fix: enable automated E2E test execution via Docker

[ruslanPL-EnvisionBlockchain]

Description:

This PR includes the following changes:

• Added a Docker-based Cypress runner that works locally and in CI (including a Chromium-capable image).
• Added a single entrypoint that assembles the Cypress command, prepares artifact directories, and forwards env vars.
• Added robust tag handling so grepTags=all and multi-tag inputs like preparing policies work reliably (spaces and commas supported).
• Added a way to override API origins for Docker/Desktop networking so containers can reach host services consistently.
• Added artifact export/collection for reports, JUnit, screenshots, videos, and downloads (and updated CI to upload them).
• Updated documentation with exact run commands, tag usage, Docker notes, and how to open reports locally.

Related issue(s):

Fixes #

Notes for reviewer:

Checklist

• Documented (Code comments, README, etc.)
• Tested (E2E automated tests)

In general, to fix this problem we must stop using Math.random to generate UUIDs and instead use a cryptographically secure source of randomness. In Node, this is typically crypto.randomUUID() (Node 14.17+/16+) or crypto.randomBytes; in browsers, crypto.getRandomValues. Since GenerateUUIDv4 is shared via @guardian/interfaces and used from Node code, we should implement it using a secure source that works in both environments or gracefully falls back where needed.

The best single change without altering existing behavior at call sites is to update interfaces/src/helpers/generate-uuid-v4.ts so that GenerateUUIDv4 (and, for completeness, GenerateID) use a CSPRNG. We will: (1) import Node’s crypto module; (2) implement a small helper that obtains random bytes using crypto.randomUUID() if available, otherwise crypto.randomBytes, and in a browser environment uses globalThis.crypto.getRandomValues if present; and (3) implement UUID v4 formatting and 32-hex ID formatting using those bytes instead of Math.random. The public API (GenerateUUIDv4() and GenerateID()) and their return types stay the same, so existing code like GenerateUUIDv4() in formula.ts continues to work while now being backed by secure randomness.

Concretely:

• Edit interfaces/src/helpers/generate-uuid-v4.ts:
  • Add import crypto from 'crypto'; at the top.
  • Replace the GenerateUUIDv4 implementation to first try crypto.randomUUID() when available, then otherwise generate 16 random bytes and set the version/variant bits per RFC 4122.
  • Replace GenerateID so it uses a buffer of random bytes (e.g., 16 bytes = 32 hex chars) and maps those to hex characters.
• No changes are required in common/src/import-export/formula.ts, since it already imports and calls GenerateUUIDv4 by name.

---

In general, to fix insecure randomness, any function that currently uses Math.random to generate security‑sensitive identifiers should instead use a cryptographically secure random source. In Node.js this is typically crypto.randomBytes, and in browsers it is crypto.getRandomValues. For a UUID v4 generator, we want 16 bytes of secure randomness and to set the version and variant bits according to RFC 4122, or equivalently, generate random hex digits using secure random numbers instead of Math.random.

The best targeted fix here is to change GenerateUUIDv4 (and, for completeness, the similar GenerateID) in interfaces/src/helpers/generate-uuid-v4.ts to use a CSPRNG while preserving the existing function signatures and return formats. We can do this by importing Node’s crypto module and using crypto.randomBytes when window.crypto (browser) is not available, and window.crypto.getRandomValues (or self.crypto) when in a browser context. To minimize functional changes, we keep the same UUID string pattern (xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx) and GenerateID’s 32‑hex‑character string; only the internal randomness source changes.

Concretely:

• Update interfaces/src/helpers/generate-uuid-v4.ts to:
  • Import randomBytes from Node’s crypto module.
  • Add a small helper getSecureRandomByte() that returns a number in [0, 255] using window.crypto.getRandomValues when available, otherwise randomBytes(1)[0].
  • Rewrite GenerateUUIDv4’s .replace callback to use getSecureRandomByte() (appropriately masked/scaled to 4‑bit values) instead of Math.random.
  • Rewrite GenerateID similarly to use secure random nibbles, again replacing Math.random with the helper.
    These changes are entirely confined to interfaces/src/helpers/generate-uuid-v4.ts; the code in common/src/import-export/formula.ts can stay as is, since once GenerateUUIDv4 is secure the use at line 270 (and others) is safe.

---

[github-actions]

Test Results

 32 files  ±0   64 suites  ±0   7m 37s ⏱️ + 2m 16s
 35 tests ±0   35 ✅ +3  0 💤 ±0  0 ❌  - 3 
164 runs  ±0  164 ✅ +3  0 💤 ±0  0 ❌  - 3 

Results for commit 297f850. ± Comparison against base commit 2cef73a.

♻️ This comment has been updated with latest results.