Add GitHub Actions workflow for SSO Playwright tests (#24980)

Copilot · chirag-madlani · web-flow · commit cbea0c0355fa · 2025-12-24T18:16:36.000+05:30
* Initial plan * Add Playwright SSO tests workflow with @sso tag filtering Co-authored-by: chirag-madlani <12962843+chirag-madlani@users.noreply.github.com> * Add comprehensive documentation to SSO tests workflow Co-authored-by: chirag-madlani <12962843+chirag-madlani@users.noreply.github.com> * update workflow --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: chirag-madlani <12962843+chirag-madlani@users.noreply.github.com>
diff --git a/.github/workflows/playwright-sso-tests.yml b/.github/workflows/playwright-sso-tests.yml
@@ -0,0 +1,164 @@
+#  Copyright 2025 Collate
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#  http://www.apache.org/licenses/LICENSE-2.0
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+# This workflow executes SSO-specific end-to-end (e2e) tests using Playwright with MySQL as the database.
+# 
+# Purpose:
+#   - Run SSO configuration tests for various authentication providers (Google, Azure AD, Okta, SAML, LDAP, etc.)
+#   - Validate SSO provider selection, field visibility, and configuration workflows
+#   - Tests are tagged with @sso and run in isolation from other Playwright tests
+#
+# Triggers:
+#   - Manual trigger via workflow_dispatch
+#   - Pull requests with "safe to test" label
+#   - Excludes draft PRs
+#
+# Test Location:
+#   - openmetadata-ui/src/main/resources/ui/playwright/e2e/Features/SSOConfiguration.spec.ts
+#
+# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#apache-maven-with-a-settings-path
+
+name: SSO Authentication Tests (Nightly)
+
+# schedule:
+  #   # Run every night at 2 AM UTC
+  #   - cron: '0 2 * * *'
+  workflow_dispatch: # Allow manual trigger
+    inputs:
+      sso_provider:
+        description: "SSO Provider to test"
+        required: true
+        default: "google"
+        type: choice
+        options:
+          - google
+          - okta
+          - azure
+          - auth0
+          - saml
+          - cognito
+
+permissions:
+  contents: read
+
+concurrency:
+  group: sso-auth-tests-${{ github.workflow }}-${{ github.event.inputs.sso_provider || 'scheduled' }}
+  cancel-in-progress: true
+
+jobs:
+  sso-auth-tests:
+    runs-on: ubuntu-latest
+    if: ${{ !github.event.pull_request.draft }}
+    environment: test
+
+    strategy:
+      fail-fast: false
+      matrix:
+        provider: ${{ github.event.inputs.sso_provider == 'all' && fromJSON('["google", "okta", "azure", "auth0"]') || github.event.inputs.sso_provider && fromJSON(format('["{0}"]', github.event.inputs.sso_provider)) || fromJSON('["google"]') }}
+
+    steps:
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@main
+        with:
+          tool-cache: false
+          android: true
+          dotnet: true
+          haskell: true
+          large-packages: false
+          swap-storage: true
+          docker-images: false
+
+      - name: Wait for the labeler
+        uses: lewagon/wait-on-check-action@v1.3.4
+        if: ${{ github.event_name == 'pull_request_target' }}
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          check-name: Team Label
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          wait-interval: 90
+
+      - name: Verify PR labels
+        uses: jesusvasquez333/verify-pr-label-action@v1.4.0
+        if: ${{ github.event_name == 'pull_request_target' }}
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+          valid-labels: "safe to test"
+          pull-request-number: "${{ github.event.pull_request.number }}"
+          disable-reviews: true # To not auto approve changes
+
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Cache Maven Dependencies
+        id: cache-output
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+
+      - name: Setup Openmetadata Test Environment
+        uses: ./.github/actions/setup-openmetadata-test-environment
+        with:
+          python-version: "3.10"
+          # Skip ingestion setup for SSO tests
+          args: "-d postgresql -i false"
+          ingestion_dependency: "all"
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: 'openmetadata-ui/src/main/resources/ui/.nvmrc'
+
+      - name: Install dependencies
+        working-directory: openmetadata-ui/src/main/resources/ui/
+        run: yarn --ignore-scripts --frozen-lockfile
+
+      - name: Install Playwright Browsers
+        run: npx playwright@1.51.1 install --with-deps
+
+      - name: Run SSO Authentication Tests
+        working-directory: openmetadata-ui/src/main/resources/ui
+        run: npx playwright test playwright/e2e/Auth/SSOAuthentication.spec.ts --workers=1
+        env:
+          SSO_PROVIDER_TYPE: ${{ matrix.provider }}
+          SSO_USERNAME: ${{ secrets[format('{0}_SSO_USERNAME', upper(matrix.provider))] }}
+          SSO_PASSWORD: ${{ secrets[format('{0}_SSO_PASSWORD', upper(matrix.provider))] }}
+          PLAYWRIGHT_IS_OSS: true
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        timeout-minutes: 60
+
+      - name: Upload test results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: sso-auth-test-results-${{ matrix.provider }}
+          path: openmetadata-ui/src/main/resources/ui/playwright/output/playwright-report
+          retention-days: 5
+
+      - name: Clean Up
+        run: |
+          cd ./docker/development
+          docker compose down --remove-orphans
+          sudo rm -rf ${PWD}/docker-volume
+    
+  notify:
+    needs: sso-auth-tests
+    runs-on: ubuntu-latest
+    if: failure()
+    steps:
+      - name: Send notification on failure
+        run: |
+          echo "SSO Authentication tests failed for one or more providers"
+          # Add your notification logic here (Slack, email, etc.)
