updated ci article

vvs11 · vvs11 · commit 1c42e1bdcf86 · 2024-12-26T23:41:30.000+05:30
diff --git a/articles/playwright-testing/playwright-testing-reporting-with-sharding.md b/articles/playwright-testing/playwright-testing-reporting-with-sharding.md
@@ -16,7 +16,7 @@ In this article, you learn how to use the Microsoft Playwright Testing service's
 
 Playwright's sharding enables you to split your test suite to run across multiple machines simultaneously. This feature helps running tests in parallel.
 
-You can use Playwright Testing's reporting feature to get a consolidated report of a test run with sharding. You need to make sure you set the variable `PLAYWRIGHT_SERVICE_RUN_ID` so that it remains same across all shards. 
+You can use Playwright Testing's reporting feature to get a consolidated report of a test run with sharding. You need to make sure the `runId` of the test run is same across all shards. 
 
 > [!IMPORTANT]
 > Microsoft Playwright Testing is currently in preview. For legal terms that apply to Azure features that are in beta, in preview, or otherwise not yet released into general availability, see the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
@@ -27,65 +27,82 @@ You can use Playwright Testing's reporting feature to get a consolidated report
 
 * Set up continuous end-to-end testing. Complete the [Quickstart: Set up continuous end-to-end testing with Microsoft Playwright Testing Preview](./quickstart-automate-end-to-end-testing.md) to set up continuous integration (CI) pipeline.
 
+## Update playwright service configuration file
+
+Add or update `runId` to `playwright.service.config.ts` file in your setup. 
+
+```typescript
+.
+.
+.
+export default defineConfig(
+  config,
+  getServiceConfig(config, {
+  runId: process.env.PLAYWRIGHT_SERVICE_RUN_ID, //Set runId for the test run
+  }),
+);
+
+```
+You can use `PLAYWRIGHT_SERVICE_RUN_ID` variable in your setup to ensure the `runId` remains same across all shards. 
 
 ## Set up variables
 
-The `PLAYWRIGHT_SERVICE_RUN_ID` variable is an identifier that is used by Playwright Testing service to distinguish between test runs. The results from multiple runs with same `RUN_ID` are reported to the same run on the Playwright portal. 
+The `runId` setting is be used as an identifier by Playwright Testing service to distinguish between test runs. The results from multiple runs with same `runId` are reported to the same run on the Playwright portal. 
 
-By default, a test run that uses reporting feature automatically generates a unique `RUN_ID` unless you explicitly set the value yourself. If the value of the variable remains same across runs, the results are reported together in the same run on the Playwright portal. 
+By default, a test run that uses reporting feature automatically generates a unique `runId` unless you explicitly set the value yourself. If the value of the variable remains same across runs, the results are reported together in the same run on the Playwright portal. 
 
 > [!Tip]
 > If you use the cloud-hosted browsers provided by Microsoft Playwright Testing service to run your tests, you might have already set this variable. To avoid overwrites, make sure you set it only once. 
 
 
-While using sharding, make sure the same `RUN_ID` is set across all the shards for the results to be reported together. 
+While using sharding, make sure the same `runId` is set across all the shards for the results to be reported together. This can be achieved by using a variable `PLAYWRIGHT_SERVICE_RUN_ID` and setting this value same across all shards. 
 
 Here's an example of how you can set it in your pipeline via GitHub Actions. 
 
 ```yml
-name: Playwright Tests
-on:
-  push:
-    branches: [ main, master ]
-  pull_request:
-    branches: [ main, master ]
-  workflow_dispatch:
-    strategy:
-        fail-fast: false
-        matrix:
-        shardIndex: [1, 2, 3, 4]
-        shardTotal: [4]
-permissions:
-  id-token: write
-  contents: read
-jobs:
-  test:
-    timeout-minutes: 60
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-    - uses: actions/setup-node@v3
-      with:
-        node-version: 18
-      # This step is to sign-in to Azure to run tests from GitHub Action workflow.
-      # You can choose how set up Authentication to Azure from GitHub Actions, this is one example. 
-     - name: Login to Azure with AzPowershell (enableAzPSSession true) 
-      uses: azure/login@v2 
-      with: 
-        client-id: ${{ secrets.AZURE_CLIENT_ID }} 
-        tenant-id: ${{ secrets.AZURE_TENANT_ID }}  
-        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}  
-        enable-AzPSSession: true 
-
-    - name: Install dependencies
+  name: Playwright Tests (Microsoft Playwright Testing)
+  on:
+    push:
+      branches: [ main, master ]
+    pull_request:
+      branches: [ main, master ]
+    workflow_dispatch:
+      strategy:
+          fail-fast: false
+          matrix:
+          shardIndex: [1, 2, 3, 4]
+          shardTotal: [4]
+  permissions: # Required when using Microsoft Entra ID to authenticate
+    id-token: write
+    contents: read
+  jobs:
+    test:
+      timeout-minutes: 60
+      runs-on: ubuntu-latest
+      steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 18
+        # This step is to sign-in to Azure to run tests from GitHub Action workflow.
+        # You can choose how set up Authentication to Azure from GitHub Actions, this is one example. 
+      - name: Login to Azure with AzPowershell (enableAzPSSession true) 
+        uses: azure/login@v2 
+        with: 
+          client-id: ${{ secrets.AZURE_CLIENT_ID }} # Required when using Microsoft Entra ID to authenticate
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}  
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}  
+          enable-AzPSSession: true 
+
+      - name: Install dependencies
         working-directory: path/to/playwright/folder # update accordingly
-      run: npm ci
+        run: npm ci
 
-    - name: Run Playwright tests
+      - name: Run Playwright tests
         working-directory: path/to/playwright/folder # update accordingly
-      env:
-        # Regional endpoint for Microsoft Playwright Testing
-        PLAYWRIGHT_SERVICE_URL: ${{ secrets.PLAYWRIGHT_SERVICE_URL }}
-        PLAYWRIGHT_SERVICE_RUN_ID: ${{ github.run_id }}-${{ github.run_attempt }}-${{ github.sha } #This Run_ID will be unique and will remain same across all shards
-      run: npx playwright test --shard=${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
+        env:
+          # Regional endpoint for Microsoft Playwright Testing
+          PLAYWRIGHT_SERVICE_URL: ${{ secrets.PLAYWRIGHT_SERVICE_URL }}
+          PLAYWRIGHT_SERVICE_RUN_ID: ${{ github.run_id }}-${{ github.run_attempt }}-${{ github.sha } #This Run_ID will be unique and will remain same across all shards
+        run: npx playwright test --shard=${{ matrix.shardIndex }}/${{ matrix.shardTotal }}
 ```
diff --git a/articles/playwright-testing/quickstart-automate-end-to-end-testing.md b/articles/playwright-testing/quickstart-automate-end-to-end-testing.md
@@ -158,6 +158,79 @@ Enable artifacts such as screenshot, videos and traces to be captured by Playwri
 Once you collect these artifacts, attach them to the `TestContext` to ensure they are available in your test reports. For more information, see our [sample project for NUnit](https://aka.ms/mpt/nunit-sample)
 ::: zone-end
 
+## Set up authentication
+    
+The CI machine running Playwright tests needs to authenticate with Playwright Testing service to get the browsers to run the tests and to publish the test results and arifacts back to the service. 
+
+The service offers two authentication methods: Microsoft Entra ID and Access Tokens. We strongly recommend using Microsoft Entra ID to authenticate your pipelines. 
+
+#### Set up authentication using Microsoft Entra ID
+    
+  # [GitHub Actions](#tab/github)
+
+  If you are using GitHub Actions, you can connect to the service using GitHub OpenID Connect. Follow the steps below to set up the integration:
+
+  ##### Prerequisites
+
+  **Option 1: Microsoft Entra application**
+
+  * Create a Microsoft Entra application with a service principal by [Azure portal](/entra/identity-platform/howto-create-service-principal-portal#register-an-application-with-microsoft-entra-id-and-create-a-service-principal), [Azure CLI](/cli/azure/azure-cli-sp-tutorial-1#create-a-service-principal), or [Azure PowerShell](/powershell/azure/create-azure-service-principal-azureps#create-a-service-principal).
+
+  *  Copy the values for **Client ID**, **Subscription ID**, and **Directory (tenant) ID** to use later in your GitHub Actions workflow.
+  
+  * Assign the `Owner` or `Contributor` role to the service principal created in the previous step. These roles must be assigned on the Playwright Testing workspace. For more details, refer to [How to manage access](./how-to-manage-access-tokens.md).
+  
+  * [Configure a federated identity credential on a Microsoft Entra application](/entra/workload-id/workload-identity-federation-create-trust) to trust tokens issued by GitHub Actions to your GitHub repository. 
+
+  **Option 2: User-assigned managed identity**
+
+  * [Create a user-assigned managed identity](/entra/identity/managed-identities-azure-resources/how-manage-user-assigned-managed-identities#create-a-user-assigned-managed-identity).
+
+  *  Copy the values for **Client ID**, **Subscription ID**, and **Directory (tenant) ID** to use later in your GitHub Actions workflow.
+  
+  *  Assign the `Owner` or `Contributor` role to the user-assigned managed identity created in the previous step. These roles must be assigned on the Playwright Testing workspace. For more details, refer to [How to manage access](./how-to-manage-access-tokens.md).
+  
+  * [Configure a federated identity credential on a user-assigned managed identity](/entra/workload-id/workload-identity-federation-create-trust-user-assigned-managed-identity) to trust tokens issued by GitHub Actions to your GitHub repository. 
+
+  ##### Create GitHub secrets
+
+  1. Add the values you got in the previous step as secrets to your GitHub repository. See [set up GitHub Action Secret](/azure/developer/github/connect-from-azure-openid-connect?branch=main#create-github-secrets). These variables will be used in the GitHub Action workflow in subsequest steps. 
+
+    | GitHub Secret       | Source (Microsoft Entra Application or Managed Identity) |
+    |---------------------|----------------------------------------------------------|
+    | `AZURE_CLIENT_ID`    | Client ID                                                |
+    | `AZURE_SUBSCRIPTION_ID` | Subscription ID                                       |
+    | `AZURE_TENANT_ID`    | Directory (Tenant) ID                                    |
+
+    > **Note:**  
+    > For enhanced security, it is strongly recommended to use GitHub Secrets to store sensitive values rather than including them directly in your workflow file.
+
+  # [Azure Pipelines](#tab/pipelines)
+
+  If you are using Azure Pipelines, you can connect to the service using Service Connections. Follow the steps below to set up the integration:
+
+  1. [Create an app registration with workload identity federation](/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-app-registration-with-workload-identity-federation-automatic). Select the subscription and resource group associated with your Playwright Testing workspace. Typically, the resource group has the same name as the Playwright Testing workspace.
+
+  2. Use this service connection in Azure Pipeline yaml file as shown in subsequent steps.  
+
+  #### Set up authentication using access tokens
+
+  > [!CAUTION]
+  > We strongly recommend using Microsoft Entra ID for authentication to the service. If you are using access tokens, see [How to Manage Access Tokens](./how-to-manage-access-tokens.md)
+
+  You can generate an access token from your Playwright Testing workspace and use it in your setup. However, we strongly recommend Microsoft Entra ID for authentication due to its enhanced security. Access tokens, while convenient, function like long-lived passwords and are more susceptible to being compromised.
+
+  1. Authentication using access tokens is disabled by default. To use, [Enable access-token based authentication](./how-to-manage-authentication.md#enable-authentication-using-access-tokens)
+
+  2. [Set up authentication using access tokens](./how-to-manage-authentication.md#set-up-authentication-using-access-tokens)
+
+  3. Store the access token in a CI workflow secret and use it in the GitHub Actions workflow or Azure Pipeline yaml file. 
+
+    | Secret name | Value |
+    | ----------- | ------------ |
+    | *PLAYWRIGHT_SERVICE_ACCESS_TOKEN* | Paste the value of Access Token you created previously. | 
+
+
 ## Update the workflow definition
 
 ::: zone pivot="playwright-test-runner"
@@ -175,47 +248,51 @@ Update the CI workflow definition to run your Playwright tests with the Playwrig
     
       # This step is to sign-in to Azure to run tests from GitHub Action workflow. 
       # Choose how to set up authentication to Azure from GitHub Actions. This is one example. 
-    on:
-      push:
-        branches: [ main, master ]
-      pull_request:
-        branches: [ main, master ]
-    permissions: # Required when using Microsoft Entra ID to authenticate
-      id-token: write
-      contents: read
-    jobs:
-      test:
-        timeout-minutes: 60
-        runs-on: ubuntu-latest
+      name: Playwright Tests (Microsoft Playwright Testing)
+      on:
+        push:
+          branches: [main, master]
+        pull_request:
+          branches: [main, master]
+
+      permissions: # Required when using Microsoft Entra ID to authenticate
+        id-token: write
+        contents: read
+
+      jobs:
+        test:
+          timeout-minutes: 60
+          runs-on: ubuntu-latest
           steps:
-          - uses: actions/checkout@v4    
-    - name: Login to Azure with AzPowershell (enableAzPSSession true) 
-      uses: azure/login@v2 
-      with: 
-        client-id: ${{ secrets.AZURE_CLIENT_ID }} 
-        tenant-id: ${{ secrets.AZURE_TENANT_ID }}  
-        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}  
-        enable-AzPSSession: true 
-
-    - name: Install dependencies
-        working-directory: path/to/playwright/folder # update accordingly
-      run: npm ci
-
-    - name: Run Playwright tests
-        working-directory: path/to/playwright/folder # update accordingly
-      env:
-        # Regional endpoint for Microsoft Playwright Testing
-        PLAYWRIGHT_SERVICE_URL: ${{ secrets.PLAYWRIGHT_SERVICE_URL }}
-        PLAYWRIGHT_SERVICE_RUN_ID: ${{ github.run_id }}-${{ github.run_attempt }}-${{ github.sha }}
-      run: npx playwright test -c playwright.service.config.ts --workers=20
-
-    - name: Upload Playwright report
-      uses: actions/upload-artifact@v3
-      if: always()
-      with:
-        name: playwright-report
-        path: path/to/playwright/folder/playwright-report/ # update accordingly
-        retention-days: 10
+            - uses: actions/checkout@v4
+
+            - name: Login to Azure with AzPowershell (enableAzPSSession true)
+              uses: azure/login@v2
+              with:
+                client-id: ${{ secrets.AZURE_CLIENT_ID }} # GitHub Open ID connect values copied in previous steps
+                tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+                subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+                enable-AzPSSession: true
+
+            - name: Install dependencies
+              working-directory: path/to/playwright/folder # update accordingly
+              run: npm ci
+
+            - name: Run Playwright tests
+              working-directory: path/to/playwright/folder # update accordingly
+              env:
+                # Regional endpoint for Microsoft Playwright Testing
+                PLAYWRIGHT_SERVICE_URL: ${{ secrets.PLAYWRIGHT_SERVICE_URL }}
+                # PLAYWRIGHT_SERVICE_ACCESS_TOKEN: ${{ secrets.PLAYWRIGHT_SERVICE_ACCESS_TOKEN }} # Not recommended, use Microsoft Entra ID authentication. 
+              run: npx playwright test -c playwright.service.config.ts --workers=20
+
+            - name: Upload Playwright report
+              uses: actions/upload-artifact@v3
+              if: always()
+              with:
+                name: playwright-report
+                path: path/to/playwright/folder/playwright-report/ # update accordingly
+                retention-days: 10
     ```
 
     # [Azure Pipelines](#tab/pipelines)
@@ -233,7 +310,8 @@ Update the CI workflow definition to run your Playwright tests with the Playwrig
       displayName: Run Playwright Test  
         env:
         PLAYWRIGHT_SERVICE_URL: $(PLAYWRIGHT_SERVICE_URL)
-        PLAYWRIGHT_SERVICE_RUN_ID: ${{ parameters.runIdPrefix }}$(Build.DefinitionName) - $(Build.BuildNumber) - $(System.JobAttempt) 
+        # PLAYWRIGHT_SERVICE_ACCESS_TOKEN: $(PLAYWRIGHT_SERVICE_ACCESS_TOKEN) # Not recommended, use Microsoft Entra ID authentication. 
+
       inputs:
         azureSubscription: My_Service_Connection # Service connection used to authenticate this pipeline with Azure to use the service
         scriptType: 'pscore'
@@ -287,7 +365,7 @@ Update the CI workflow definition to run your Playwright tests with the Playwrig
           - name: Login to Azure with AzPowershell (enableAzPSSession true) 
             uses: azure/login@v2 
             with: 
-              client-id: ${{ secrets.AZURE_CLIENT_ID }} 
+              client-id: ${{ secrets.AZURE_CLIENT_ID }} # GitHub Open ID connect values copied in previous steps
               tenant-id: ${{ secrets.AZURE_TENANT_ID }}  
               subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}  
               enable-AzPSSession: true 
@@ -310,7 +388,7 @@ Update the CI workflow definition to run your Playwright tests with the Playwrig
             env:
               # Regional endpoint for Microsoft Playwright Testing
               PLAYWRIGHT_SERVICE_URL: ${{ secrets.PLAYWRIGHT_SERVICE_URL }}
-              PLAYWRIGHT_SERVICE_RUN_ID: ${{ github.run_id }}-${{ github.run_attempt }}-${{ github.sha }}
+              # PLAYWRIGHT_SERVICE_ACCESS_TOKEN: ${{ secrets.PLAYWRIGHT_SERVICE_ACCESS_TOKEN }} # Not recommended, use Microsoft Entra ID authentication. 
             run: dotnet test --settings:.runsettings --logger "microsoft-playwright-testing" -- NUnit.NumberOfTestWorkers=20
 
           - name: Upload Playwright report
@@ -345,9 +423,10 @@ Update the CI workflow definition to run your Playwright tests with the Playwrig
       displayName: Run Playwright Test  
         env:
         PLAYWRIGHT_SERVICE_URL: $(PLAYWRIGHT_SERVICE_URL)
-        PLAYWRIGHT_SERVICE_RUN_ID: ${{ parameters.runIdPrefix }}$(Build.DefinitionName) - $(Build.BuildNumber) - $(System.JobAttempt) 
+        # PLAYWRIGHT_SERVICE_ACCESS_TOKEN: $(PLAYWRIGHT_SERVICE_ACCESS_TOKEN) # Not recommended, use Microsoft Entra ID authentication. 
+
       inputs:
-        azureSubscription: My_Service_Connection # Service connection used to authenticate this pipeline with Azure to use the service
+        azureSubscription: My_Service_Connection # Service connection used to authenticate this pipeline with Azure to use the service using Microsoft Entra ID.
         scriptType: 'pscore'
         scriptLocation: 'inlineScript'
         inlineScript: |
