[CI/CD Pipeline] Use secrets to store sensitive information: BASE_URL, USER_EMAIL, USER_PASSWORD in workflow

[bugITwhisperer]

✏️ Description

Currently, the sensitive information such as app's URL and test user's credentials are directly visible in the workflow file instead of being protected. As discussed in our last meeting, it'd be best to use secrets to protect those.

🔧 Why We Need This

Using secrets in CI/CD pipeline is a good practice, because it:

• does not rely on data that's directly hardcoded lowering the risk of exposure,
• ensures tests are being executed securely,
• makes them available/accessible to the selected group of users only -> meaning us, members of the KawQA-z-automatu initiative! :)

🚀 Proposed Solution

TBA

✅ Issue reporting checklist

• [x ] I created a descriptive title for this issue
• [x] I checked that it hasn't been reported yet
• [x] I assigned the issue or added help-wanted label
• [x] I added appropriate labels

[Slawomir-DKl]

Proposed solution (to be tested, but I don't have permission to edit the Settings of the project (and I haven't yet configured my own repository to use and test GitHub actions)):

1. Create 3 secrets (with appropriate values) in Settings > Security > Secrets and variables > Actions > New repository secret
   • BASE_URL
   • USER_EMAIL
   • USER_PASSWORD
2. In pw-tests.yml delete the sections: Create .env file (lines 23-27) and Delete .env (lines 38-40)
3. In pw-tests.yml add the following at the end of Run API checks section (after the line run: npx playwright test)

   env:
    BASE_URL: ${{ secrets.BASE_URL }}
    USER_EMAIL: ${{ secrets.USER_EMAIL }}
    USER_PASSWORD: ${{ secrets.USER_PASSWORD }}

Sources: Using Secrets in GitHub Actions

[kat-kan]

@Slawomir-DKl it will become clear during Your testing but seems to me that .env file must stay (as we use process.env function in few places in the code)

[Slawomir-DKl]

I'll check it on Monday (I'll be out of home till Sunday)