[Question] Ci/Cd using AWS Codebuild/Codepipeline

[hoIIer]

Have you guys run this in AWS Codebuild/Codepipeline?

There may be a better way, but what I've found to work currently w/o having to use docker in the codebuild (which is supported), is that I build an image based on the official playwright docker image, then I push the image to AWS Elastic Container Registry (ECR), and in my AWS Cloudformation template that defines the pipeline, I use the custom image for the codebuild environment. This way codebuild already has playwright installed with all 3 browsers etc, and only requires your test files to run, making it run faster etc.

The one downside to this method is that you have to rebuild the docker image whenever you want to upgrade playwright to a new version.

Would it be worth adding more color on this for anyone else? Happy to open a doc pr let me know.

Dockerfile

...

# 6. Add user so we don't need --no-sandbox in Chromium
RUN groupadd -r pwuser && useradd -r -g pwuser -G audio,video pwuser \
    && mkdir -p /home/pwuser/Downloads \
    && chown -R pwuser:pwuser /home/pwuser

# 7. (Optional) Install XVFB if there's a need to run browsers in headful mode
RUN apt-get install -y xvfb

# 8. Disable babel cache.
ENV BABEL_DISABLE_CACHE 1

# 9. Run everything after as non-privileged user.
USER pwuser

# 10. Install playwright.
RUN npm i playwright@1.1.1

codepipeline.yml

  IntegrationTestsCodeBuildProject:
    Type: 'AWS::CodeBuild::Project'
    Properties:
      Environment:
        Image: !Sub '${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${imageRepo}:${imageTag}'
        Type: 'LINUX_CONTAINER'

[arjunattam]

Thanks for sharing this, and we would be happy to add steps to the docs. One observation on your setup right now:

# 9. Install playwright.
RUN npm i playwright@1.1.1

# 10. Run everything after as non-privileged user.
USER pwuser

I would recommend installing playwright as pwuser, instead of root, so that browser binaries are installed in the user profile dir of pwuser and there are no permission issues. We had a similar discussion on this issue thread.

Is there a reason you're running npm i playwright as root?

[hoIIer]

@arjun27 good call, there wasn't a reason.. I'm going to update it for my build image!

[hoIIer]

I got this when making the switch and trying to rebuild image:

[arjunattam]

Thanks @burritoIand - and apologies that I wasn't clear earlier. This is a typical setup that we see for Docker:

1. The docker file sets up the OS level dependencies (using apt-get)
2. The docker file also sets the user to non-root (called pwuser in this case) for Chrome sandboxing
3. Inside the docker container, the repo is cloned/mounted
4. The repo has a package.json that defines playwright as a dependency (or dev dependency), with a specific version
5. Running npm i for the repo installs the right version of playwright, and the relevant browser builds

Note that only steps 1 and 2 are in the dockerfile. Does this match with how you're thinking? I want to make this simpler to use - and perhaps we could communicate this differently in our docs. Let me know if this makes sense.

[hoIIer]

hey @argjun27, what you described makes sense and like I said, I might not be using an optimal set up on aws codebuild. The reason I added playwright installation directly into the build environment image, was so that the ci/cd build step doesn't have to download/install anything and rather it's already set up and available. In my case I have a buildspec.yml file that just runs mocha tests/**/test-*.js.

But that said I have a different process for testing locally where I run npm install to install playwright defined in package.json, and then npx mocha.... It works but also means there's a disconnect with the build environment and local environment since they install playwright separately.

So as an alternative I could try mounting the docker image (w/o playright install step), and then run npm install in the container and run the tests... That sounds like it would align with what you're suggesting(?)

[arjunattam]

Yes, it would. I believe that would also make it simpler to maintain over time, since the Playwright version will only have to be updated in your NPM dependencies.

We were just talking about this situation in our team today, and I do believe there is merit in ensuring the build env has Playwright browsers pre-installed. Let's approach this incrementally, starting with publishing the Docker image (#1482) so that it can be used directly. We can then follow up with improvements, like adding browsers to the Docker env. We want to make this easy for users, and I really appreciate this discussion :)

[aslushnikov]

Hey folks!

As of today and as of Playwright v1.3.0, we version our docker image the same way as Playwright, and bake browsers in:

docker run --rm -it mcr.microsoft.com/playwright:v1.3.0 /bin/bash

Does this cover the needs discussed in the lengthy discussion here?