ENG-3233: Optimize Cypress CI with shared build and better sharding

[gilluminate]

Ticket ENG-3233

Description Of Changes

Optimize the Admin UI Cypress CI workflow to reduce wall-time and total compute. Each of the 5 parallel matrix jobs was independently running npm ci (~1m20s) and next build (~4min), duplicating ~6 min of build work per job (~30 min total wasted compute). The actual Cypress test execution was only 4-7 min per shard.

Code Changes

• Extract a dedicated build job that runs npm ci + builds once, compresses artifacts into a tarball, and uploads for matrix jobs to download - eliminates redundant build work
• Run build and prepare-matrix in parallel since they have no dependency on each other, shaving ~30s of serial wait
• Replace the test-count-based sharding heuristic (it( / test( occurrences) with file-size-based bin-packing, which better correlates with actual execution time since heavier tests have more intercepts, fixtures, and setup code
• Increase parallel groups from 5 to 7, which is now more cost-effective since per-job overhead drops from ~6 min (full build) to ~30s (artifact download)
• Update the Summary job to gate on the new build job

Steps to Confirm

1. Open this PR and confirm the Cypress workflow triggers (the workflow file is in the paths filter)
2. Verify the build job completes and uploads the cypress-build artifact
3. Verify all 7 matrix jobs download the artifact and run tests without npm ci or next build steps
4. Compare total wall time against a recent run on main (target: ~8 min vs current ~13 min)
5. Check that sharding is reasonably balanced by comparing per-job Cypress execution times in the Actions logs

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
fides-plus-nightly	Ready	Preview, Comment	Apr 3, 2026 7:57pm

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
fides-privacy-center	Ignored		Apr 3, 2026 7:57pm

[github-actions]

Title	Lines	Statements	Branches	Functions
admin-ui		5.7% (2416/42332)	4.56% (1098/24033)	3.81% (479/12570)
fides-js		78.98% (1962/2484)	65.55% (1214/1852)	72.57% (336/463)
privacy-center		83.18% (287/345)	77.15% (152/197)	75% (48/64)

[claude]

Code Review

Overall this is a solid CI optimization. The architectural approach — centralizing the expensive npm ci + next build into a single build job, sharing output via artifacts, and running build + prepare-matrix in parallel — is well-reasoned and the implementation is clean. The digests.cy.ts fix (hoisting cy.assumeRole into beforeEach) is the right correction.

Three things worth a look:

1. Video artifact upload is now a no-op (line 196–200): With video: false in cypress.config.ts, the on-failure artifact upload step will always produce an empty archive. The config comment tells developers to re-enable video for debugging, but they'd also need to remember to re-enable this upload step — or the step should be removed/guarded until video is turned back on.

2. Admin-UI-Cypress if condition is asymmetric (line 146): The merge_group exclusion is present on build and prepare-matrix but missing here. Behavior is correct (the job is auto-skipped when its dependencies are skipped), but the inconsistency is worth cleaning up for readability.

3. Tarball contents / admin-ui/public/lib verification (line 135): Both admin-ui/public/lib and fides-js/dist are included. Worth confirming that extracting them in the matrix runners (into clients/) correctly satisfies all runtime path expectations of npm run start, particularly whether the FidesJS assets need to be present in public/lib at serve time or are already embedded in the Next.js build output.

[gilluminate]

@claude Good catch. Commented out the video artifact upload step with a note, since video: false means no .mp4 files are produced. Easy to uncomment if video gets re-enabled for debugging.