[Refactor] Maestro QA Build로 전환 및 auth flow 작성

[kongwoojin]

PR 개요

• 이슈 번호: [Feature] QA Build Variant 추가 #1503

PR 체크리스트

• Code convention을 잘 지켰나요?
• Lint check를 수행하였나요?
• Assignees를 추가했나요?

작업사항

• 버그 수정
• 신규 기능
• 코드 스타일 수정 (포맷팅 등)
• 리팩토링 (기능 수정 X, API 수정 X)
• 기타

작업사항의 상세한 설명

• Maestro Github Actions를 QA Build로 교체했습니다.
• auth flow를 추가했습니다.
• 일부 semantics 및 contentDescription를 추가했습니다.

논의 사항

스크린샷

추가내용

• develop, sprint 브랜치를 향하고 있습니다
• production 브랜치를 향하고 있습니다

Summary by CodeRabbit

릴리스 노트

• Tests

  • CI에서 QA 빌드 기반 Maestro 실행으로 전환하고, 학생 인증을 포함한 스모크 스위트 범위를 확장했습니다.
  • 분실물/쪽지/콜밴(생성·알림·상세)/키워드/기사 키워드 E2E 시나리오를 추가·보강했습니다.

• Chores

  • 테스트 실행 전 비밀번호 값 사전 검증 및 환경 변수 주입을 추가했습니다.
  • QA 환경용 앱 식별자 전환 및 배너/로그인 실행 흐름을 정리했습니다.

• Accessibility

  • 비밀번호 표시/숨김 문구와 콜밴 알림 아이콘의 접근성 설명을 강화했습니다.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Android Maestro CI 파이프라인을 QA 빌드 경로로 전환하고, 모든 Maestro YAML의 APP_ID를 QA 패키지명으로 업데이트했습니다. 학생 인증 스모크 스위트와 8개의 신규 학생 플로우가 추가됐으며, 비밀번호 필드 및 콜밴 아이콘 접근성이 개선됐습니다.

Changes

QA 빌드 전환 및 학생 인증 Maestro 스위트

Layer / File(s)	Summary
CI 워크플로우 QA 빌드 전환 및 USER_PASSWORD 검증 .github/workflows/maestro.yml, .github/scripts/run_maestro_suite.sh	APP_ID를 in.koreatech.koin.dev로 변경하고 잡 타임아웃을 180으로 연장했습니다. FIREBASE_STAGE 디코딩 및 QA google-services.json 기록 로직이 추가되고, 빌드 명령이 koin:assembleQa로, 설치 APK가 koin-qa.apk로 변경됐습니다. student_smoke.yaml 실행 단계와 USER_PASSWORD 시크릿 주입이 추가되고, 스크립트에서 USER_PASSWORD 미설정 시 오류로 중단합니다.
공통 Maestro 플로우 QA 전환 및 신규 추가 .maestro/common/dismiss_banner.yaml, .maestro/common/launch_app.yaml, .maestro/common/login.yaml, .maestro/common/logout.yaml, .maestro/common/open_drawer.yaml	launch_app.yaml의 앱 시작 흐름이 알림 권한 허용 및 dismiss_banner 서브플로우 호출로 개선됐습니다. dismiss_banner.yaml, login.yaml, logout.yaml이 신규 추가되고, open_drawer.yaml에 extendedWaitUntil 기반 대기 로직이 추가됩니다.
Guest 플로우 APP_ID 일괄 업데이트 및 흐름 수정 .maestro/guest/article.yaml, .maestro/guest/auth_*.yaml, .maestro/guest/banner.yaml, .maestro/guest/bus.yaml, .maestro/guest/callvan.yaml, .maestro/guest/club.yaml, .maestro/guest/dining.yaml, .maestro/guest/home.yaml, .maestro/guest/land.yaml, .maestro/guest/lost_and_found.yaml, .maestro/guest/operating_info.yaml, .maestro/guest/settings.yaml, .maestro/guest/store.yaml, .maestro/guest/timetable.yaml	모든 guest 플로우의 APP_ID를 in.koreatech.koin.dev로 일괄 변경했습니다. auth_sign_in.yaml에 로그인 화면 도달 및 회원가입/찾기 화면 이동 검증 흐름이 추가되고, callvan.yaml에 알림 켜기 선택적 탭이, dining.yaml에 알림 권한 다이얼로그 처리 조건부 로직이 추가됩니다.
학생 인증 후 기능 플로우 신규 추가 .maestro/student/settings_logged_in.yaml, .maestro/student/callvan_create.yaml, .maestro/student/callvan_detail.yaml, .maestro/student/callvan_notifications.yaml, .maestro/student/chat_list.yaml, .maestro/student/lostandfound_write.yaml, .maestro/student/lostandfound_keyword.yaml, .maestro/student/article_keyword.yaml	학생 로그인 상태에서 실행되는 8개의 신규 Maestro 플로우가 추가됩니다. 설정 화면, callvan(생성/알림/상세), 채팅 목록, 분실물(작성/키워드), 기사 키워드의 UI 검증 시나리오가 포함됩니다.
학생 인증 스모크 스위트 추가 및 기존 스위트 QA 전환 .maestro/suites/student_auth_smoke.yaml, .maestro/suites/student_guest_smoke.yaml, .maestro/suites/student_smoke.yaml	student_auth_smoke.yaml 스위트가 신규 추가되어 login → 학생 플로우 순차 실행 → logout 흐름을 정의합니다. student_guest_smoke.yaml의 APP_ID가 QA 패키지명으로 변경되고, student_smoke.yaml이 신규 추가되어 guest 및 학생 플로우들을 통합 실행합니다.

Android 접근성 개선

Layer / File(s)	Summary
비밀번호 필드 시맨틱 및 토글 아이콘 접근성 feature/user/src/main/java/in/koreatech/koin/feature/user/component/KoinUserPasswordTextField.kt, feature/user/src/main/res/values/strings.xml	KoinUserPasswordTextField에 필요한 임포트가 추가되고, QA 환경에서 semantics { setText } 블록이 추가되어 자동화 테스트 시맨틱 지원을 제공합니다. 비밀번호 표시/숨김 토글 아이콘의 contentDescription이 로컬라이즈된 stringResource로 변경되고, 관련 문자열 리소스 2개가 추가됩니다.
콜밴 아이콘 contentDescription 추가 feature/callvan/src/main/java/in/koreatech/koin/feature/callvan/ui/detail/CallvanDetailScreen.kt, feature/callvan/src/main/java/in/koreatech/koin/feature/callvan/ui/list/CallvanListScreen.kt	CallvanDetailScreen과 CallvanListScreen의 CallvanNotificationIcon 호출부에 contentDescription을 stringResource(R.string.callvan_notification_top_bar)로 명시적으로 전달합니다.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 분

Possibly related PRs

• BCSDLab/KOIN_ANDROID#1360: 두 PR 모두 Maestro UI 테스트 인프라를 다루며 .github/workflows/maestro.yml과 공통 Maestro 플로우인 .maestro/common/launch_app.yaml, .maestro/common/open_drawer.yaml 등 동일 영역의 테스트 실행/플로우 단계 구성을 수정합니다.

Suggested labels

koin project

Suggested reviewers

• TTRR1007

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	PR 제목이 변경 사항의 주요 내용을 명확하게 요약하고 있습니다. Maestro QA Build로의 전환과 auth flow 작성이라는 두 가지 핵심 변경사항을 간결하게 표현하고 있으며, 개발자의 관점에서 가장 중요한 변화를 반영하고 있습니다.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch refactor/1503-switch-to-qa-variant

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/scripts/run_maestro_suite.sh (1)

48-53: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

인증 스위트가 아닌 실행에도 비밀번호 시크릿이 전달됩니다.

Line 52에서 USER_PASSWORD를 항상 주입하고 있어 guest 스위트에도 인증 비밀번호가 노출됩니다. 인증 스위트에서만 전달되도록 분기해 주세요.

패치 제안

 record_args=(
   --local
   --debug-output "$debug_output"
   -e "APP_ID=$app_id"
-  -e "USER_PASSWORD=${USER_PASSWORD:-}"
   "$wrapper_flow"
   "$video_output"
 )
+
+if [[ "$suite_name" == *auth* ]]; then
+  record_args+=(-e "USER_PASSWORD=$USER_PASSWORD")
+fi

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/scripts/run_maestro_suite.sh around lines 48 - 53, The record_args
array in the run_maestro_suite.sh script unconditionally passes the
USER_PASSWORD environment variable to all test suites, including
non-authentication suites like guest suites, which is a security concern. Modify
the script to conditionally include the -e "USER_PASSWORD=${USER_PASSWORD:-}"
argument only when running authentication suites. Add a conditional check before
appending this environment variable to the record_args array, ensuring that the
USER_PASSWORD secret is only injected for authentication suite executions and
not for guest or other non-authentication suite runs.

🧹 Nitpick comments (1)

.maestro/guest/auth_sign_in.yaml (1)

32-33: ⚡ Quick win

입력값 문자열 자체를 탭 타깃으로 쓰지 않도록 고정해 주세요.

Line 32처럼 "invalid-user" 텍스트를 직접 탭하면 입력 포맷/자동 정리 동작이 바뀔 때 시나리오가 쉽게 깨집니다. 필드 라벨(또는 가능하면 리소스 id) 기준으로 포커스 후 eraseText 하는 방식이 더 안정적입니다.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.maestro/guest/auth_sign_in.yaml around lines 32 - 33, The tapOn action at
line 32 is using the literal input value "invalid-user" as the tap target, which
is brittle and will break when input format or validation behavior changes.
Replace the tapOn action to target the input field by its field label or
resource ID instead of the text value itself, then keep the eraseText action to
clear the field. This approach provides more stable targeting that is
independent of the actual input values.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.maestro/student/settings_logged_in.yaml:
- Line 23: The assertVisible check on line 23 uses a hardcoded test account
identifier "androidqa" which makes the test brittle and will break CI whenever
the test account changes. Replace this hardcoded account-specific assertion with
a more robust, account-independent validation that checks for the presence of an
ID label or field element instead, so the test remains valid regardless of which
test account is used.

In
`@feature/user/src/main/java/in/koreatech/koin/feature/user/component/KoinUserPasswordTextField.kt`:
- Around line 61-66: The `setText` semantic action in the
KoinUserPasswordTextField class is calling `onValueChange(text.text)` directly,
which bypasses the input normalization logic (maxLength and trim() rules)
defined in lines 68-73. To fix this, apply the same normalization rules within
the `setText` block before calling onValueChange. Extract or reuse the
normalization logic (maxLength constraint and trim operation) that is applied in
the regular input handler and apply it to the text parameter within the setText
lambda so that both the semantic input path and regular input path follow the
same validation and formatting rules.

---

Outside diff comments:
In @.github/scripts/run_maestro_suite.sh:
- Around line 48-53: The record_args array in the run_maestro_suite.sh script
unconditionally passes the USER_PASSWORD environment variable to all test
suites, including non-authentication suites like guest suites, which is a
security concern. Modify the script to conditionally include the -e
"USER_PASSWORD=${USER_PASSWORD:-}" argument only when running authentication
suites. Add a conditional check before appending this environment variable to
the record_args array, ensuring that the USER_PASSWORD secret is only injected
for authentication suite executions and not for guest or other
non-authentication suite runs.

---

Nitpick comments:
In @.maestro/guest/auth_sign_in.yaml:
- Around line 32-33: The tapOn action at line 32 is using the literal input
value "invalid-user" as the tap target, which is brittle and will break when
input format or validation behavior changes. Replace the tapOn action to target
the input field by its field label or resource ID instead of the text value
itself, then keep the eraseText action to clear the field. This approach
provides more stable targeting that is independent of the actual input values.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f92e8c56-61eb-454d-9e30-a97231defd2e

📥 Commits

Reviewing files that changed from the base of the PR and between e5accb9 and e719dde.

📒 Files selected for processing (38)

• .github/scripts/run_maestro_suite.sh
• .github/workflows/maestro.yml
• .maestro/common/dismiss_banner.yaml
• .maestro/common/launch_app.yaml
• .maestro/common/login.yaml
• .maestro/common/logout.yaml
• .maestro/common/open_drawer.yaml
• .maestro/guest/article.yaml
• .maestro/guest/auth_find_id.yaml
• .maestro/guest/auth_find_password.yaml
• .maestro/guest/auth_sign_in.yaml
• .maestro/guest/auth_sign_up.yaml
• .maestro/guest/banner.yaml
• .maestro/guest/bus.yaml
• .maestro/guest/callvan.yaml
• .maestro/guest/club.yaml
• .maestro/guest/dining.yaml
• .maestro/guest/home.yaml
• .maestro/guest/land.yaml
• .maestro/guest/lost_and_found.yaml
• .maestro/guest/operating_info.yaml
• .maestro/guest/settings.yaml
• .maestro/guest/store.yaml
• .maestro/guest/timetable.yaml
• .maestro/student/article_keyword.yaml
• .maestro/student/callvan_create.yaml
• .maestro/student/callvan_detail.yaml
• .maestro/student/callvan_notifications.yaml
• .maestro/student/chat_list.yaml
• .maestro/student/lostandfound_keyword.yaml
• .maestro/student/lostandfound_write.yaml
• .maestro/student/settings_logged_in.yaml
• .maestro/suites/student_auth_smoke.yaml
• .maestro/suites/student_guest_smoke.yaml
• feature/callvan/src/main/java/in/koreatech/koin/feature/callvan/ui/detail/CallvanDetailScreen.kt
• feature/callvan/src/main/java/in/koreatech/koin/feature/callvan/ui/list/CallvanListScreen.kt
• feature/user/src/main/java/in/koreatech/koin/feature/user/component/KoinUserPasswordTextField.kt
• feature/user/src/main/res/values/strings.xml

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/scripts/run_maestro_suite.sh:
- Around line 14-17: The USER_PASSWORD validation in the conditional block
starting at line 14 is unconditionally required for all Maestro suites, but it
should only be enforced for suites that actually require authentication. The
check should be made conditional based on whether the test suite being run is an
authentication-required suite or a guest suite that doesn't require login
credentials. Move the USER_PASSWORD validation to only execute when running
auth-required suites, allowing guest suites without authentication steps to run
without requiring this password to be set.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c3e43719-6483-4385-b69c-e6c3781c2ba1

📥 Commits

Reviewing files that changed from the base of the PR and between ece09b7 and af050c3.

📒 Files selected for processing (7)

• .github/scripts/run_maestro_suite.sh
• .github/workflows/maestro.yml
• .maestro/guest/auth_sign_in.yaml
• .maestro/guest/dining.yaml
• .maestro/student/article_keyword.yaml
• .maestro/student/lostandfound_keyword.yaml
• .maestro/suites/student_smoke.yaml

💤 Files with no reviewable changes (2)

• .maestro/student/lostandfound_keyword.yaml
• .maestro/student/article_keyword.yaml

✅ Files skipped from review due to trivial changes (1)

• .maestro/suites/student_smoke.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

• .maestro/guest/dining.yaml

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
6 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[JaeYoung290]

수고 많으셨습니다!

[KYM-P]

GOOD
아이디 부분이 고정되어있는 것이 좀 걸리지만
qa 로 다계정 flow 를 할게 아니라면 문제는 없어 보이긴 하네요