test: build test dapp and run tests against localhost

[seaona]

Description

This PR adds logic for running (one/many) dapp server(s) locally whenever we run the e2e tests. This way we can run the tests in a controlled environment (against localhost) instead of on a live site.

Here some highlights on how it is done (based on existing Extension implementation):

• we leverage test-dapp node module and serve-handler for building a static server
• we add the corresponding options on the withFixtures method, in order to indicate if we want a dapp server and how many(if more than one)
• on the test, we just need to pass dapp: true to start the test dapp server locally

Test on ci continue to work:

• Bitrise run : https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/296f9b58-fb20-4e89-94da-0a475ec04caa

Screenshots/Recordings

Notice how we are now going to localhost in the browser for accessing the test dapp

test-dapp-e2e-.mp4

Issue

• fixes https://github.com/MetaMask/mobile-planning/issues/1253

Checklist

• There is a related GitHub issue
• Tests are included if applicable
• Any added code is fully documented

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

New dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
serve-handler	6.1.5	environment	+8	343 kB	vercel-release-bot

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: path-is-inside@1.0.2, fast-url-parser@1.1.3

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

[codecov-commenter]

Codecov Report

Patch coverage has no change and project coverage change: +0.11% 🎉

Comparison is base (aea80fe) 32.97% compared to head (ca5cf2a) 33.08%.
Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7202      +/-   ##
==========================================
+ Coverage   32.97%   33.08%   +0.11%     
==========================================
  Files        1005     1005              
  Lines       32649    32649              
  Branches     8384     8395      +11     
==========================================
+ Hits        10765    10803      +38     
+ Misses      21884    21846      -38     

see 18 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[seaona]

@SocketSecurity ignore-all . Reasons:

• serve-handler is a dev dependency for e2e
• it is also used in Extension e2e

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[NicolasMassart]

Looks good to me, this is a very nice step in the direction where we have less constraints and dependencies with the "outside" when testing. Well done!

NOTE: Added a comment but it's not a blocker for merge. the code works and is consistent with extension, so maybe it's better to keep it like this. Commenting it perhaps a bit more could help though (the comments you added to this PR could be in the code).

[jpuri]

👍 great work

[seaona]

thank you v much for your reviews @jpuri @NicolasMassart
About this comment:

the code works and is consistent with extension, so maybe it's better to keep it like this. Commenting it perhaps a bit more could help though (the comments you added to this PR could be in the code).

This makes a lot of sense and I also see the need to keep things documented. I was thinking maybe to write some documentation around e2e in Mobile, on how to use of fixtures, ganache, contract deployments, and mocking (this is coming very soon) and best practices and we could also have a meeting around that, once the mocking is done, so the infra will be ready. Let me know if that sounds good 🙏

[cortisiko]

Looks good!

[NicolasMassart]

Looks good to me.