Add prerelease version support and Playwright testing

[justin808]

Summary

This PR adds two key features to improve demo creation and testing:

1. Prerelease Version Support

• Added --prerelease flag to bin/new-demo that automatically fetches the latest beta/rc versions
• Enhanced Config class with fetch_latest_prerelease() method using gem search -ra
• Simplifies testing with prerelease versions without manually specifying version strings

Usage:

bin/new-demo my-demo --prerelease

2. Playwright E2E Testing

• Integrated cypress-playwright-on-rails gem in demo generator
• Auto-creates basic Playwright test for /hello_world endpoint
• Updated .gitignore to exclude Playwright artifacts
• Added Playwright configuration to post-install instructions

Test includes:

• Page load verification
• React component render check

Code Quality

• ✅ All 153 RSpec tests passing
• ✅ RuboCop passing with no offenses
• Refactored Config#initialize to reduce cyclomatic complexity

Files Changed

• bin/new-demo - Added --prerelease flag
• lib/demo_scripts/config.rb - Version fetching logic
• lib/demo_scripts/demo_creator.rb - Cleaned up rubocop directives
• packages/shakacode_demo_common/lib/generators/shakacode_demo_common/install/install_generator.rb - Playwright integration

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features
  • Added --prerelease flag to the demo creation CLI to opt into prerelease dependencies.
  • Demos can now resolve and use prerelease versions when requested.
  • Install generator adds Playwright support: installs required dependencies, runs setup, and creates a starter e2e test.
  • Updated .gitignore suggestions to cover Playwright artifacts.
• Documentation
  • CLI help now includes --prerelease usage and examples.
  • Post-install guidance updated with Playwright steps, including running npx playwright test and noting the config file.

[coderabbitai]

Warning

Rate limit exceeded

@justin808 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 3 minutes and 51 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between d9c64cf and 0e9c255.

📒 Files selected for processing (5)

• .gitignore (1 hunks)
• bin/new-demo (3 hunks)
• lib/demo_scripts/config.rb (2 hunks)
• lib/demo_scripts/demo_creator.rb (3 hunks)
• spec/demo_scripts/config_spec.rb (1 hunks)

Walkthrough

Adds a prerelease toggle to demo generation, threads it through CLI → DemoCreator → Config, and implements version resolution that can fetch prerelease gem versions. Also extends the install generator with Playwright setup routines, test scaffolding, and post-install guidance.

Changes

Cohort / File(s)	Summary
CLI prerelease flag bin/new-demo	Adds --prerelease flag, sets options[:use_prerelease], updates help and examples.
Version resolution with prerelease support lib/demo_scripts/config.rb	Extends initializer with use_prerelease:. Adds private flows: resolve_version, default_version_for, fetch_latest_prerelease, parse_gem_versions. Chooses custom version, latest prerelease, or default per gem.
Plumbing prerelease option lib/demo_scripts/demo_creator.rb	Adds use_prerelease: to initializer and forwards it to Config. Minor comment formatting.
Playwright install steps packages/shakacode_demo_common/lib/generators/shakacode_demo_common/install/install_generator.rb	Adds methods: add_playwright_gem, install_playwright, create_playwright_test. Updates post-install text and gitignore-related messaging for Playwright artifacts.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant CLI as bin/new-demo
  participant DC as DemoCreator
  participant CFG as Config
  participant RG as RubyGems

  User->>CLI: run new-demo [--prerelease]
  CLI->>DC: initialize(use_prerelease: true/false)
  DC->>CFG: new(use_prerelease: true/false, versions...)
  CFG->>CFG: resolve_version(gem, custom_version, use_prerelease)
  alt custom version provided
    CFG-->>CFG: use custom_version
  else use_prerelease = true
    CFG->>RG: fetch_latest_prerelease(gem)
    alt prerelease found
      RG-->>CFG: prerelease version
    else not found/error
      RG-->>CFG: none/error
      CFG-->>CFG: fallback to default_version_for(gem)
    end
  else default flow
    CFG-->>CFG: default_version_for(gem)
  end
  CFG-->>DC: resolved versions
  DC-->>User: demo app created

Loading

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant Gen as InstallGenerator
  participant Bundler
  participant Rails
  participant FS as Filesystem

  Dev->>Gen: run install generator
  Gen->>Bundler: add_playwright_gem (Gemfile update + bundle install)
  Gen->>Rails: install_playwright (rails g playwright:install)
  Gen->>FS: create_playwright_test (spec/e2e/hello_world.spec.js)
  Gen-->>Dev: post-install steps incl. npx playwright test

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~30 minutes

Possibly related PRs

• feat: Add GitHub branch support for gem versions #8: Also updates DemoCreator and bin/new-demo flags/help, overlapping with this CLI and initializer change.
• Fix command injection vulnerability and improve code quality #10: Modifies DemoCreator with additional behavior; related to this PR’s initializer signature change.
• Fix rails new command failing in bundle context #7: Alters DemoCreator’s Rails app creation; intersects with the same class affected here.

Poem

A whisk of flags, a prerelease breeze,
I hop through gems with playful ease.
Playwright scripts and tests take flight,
Hello World dances in the night.
New demos bloom—carrot-bright delight! 🥕✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly describes the two primary features introduced by this pull request—prerelease version support and Playwright testing—and aligns closely with the changes summarized, making it clear and specific for anyone scanning the commit history.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packages/shakacode_demo_common/lib/generators/shakacode_demo_common/install/install_generator.rb (1)

122-145: Consider strengthening test assertions and wait strategies.

While this provides a good starting point, a few improvements could make the tests more robust:

1. Line 137: waitForLoadState('networkidle') can be flaky in CI environments as it depends on network timing. Consider waiting for specific elements instead.
2. Lines 140-141: The assertion expect(content).toBeTruthy() is very weak—any page with text would pass. Consider checking for specific React on Rails elements or text.

Example improvement:

  test('should render React component', async ({ page }) => {
    await page.goto('/hello_world');
-   // Wait for React to hydrate
-   await page.waitForLoadState('networkidle');
-
-   // Check for common React on Rails elements
-   const content = await page.textContent('body');
-   expect(content).toBeTruthy();
+   // Wait for a specific React element to be visible
+   await page.waitForSelector('[data-testid="hello-world"]', { state: 'visible' });
+   
+   // Check for expected content
+   const heading = await page.textContent('h1');
+   expect(heading).toContain('Hello World');
  });

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 633b890 and d9c64cf.

📒 Files selected for processing (4)

• bin/new-demo (2 hunks)
• lib/demo_scripts/config.rb (2 hunks)
• lib/demo_scripts/demo_creator.rb (1 hunks)
• packages/shakacode_demo_common/lib/generators/shakacode_demo_common/install/install_generator.rb (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

lib/demo_scripts/config.rb (2)

lib/demo_scripts/demo_creator.rb (1)

• initialize (12-34)

lib/demo_scripts/demo_scaffolder.rb (2)

• initialize (5-354)
• initialize (6-37)

packages/shakacode_demo_common/lib/generators/shakacode_demo_common/install/install_generator.rb (1)

lib/demo_scripts/command_runner.rb (1)

• run (13-32)

🪛 Brakeman (7.1.0)

lib/demo_scripts/config.rb

[medium] 63-63: Possible command injection
Type: Command Injection
Confidence: Medium
More info: https://brakemanscanner.org/docs/warning_types/command_injection/

(Command Injection)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: claude-review

🔇 Additional comments (4)

packages/shakacode_demo_common/lib/generators/shakacode_demo_common/install/install_generator.rb (4)

101-103: LGTM! Standard Playwright artifact directories.

The additions correctly exclude Playwright's default output directories.

---

111-115: Consider verifying bundle install succeeds before proceeding.

If bundle install fails (due to dependency conflicts or network issues), the subsequent install_playwright step will fail with a less clear error. While the current pattern matches other methods in this file, you might want to verify the operation succeeded.

Would you like me to generate a verification script to check if similar patterns elsewhere in the codebase handle bundle install failures?

---

154-154: LGTM! Clear and actionable post-install guidance.

The additions appropriately inform users about running Playwright tests and customizing the configuration.

Also applies to: 160-160

---

117-120: Verify generator availability in install_playwright.

install_playwright invokes bin/rails generate cypress_playwright_on_rails:install --playwright without checking that the cypress_playwright_on_rails gem was installed successfully, which may surface confusing errors if bundle install fails. Add a check on the bundle install status or wrap the generator call in error handling before invoking it.

[claude]

Test comment

[claude]

Pull Request Review

Overview

This PR adds prerelease version detection and Playwright E2E testing. Implementation is well-structured with good documentation. Solid contribution with a few areas for improvement.

Strengths

• Clean refactoring of Config#initialize
• Good separation of concerns
• Proper error handling with fallbacks
• Excellent documentation and help text
• All 153 RSpec tests passing

Critical Issues

1. Missing Test Coverage - HIGH PRIORITY

No tests for new prerelease functionality:

• Config#fetch_latest_prerelease
• Config#parse_gem_versions
• Config#resolve_version
• Config#default_version_for

Action: Add tests to spec/demo_scripts/config_spec.rb

2. Command Injection Vulnerability - SECURITY

Location: lib/demo_scripts/config.rb:63

String interpolation in shell command is dangerous. Use array syntax instead:

• Current: Open3.capture3(string with interpolation)
• Fix: Open3.capture3(gem, search, -ra, pattern)

Medium Priority

3. Regex Too Permissive
Pattern /.(beta|rc)/ matches invalid formats. Use stricter pattern for semver prereleases.

4. Playwright Test Quality
Generated test only checks textContent is truthy. Should verify React-specific elements.

Minor Issues

5. Code duplication on lines 66 and 78 - use default_version_for method
6. Consider error handling for gem installation timing

Performance Notes

gem search makes network requests. Current fallback is good. Document that --prerelease needs network.

Security: Overall Good

• No credentials exposed
• ⚠️ One command injection risk (issue 2)

Summary

Required Changes:

1. Add test coverage
2. Fix command injection

Recommended:
3. Improve regex pattern
4. Better Playwright tests
5. Remove duplication
6. Add error handling

Status: Conditionally Approved pending test coverage and security fix.

Great work on feature design and docs! 🚀

[claude]

Code Review - PR #12

Summary

This PR adds valuable functionality for demo creation with prerelease version support and Playwright E2E testing. Implementation is well-tested with excellent test coverage (153 tests passing).

Strengths

• Excellent test coverage: 207 new test cases covering edge cases, error handling, and security
• Good separation of concerns: Version resolution logic cleanly extracted
• Robust error handling: Graceful fallbacks when prerelease fetching fails
• Security-conscious: Uses Open3.capture3 with array syntax to prevent command injection
• Well-documented code with clear comments
• RuboCop passing with no offenses
• Follows repository standards

Issues and Recommendations

1. Playwright Test Reliability

Location: install_generator.rb:122-145
Issue: Test assertion expect(content).toBeTruthy() is too generic and will pass even with error messages
Recommendation: Use more specific assertions like checking for specific elements or text

2. Performance - Network Calls During Initialization

Location: config.rb:28
Issue: Makes synchronous network calls to rubygems.org which could slow down CLI startup
Recommendations:

• Add timeout to Open3.capture3 to prevent hanging
• Consider caching results with TTL to avoid repeated API calls
• Show progress indicator to user

3. Regex Pattern Documentation

Location: config.rb:99
Minor: Regex allows both . and - separators. Consider documenting this behavior or making pattern stricter for canonical semver.

Security Analysis

No security issues found. Command injection properly prevented using array syntax in Open3.capture3.

Test Coverage

Excellent coverage with comprehensive edge case testing, error handling, and security tests.

Final Recommendation

Approve with minor suggestions

This is a well-implemented PR. Suggested improvements are minor and optional. Great work on comprehensive testing and security-conscious implementation!

---

Reviewed by Claude Code | 6 files changed (373 additions, 8 deletions) | All 153 RSpec tests passing