/publisher/013-api-product/05-create-new-version-of-api-product.cy.js`:
- Around line 67-68: The timeout is lost because you call
cy.get('#itest-api-name-version', { timeout: Cypress.env('largeTimeout') }) and
then start a new cy.get() for the contains assertion; change the assertions to
chain contains off the same get so the extended timeout applies (e.g., use
cy.get('#itest-api-name-version', { timeout: Cypress.env('largeTimeout')
}).contains(version)), and make the same change for the other occurrence around
the '#itest-api-name-version' checks (the pair at lines corresponding to the
second occurrence).

In `@tests/cypress/e2e/publisher/013-api-product/06-download-api-product.cy.js`:
- Around line 42-46: Replace fixed 5s sleeps with deterministic readiness
checks: after cy.visit(...) wait for the page element to be actionable (e.g.,
cy.get('#open-api-file-select-radio', { timeout: Cypress.env('largeTimeout')
}).should('be.visible')) before clicking, replace the subsequent cy.wait(5000)
with cy.get('#browse-to-upload-btn').should('be.visible').and('not.be.disabled')
(or .should('be.enabled')) before invoking .then(...), and remove the other
cy.wait(5000) calls so the flow waits for element states instead of fixed
timing.

In
`@tests/cypress/e2e/publisher/019-read-only-user/00-verify-that-read-only-user-cannot-create-update-api.cy.js`:
- Around line 87-96: Remove the redundant hardcoded cy.wait(2000) after the
"@getOperationPolicies" intercept; rely on cy.wait("@getOperationPolicies", {
timeout: Cypress.env("largeTimeout") }) followed by
APIMenuPage.waitUntillLoadingComponentsExit() to synchronize, so delete the
cy.wait(2000) line between those calls and leave the intercept, visit, and
APIMenuPage.waitUntillLoadingComponentsExit() intact to keep proper waiting
before interacting with the element (e.g., the cy.get("[id='post/testuri']")
click).

In
`@tests/cypress/e2e/publisher/020-prototyped-apis/02-can-try-out-resources-with-key-when-security-enabled.cy.js`:
- Around line 33-34: The empty Mocha/Cypress hook before(function () { }) in the
test file should be removed to improve readability; locate the empty before hook
in the spec (the before(...) declaration around the top of the test) and delete
it, ensuring no other hooks or tests rely on it (leave other hooks like
beforeEach/after unchanged).
- Around line 97-100: The intercept pattern using
cy.intercept('**/applications/').then(...) doesn't wait for the network call;
change it to alias the interception (use
cy.intercept('**/applications/').as('getApplications')) and then call
cy.wait('@getApplications') before asserting that the "#selected-application"
element exists so the assertion runs after the request completes; ensure you
keep the same route matcher and replace the .then(...) block with the .as() +
cy.wait() sequence.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a856b419-3780-42c8-831a-e0e72226e499

📥 Commits

Reviewing files that changed from the base of the PR and between ce57ec5 and e20fdf2.

⛔ Files ignored due to path filters (1)

• tests/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (129)

• .github/workflows/ui-test.yml
• tests/cypress.config.js
• tests/cypress.json
• tests/cypress/e2e/0-init/00-init.cy.js
• tests/cypress/e2e/admin/00-add-edit-delete-microgateway-environments.cy.js
• tests/cypress/e2e/admin/01-add-edit-delete-advance-throttle-policies.cy.js
• tests/cypress/e2e/admin/02-add-edit-delete-application-throttle-policies.cy.js
• tests/cypress/e2e/admin/03-add-edit-delete-subscription-throttle-policies.cy.js
• tests/cypress/e2e/admin/04-add-edit-delete-api-categories.cy.js
• tests/cypress/e2e/admin/05-add-custom-throttle-policies.cy.js
• tests/cypress/e2e/admin/06-add-delete-black-list-policies.cy.js
• tests/cypress/e2e/admin/07-add-scope-mapping.cy.js
• tests/cypress/e2e/admin/08-add-api-categories.cy.js
• tests/cypress/e2e/admin/09-add-edit-delete-km.cy.js
• tests/cypress/e2e/admin/10-advanced-configurations.cy.js
• tests/cypress/e2e/admin/11-change-the-owner-of-application.cy.js
• tests/cypress/e2e/devportal/000-general/01-anonymous-user-view-public-apis.cy.js
• tests/cypress/e2e/devportal/000-general/02-logout-from-devportal.cy.js
• tests/cypress/e2e/devportal/000-general/03-self-signup.cy.js
• tests/cypress/e2e/devportal/000-general/04-change-password-of-a-user.cy.js
• tests/cypress/e2e/devportal/000-general/05-download-sdk.cy.js
• tests/cypress/e2e/devportal/001-applications/01-create-jwt-app-generate-keys.cy.js
• tests/cypress/e2e/devportal/001-applications/02-generate-keys.cy.js
• tests/cypress/e2e/devportal/001-applications/03-generate-api-keys.cy.js
• tests/cypress/e2e/devportal/001-applications/04-exchange-key-managers.cy.js
• tests/cypress/e2e/devportal/001-applications/05-test-application-sharing.cy.js
• tests/cypress/e2e/devportal/002-subscriptions/00-subscribe-unsubscribe-to-app-from-api-details.cy.js
• tests/cypress/e2e/devportal/002-subscriptions/01-subscribe-unsubscribe-to-app-from-app.cy.js
• tests/cypress/e2e/devportal/002-subscriptions/02-subscribe-via-wizard.cy.js
• tests/cypress/e2e/devportal/002-subscriptions/03-change-subscription-tier-on-an-application.cy.js
• tests/cypress/e2e/devportal/002-subscriptions/04-generate-keys-api-details-page.cy.js
• tests/cypress/e2e/devportal/003-test/00-tryout-api-invocations-from-swagger-console.cy.js
• tests/cypress/e2e/devportal/004-api-product/00-api-product-invoke-with-keys.cy.skip.js
• tests/cypress/e2e/e2e/developerFundamentalScenarios/00-defining-users-and-roles.cy.skip.js
• tests/cypress/e2e/e2e/developerFundamentalScenarios/01-create-api-from-scratch-and-publish.cy.skip.js
• tests/cypress/e2e/e2e/developerFundamentalScenarios/99-tear-down-test.cy.skip.js
• tests/cypress/e2e/e2e/externalDevPortals/00-enable-external-dev.cy.js
• tests/cypress/e2e/e2e/externalDevPortals/01-tear-down-extenal-dev-test.cy.js
• tests/cypress/e2e/publisher/000-general/00-deploy-sample-api.cy.js
• tests/cypress/e2e/publisher/000-general/01-create-new-version-of-api.cy.js
• tests/cypress/e2e/publisher/000-general/03-create-and-publish-graphql-api-with-all-information.cy.js
• tests/cypress/e2e/publisher/000-general/03-landing-page.cy.js
• tests/cypress/e2e/publisher/000-general/04-api-listing-create-api-menu.cy.skip.js
• tests/cypress/e2e/publisher/001-api-create/01-login-logout-from-publisher-as-super-tenant-user.cy.js
• tests/cypress/e2e/publisher/001-api-create/02-create-api-with-swagger-file-super-tenant.cy.js
• tests/cypress/e2e/publisher/001-api-create/03-create-api-with-swagger-url-super-tenant.cy.js
• tests/cypress/e2e/publisher/001-api-create/04-creating-web-socket-api-as-super-tenant-user.cy.js
• tests/cypress/e2e/publisher/001-api-create/05-creating-graphql-api-as-super-tenant-user.cy.js
• tests/cypress/e2e/publisher/001-api-create/06-solace-broker-integration.cy.js
• tests/cypress/e2e/publisher/001-api-create/07-create-and-publish-api-from-scratch.cy.js
• tests/cypress/e2e/publisher/002-api-resources/00-api-resource-create.cy.js
• tests/cypress/e2e/publisher/002-api-resources/01-add-advance-throttling-policies-for-api.cy.js
• tests/cypress/e2e/publisher/002-api-resources/02-add-assign-global-scopes-for-api.cy.js
• tests/cypress/e2e/publisher/003-run-time-configs/00-add-authorization-header.cy.js
• tests/cypress/e2e/publisher/003-run-time-configs/01-select-transport-types.cy.js
• tests/cypress/e2e/publisher/003-run-time-configs/02-enable-response-caching.cy.js
• tests/cypress/e2e/publisher/003-run-time-configs/03-enable-schema-validation.cy.js
• tests/cypress/e2e/publisher/003-run-time-configs/04-enable-mutual-ssl-and-upload-certificate.cy.js
• tests/cypress/e2e/publisher/003-run-time-configs/05-oauth2-and-api-key-security.cy.js
• tests/cypress/e2e/publisher/003-run-time-configs/06-add-api-key-header.cy.js
• tests/cypress/e2e/publisher/004-endpoints/00-add-rest-endpoints-production-sandbox.cy.js
• tests/cypress/e2e/publisher/004-endpoints/01-add-soap-endpoints-production-sandbox.cy.js
• tests/cypress/e2e/publisher/004-endpoints/02-check-endpoint-test-button.cy.js
• tests/cypress/e2e/publisher/004-endpoints/03-add-failover.cy.js
• tests/cypress/e2e/publisher/004-endpoints/04-add-loadbalance.cy.js
• tests/cypress/e2e/publisher/004-endpoints/05-add-security.cy.js
• tests/cypress/e2e/publisher/004-endpoints/06-Import-delete-certificates.cy.js
• tests/cypress/e2e/publisher/004-endpoints/07-mock-api-and-test.cy.js
• tests/cypress/e2e/publisher/004-endpoints/08-usage-warning-certificates.cy.skip.js
• tests/cypress/e2e/publisher/004-endpoints/09-add-security-spec-then-update-endpoints.cy.skip.js
• tests/cypress/e2e/publisher/004-endpoints/10-change-advanced-configuration.cy.js
• tests/cypress/e2e/publisher/005-design-config/00-add-thumbnail-image.cy.js
• tests/cypress/e2e/publisher/005-design-config/01-make-api-the-default-version.cy.js
• tests/cypress/e2e/publisher/005-design-config/02-set-publisher-access-control-and-visibility-by-roles.cy.js
• tests/cypress/e2e/publisher/005-design-config/03-add-tags-for-the-api.cy.js
• tests/cypress/e2e/publisher/006-subscriptions/00-select-subscription-tiers.cy.js
• tests/cypress/e2e/publisher/006-subscriptions/01-subscribtion-blocking.cy.js
• tests/cypress/e2e/publisher/008-business-info/00-business-info.cy.js
• tests/cypress/e2e/publisher/009-api-definition/00-download-api.cy.js
• tests/cypress/e2e/publisher/009-api-definition/01-download-swagger.cy.js
• tests/cypress/e2e/publisher/009-api-definition/02-upload-api.cy.js
• tests/cypress/e2e/publisher/010-additional-properties/00-add-additional-properties.cy.js
• tests/cypress/e2e/publisher/011-lifecycle/00-save-and-publish-api.cy.js
• tests/cypress/e2e/publisher/011-lifecycle/01-block-demote-to-created-depricate-api.cy.js
• tests/cypress/e2e/publisher/011-lifecycle/02-deploy-as-prototype.cy.skip.js
• tests/cypress/e2e/publisher/011-lifecycle/03-add-custom-lifecycle-state.cy.js
• tests/cypress/e2e/publisher/011-lifecycle/04-depricate-old-versions.cy.js
• tests/cypress/e2e/publisher/012-documents/00-add-edit-inline-document.cy.js
• tests/cypress/e2e/publisher/012-documents/01-view-generated-document-rest.cy.js
• tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js
• tests/cypress/e2e/publisher/013-api-product/01-create-product-and-update-underline-api.cy.js
• tests/cypress/e2e/publisher/013-api-product/02-create-a-new-revision-for-the-api-product-and-deploy.cy.js
• tests/cypress/e2e/publisher/013-api-product/03-undeploy-new-revision-of-api-product.cy.js
• tests/cypress/e2e/publisher/013-api-product/04-lifecycle-support-for-api-products.cy.js
• tests/cypress/e2e/publisher/013-api-product/05-create-new-version-of-api-product.cy.js
• tests/cypress/e2e/publisher/013-api-product/06-download-api-product.cy.js
• tests/cypress/e2e/publisher/014-comments/00-add-comments-to-api.cy.js
• tests/cypress/e2e/publisher/014-comments/01-add-nested-comments-to-api.cy.js
• tests/cypress/e2e/publisher/015-deployments/00-create-new-revision-and-deploy-api.cy.js
• tests/cypress/e2e/publisher/015-deployments/01-undeploy-new-revision.cy.js
• tests/cypress/e2e/publisher/015-deployments/02-verify-gateway-environments.cy.js
• tests/cypress/e2e/publisher/016-service-catalog/00-services.create.cy.js
• tests/cypress/e2e/publisher/016-service-catalog/01-services.delete.cy.skip.js
• tests/cypress/e2e/publisher/017-api-policies/00-common-policy.cy.js
• tests/cypress/e2e/publisher/017-api-policies/01-api-specific-policy.cy.js
• tests/cypress/e2e/publisher/018-third-party-api/00-publish-third-party-api.cy.js
• tests/cypress/e2e/publisher/019-read-only-user/00-verify-that-read-only-user-cannot-create-update-api.cy.js
• tests/cypress/e2e/publisher/020-prototyped-apis/00-try-out-resources-without-key-when-security-disabled.cy.js
• tests/cypress/e2e/publisher/020-prototyped-apis/01-cannot-try-out-resources-without-key-when-security-enabled.cy.js
• tests/cypress/e2e/publisher/020-prototyped-apis/02-can-try-out-resources-with-key-when-security-enabled.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/00-lint-when-creating-api-with-swagger-url.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/01-lint-when-creating-api-with-swagger-file.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/02-lint-when-creating-api-with-swagger-v2-url.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/03-lint-when-creating-api-with-swagger-v2-file.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/04-lint-when-creating-api-with-errornous-swagger-file.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/05-lint-when-editing-before-import.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/06-lint-when-importing-api-with-swagger-url.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/07-lint-when-importing-api-with-swagger-file.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/08-lint-when-importing-api-with-swagger-v2-url.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/09-lint-when-importing-api-with-swagger-v2-file.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/10-lint-when-importing-api-with-errornous-swagger-file.cy.js
• tests/cypress/e2e/publisher/022-gateway-policies/00-gateway-policy.cy.js
• tests/cypress/support/commands.js
• tests/cypress/support/e2e.js
• tests/cypress/support/functions/publisher/PublisherMenu.js
• tests/cypress/support/pages/carbon/AddNewUserStep1Page.js
• tests/package.json
• tests/test.local.sh
• tests/test.sh

💤 Files with no reviewable changes (1)

• tests/cypress.json

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js (1)

34-34: ⚠️ Potential issue | 🟡 Minor

Remove it.only before merging.

Using it.only causes Cypress to skip all other tests in the suite. This is typically a debugging artifact and should not be committed to the main branch, as it can cause incomplete test coverage in CI pipelines.

Proposed fix

-    it.only("Creating inline document", () => {
+    it("Creating inline document", () => {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js`
at line 34, The test is accidentally restricted by it.only on the "Creating
inline document" test; replace it.only with it (or remove the .only) in the
it.only("Creating inline document", ...) declaration so the test suite runs all
tests, and scan the file for any other uses of it.only/describe.only and remove
them before merging.

tests/cypress/e2e/publisher/000-general/03-create-and-publish-graphql-api-with-all-information.cy.js (1)

288-296: ⚠️ Potential issue | 🟠 Major

Make the application cleanup idempotent.

cy.deleteApplication(applicationName) is still a hard failure path here. In tests/cypress/support/commands.js:809-815 it does unconditional row/button lookups, so if the app is already gone or never becomes visible, the rest of this after() hook will not run and Utils.deleteAPI(apiId) is skipped too.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/000-general/03-create-and-publish-graphql-api-with-all-information.cy.js`
around lines 288 - 296, The cleanup currently calls
cy.deleteApplication(applicationName) which can throw if the app row/button
isn't present and abort the after() hook, preventing Utils.deleteAPI(apiId) from
running; make the application deletion idempotent by either (A) checking for the
application's presence before calling cy.deleteApplication(applicationName) in
this test (use applicationCreated and a guarded existence check) or (B) change
cy.deleteApplication (in support/commands.js) to be safe/no-op when the
row/button is not found and return gracefully; ensure the after() hook always
proceeds to call Utils.deleteAPI(apiId) regardless of whether the app deletion
succeeded.

tests/cypress/e2e/publisher/020-prototyped-apis/02-can-try-out-resources-with-key-when-security-enabled.cy.js (1)

21-35: ⚠️ Potential issue | 🟠 Major

Remove describe.skip and it.only before merging.

The entire suite is marked describe.skip, which prevents all tests from running in CI (reported as pending). The nested it.only creates an additional hazard: if describe.skip is removed later without also removing it.only, only that single test will execute instead of the full suite. Cypress semantics: .skip() marks tests/suites pending and prevents execution, while .only() limits execution to focused tests.

🔧 Proposed fix

-describe.skip("prototype apis with security enabled", () => {
+describe("prototype apis with security enabled", () => {
@@
-    it.only("try out resources enabling the security without credentials", () => {
+    it("try out resources enabling the security without credentials", () => {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/020-prototyped-apis/02-can-try-out-resources-with-key-when-security-enabled.cy.js`
around lines 21 - 35, Remove the test-level skips/focus in the suite: change the
top-level describe.skip("prototype apis with security enabled", ...) to a normal
describe(...) and remove the it.only on the test named "try out resources
enabling the security without credentials" so the full suite runs in CI; locate
these usages of describe.skip and it.only in the spec and restore them to
describe and it respectively.

🧹 Nitpick comments (3)

tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js (1)

59-68: Changes made to commented-out code.

The modifications to line 63 (switching to Cypress.env('largeTimeout') and expanding the selector) are correct and align with the PR's migration pattern. However, this entire test block is commented out and won't execute.

If this test is intended for future use, consider uncommenting it or removing the dead code entirely. If the test is disabled due to known issues, adding a TODO or FIXME comment explaining why would improve maintainability.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js`
around lines 59 - 68, The commented-out test block for "Viewing generated
document in devportal" (the it.only(...) block referencing genApiName,
Utils.getUserInfo(), cy.loginToDevportal,
cy.get(...Cypress.env('largeTimeout')...), cy.logoutFromDevportal,
cy.loginToPublisher) is dead code; either uncomment the test to enable it, or
remove the entire commented block, or keep it commented but add a one-line
TODO/FIXME above it explaining why it's disabled and what needs to be done to
re-enable it (e.g., flakiness, missing fixture); ensure the updated comment or
removal is applied where the it.only("Viewing generated document in devportal",
...) block appears.

tests/cypress/e2e/publisher/000-general/03-create-and-publish-graphql-api-with-all-information.cy.js (1)

25-29: Reset the suite-level mutable state before each run.

applicationCreated and the generated names live at describe scope and are only ever reassigned forward. Reset them in beforeEach() so retries or future extra tests in this suite cannot inherit stale resource names/flags from an earlier attempt.

♻️ Suggested change

 beforeEach(function () {
+  apiContext = undefined;
+  apiName = undefined;
+  applicationName = undefined;
+  applicationCreated = false;
+
   //add role filmsubscriber
   filmSubscriberRole = `FilmSubscriber${Utils.generateRandomNumber()}`;

Also applies to: 199-201

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/000-general/03-create-and-publish-graphql-api-with-all-information.cy.js`
around lines 25 - 29, Describe-scope mutable state (applicationCreated, apiName,
applicationName, filmSubscriberRole, apiContext) is not being reset between
tests, which can cause retries or later tests to reuse stale values; add a
beforeEach() block that reinitializes applicationCreated = false and clears or
regenerates apiName, applicationName, filmSubscriberRole and apiContext to known
initial values before each test run (and apply the same reset pattern where
these variables are reused later in the file around the other occurrences).

tests/cypress.config.js (1)

6-6: Keep the long timeout opt-in instead of global.

Cypress recommends using per-command { timeout } overrides instead of increasing defaultCommandTimeout globally. Since this config already introduces env.largeTimeout and the suite is being updated to use it selectively, setting the global default to 100s will make unrelated failures much slower to surface and largely defeats the purpose of the new env-based timeout path. (docs.cypress.io)

🔧 Proposed fix

-  defaultCommandTimeout: 100000,
   screenshotsFolder: 'cypress/screenshots',
@@
   env: {
     largeTimeout: 100000,
   },

Also applies to: 27-29

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/cypress.config.js` at line 6, Remove the global defaultCommandTimeout =
100000 setting and keep long timeouts opt-in via the existing env.largeTimeout;
update the config so defaultCommandTimeout is not overridden globally (and
remove the same change around the other occurrence at the block covering lines
27-29), and ensure tests that need extra time use per-command timeout overrides
(e.g., cy.get(..., { timeout: process.env.largeTimeout || <fallback> }) or the
config's env.largeTimeout) rather than a global increase.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/cypress/e2e/devportal/000-general/04-change-password-of-a-user.cy.js`:
- Around line 33-34: The current test waits for the dialog element via
cy.get(".ui-dialog-buttonset", { timeout: Cypress.env('largeTimeout') }) but
then calls cy.get("button").contains("OK").click() against the whole document;
scope the OK click to the dialog element instead by chaining off the found
dialog (e.g., use the ".ui-dialog-buttonset" element and then
.find("button").contains("OK").click() or use .within(...) and call
cy.contains("button", "OK").click()), so the click targets the OK button inside
the specific dialog.

In
`@tests/cypress/e2e/publisher/000-general/03-create-and-publish-graphql-api-with-all-information.cy.js`:
- Around line 98-101: The test creates a dynamic Carbon role via the
filmSubscriberRole variable (FilmSubscriber${Utils.generateRandomNumber()}) but
never removes it; add cleanup that deletes that role after the test(s). Persist
filmSubscriberRole (e.g., set as a Cypress alias or fixture) and add an
after/afterEach hook that uses the management API or UI flow to remove the role
(call the role-delete endpoint or visit the Carbon role delete page and submit)
so both the creation in the block using
filmSubscriberRole/Utils.generateRandomNumber() and the similar creation around
the other section (the block referenced near the other occurrence) are removed
during teardown.

In
`@tests/cypress/e2e/publisher/020-prototyped-apis/02-can-try-out-resources-with-key-when-security-enabled.cy.js`:
- Around line 96-100: The test currently calls cy.intercept(...) after clicking
"#left-menu-test", which only registers a route and can miss the request;
instead register the intercept with an alias before clicking (use
cy.intercept('**/applications/').as('applications') ), then click
"#left-menu-test" and use cy.wait('@applications') to wait for the request to
complete before asserting on "#selected-application". Ensure the alias name
matches the cy.wait call and keep the same selectors "#left-menu-test" and
"#selected-application" in the updated sequence.

---

Outside diff comments:
In
`@tests/cypress/e2e/publisher/000-general/03-create-and-publish-graphql-api-with-all-information.cy.js`:
- Around line 288-296: The cleanup currently calls
cy.deleteApplication(applicationName) which can throw if the app row/button
isn't present and abort the after() hook, preventing Utils.deleteAPI(apiId) from
running; make the application deletion idempotent by either (A) checking for the
application's presence before calling cy.deleteApplication(applicationName) in
this test (use applicationCreated and a guarded existence check) or (B) change
cy.deleteApplication (in support/commands.js) to be safe/no-op when the
row/button is not found and return gracefully; ensure the after() hook always
proceeds to call Utils.deleteAPI(apiId) regardless of whether the app deletion
succeeded.

In
`@tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js`:
- Line 34: The test is accidentally restricted by it.only on the "Creating
inline document" test; replace it.only with it (or remove the .only) in the
it.only("Creating inline document", ...) declaration so the test suite runs all
tests, and scan the file for any other uses of it.only/describe.only and remove
them before merging.

In
`@tests/cypress/e2e/publisher/020-prototyped-apis/02-can-try-out-resources-with-key-when-security-enabled.cy.js`:
- Around line 21-35: Remove the test-level skips/focus in the suite: change the
top-level describe.skip("prototype apis with security enabled", ...) to a normal
describe(...) and remove the it.only on the test named "try out resources
enabling the security without credentials" so the full suite runs in CI; locate
these usages of describe.skip and it.only in the spec and restore them to
describe and it respectively.

---

Nitpick comments:
In `@tests/cypress.config.js`:
- Line 6: Remove the global defaultCommandTimeout = 100000 setting and keep long
timeouts opt-in via the existing env.largeTimeout; update the config so
defaultCommandTimeout is not overridden globally (and remove the same change
around the other occurrence at the block covering lines 27-29), and ensure tests
that need extra time use per-command timeout overrides (e.g., cy.get(..., {
timeout: process.env.largeTimeout || <fallback> }) or the config's
env.largeTimeout) rather than a global increase.

In
`@tests/cypress/e2e/publisher/000-general/03-create-and-publish-graphql-api-with-all-information.cy.js`:
- Around line 25-29: Describe-scope mutable state (applicationCreated, apiName,
applicationName, filmSubscriberRole, apiContext) is not being reset between
tests, which can cause retries or later tests to reuse stale values; add a
beforeEach() block that reinitializes applicationCreated = false and clears or
regenerates apiName, applicationName, filmSubscriberRole and apiContext to known
initial values before each test run (and apply the same reset pattern where
these variables are reused later in the file around the other occurrences).

In
`@tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js`:
- Around line 59-68: The commented-out test block for "Viewing generated
document in devportal" (the it.only(...) block referencing genApiName,
Utils.getUserInfo(), cy.loginToDevportal,
cy.get(...Cypress.env('largeTimeout')...), cy.logoutFromDevportal,
cy.loginToPublisher) is dead code; either uncomment the test to enable it, or
remove the entire commented block, or keep it commented but add a one-line
TODO/FIXME above it explaining why it's disabled and what needs to be done to
re-enable it (e.g., flakiness, missing fixture); ensure the updated comment or
removal is applied where the it.only("Viewing generated document in devportal",
...) block appears.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 391d16a0-614b-4410-af57-8e2e18507a17

📥 Commits

Reviewing files that changed from the base of the PR and between e20fdf2 and e403403.

📒 Files selected for processing (13)

• tests/cypress.config.js
• tests/cypress/e2e/devportal/000-general/04-change-password-of-a-user.cy.js
• tests/cypress/e2e/devportal/001-applications/05-test-application-sharing.cy.js
• tests/cypress/e2e/publisher/000-general/03-create-and-publish-graphql-api-with-all-information.cy.js
• tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js
• tests/cypress/e2e/publisher/013-api-product/05-create-new-version-of-api-product.cy.js
• tests/cypress/e2e/publisher/020-prototyped-apis/00-try-out-resources-without-key-when-security-disabled.cy.js
• tests/cypress/e2e/publisher/020-prototyped-apis/01-cannot-try-out-resources-without-key-when-security-enabled.cy.js
• tests/cypress/e2e/publisher/020-prototyped-apis/02-can-try-out-resources-with-key-when-security-enabled.cy.js
• tests/cypress/support/commands.js
• tests/cypress/support/e2e.js
• tests/cypress/support/pages/devportal/DevPortalApisPage.js
• tests/package.json

🚧 Files skipped from review as they are similar to previous changes (4)

• tests/cypress/e2e/devportal/001-applications/05-test-application-sharing.cy.js
• tests/cypress/support/commands.js
• tests/cypress/e2e/publisher/020-prototyped-apis/01-cannot-try-out-resources-without-key-when-security-enabled.cy.js
• tests/cypress/e2e/publisher/013-api-product/05-create-new-version-of-api-product.cy.js

[coderabbitai]

Actionable comments posted: 7

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (7)

tests/cypress/e2e/devportal/002-subscriptions/02-subscribe-via-wizard.cy.js (1)

30-35: ⚠️ Potential issue | 🔴 Critical

Remove it.only before merging.

Using it.only will skip all other tests in the entire test suite. This appears to be a debug artifact that should be removed before merging to ensure the full test suite runs in CI.

Proposed fix

-    it.only("Subscribe to API", {
+    it("Subscribe to API", {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/cypress/e2e/devportal/002-subscriptions/02-subscribe-via-wizard.cy.js`
around lines 30 - 35, The test is using it.only for the "Subscribe to API" spec
which will skip the rest of the suite; remove the debug-only filter by replacing
the it.only invocation with a normal it invocation (i.e., change
it.only("Subscribe to API", { retries: { runMode: 3, openMode: 0 } }, () => {
... }) to it("Subscribe to API", { retries: { runMode: 3, openMode: 0 } }, () =>
{ ... })) and ensure there are no other .only usages left in the same test file.

tests/cypress/e2e/publisher/011-lifecycle/04-depricate-old-versions.cy.js (1)

52-52: ⚠️ Potential issue | 🔴 Critical

Remove it.only to allow full test suite execution.

The it.only modifier will cause Cypress to skip all other tests in the suite. This should be removed before merging.

Proposed fix

-  it.only("Depricate old versions of api before publishing", () => {
+  it("Depricate old versions of api before publishing", () => {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/cypress/e2e/publisher/011-lifecycle/04-depricate-old-versions.cy.js` at
line 52, Remove the accidental test-only modifier by changing the test
declaration from it.only("Depricate old versions of api before publishing", ...)
to a normal it(...) so the full Cypress suite runs; search for any remaining
".only" occurrences (e.g., the "Depricate old versions of api before publishing"
test in this file) and remove them as well before merging.

tests/cypress/e2e/devportal/002-subscriptions/01-subscribe-unsubscribe-to-app-from-app.cy.js (1)

31-31: ⚠️ Potential issue | 🔴 Critical

Remove it.only to allow full test suite execution.

The it.only modifier will cause Cypress to skip all other tests in the suite. This should be removed before merging.

Proposed fix

-    it.only("Subscribe unsubscribe to app from application view", () => {
+    it("Subscribe unsubscribe to app from application view", () => {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/devportal/002-subscriptions/01-subscribe-unsubscribe-to-app-from-app.cy.js`
at line 31, Remove the test-exclusive modifier by replacing the test declaration
using "it.only" for the test titled "Subscribe unsubscribe to app from
application view" with a normal "it" call so the full Cypress suite runs; locate
the line containing it.only(...) in the spec (the test definition starting with
it.only("Subscribe unsubscribe to app from application view", ...)) and change
it to it("Subscribe unsubscribe to app from application view", ...).

tests/test.sh (2)

144-144: ⚠️ Potential issue | 🟠 Major

Outdated dependency: aws-sdk should be replaced with @aws-sdk/client-s3.

The PR description states that aws-sdk was replaced with @aws-sdk/client-s3, but line 144 still installs the deprecated aws-sdk v2 package. AWS SDK v2 for JavaScript is in maintenance mode.

Proposed fix

-npm i --save aws-sdk
+npm i --save `@aws-sdk/client-s3`

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/test.sh` at line 144, Replace the outdated npm install command that
adds the deprecated aws-sdk v2 with the modular v3 S3 client; in the
tests/test.sh script change the dependency installation step (the line currently
running "npm i --save aws-sdk") to install "@aws-sdk/client-s3" instead and
update any related install flags (e.g., --save) to match project conventions so
the test environment uses the v3 S3 client package.

---

103-118: ⚠️ Potential issue | 🔴 Critical

Node.js version inconsistency will result in Node 12 being used instead of Node 22.

Line 103 sets up Node 22.x via nodesource, but lines 114-118 immediately download and install Node v12.22.3, overwriting the Node 22 installation. The PR objective states the intention to use Node.js 22.x, but this script will ultimately run with Node 12.

Update the manual installation to match the intended Node 22 version:

Proposed fix to use Node 22 LTS

-wget https://nodejs.org/dist/v12.22.3/node-v12.22.3-linux-x64.tar.xz
-tar -xvf node-v12.22.3-linux-x64.tar.xz
-sudo ln -s $HOME/node-v12.22.3-linux-x64/bin/node /usr/bin/node
-sudo ln -s $HOME/node-v12.22.3-linux-x64/bin/npm /usr/bin/npm
-sudo ln -s $HOME/node-v12.22.3-linux-x64/bin/npx /usr/bin/npx
+wget https://nodejs.org/dist/v22.22.1/node-v22.22.1-linux-x64.tar.xz
+tar -xvf node-v22.22.1-linux-x64.tar.xz
+sudo ln -s $HOME/node-v22.22.1-linux-x64/bin/node /usr/bin/node
+sudo ln -s $HOME/node-v22.22.1-linux-x64/bin/npm /usr/bin/npm
+sudo ln -s $HOME/node-v22.22.1-linux-x64/bin/npx /usr/bin/npx

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/test.sh` around lines 103 - 118, The script installs Node 22 via the
NodeSource setup but then downloads and symlinks Node v12, causing Node 12 to
override Node 22; remove or replace the manual v12 installation steps (the wget
of node-v12.22.3-linux-x64.tar.xz and the three sudo ln -s lines) and instead
download and extract a matching Node 22 tarball (or rely on the nodesource apt
install), then create symlinks that point to the Node 22 binary (or run apt-get
install -y nodejs after the curl setup) so the installed binaries match the
setup_22.x bootstrap (ensure the file names and symlink targets reference the
Node 22 version rather than node-v12.22.3).

tests/cypress/e2e/publisher/008-business-info/00-business-info.cy.js (1)

26-26: ⚠️ Potential issue | 🔴 Critical

Remove it.only to allow full test suite execution.

The it.only modifier will cause Cypress to skip all other tests in the suite. This should be removed before merging.

Proposed fix

-    it.only("Add business information", () => {
+    it("Add business information", () => {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/cypress/e2e/publisher/008-business-info/00-business-info.cy.js` at line
26, The test currently uses the exclusive modifier it.only on the "Add business
information" test, which prevents other tests from running; open the test
declaration containing it.only("Add business information", ...) and remove the
.only so it reads it("Add business information", ...), ensuring the test suite
runs in full; verify no other .only or .only usages exist in this file (or
across tests) before committing.

tests/cypress/e2e/publisher/020-prototyped-apis/01-cannot-try-out-resources-without-key-when-security-enabled.cy.js (1)

33-38: ⚠️ Potential issue | 🔴 Critical

Remove it.only to avoid skipping other tests.

The it.only modifier causes Cypress to run only this test, skipping all other tests in the suite. The PR objectives mention improving test reliability, but this debug artifact remains and will break CI test coverage.

🐛 Proposed fix

-    it.only("try out resources enabling the security without credentials", {
+    it("try out resources enabling the security without credentials", {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/020-prototyped-apis/01-cannot-try-out-resources-without-key-when-security-enabled.cy.js`
around lines 33 - 38, The test declaration uses it.only which limits Cypress to
run only this test; remove the .only so the test reads it("try out resources
enabling the security without credentials", ...) instead, and scan the test file
for any other occurrences of .only (e.g., other it.only or describe.only) to
restore normal suite execution; keep the test name and retry options unchanged
when updating the declaration.

♻️ Duplicate comments (1)

tests/cypress/e2e/publisher/004-endpoints/01-add-soap-endpoints-production-sandbox.cy.js (1)

29-29: ⚠️ Potential issue | 🟠 Major

Remove .only from the test declaration.

Line 29 still uses it.only(...), which keeps this spec in focused mode and can hide coverage as the file grows.

🔧 Proposed fix

-    it.only("Add production sandbox endpoints for SOAP", () => {
+    it("Add production sandbox endpoints for SOAP", () => {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/004-endpoints/01-add-soap-endpoints-production-sandbox.cy.js`
at line 29, Remove the focused test call by changing the "it.only" invocation to
a normal test declaration ("it") for the test named "Add production sandbox
endpoints for SOAP" (i.e. replace the it.only(...) usage with it(...)) so the
spec no longer runs in focused mode and will be included in full test runs.

🧹 Nitpick comments (5)

tests/cypress/e2e/devportal/002-subscriptions/02-subscribe-via-wizard.cy.js (1)

21-21: Describe block text doesn't match the test purpose.

The describe block says "Anonymous view apis" but the test is about subscribing to an API via wizard. Consider updating the description to accurately reflect the test's intent.

Proposed fix

-describe("Anonymous view apis", () => {
+describe("Subscribe via wizard", () => {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/cypress/e2e/devportal/002-subscriptions/02-subscribe-via-wizard.cy.js`
at line 21, The describe block text "Anonymous view apis" is misleading for this
test; update the describe string in the
tests/cypress/e2e/devportal/002-subscriptions/02-subscribe-via-wizard.cy.js file
(the describe(...) declaration) to accurately reflect the test purpose such as
"Subscribe via wizard" or "Subscriptions - subscribe via wizard" so the suite
name matches the test intent.

tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js (1)

63-63: This timeout/selector change is inside commented-out test code.

Line 63 is inside a /* ... */ block, so the devportal verification path is still not executed. Please either re-enable that test or remove the dead block to avoid false confidence in coverage.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js`
at line 63, The line with the Cypress selector cy.get(`[area-label="Go to
${genApiName}"], [aria-label="Go to ${genApiName}"]`, { timeout:
Cypress.env('largeTimeout') }).click(); is inside a commented-out block, so the
devportal verification is not executed; either remove the surrounding /* ... */
comment to re-enable the test path (ensure the test includes the correct
selector and timeout) or delete the dead commented block entirely to avoid
misleading coverage — locate the commented section around that selector in
tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js
and apply the chosen change.

tests/cypress/e2e/publisher/000-general/03-create-and-publish-graphql-api-with-all-information.cy.js (1)

98-101: Dynamic role name will accumulate roles if test is re-enabled.

Each test run creates a unique FilmSubscriber{random} role but never deletes it. While this test is currently describe.skip, re-enabling it will leak roles in shared environments.

Consider adding role cleanup in the after hook when this test is re-enabled:

after(function () {
  // ... existing cleanup
  // Add role deletion
  cy.carbonLogin(username, password);
  cy.visit('/carbon/role/role-mgt.jsp');
  cy.deleteRole(filmSubscriberRole); // implement or use existing command
  cy.carbonLogout();
})

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/000-general/03-create-and-publish-graphql-api-with-all-information.cy.js`
around lines 98 - 101, The test creates a dynamic role stored in the variable
filmSubscriberRole but never removes it, causing role leakage across runs; add
cleanup to the test's after hook that logs in (cy.carbonLogin), navigates to
role management, deletes the role (implement or call
cy.deleteRole(filmSubscriberRole)), and logs out (cy.carbonLogout) so the
created FilmSubscriber{random} is removed after the test finishes.

tests/cypress/e2e/publisher/020-prototyped-apis/01-cannot-try-out-resources-without-key-when-security-enabled.cy.js (2)

90-97: Remove commented-out assertions.

Lines 90 and 96 contain commented-out assertions that appear to be debug artifacts. Either restore them if needed for the test logic or remove them to reduce noise.

♻️ Proposed cleanup

             cy.intercept('GET','**/Prototyped_sample2/1.0.0').as("getExecute");
             cy.get('.execute').click({force:true});
-            //cy.contains('.live-responses-table .response > .response-col_status','401',  {timeout: Cypress.env('largeTimeout')}).should('exist');
             cy.wait(5000)
             cy.wait('@getExecute').then(() => {
                 cy.get('.live-responses-table .response > td.response-col_status').then(element => {
                     cy.log(element.text());
                })
-                //cy.contains('.live-responses-table .response > .response-col_status','401',  {timeout: Cypress.env('largeTimeout')}).should('exist');
                 cy.get('.live-responses-table .response > td.response-col_status',{timeout: Cypress.env('largeTimeout')}).should("contain.text",'401')

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/020-prototyped-apis/01-cannot-try-out-resources-without-key-when-security-enabled.cy.js`
around lines 90 - 97, Remove the commented-out assertions that are leftover
debug artifacts: delete the two commented cy.contains(...) lines around the live
responses checks (the ones matching '.live-responses-table .response >
.response-col_status' expecting '401'), leaving only the active
cy.wait('@getExecute') block and the assertions using cy.get(...). This cleans
up noise without altering the test logic in the existing cy.wait, cy.get, and
should("contain.text",'401') assertions.

---

81-83: Dual selector workaround preserves the typo.

The selector [area-label="..."], [aria-label="..."] works but keeps the typo in place. Consider fixing the source component to use the correct aria-label attribute, then simplify this selector.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@tests/cypress/e2e/publisher/020-prototyped-apis/01-cannot-try-out-resources-without-key-when-security-enabled.cy.js`
around lines 81 - 83, The test uses a dual selector `[area-label="Go to
${apiName}"], [aria-label="Go to ${apiName}"]` because the source component
mistakenly renders `area-label`; fix the source component to render the correct
`aria-label` prop (replace any `area-label` attribute or prop usage in the
component/JSX with `aria-label`) and then simplify the Cypress assertion to only
use `[aria-label="Go to ${apiName}"]` (update the test that calls `.get(...)`
and remove the fallback), then run the e2e to confirm no regressions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/cypress/e2e/devportal/002-subscriptions/02-subscribe-via-wizard.cy.js`:
- Around line 62-63: The test currently calls cy.get('#wizard-next-3-btn',
{timeout: Cypress.env('largeTimeout')}); then separately
cy.get('#wizard-next-3-btn').click(); — change this to chain the click to the
same get call so the timeout applies to the click, i.e. use
cy.get('#wizard-next-3-btn', { timeout: Cypress.env('largeTimeout') }).click();
ensuring the selector '#wizard-next-3-btn' is only queried once.
- Around line 54-58: The test is calling cy.get('#wizard-next-1-btn', {timeout:
...}) and then calling cy.get('#wizard-next-1-btn').click() again which discards
the custom timeout; instead chain .click() directly to the timed get so the
click waits the extended timeout. Update both occurrences that use
cy.get('#wizard-next-1-btn', {timeout: Cypress.env('largeTimeout')}) and
cy.get('#wizard-next-2-btn', {timeout: Cypress.env('largeTimeout')}) so each
.get(...) is immediately followed by .click() (e.g., cy.get(selector, {timeout:
...}).click()) to ensure the custom timeout is honored.

In `@tests/cypress/support/commands.js`:
- Around line 63-65: The portalLogin helper in tests/cypress/support/commands.js
mixes timeout sources — some calls use Cypress.env('largeTimeout') (e.g., the
cy.get for '#itest-devportal-sign-in') while other calls still use
Cypress.config().largeTimeout; update all timeout usages inside the portalLogin
function to consistently read Cypress.env('largeTimeout') (replace every
Cypress.config().largeTimeout occurrence in portalLogin with
Cypress.env('largeTimeout')) so all cy.get/click/wait steps use the same
environment-driven timeout and avoid falling back to default timeouts.

In `@tests/cypress/support/functions/publisher/PublisherMenu.js`:
- Line 27: Search the codebase for all occurrences of the symbol
Cypress.config().largeTimeout and replace them with Cypress.env('largeTimeout');
update the support helper functions (the ones registering cy.wait and other
helpers) and all test files that still reference Cypress.config().largeTimeout
so they consistently read timeout from Cypress.env('largeTimeout'), then run
tests to ensure no silent fallback to default timeouts.

In `@tests/package.json`:
- Around line 42-45: The tests package change replaced aws-sdk v2 with
`@aws-sdk/client-s3` but tests/test.sh still installs v2 and calls a non-existent
script; update tests/test.sh to stop running "npm i --save aws-sdk" and instead
ensure it uses the v3 client (adjust any runtime code that expects AWS.S3 to use
the `@aws-sdk/client-s3` API or call a shim), and replace or remove the erroneous
"node ./upload_email" invocation—either point it to the correct existing entry
(e.g., the new upload/email module) or remove the step if not needed; search for
references to "npm i --save aws-sdk" and "node ./upload_email" to update the
behavior consistently.
- Line 30: The PR bumps Cypress from 9.7.0 to 14.3.2 but lacks the migration
steps; update the test setup by replacing cypress.json with a
cypress.config.{js,ts} file and move plugin logic into
e2e.setupNodeEvents()/component.setupNodeEvents() (reference: cypress.config),
convert legacy spec settings (testFiles/integrationFolder/componentFolder) to
testing-type-specific specPattern, replace cy.server()/cy.route() and
Cypress.Cookies.defaults() usages with cy.intercept() and cy.session() in any
test helpers or support files, audit tests for testIsolation-related state
assumptions and adjust or disable testIsolation where needed, and ensure CI/dev
Node targets are >=18 to satisfy Cypress 14 runtime requirements.

In `@tests/test.local.sh`:
- Line 1: The script currently lacks a shebang, so add a bash shebang as the
very first line of the tests/test.local.sh script (use the /usr/bin/env bash
form to be portable) and ensure the file is executable so the correct shell
interpreter is used when invoked; this will satisfy ShellCheck SC2148 and
prevent interpreter ambiguity for the command currently present (the Cypress run
invocation).

---

Outside diff comments:
In
`@tests/cypress/e2e/devportal/002-subscriptions/01-subscribe-unsubscribe-to-app-from-app.cy.js`:
- Line 31: Remove the test-exclusive modifier by replacing the test declaration
using "it.only" for the test titled "Subscribe unsubscribe to app from
application view" with a normal "it" call so the full Cypress suite runs; locate
the line containing it.only(...) in the spec (the test definition starting with
it.only("Subscribe unsubscribe to app from application view", ...)) and change
it to it("Subscribe unsubscribe to app from application view", ...).

In `@tests/cypress/e2e/devportal/002-subscriptions/02-subscribe-via-wizard.cy.js`:
- Around line 30-35: The test is using it.only for the "Subscribe to API" spec
which will skip the rest of the suite; remove the debug-only filter by replacing
the it.only invocation with a normal it invocation (i.e., change
it.only("Subscribe to API", { retries: { runMode: 3, openMode: 0 } }, () => {
... }) to it("Subscribe to API", { retries: { runMode: 3, openMode: 0 } }, () =>
{ ... })) and ensure there are no other .only usages left in the same test file.

In `@tests/cypress/e2e/publisher/008-business-info/00-business-info.cy.js`:
- Line 26: The test currently uses the exclusive modifier it.only on the "Add
business information" test, which prevents other tests from running; open the
test declaration containing it.only("Add business information", ...) and remove
the .only so it reads it("Add business information", ...), ensuring the test
suite runs in full; verify no other .only or .only usages exist in this file (or
across tests) before committing.

In `@tests/cypress/e2e/publisher/011-lifecycle/04-depricate-old-versions.cy.js`:
- Line 52: Remove the accidental test-only modifier by changing the test
declaration from it.only("Depricate old versions of api before publishing", ...)
to a normal it(...) so the full Cypress suite runs; search for any remaining
".only" occurrences (e.g., the "Depricate old versions of api before publishing"
test in this file) and remove them as well before merging.

In
`@tests/cypress/e2e/publisher/020-prototyped-apis/01-cannot-try-out-resources-without-key-when-security-enabled.cy.js`:
- Around line 33-38: The test declaration uses it.only which limits Cypress to
run only this test; remove the .only so the test reads it("try out resources
enabling the security without credentials", ...) instead, and scan the test file
for any other occurrences of .only (e.g., other it.only or describe.only) to
restore normal suite execution; keep the test name and retry options unchanged
when updating the declaration.

In `@tests/test.sh`:
- Line 144: Replace the outdated npm install command that adds the deprecated
aws-sdk v2 with the modular v3 S3 client; in the tests/test.sh script change the
dependency installation step (the line currently running "npm i --save aws-sdk")
to install "@aws-sdk/client-s3" instead and update any related install flags
(e.g., --save) to match project conventions so the test environment uses the v3
S3 client package.
- Around line 103-118: The script installs Node 22 via the NodeSource setup but
then downloads and symlinks Node v12, causing Node 12 to override Node 22;
remove or replace the manual v12 installation steps (the wget of
node-v12.22.3-linux-x64.tar.xz and the three sudo ln -s lines) and instead
download and extract a matching Node 22 tarball (or rely on the nodesource apt
install), then create symlinks that point to the Node 22 binary (or run apt-get
install -y nodejs after the curl setup) so the installed binaries match the
setup_22.x bootstrap (ensure the file names and symlink targets reference the
Node 22 version rather than node-v12.22.3).

---

Duplicate comments:
In
`@tests/cypress/e2e/publisher/004-endpoints/01-add-soap-endpoints-production-sandbox.cy.js`:
- Line 29: Remove the focused test call by changing the "it.only" invocation to
a normal test declaration ("it") for the test named "Add production sandbox
endpoints for SOAP" (i.e. replace the it.only(...) usage with it(...)) so the
spec no longer runs in focused mode and will be included in full test runs.

---

Nitpick comments:
In `@tests/cypress/e2e/devportal/002-subscriptions/02-subscribe-via-wizard.cy.js`:
- Line 21: The describe block text "Anonymous view apis" is misleading for this
test; update the describe string in the
tests/cypress/e2e/devportal/002-subscriptions/02-subscribe-via-wizard.cy.js file
(the describe(...) declaration) to accurately reflect the test purpose such as
"Subscribe via wizard" or "Subscriptions - subscribe via wizard" so the suite
name matches the test intent.

In
`@tests/cypress/e2e/publisher/000-general/03-create-and-publish-graphql-api-with-all-information.cy.js`:
- Around line 98-101: The test creates a dynamic role stored in the variable
filmSubscriberRole but never removes it, causing role leakage across runs; add
cleanup to the test's after hook that logs in (cy.carbonLogin), navigates to
role management, deletes the role (implement or call
cy.deleteRole(filmSubscriberRole)), and logs out (cy.carbonLogout) so the
created FilmSubscriber{random} is removed after the test finishes.

In
`@tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js`:
- Line 63: The line with the Cypress selector cy.get(`[area-label="Go to
${genApiName}"], [aria-label="Go to ${genApiName}"]`, { timeout:
Cypress.env('largeTimeout') }).click(); is inside a commented-out block, so the
devportal verification is not executed; either remove the surrounding /* ... */
comment to re-enable the test path (ensure the test includes the correct
selector and timeout) or delete the dead commented block entirely to avoid
misleading coverage — locate the commented section around that selector in
tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js
and apply the chosen change.

In
`@tests/cypress/e2e/publisher/020-prototyped-apis/01-cannot-try-out-resources-without-key-when-security-enabled.cy.js`:
- Around line 90-97: Remove the commented-out assertions that are leftover debug
artifacts: delete the two commented cy.contains(...) lines around the live
responses checks (the ones matching '.live-responses-table .response >
.response-col_status' expecting '401'), leaving only the active
cy.wait('@getExecute') block and the assertions using cy.get(...). This cleans
up noise without altering the test logic in the existing cy.wait, cy.get, and
should("contain.text",'401') assertions.
- Around line 81-83: The test uses a dual selector `[area-label="Go to
${apiName}"], [aria-label="Go to ${apiName}"]` because the source component
mistakenly renders `area-label`; fix the source component to render the correct
`aria-label` prop (replace any `area-label` attribute or prop usage in the
component/JSX with `aria-label`) and then simplify the Cypress assertion to only
use `[aria-label="Go to ${apiName}"]` (update the test that calls `.get(...)`
and remove the fallback), then run the e2e to confirm no regressions.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2a60e148-6171-42e6-98bc-1c5078a769fc

📥 Commits

Reviewing files that changed from the base of the PR and between ede8324 and 17b7874.

⛔ Files ignored due to path filters (1)

• tests/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (130)

• .github/workflows/ui-test.yml
• tests/cypress.config.js
• tests/cypress.json
• tests/cypress/e2e/0-init/00-init.cy.js
• tests/cypress/e2e/admin/00-add-edit-delete-microgateway-environments.cy.js
• tests/cypress/e2e/admin/01-add-edit-delete-advance-throttle-policies.cy.js
• tests/cypress/e2e/admin/02-add-edit-delete-application-throttle-policies.cy.js
• tests/cypress/e2e/admin/03-add-edit-delete-subscription-throttle-policies.cy.js
• tests/cypress/e2e/admin/04-add-edit-delete-api-categories.cy.js
• tests/cypress/e2e/admin/05-add-custom-throttle-policies.cy.js
• tests/cypress/e2e/admin/06-add-delete-black-list-policies.cy.js
• tests/cypress/e2e/admin/07-add-scope-mapping.cy.js
• tests/cypress/e2e/admin/08-add-api-categories.cy.js
• tests/cypress/e2e/admin/09-add-edit-delete-km.cy.js
• tests/cypress/e2e/admin/10-advanced-configurations.cy.js
• tests/cypress/e2e/admin/11-change-the-owner-of-application.cy.js
• tests/cypress/e2e/devportal/000-general/01-anonymous-user-view-public-apis.cy.js
• tests/cypress/e2e/devportal/000-general/02-logout-from-devportal.cy.js
• tests/cypress/e2e/devportal/000-general/03-self-signup.cy.js
• tests/cypress/e2e/devportal/000-general/04-change-password-of-a-user.cy.js
• tests/cypress/e2e/devportal/000-general/05-download-sdk.cy.js
• tests/cypress/e2e/devportal/001-applications/01-create-jwt-app-generate-keys.cy.js
• tests/cypress/e2e/devportal/001-applications/02-generate-keys.cy.js
• tests/cypress/e2e/devportal/001-applications/03-generate-api-keys.cy.js
• tests/cypress/e2e/devportal/001-applications/04-exchange-key-managers.cy.js
• tests/cypress/e2e/devportal/001-applications/05-test-application-sharing.cy.js
• tests/cypress/e2e/devportal/002-subscriptions/00-subscribe-unsubscribe-to-app-from-api-details.cy.js
• tests/cypress/e2e/devportal/002-subscriptions/01-subscribe-unsubscribe-to-app-from-app.cy.js
• tests/cypress/e2e/devportal/002-subscriptions/02-subscribe-via-wizard.cy.js
• tests/cypress/e2e/devportal/002-subscriptions/03-change-subscription-tier-on-an-application.cy.js
• tests/cypress/e2e/devportal/002-subscriptions/04-generate-keys-api-details-page.cy.js
• tests/cypress/e2e/devportal/003-test/00-tryout-api-invocations-from-swagger-console.cy.js
• tests/cypress/e2e/devportal/004-api-product/00-api-product-invoke-with-keys.cy.skip.js
• tests/cypress/e2e/e2e/developerFundamentalScenarios/00-defining-users-and-roles.cy.skip.js
• tests/cypress/e2e/e2e/developerFundamentalScenarios/01-create-api-from-scratch-and-publish.cy.skip.js
• tests/cypress/e2e/e2e/developerFundamentalScenarios/99-tear-down-test.cy.skip.js
• tests/cypress/e2e/e2e/externalDevPortals/00-enable-external-dev.cy.js
• tests/cypress/e2e/e2e/externalDevPortals/01-tear-down-extenal-dev-test.cy.js
• tests/cypress/e2e/publisher/000-general/00-deploy-sample-api.cy.js
• tests/cypress/e2e/publisher/000-general/01-create-new-version-of-api.cy.js
• tests/cypress/e2e/publisher/000-general/03-create-and-publish-graphql-api-with-all-information.cy.js
• tests/cypress/e2e/publisher/000-general/03-landing-page.cy.js
• tests/cypress/e2e/publisher/000-general/04-api-listing-create-api-menu.cy.skip.js
• tests/cypress/e2e/publisher/001-api-create/01-login-logout-from-publisher-as-super-tenant-user.cy.js
• tests/cypress/e2e/publisher/001-api-create/02-create-api-with-swagger-file-super-tenant.cy.js
• tests/cypress/e2e/publisher/001-api-create/03-create-api-with-swagger-url-super-tenant.cy.js
• tests/cypress/e2e/publisher/001-api-create/04-creating-web-socket-api-as-super-tenant-user.cy.js
• tests/cypress/e2e/publisher/001-api-create/05-creating-graphql-api-as-super-tenant-user.cy.js
• tests/cypress/e2e/publisher/001-api-create/06-solace-broker-integration.cy.js
• tests/cypress/e2e/publisher/001-api-create/07-create-and-publish-api-from-scratch.cy.js
• tests/cypress/e2e/publisher/002-api-resources/00-api-resource-create.cy.js
• tests/cypress/e2e/publisher/002-api-resources/01-add-advance-throttling-policies-for-api.cy.js
• tests/cypress/e2e/publisher/002-api-resources/02-add-assign-global-scopes-for-api.cy.js
• tests/cypress/e2e/publisher/003-run-time-configs/00-add-authorization-header.cy.js
• tests/cypress/e2e/publisher/003-run-time-configs/01-select-transport-types.cy.js
• tests/cypress/e2e/publisher/003-run-time-configs/02-enable-response-caching.cy.js
• tests/cypress/e2e/publisher/003-run-time-configs/03-enable-schema-validation.cy.js
• tests/cypress/e2e/publisher/003-run-time-configs/04-enable-mutual-ssl-and-upload-certificate.cy.js
• tests/cypress/e2e/publisher/003-run-time-configs/05-oauth2-and-api-key-security.cy.js
• tests/cypress/e2e/publisher/003-run-time-configs/06-add-api-key-header.cy.js
• tests/cypress/e2e/publisher/004-endpoints/00-add-rest-endpoints-production-sandbox.cy.js
• tests/cypress/e2e/publisher/004-endpoints/01-add-soap-endpoints-production-sandbox.cy.js
• tests/cypress/e2e/publisher/004-endpoints/02-check-endpoint-test-button.cy.js
• tests/cypress/e2e/publisher/004-endpoints/03-add-failover.cy.js
• tests/cypress/e2e/publisher/004-endpoints/04-add-loadbalance.cy.js
• tests/cypress/e2e/publisher/004-endpoints/05-add-security.cy.js
• tests/cypress/e2e/publisher/004-endpoints/06-Import-delete-certificates.cy.js
• tests/cypress/e2e/publisher/004-endpoints/07-mock-api-and-test.cy.js
• tests/cypress/e2e/publisher/004-endpoints/08-usage-warning-certificates.cy.skip.js
• tests/cypress/e2e/publisher/004-endpoints/09-add-security-spec-then-update-endpoints.cy.skip.js
• tests/cypress/e2e/publisher/004-endpoints/10-change-advanced-configuration.cy.js
• tests/cypress/e2e/publisher/005-design-config/00-add-thumbnail-image.cy.js
• tests/cypress/e2e/publisher/005-design-config/01-make-api-the-default-version.cy.js
• tests/cypress/e2e/publisher/005-design-config/02-set-publisher-access-control-and-visibility-by-roles.cy.js
• tests/cypress/e2e/publisher/005-design-config/03-add-tags-for-the-api.cy.js
• tests/cypress/e2e/publisher/006-subscriptions/00-select-subscription-tiers.cy.js
• tests/cypress/e2e/publisher/006-subscriptions/01-subscribtion-blocking.cy.js
• tests/cypress/e2e/publisher/008-business-info/00-business-info.cy.js
• tests/cypress/e2e/publisher/009-api-definition/00-download-api.cy.js
• tests/cypress/e2e/publisher/009-api-definition/01-download-swagger.cy.js
• tests/cypress/e2e/publisher/009-api-definition/02-upload-api.cy.js
• tests/cypress/e2e/publisher/010-additional-properties/00-add-additional-properties.cy.js
• tests/cypress/e2e/publisher/011-lifecycle/00-save-and-publish-api.cy.js
• tests/cypress/e2e/publisher/011-lifecycle/01-block-demote-to-created-depricate-api.cy.js
• tests/cypress/e2e/publisher/011-lifecycle/02-deploy-as-prototype.cy.skip.js
• tests/cypress/e2e/publisher/011-lifecycle/03-add-custom-lifecycle-state.cy.js
• tests/cypress/e2e/publisher/011-lifecycle/04-depricate-old-versions.cy.js
• tests/cypress/e2e/publisher/012-documents/00-add-edit-inline-document.cy.js
• tests/cypress/e2e/publisher/012-documents/01-view-generated-document-rest.cy.js
• tests/cypress/e2e/publisher/012-documents/02-view-generated-document-not-rest.cy.js
• tests/cypress/e2e/publisher/013-api-product/01-create-product-and-update-underline-api.cy.js
• tests/cypress/e2e/publisher/013-api-product/02-create-a-new-revision-for-the-api-product-and-deploy.cy.js
• tests/cypress/e2e/publisher/013-api-product/03-undeploy-new-revision-of-api-product.cy.js
• tests/cypress/e2e/publisher/013-api-product/04-lifecycle-support-for-api-products.cy.js
• tests/cypress/e2e/publisher/013-api-product/05-create-new-version-of-api-product.cy.js
• tests/cypress/e2e/publisher/013-api-product/06-download-api-product.cy.js
• tests/cypress/e2e/publisher/014-comments/00-add-comments-to-api.cy.js
• tests/cypress/e2e/publisher/014-comments/01-add-nested-comments-to-api.cy.js
• tests/cypress/e2e/publisher/015-deployments/00-create-new-revision-and-deploy-api.cy.js
• tests/cypress/e2e/publisher/015-deployments/01-undeploy-new-revision.cy.js
• tests/cypress/e2e/publisher/015-deployments/02-verify-gateway-environments.cy.js
• tests/cypress/e2e/publisher/016-service-catalog/00-services.create.cy.js
• tests/cypress/e2e/publisher/016-service-catalog/01-services.delete.cy.skip.js
• tests/cypress/e2e/publisher/017-api-policies/00-common-policy.cy.js
• tests/cypress/e2e/publisher/017-api-policies/01-api-specific-policy.cy.js
• tests/cypress/e2e/publisher/018-third-party-api/00-publish-third-party-api.cy.js
• tests/cypress/e2e/publisher/019-read-only-user/00-verify-that-read-only-user-cannot-create-update-api.cy.js
• tests/cypress/e2e/publisher/020-prototyped-apis/00-try-out-resources-without-key-when-security-disabled.cy.js
• tests/cypress/e2e/publisher/020-prototyped-apis/01-cannot-try-out-resources-without-key-when-security-enabled.cy.js
• tests/cypress/e2e/publisher/020-prototyped-apis/02-can-try-out-resources-with-key-when-security-enabled.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/00-lint-when-creating-api-with-swagger-url.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/01-lint-when-creating-api-with-swagger-file.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/02-lint-when-creating-api-with-swagger-v2-url.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/03-lint-when-creating-api-with-swagger-v2-file.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/04-lint-when-creating-api-with-errornous-swagger-file.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/05-lint-when-editing-before-import.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/06-lint-when-importing-api-with-swagger-url.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/07-lint-when-importing-api-with-swagger-file.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/08-lint-when-importing-api-with-swagger-v2-url.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/09-lint-when-importing-api-with-swagger-v2-file.cy.js
• tests/cypress/e2e/publisher/021-api-linter-feature/10-lint-when-importing-api-with-errornous-swagger-file.cy.js
• tests/cypress/e2e/publisher/022-gateway-policies/00-gateway-policy.cy.js
• tests/cypress/support/commands.js
• tests/cypress/support/e2e.js
• tests/cypress/support/functions/publisher/PublisherMenu.js
• tests/cypress/support/pages/carbon/AddNewUserStep1Page.js
• tests/cypress/support/pages/devportal/DevPortalApisPage.js
• tests/package.json
• tests/test.local.sh
• tests/test.sh

💤 Files with no reviewable changes (1)

• tests/cypress.json

🚧 Files skipped from review as they are similar to previous changes (31)

• tests/cypress/e2e/publisher/013-api-product/02-create-a-new-revision-for-the-api-product-and-deploy.cy.js
• tests/cypress/e2e/publisher/005-design-config/00-add-thumbnail-image.cy.js
• tests/cypress/e2e/publisher/011-lifecycle/01-block-demote-to-created-depricate-api.cy.js
• tests/cypress/e2e/publisher/009-api-definition/01-download-swagger.cy.js
• tests/cypress/e2e/publisher/002-api-resources/02-add-assign-global-scopes-for-api.cy.js
• tests/cypress/e2e/devportal/002-subscriptions/03-change-subscription-tier-on-an-application.cy.js
• tests/cypress/e2e/publisher/013-api-product/04-lifecycle-support-for-api-products.cy.js
• .github/workflows/ui-test.yml
• tests/cypress/e2e/admin/08-add-api-categories.cy.js
• tests/cypress/e2e/publisher/018-third-party-api/00-publish-third-party-api.cy.js
• tests/cypress/e2e/devportal/000-general/01-anonymous-user-view-public-apis.cy.js
• tests/cypress/e2e/publisher/020-prototyped-apis/00-try-out-resources-without-key-when-security-disabled.cy.js
• tests/cypress/e2e/admin/09-add-edit-delete-km.cy.js
• tests/cypress/e2e/publisher/017-api-policies/01-api-specific-policy.cy.js
• tests/cypress/e2e/publisher/001-api-create/03-create-api-with-swagger-url-super-tenant.cy.js
• tests/cypress/e2e/publisher/004-endpoints/06-Import-delete-certificates.cy.js
• tests/cypress/e2e/publisher/013-api-product/01-create-product-and-update-underline-api.cy.js
• tests/cypress/e2e/devportal/000-general/03-self-signup.cy.js
• tests/cypress/support/pages/carbon/AddNewUserStep1Page.js
• tests/cypress/support/e2e.js
• tests/cypress.config.js
• tests/cypress/e2e/admin/05-add-custom-throttle-policies.cy.js
• tests/cypress/e2e/publisher/014-comments/01-add-nested-comments-to-api.cy.js
• tests/cypress/e2e/publisher/013-api-product/06-download-api-product.cy.js
• tests/cypress/e2e/publisher/020-prototyped-apis/02-can-try-out-resources-with-key-when-security-enabled.cy.js
• tests/cypress/e2e/publisher/006-subscriptions/01-subscribtion-blocking.cy.js
• tests/cypress/e2e/publisher/004-endpoints/03-add-failover.cy.js
• tests/cypress/e2e/publisher/019-read-only-user/00-verify-that-read-only-user-cannot-create-update-api.cy.js
• tests/cypress/e2e/devportal/001-applications/05-test-application-sharing.cy.js
• tests/cypress/support/pages/devportal/DevPortalApisPage.js
• tests/cypress/e2e/publisher/003-run-time-configs/01-select-transport-types.cy.js

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Same issue: chain .click() to the cy.get() with the timeout.

Proposed fix

-                    cy.get('#wizard-next-3-btn', {timeout: Cypress.env('largeTimeout')});
-                    cy.get('#wizard-next-3-btn').click();
+                    cy.get('#wizard-next-3-btn', {timeout: Cypress.env('largeTimeout')}).click();

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/cypress/e2e/devportal/002-subscriptions/02-subscribe-via-wizard.cy.js`
around lines 62 - 63, The test currently calls cy.get('#wizard-next-3-btn',
{timeout: Cypress.env('largeTimeout')}); then separately
cy.get('#wizard-next-3-btn').click(); — change this to chain the click to the
same get call so the timeout applies to the click, i.e. use
cy.get('#wizard-next-3-btn', { timeout: Cypress.env('largeTimeout') }).click();
ensuring the selector '#wizard-next-3-btn' is only queried once.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

What are the breaking changes in Cypress 14.x compared to Cypress 9.x?

💡 Result:

Breaking changes you’ll hit going from Cypress 9.x → 14.x (major-by-major)

Cypress 10 (vs 9)

• cypress.json removed → must use cypress.config.{js,ts} (JSON configs no longer supported, and Cypress now requires a config file). [1]
• Plugins file removed (cypress/plugins/index.js no longer auto-loaded) → move to e2e.setupNodeEvents() / component.setupNodeEvents() (and CT dev server via devServer). [1]
• Many config options moved/renamed:
  • testFiles/integrationFolder/componentFolder replaced by testing-type-specific specPattern (and attempting to use the old options can error). [1]
  • supportFile is now testing-type-specific (e2e.supportFile, component.supportFile). [1]
• CLI behavior change: to open directly to specs you must pass --e2e or --component and --browser. [1]

Cypress 11

• Component Testing changes:
  • Mounting options removed style-related fields (cssFile(s), style(s), stylesheet(s)). [1]
  • React CT: mountHook and unmount removed. [1]
  • Vue CT: mountCallback removed. [1]
  • Angular CT: provider overriding behavior changed (providers passed to cy.mount() now applied at module level, not overriding component-level providers). [1]

Cypress 12

• Install requires Node.js 14+ (Node 12 no longer supported). [1]
• testIsolation enabled by default (browser context reset between tests), which can break suites relying on state persisting across it() blocks. [1]
• Session/Origin goes GA: experimentalSessionAndOrigin removed; cy.session() / cy.origin() are GA. [1]
• Removed/changed APIs:
  • Cypress.Cookies.defaults() and Cypress.Cookies.preserveOnce() removed (use cy.session()). [1]
  • cy.server(), cy.route(), Cypress.Server.defaults() removed (use cy.intercept()). [1]
  • .invoke() now errors if the invoked function returns a Promise (use .then() instead). [1]

Cypress 13

• Cypress Cloud/Test Replay defaults impact:
  • Test Replay enabled by default; when recording, Runner UI is hidden by default unless you pass --runner-ui. [1]
  • video defaults to false (enable explicitly if you need videos). [1]
• cy.readFile() became a query; and if you overwrote it, you must now use Cypress.Commands.overwriteQuery() (not overwrite()). [1]

Cypress 14

• Install requires Node.js 18+ (Node 16/21 dropped for install), and bundled Node was upgraded. [1][2]
• Platform support drops:
  • Linux prebuilt binaries require glibc ≥ 2.28. [1][2]
  • macOS 11+ required (Electron upgrade). [1]
  • Official browser support becomes “latest 3 major versions” of Chrome/Firefox/Edge. [1]
• cy.origin() requirements expanded: Cypress no longer injects document.domain into HTML by default, so multi-origin tests must use cy.origin() more often (even within the same “superdomain”); injectDocumentDomain exists as a (deprecated) compatibility option. [1][2]
• cy.intercept({ resourceType }) deprecated (future removal/changes expected). [1]

Sources: Cypress Migration Guide [1], Cypress changelog (14.0.0 breaking changes summary) [2].

---

Major Cypress version upgrade from 9.7.0 to 14.3.2 requires significant migration.

This spans five major releases with multiple breaking changes:

• cypress.json removed → must use cypress.config.{js,ts} (Cypress 10)
• Spec file patterns: testFiles, integrationFolder, componentFolder replaced by testing-type-specific specPattern (Cypress 10)
• Plugins file (cypress/plugins/index.js) removed → move to e2e.setupNodeEvents() / component.setupNodeEvents() (Cypress 10)
• testIsolation enabled by default, which resets browser context between tests and can break suites relying on state persistence (Cypress 12)
• Removed APIs: cy.server(), cy.route(), Cypress.Cookies.defaults() (use cy.intercept() and cy.session() instead) (Cypress 12)
• Node.js requirement raised to 18+ (Cypress 14)
• cy.origin() requirements expanded; document.domain injection removed by default (Cypress 14)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/package.json` at line 30, The PR bumps Cypress from 9.7.0 to 14.3.2 but
lacks the migration steps; update the test setup by replacing cypress.json with
a cypress.config.{js,ts} file and move plugin logic into
e2e.setupNodeEvents()/component.setupNodeEvents() (reference: cypress.config),
convert legacy spec settings (testFiles/integrationFolder/componentFolder) to
testing-type-specific specPattern, replace cy.server()/cy.route() and
Cypress.Cookies.defaults() usages with cy.intercept() and cy.session() in any
test helpers or support files, audit tests for testIsolation-related state
assumptions and adjust or disable testIsolation where needed, and ensure CI/dev
Node targets are >=18 to satisfy Cypress 14 runtime requirements.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify test.sh still references aws-sdk v2 and upload_email script
echo "=== Checking test.sh for aws-sdk references ==="
grep -n "aws-sdk" tests/test.sh || echo "No aws-sdk reference found"

echo ""
echo "=== Checking test.sh for upload_email references ==="
grep -n "upload_email" tests/test.sh || echo "No upload_email reference found"

echo ""
echo "=== Checking if upload_email script exists ==="
fd -t f "upload_email" tests/ || echo "upload_email script NOT found in tests/"

Repository: wso2/apim-apps

Length of output: 256

---

🏁 Script executed:

#!/bin/bash
# Get context around the aws-sdk and upload_email references in test.sh
echo "=== Context around aws-sdk installation (line 144) ==="
sed -n '140,148p' tests/test.sh

echo ""
echo "=== Context around upload_email execution (line 156) ==="
sed -n '152,160p' tests/test.sh

echo ""
echo "=== Total lines in test.sh ==="
wc -l tests/test.sh

Repository: wso2/apim-apps

Length of output: 607

---

AWS SDK migration breaks test.sh script.

The package.json replaces aws-sdk (v2) with @aws-sdk/client-s3 (v3), but tests/test.sh at line 144 still runs npm i --save aws-sdk to install v2. Additionally, line 156 executes node ./upload_email which does not exist in the repository. This will cause CI failures when the upload/email functionality is invoked.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/package.json` around lines 42 - 45, The tests package change replaced
aws-sdk v2 with `@aws-sdk/client-s3` but tests/test.sh still installs v2 and calls
a non-existent script; update tests/test.sh to stop running "npm i --save
aws-sdk" and instead ensure it uses the v3 client (adjust any runtime code that
expects AWS.S3 to use the `@aws-sdk/client-s3` API or call a shim), and replace or
remove the erroneous "node ./upload_email" invocation—either point it to the
correct existing entry (e.g., the new upload/email module) or remove the step if
not needed; search for references to "npm i --save aws-sdk" and "node
./upload_email" to update the behavior consistently.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add a shebang to ensure correct shell interpreter.

The script is missing a shebang line, which may cause execution issues depending on how it's invoked. ShellCheck also flags this (SC2148).

Proposed fix

+#!/bin/bash
 ./node_modules/.bin/cypress run --headed --spec cypress/e2e/admin/08-add-api-categories.cy.js

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	./node_modules/.bin/cypress run --headed --spec cypress/e2e/admin/08-add-api-categories.cy.js
	#!/bin/bash
	./node_modules/.bin/cypress run --headed --spec cypress/e2e/admin/08-add-api-categories.cy.js

🧰 Tools

🪛 Shellcheck (0.11.0)

[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.

(SC2148)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/test.local.sh` at line 1, The script currently lacks a shebang, so add
a bash shebang as the very first line of the tests/test.local.sh script (use the
/usr/bin/env bash form to be portable) and ensure the file is executable so the
correct shell interpreter is used when invoked; this will satisfy ShellCheck
SC2148 and prevent interpreter ambiguity for the command currently present (the
Cypress run invocation).

[Piumal1999]

@ashiduDissanayake Let's move this file also to cypress/e2e/keyManagerConstraints

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud