orcaqubits/shopify-testing
dist/codex/shopify-commerce/skills/shopify-testing/SKILL.md
Test Shopify applications — app testing with Vitest and Playwright, theme testing with Theme Check, Function testing, webhook testing, extension testing, and CI/CD pipelines. Use when writing tests for Shopify projects.
$ install --global
skillsauthnpx skillsauth add orcaqubits/agentic-commerce-claude-plugins shopify-testingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 14, 2026, 6:04 AM155.4s1 file scanned
SKILL.md
- name:
- shopify-testing
- description:
- >
Shopify Testing
Before writing code
Fetch live docs:
- Web-search
site:shopify.dev testing appsfor app testing patterns - Web-search
site:shopify.dev theme checkfor theme linting - Web-search
site:shopify.dev shopify functions testingfor function testing
App Testing
Unit Tests (Vitest)
The Remix template uses Vitest:
// tests/routes/app._index.test.tsx
import { describe, it, expect, vi } from 'vitest';
import { loader } from '~/routes/app._index';
describe('App index loader', () => {
it('returns products', async () => {
const context = {
admin: {
graphql: vi.fn().mockResolvedValue({
json: () => ({ data: { products: { edges: [] } } }),
}),
},
};
const response = await loader({ context, request: new Request('http://test'), params: {} });
const data = await response.json();
expect(data.products).toBeDefined();
});
});
Integration Tests (Playwright)
End-to-end testing with a development store:
import { test, expect } from '@playwright/test';
test('app loads in admin', async ({ page }) => {
await page.goto('https://dev-store.myshopify.com/admin/apps/my-app');
await expect(page.locator('[data-testid="app-page"]')).toBeVisible();
});
Mocking Shopify APIs
// Mock the admin GraphQL client
const mockAdmin = {
graphql: vi.fn().mockImplementation((query) => {
if (query.includes('products')) {
return Promise.resolve({
json: () => ({ data: { products: { edges: [] } } }),
});
}
}),
};
Theme Testing
Theme Check
Static analysis for Liquid themes:
shopify theme check— run all checksshopify theme check --auto-correct— fix auto-fixable issues- Categories: errors, suggestions, style
- Checks: deprecated tags, missing templates, accessibility, performance
Manual Theme Testing
- Test with
shopify theme dev— live preview - Test all page types: home, product, collection, cart, checkout
- Test responsive: mobile, tablet, desktop
- Test accessibility: keyboard, screen reader, color contrast
Function Testing
Local Testing
shopify app function run --input input.json
Create test input JSON files:
{
"cart": {
"lines": [
{
"id": "gid://shopify/CartLine/1",
"quantity": 2,
"merchandise": {
"__typename": "ProductVariant",
"id": "gid://shopify/ProductVariant/123"
}
}
]
}
}
Unit Tests for Functions
import { describe, it, expect } from 'vitest';
import { run } from '../src/run';
describe('discount function', () => {
it('applies discount for VIP customers', () => {
const input = {
cart: { lines: [{ /* ... */ }] },
discountNode: { metafield: { value: '{"percentage": 10}' } },
};
const result = run(input);
expect(result.discounts).toHaveLength(1);
expect(result.discounts[0].value.percentage.value).toBe('10.0');
});
it('returns empty discounts for non-VIP', () => {
const input = { cart: { lines: [] }, discountNode: { metafield: null } };
const result = run(input);
expect(result.discounts).toHaveLength(0);
});
});
Webhook Testing
Local Development
- Use
shopify app dev— sets up a tunnel and registers webhooks locally - Trigger events manually in development store admin
- Check webhook delivery logs in Partner dashboard
Testing HMAC Verification
import { describe, it, expect } from 'vitest';
import crypto from 'crypto';
function createTestWebhook(body: object, secret: string) {
const bodyStr = JSON.stringify(body);
const hmac = crypto.createHmac('sha256', secret).update(bodyStr).digest('base64');
return { body: bodyStr, hmac };
}
describe('webhook verification', () => {
it('verifies valid HMAC', () => {
const { body, hmac } = createTestWebhook({ order: { id: 1 } }, 'test-secret');
expect(verifyWebhook(body, hmac, 'test-secret')).toBe(true);
});
it('rejects invalid HMAC', () => {
expect(verifyWebhook('{}', 'invalid', 'test-secret')).toBe(false);
});
});
CI/CD
GitHub Actions Example
name: Test Shopify App
on: [push, pull_request]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with: { node-version: 20 }
- run: npm ci
- run: npm run lint
- run: npm run typecheck
- run: npm run test
- run: shopify theme check (if theme)
Best Practices
- Write unit tests for all Shopify Functions (they are pure functions — easy to test)
- Mock Shopify API responses in app unit tests
- Use Theme Check in CI to catch Liquid issues early
- Test webhook HMAC verification with both valid and invalid signatures
- Use development stores for integration testing — never test against production
- Test checkout extensions with actual checkout flows in development stores
- Include type checking (
tsc --noEmit) in CI pipeline
Fetch the Shopify testing documentation for exact test patterns, Theme Check configuration, and CI/CD examples before implementing.
Related Skills
orcaqubits/spree-headless-storefront
development
VerifiedTrustedCommunity
Build with Spree's headless Next.js storefront — the official `spree/storefront` repo (Next.js 16 App Router with Server Actions and Turbopack, React 19 Server Components, Tailwind CSS 4, TypeScript 5, `@spree/sdk`, Sentry), server-only auth (httpOnly JWT cookies + publishable key), MeiliSearch faceted catalog, one-page checkout with Apple/Google Pay/Klarna/Affirm/SEPA, multi-region market routing, GA4 + JSON-LD SEO, and Vercel/Docker deployment. Use when forking or customizing the storefront, or evaluating headless adoption.
27SKILL.mdUpdated May 14, 2026
orcaqubits/spree-extensions
tools
VerifiedTrustedCommunity
Build Spree extensions as Rails engines — gem scaffolding, `bin/rails g spree:extension`, mounting routes/migrations/assets, the modern `prepend` decorator pattern (`*_decorator.rb` with `self.prepended(base)`), generators (`spree:model_decorator`, `spree:controller_decorator`), the four customization surfaces in preference order (Events > Webhooks > Dependencies > Decorators), Spree::Dependencies for swapping service objects, gem release/versioning, and the deprecated Deface engine. Use when building a reusable Spree extension or adding non-trivial customization to an app.
27SKILL.mdUpdated May 14, 2026
orcaqubits/spree-events-webhooks
development
VerifiedTrustedCommunity
Build with Spree's event bus and Webhooks 2.0 — `Spree::Events` publication, `Spree::Subscriber` DSL with `subscribes_to` and `on`, wildcard matching, lifecycle events (`{model}.created/.updated/.deleted` via `publishes_lifecycle_events`), the canonical event catalog (order.*, payment.*, shipment.*, product.*), Webhooks 2.0 endpoints, HMAC-SHA256 signing (`X-Spree-Webhook-Signature`), exponential-backoff retries, and Sidekiq job orchestration. Use when wiring event-driven business logic, building webhook consumers, or replacing ActiveSupport callback chains.
27SKILL.mdUpdated May 14, 2026
orcaqubits/spree-dev-patterns
tools
VerifiedTrustedCommunity
Cross-cutting Spree development patterns — the customization preference hierarchy (Events > Webhooks > Dependencies > Decorators), `Spree::Dependencies` service-object swapping, the `_decorator.rb` + `prepend` + `self.prepended` idiom, idempotent subscribers and webhook receivers, multi-store scoping discipline, prefixed IDs, calculator polymorphism (shipping/promotion/tax share the base), service-object composition with `dry-monads` or simple results, why to avoid `class_eval` reopening and Deface, and Spree-on-Rails idioms (Hotwire/Turbo Stimulus, ActiveStorage, Action Cable, Sidekiq). Use when designing the architecture of a Spree extension or solving cross-cutting concerns.
27SKILL.mdUpdated May 14, 2026