Adding playwright config for running console e2e.

[sriroopar]

Description

Type of change

• Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up dependent library

Related Tickets & Documents

• Related Issue #
• Closes #

Checklist before requesting a review

• I have performed a self-review of my code.
• PR has passed all pre-merge test jobs.
• If it is a core feature, I have added thorough tests.

Testing

• Please provide detailed steps to perform tests related to this code change.
• How were the fix/results from this change verified? Please provide relevant screenshots or results.

Summary by CodeRabbit

• Chores
  • Updated end-to-end testing infrastructure for enhanced test execution and reliability.

[coderabbitai]

Warning

Review limit reached

@sriroopar, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 57 minutes and 57 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: fa0760f5-e45f-42f6-a28e-97ce78e56e11

📥 Commits

Reviewing files that changed from the base of the PR and between 5ceb1bf and 7c5e53b.

📒 Files selected for processing (3)

• .tekton/integration-tests/pipelines/lightspeed-console-e2e-test-pipeline-pf5.yaml
• .tekton/integration-tests/pipelines/lightspeed-console-e2e-test-pipeline-pf6.yaml
• .tekton/integration-tests/scripts/run-console-playwright-tests.sh

📝 Walkthrough

Walkthrough

This PR migrates OpenShift Lightspeed console end-to-end tests from Cypress to Playwright. Two Tekton pipeline definitions (pf5 and pf6) and a test execution script are updated: pipeline descriptions, container images, environment variable names, and script invocations reference Playwright instead of Cypress, with the script adding Playwright browser installation and CI mode configuration.

Changes

Playwright E2E Migration

Layer / File(s)	Summary
Tekton Pipeline definitions (pf5 and pf6) .tekton/integration-tests/pipelines/lightspeed-console-e2e-test-pipeline-pf5.yaml, .tekton/integration-tests/pipelines/lightspeed-console-e2e-test-pipeline-pf6.yaml	Both pipelines update their descriptions from Cypress to Playwright, change the container image from cypress/browsers to mcr.microsoft.com/playwright:v1.60.0-noble, rename environment variables from CYPRESS_* prefixes to KUBECONFIG_PATH, LOGIN_IDP, PASSWORD_PATH, BASE_URL, and BUNDLE_IMAGE, and change the test script invocation from run-console-cypress-tests.sh to run-console-playwright-tests.sh.
Playwright test execution script .tekton/integration-tests/scripts/run-console-playwright-tests.sh	Script header and environment setup updated to Playwright naming conventions; run_playwright() function replaces run_cypress() with installation of Playwright Chromium browsers via npx playwright install --with-deps chromium and CI mode enabled; retry-on-failure logic and artifact movement preserved.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested reviewers

• bparees
• blublinsky

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: migrating console e2e tests from Cypress to Playwright configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign bparees for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

.tekton/integration-tests/scripts/run-console-playwright-tests.sh (1)

74-76: 💤 Low value

Clarify function argument usage.

The run_playwright function accepts arguments via "$@" but is never invoked with any arguments (lines 79, 85). If Playwright configuration comes entirely from config files and no command-line arguments are needed, the function signature could be simplified. If arguments might be needed in the future, the current design is forward-compatible.

Verify whether this is intentional (future-proofing) or if the signature should be simplified:

 run_playwright() {
-	npx playwright test "$@"
+	npx playwright test
 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.tekton/integration-tests/scripts/run-console-playwright-tests.sh around
lines 74 - 76, The run_playwright function currently declares npx playwright
test "$@" but is never called with arguments; either simplify the function to
always call npx playwright test (remove "$@" from run_playwright) if no CLI args
are needed, or keep the forward-compatible signature and update all invocations
of run_playwright (e.g., the calls on lines around where run_playwright is used)
to explicitly pass any expected arguments; also add a short comment above the
run_playwright function indicating which choice was made (no-arg vs
forward-compatible) so future readers know the intention.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
@.tekton/integration-tests/pipelines/lightspeed-console-e2e-test-pipeline-pf5.yaml:
- Line 191: The pipeline is using a vulnerable Playwright image
"mcr.microsoft.com/playwright:v1.60.0-noble" which Trivy flagged for multiple
HIGH CVEs; replace that image reference with a newer patched Playwright image
tag or digest (e.g., a more recent v1.x-noble tag or an explicit digest) to
eliminate CVE-2025-3887, CVE-2026-45447 and CVE-2026-33671, or if you intend to
accept the risk, add an explicit justification comment in the pipeline and a
documented risk acceptance ticket; update the image string in the pipeline task
spec where "mcr.microsoft.com/playwright:v1.60.0-noble" appears (or pin to an
immutable digest) and re-run vulnerability scans to verify remediation.

In @.tekton/integration-tests/scripts/run-console-playwright-tests.sh:
- Line 24: The export of LOGIN_PASSWORD currently uses command substitution
which can mask failures; change to first assign the result of cat
"${PASSWORD_PATH}" to a local variable (e.g., tmp or LOGIN_PASSWORD) and check
the exit status or test the file/readability of PASSWORD_PATH before exporting;
if cat fails or the file is unreadable, print an error and exit non‑zero,
otherwise run export LOGIN_PASSWORD to set the environment. Ensure you reference
the PASSWORD_PATH variable and the LOGIN_PASSWORD export in the script (the line
using export LOGIN_PASSWORD="$(cat "${PASSWORD_PATH}")") when making the change.

---

Nitpick comments:
In @.tekton/integration-tests/scripts/run-console-playwright-tests.sh:
- Around line 74-76: The run_playwright function currently declares npx
playwright test "$@" but is never called with arguments; either simplify the
function to always call npx playwright test (remove "$@" from run_playwright) if
no CLI args are needed, or keep the forward-compatible signature and update all
invocations of run_playwright (e.g., the calls on lines around where
run_playwright is used) to explicitly pass any expected arguments; also add a
short comment above the run_playwright function indicating which choice was made
(no-arg vs forward-compatible) so future readers know the intention.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 66000d62-7c1a-43a0-ae9f-95fe6c290811

📥 Commits

Reviewing files that changed from the base of the PR and between 0d62919 and 5ceb1bf.

📒 Files selected for processing (3)

• .tekton/integration-tests/pipelines/lightspeed-console-e2e-test-pipeline-pf5.yaml
• .tekton/integration-tests/pipelines/lightspeed-console-e2e-test-pipeline-pf6.yaml
• .tekton/integration-tests/scripts/run-console-playwright-tests.sh

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify Playwright Docker image exists and check for vulnerabilities

# Check if the image exists and can be pulled
echo "Checking if image exists..."
docker manifest inspect mcr.microsoft.com/playwright:v1.60.0-noble >/dev/null 2>&1 && echo "✓ Image exists" || echo "✗ Image not found"

# Check available Playwright versions
echo -e "\nFetching recent Playwright releases..."
gh api repos/microsoft/playwright/releases --paginate | jq -r '.[].tag_name' | head -20

Repository: openshift/lightspeed-operator

Length of output: 319

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Checking likely existing Playwright image tags..."
for tag in "v1.60.0" "v1.60.0-noble" "v1.60.0-jammy" "v1.60.0-focal" "v1.60.0-bookworm" "v1.60.0-oraclelinux9"; do
  printf " - %s: " "$tag"
  if docker manifest inspect "mcr.microsoft.com/playwright:${tag}" >/dev/null 2>&1; then
    echo "✓ exists"
  else
    echo "✗ not found"
  fi
done

Repository: openshift/lightspeed-operator

Length of output: 307

---

🌐 Web query:

mcr.microsoft.com/playwright v1.60.0 noble tag exists

💡 Result:

Yes, the Docker tag mcr.microsoft.com/playwright:v1.60.0-noble exists in the Microsoft Artifact Registry [1]. Official Playwright documentation confirms that they publish images for v1.60.0 based on Ubuntu 24.04 LTS (Noble Numbat) using this tag [2][3].

Citations:

• 1: https://mcr.microsoft.com/en-us/artifact/mar/playwright/tag/v1.60.0-noble
• 2: https://playwright.dev/docs/docker
• 3: https://github.com/microsoft/playwright/blob/main/docs/src/docker.md

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

IMAGE="mcr.microsoft.com/playwright:v1.60.0-noble"

echo "Checking published tag page..."
curl -fsSL "https://mcr.microsoft.com/en-us/artifact/mar/playwright/tag/v1.60.0-noble" >/dev/null \
  && echo "✓ tag page reachable" || echo "✗ tag page not reachable"

echo "Scanning image (requires trivy)..."
if command -v trivy >/dev/null 2>&1; then
  docker pull "$IMAGE"
  trivy image --severity HIGH,CRITICAL --no-progress "$IMAGE"
else
  echo "trivy not installed; run trivy/grype in CI against $IMAGE and fail on HIGH/CRITICAL"
fi

Repository: openshift/lightspeed-operator

Length of output: 226

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

IMAGE="mcr.microsoft.com/playwright:v1.60.0-noble"

echo "Checking published tag..."
curl -fsSL "https://mcr.microsoft.com/en-us/artifact/mar/playwright/tag/v1.60.0-noble" >/dev/null \
  && echo "✓ Tag page reachable" || echo "✗ Tag page not reachable"

if command -v trivy >/dev/null 2>&1 && command -v docker >/dev/null 2>&1; then
  docker pull "$IMAGE"
  trivy image --severity HIGH,CRITICAL --no-progress "$IMAGE"
else
  echo "Run this check in CI with docker + trivy installed to scan $IMAGE (fail on HIGH/CRITICAL)."
fi

Repository: openshift/lightspeed-operator

Length of output: 247

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

IMAGE="mcr.microsoft.com/playwright:v1.60.0-noble"

command -v docker >/dev/null 2>&1 || { echo "docker not found"; exit 1; }
command -v trivy >/dev/null 2>&1 || { echo "trivy not found"; exit 1; }

docker pull "$IMAGE"
trivy image --severity HIGH,CRITICAL --no-progress "$IMAGE"

# Optional (recommended): pin by digest for reproducibility
# DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}' "$IMAGE" | cut -d@ -f2)"
# echo "Pinned digest: $DIGEST"

Repository: openshift/lightspeed-operator

Length of output: 90

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

IMAGE="mcr.microsoft.com/playwright:v1.60.0-noble"

# In CI where docker + trivy are available
command -v docker >/dev/null 2>&1 || { echo "docker not found"; exit 1; }
command -v trivy >/dev/null 2>&1 || { echo "trivy not found"; exit 1; }

docker pull "$IMAGE"
trivy image --severity HIGH,CRITICAL --no-progress "$IMAGE"

# Optional: pin to immutable digest (recommended)
# DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}' "$IMAGE" | awk -F@ '{print $2}')"
# echo "$IMAGE@$DIGEST"

Repository: openshift/lightspeed-operator

Length of output: 90

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

IMAGE="mcr.microsoft.com/playwright:v1.60.0-noble"

command -v docker >/dev/null 2>&1 || { echo "docker not found (run in CI)"; exit 1; }
command -v trivy >/dev/null 2>&1 || { echo "trivy not found (install in CI)"; exit 1; }

docker pull "$IMAGE"
trivy image --severity HIGH,CRITICAL --no-progress "$IMAGE"

# Optional (recommended): pin to digest
# DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}' "$IMAGE" | awk -F@ '{print $2}')"
# echo "$IMAGE@$DIGEST"

Repository: openshift/lightspeed-operator

Length of output: 102

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

IMAGE="mcr.microsoft.com/playwright:v1.60.0-noble"

command -v docker >/dev/null 2>&1 || { echo "docker not found (run in CI)"; exit 1; }
command -v trivy >/dev/null 2>&1 || { echo "trivy not found (install in CI)"; exit 1; }

docker pull "$IMAGE"
trivy image --severity HIGH,CRITICAL --no-progress "$IMAGE"

# Optional (recommended): pin to immutable digest
# DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}' "$IMAGE" | awk -F@ '{print $2}')"
# echo "Pinned digest: $IMAGE@$DIGEST"

Repository: openshift/lightspeed-operator

Length of output: 102

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

IMAGE="mcr.microsoft.com/playwright:v1.60.0-noble"

command -v docker >/dev/null 2>&1 || { echo "docker not found"; exit 1; }
command -v trivy >/dev/null 2>&1 || { echo "trivy not found"; exit 1; }

docker pull "$IMAGE"
trivy image --severity HIGH,CRITICAL --no-progress "$IMAGE"

# Optional: pin by digest for reproducibility
# DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}' "$IMAGE" | awk -F@ '{print $2}')"
# echo "$IMAGE@$DIGEST"

Repository: openshift/lightspeed-operator

Length of output: 90

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

IMAGE="mcr.microsoft.com/playwright:v1.60.0-noble"

command -v trivy >/dev/null 2>&1 || { echo "trivy not found (install in CI)"; exit 1; }

# Scans the remote image directly (no docker daemon required)
trivy image --severity HIGH,CRITICAL --no-progress "$IMAGE"

# Optional: pin to immutable digest (do in CI using your preferred tooling, e.g., crane/skopeo)
# DIGEST="$(crane digest "$IMAGE")"
# echo "Pinned image: $IMAGE@$DIGEST"

Repository: openshift/lightspeed-operator

Length of output: 45074

---

Address HIGH vulnerabilities in Playwright image used by the pipeline

In .tekton/integration-tests/pipelines/lightspeed-console-e2e-test-pipeline-pf5.yaml (line 191), mcr.microsoft.com/playwright:v1.60.0-noble is an official Microsoft Playwright Ubuntu 24.04 “Noble” image, but Trivy reports 4 HIGH vulnerabilities (0 CRITICAL): CVE-2025-3887 (gstreamer1.0-plugins-bad), CVE-2026-45447 (libssl3t64), and CVE-2026-33671 (picomatch). Update to a newer patched Playwright image tag/digest (or justify risk acceptance if this is intentionally tolerated for e2e-only usage).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
@.tekton/integration-tests/pipelines/lightspeed-console-e2e-test-pipeline-pf5.yaml
at line 191, The pipeline is using a vulnerable Playwright image
"mcr.microsoft.com/playwright:v1.60.0-noble" which Trivy flagged for multiple
HIGH CVEs; replace that image reference with a newer patched Playwright image
tag or digest (e.g., a more recent v1.x-noble tag or an explicit digest) to
eliminate CVE-2025-3887, CVE-2026-45447 and CVE-2026-33671, or if you intend to
accept the risk, add an explicit justification comment in the pipeline and a
documented risk acceptance ticket; update the image string in the pipeline task
spec where "mcr.microsoft.com/playwright:v1.60.0-noble" appears (or pin to an
immutable digest) and re-run vulnerability scans to verify remediation.

[openshift-ci]

@sriroopar: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.