Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add baseline functionality for running Playwright tests against live environments #5075

Merged
merged 3 commits into from
Oct 28, 2024

Conversation

sarayourfriend
Copy link
Collaborator

@sarayourfriend sarayourfriend commented Oct 25, 2024

Fixes

Related to #4706 by @sarayourfriend

Description

This PR introduces the same HMAC request signing strategy used for #4908 tests against live environments to use with Playwright. This allows Playwright tests to run against the live environment and bypass Cloudflare's WAF, otherwise it gets blocked as automated traffic.

To enable the signing transparently, I've created an override of the page fixture that automatically adds the HMAC headers to requests. This requires using test imported from ~~/test/playwright/utils/test so the fixture is always available. I've updated all imports of test to use the new location and added an ESLint rule to encourage importing from the fixture-enabled location.

Additionally, I've added a new workflow file similar to the k6 workflow for running the Playwright smoke tests. The smoke tests are identified via the test annotation @deployment-smoketest. The workflow is dispatched after staging deployments, before the load test runs.

For this initial integration, I've just tagged some keyboard navigation tests with @deployment-smoketest, but to fully close the issue, more tests should be included.

Testing Instructions

CI should pass, regular Playwright test runs should be unaffected.

You should be able to run the deployment smoke tests locally using the following command:

env HMAC_SIGNING_SECRET=<signing secret> PLAYWRIGHT_BASE_URL=https://staging.openverse.org just p frontend test:playwright:local --grep '@deployment-smoketest'

Maintainers can pull the signing secret as needed.

I also added temporary triggers for the new workflow file to run on pull_requests, and you can check out the successful run of that at this link. I've removed the pull_request trigger now, so it will only run when dispatched, just like the k6 workflow.

Checklist

  • My pull request has a descriptive title (not a vague title likeUpdate index.md).
  • My pull request targets the default branch of the repository (main) or a parent feature branch.
  • My commit messages follow best practices.
  • My code follows the established code style of the repository.
  • I added or updated tests for the changes I made (if applicable).
  • I added or updated documentation (if applicable).
  • I tried running the project locally and verified that there are no visible errors.
  • [N/A] I ran the DAG documentation generator (ov just catalog/generate-docs for catalog
    PRs) or the media properties generator (ov just catalog/generate-docs media-props
    for the catalog or ov just api/generate-docs for the API) where applicable.

Developer Certificate of Origin

Developer Certificate of Origin
Developer Certificate of Origin
Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129

Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.


Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.

@sarayourfriend sarayourfriend added 🟨 priority: medium Not blocking but should be addressed soon 🌟 goal: addition Addition of new feature 💻 aspect: code Concerns the software code in the repository 🧱 stack: frontend Related to the Nuxt frontend 🧱 stack: infra Related to the Terraform config and other infrastructure labels Oct 25, 2024
@sarayourfriend sarayourfriend requested review from a team as code owners October 25, 2024 01:01
@sarayourfriend sarayourfriend requested review from obulat, stacimc and dhruvkb and removed request for a team October 25, 2024 01:01
@openverse-bot openverse-bot added the 🧱 stack: mgmt Related to repo management and automations label Oct 25, 2024
@sarayourfriend sarayourfriend force-pushed the add/playwright-signing-requests branch 2 times, most recently from 10f49eb to 50f0eef Compare October 25, 2024 01:06
Copy link

github-actions bot commented Oct 25, 2024

Latest k6 run output1

     ✓ status was 200

     checks.........................: 100.00% ✓ 6400      ✗ 0   
     data_received..................: 1.5 GB  8.7 MB/s
     data_sent......................: 837 kB  4.9 kB/s
     http_req_blocked...............: avg=27.17µs  min=1.91µs   med=3.77µs   max=9.61ms  p(90)=5.37µs   p(95)=5.77µs  
     http_req_connecting............: avg=21.79µs  min=0s       med=0s       max=9.55ms  p(90)=0s       p(95)=0s      
     http_req_duration..............: avg=596.19ms min=74.57ms  med=516.05ms max=2.27s   p(90)=1.07s    p(95)=1.18s   
       { expected_response:true }...: avg=596.19ms min=74.57ms  med=516.05ms max=2.27s   p(90)=1.07s    p(95)=1.18s   
   ✓ http_req_failed................: 0.00%   ✓ 0         ✗ 6400
     http_req_receiving.............: avg=148.63µs min=43.25µs  med=110.33µs max=23.55ms p(90)=178.86µs p(95)=216.47µs
     http_req_sending...............: avg=20.36µs  min=7.17µs   med=18.89µs  max=2.16ms  p(90)=24.84µs  p(95)=27.61µs 
     http_req_tls_handshaking.......: avg=0s       min=0s       med=0s       max=0s      p(90)=0s       p(95)=0s      
     http_req_waiting...............: avg=596.02ms min=74.44ms  med=515.82ms max=2.27s   p(90)=1.07s    p(95)=1.18s   
     http_reqs......................: 6400    37.271234/s
     iteration_duration.............: avg=3.18s    min=989.23ms med=2.73s    max=8.71s   p(90)=6.19s    p(95)=6.52s   
     iterations.....................: 1200    6.988356/s
     vus............................: 9       min=9       max=30
     vus_max........................: 30      min=30      max=30

Footnotes

  1. This comment will automatically update with new output each time k6 runs for this PR

Copy link
Contributor

@obulat obulat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you so much for adding this!
I like the idea of adding this in the test fixture.


const encoder = new TextEncoder()

const signingSecret = process.env.HMAC_SIGNING_SECRET
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to add this env variable to the infrastructure repository to get this to work, right?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's the same secret used for signing requests in k6, so no need for a new secret (though you could want to change the name to make it generic instead of k6 specific). See here in the new workflow file that I passed K6_SIGNING_SECRET for HMAC_SIGNING_SECRET:

https://github.com/WordPress/openverse/pull/5075/files#diff-c0447faa897e95e3c385302da0a0b3ea051e6c90be93e10cf0914eb8589a881dR34

@obulat obulat force-pushed the add/playwright-signing-requests branch from 38e4301 to e9a39b9 Compare October 28, 2024 05:13
@obulat obulat merged commit daf2545 into main Oct 28, 2024
53 checks passed
@obulat obulat deleted the add/playwright-signing-requests branch October 28, 2024 05:31
Danil49 pushed a commit to Danil49/openverse that referenced this pull request Oct 29, 2024
…environments (WordPress#5075)

* Add HMAC signing capability for playwright tests

* Add workflow to run Playwright smoketests in CI

* Remove testing code for new workflow
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
💻 aspect: code Concerns the software code in the repository 🌟 goal: addition Addition of new feature 🟨 priority: medium Not blocking but should be addressed soon 🧱 stack: frontend Related to the Nuxt frontend 🧱 stack: infra Related to the Terraform config and other infrastructure 🧱 stack: mgmt Related to repo management and automations
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

3 participants