Skip to content

chore(ci): Use Playwright Docker images instead of install-playwright action#20270

Draft
mydea wants to merge 11 commits intodevelopfrom
fn/playwright-docker-images
Draft

chore(ci): Use Playwright Docker images instead of install-playwright action#20270
mydea wants to merge 11 commits intodevelopfrom
fn/playwright-docker-images

Conversation

@mydea
Copy link
Copy Markdown
Member

@mydea mydea commented Apr 14, 2026
edited
Loading

Summary

  • Delete the custom install-playwright composite action
  • Build a custom Docker image (official Playwright + yarn) and cache in GHCR
  • Use the GHCR image as a container for all jobs that need Playwright
  • Verify @playwright/test version consistency across the entire repo

Architecture

.github/docker/playwright.Dockerfile                    → extends official Playwright image with yarn
.github/actions/ensure-playwright-image/action.yml      → composite action: check GHCR, build if missing, verify versions

Each workflow has a lightweight job_playwright_image prerequisite job that:

  1. Verifies all @playwright/test versions match across packages and e2e test apps
  2. Checks if ghcr.io/getsentry/sentry-javascript/playwright:v<version> already exists
  3. If the image exists → noop (takes ~5s)
  4. If missing → builds and pushes (first run after a Playwright bump)

Downstream jobs reference the image via needs.job_playwright_image.outputs.image.

Jobs updated

Job Before After
Browser Playwright tests install-playwright composite action GHCR container
Browser Loader tests install-playwright composite action GHCR container
Remix integration tests install-playwright composite action GHCR container
E2E tests (required) install-playwright composite action GHCR container
E2E tests (optional) install-playwright composite action GHCR container
Canary E2E install-playwright composite action GHCR container
Flaky test detector install-playwright composite action GHCR container

Benefits

  • No more downloading/caching Playwright browsers per job — they're pre-installed in the image
  • Removes actions/cache@v4 usage from the deleted composite action (Node.js 20 deprecation warning)
  • Single Dockerfile to customize if extra tools are needed
  • Version consistency enforced — mismatched @playwright/test versions fail CI with clear error annotations
  • No hardcoded image tags in workflow files — the version is derived from package.json automatically
  • After the image is built once, subsequent runs are a noop (~5s docker manifest inspect)

Maintenance

When bumping @playwright/test, the ensure-playwright-image action automatically detects the new version and builds a new image on the first CI run. No manual workflow file updates needed.

Test plan

  • job_playwright_image is a noop when the image already exists
  • Image is built and pushed when it doesn't exist
  • Version consistency check catches mismatched versions
  • Browser Playwright tests pass with GHCR container
  • Browser Loader tests pass with GHCR container
  • Remix integration tests pass with GHCR container
  • E2E tests pass with GHCR container
  • Canary workflow still works
  • Flaky test detector still works

🤖 Generated with Claude Code

@mydea @claude
chore(ci): Use Playwright Docker images instead of install-playwright…
d5055f3 
… action

Replace the custom `install-playwright` composite action with official
Playwright Docker images for browser integration tests, and inline
`npx playwright install` for other jobs.

**Browser integration tests** (playwright + loader):
- Use `mcr.microsoft.com/playwright:v1.56.1-noble` container image
- Browsers are pre-installed, no download or caching needed

**Remix, E2E, canary, flaky-test-detector**:
- Replace composite action with `npx playwright install --with-deps chromium`
- These jobs have complex setups (Node version matrix, pnpm, Verdaccio)
  where a container adds unnecessary complexity

This also removes the `actions/cache@v4` usage from the composite action,
eliminating another source of Node.js 20 deprecation warnings.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@mydea mydea marked this pull request as draft April 14, 2026 08:12
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 14, 2026
edited
Loading

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

New Features ✨

Cloudflare

  • Split alarms into multiple traces and link them by JPeer264 in #19373
  • Propagate traceparent to RPC calls - via fetch by JPeer264 in #19991

Core

  • Automatically disable truncation when span streaming is enabled in LangGraph integration by andreiborza in #20231
  • Automatically disable truncation when span streaming is enabled in LangChain integration by andreiborza in #20230
  • Automatically disable truncation when span streaming is enabled in Google GenAI integration by andreiborza in #20229
  • Automatically disable truncation when span streaming is enabled in Anthropic AI integration by andreiborza in #20228
  • Automatically disable truncation when span streaming is enabled in Vercel AI integration by andreiborza in #20232
  • Automatically disable truncation when span streaming is enabled in OpenAI integration by andreiborza in #20227
  • Add enableTruncation option to Vercel AI integration by nicohrubec in #20195
  • Add enableTruncation option to Google GenAI integration by andreiborza in #20184
  • Add enableTruncation option to Anthropic AI integration by andreiborza in #20181
  • Add enableTruncation option to LangGraph integration by andreiborza in #20183
  • Add enableTruncation option to LangChain integration by andreiborza in #20182
  • Add enableTruncation option to OpenAI integration by andreiborza in #20167
  • Export a reusable function to add tracing headers by JPeer264 in #20076

Deps

  • Bump axios from 1.13.5 to 1.15.0 by dependabot in #20180
  • Bump hono from 4.12.7 to 4.12.12 by dependabot in #20118
  • Bump defu from 6.1.4 to 6.1.6 by dependabot in #20104

Other

  • (browser) Add View Hierarchy integration by timfish in #14981
  • (cloudflare,deno,vercel-edge) Add span streaming support by Lms24 in #20127
  • (node) Include global scope for eventLoopBlockIntegration by timfish in #20108
  • (node-native) Add support for V8 v14 (Node v25+) by timfish in #20125
  • (opentelemetry) Vendor AsyncLocalStorageContextManager by mydea in #20243

Bug Fixes 🐛

Deno

  • Handle reader.closed rejection from releaseLock() in streaming by andreiborza in #20187
  • Avoid inferring invalid span op from Deno tracer by Lms24 in #20128

Other

  • (ci) Prevent command injection in ci-metadata workflow by fix-it-felix-sentry in #19899
  • (core, node) Support loading Express options lazily by isaacs in #20211
  • (e2e) Add op check to waitForTransaction in React Router e2e tests by copilot-swe-agent in #20193
  • (e2e-tests) Remove flaky navigation breadcrumb assertions from parameterized-routes tests by copilot-swe-agent in #20202
  • (node-integration-tests) Fix flaky kafkajs test race condition by copilot-swe-agent in #20189

Internal Changes 🔧

Ci

  • Use Playwright Docker images instead of install-playwright action by mydea in #20270
  • Remove node-overhead GitHub Action by mydea in #20246
  • Bump dorny/paths-filter from v3.0.1 to v4.0.1 by mydea in #20251
  • Remove codecov steps from jobs that produce no coverage/JUnit data by mydea in #20244

Deps

  • Bump hono from 4.12.7 to 4.12.12 in /dev-packages/e2e-tests/test-applications/cloudflare-hono by dependabot in #20119
  • Bump axios from 1.13.5 to 1.15.0 in /dev-packages/e2e-tests/test-applications/nestjs-basic by dependabot in #20179

Deps Dev

  • Bump @sveltejs/kit from 2.53.3 to 2.57.1 by dependabot in #20216
  • Bump vite from 7.2.0 to 7.3.2 in /dev-packages/e2e-tests/test-applications/tanstackstart-react by dependabot in #20107

Other

  • (bugbot) Add rules to flag test-flake-provoking patterns by Lms24 in #20192
  • (react) Remove duplicated test mock by s1gr1d in #20200
  • (size-limit) Bump failing size limit scenario by Lms24 in #20186
  • Add PR review reminder workflow by copilot-swe-agent in #20175
  • Fix lint warnings by mydea in #20250
  • Fix flaky ANR test by increasing blocking duration by JPeer264 in #20239
  • Add automatic flaky test detector by nicohrubec in #18684

🤖 This preview updates automatically when you update the PR.

@mydea @claude
chore(ci): Use custom GHCR Playwright image for all Playwright jobs
d873fce 
Build a custom Docker image extending the official Playwright image with
yarn pre-installed, push it to GHCR, and use it across all CI jobs that
need Playwright browsers.

- Add `.github/docker/playwright.Dockerfile` with yarn@1.22.22
- Add build workflow that pushes to GHCR on Dockerfile or Playwright
  version changes
- All Playwright jobs (browser tests, loader tests, Remix, E2E, canary,
  flaky-test-detector) now use the GHCR container image
- No more `npx playwright install` or browser caching logic anywhere

When bumping @playwright/test, also update the PLAYWRIGHT_IMAGE env var
in build.yml, canary.yml, and flaky-test-detector.yml.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 14, 2026
edited
Loading

size-limit report 📦

Path Size % Change Change
@sentry/browser 25.73 kB - -
@sentry/browser - with treeshaking flags 24.22 kB - -
@sentry/browser (incl. Tracing) 42.72 kB - -
@sentry/browser (incl. Tracing, Profiling) 47.35 kB - -
@sentry/browser (incl. Tracing, Replay) 81.53 kB - -
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags 71.1 kB - -
@sentry/browser (incl. Tracing, Replay with Canvas) 86.23 kB - -
@sentry/browser (incl. Tracing, Replay, Feedback) 98.44 kB - -
@sentry/browser (incl. Feedback) 42.52 kB - -
@sentry/browser (incl. sendFeedback) 30.39 kB - -
@sentry/browser (incl. FeedbackAsync) 35.39 kB - -
@sentry/browser (incl. Metrics) 27.04 kB - -
@sentry/browser (incl. Logs) 27.19 kB - -
@sentry/browser (incl. Metrics & Logs) 27.86 kB - -
@sentry/react 27.48 kB - -
@sentry/react (incl. Tracing) 45.05 kB - -
@sentry/vue 30.56 kB - -
@sentry/vue (incl. Tracing) 44.58 kB - -
@sentry/svelte 25.75 kB - -
CDN Bundle 28.41 kB - -
CDN Bundle (incl. Tracing) 43.76 kB - -
CDN Bundle (incl. Logs, Metrics) 29.79 kB - -
CDN Bundle (incl. Tracing, Logs, Metrics) 44.83 kB - -
CDN Bundle (incl. Replay, Logs, Metrics) 68.6 kB - -
CDN Bundle (incl. Tracing, Replay) 80.63 kB - -
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) 81.66 kB - -
CDN Bundle (incl. Tracing, Replay, Feedback) 86.16 kB - -
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) 87.19 kB - -
CDN Bundle - uncompressed 83 kB - -
CDN Bundle (incl. Tracing) - uncompressed 129.79 kB - -
CDN Bundle (incl. Logs, Metrics) - uncompressed 87.14 kB - -
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed 133.2 kB - -
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed 210.13 kB - -
CDN Bundle (incl. Tracing, Replay) - uncompressed 246.67 kB - -
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed 250.07 kB - -
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 259.58 kB - -
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed 262.97 kB - -
@sentry/nextjs (client) 47.47 kB - -
@sentry/sveltekit (client) 43.2 kB - -
@sentry/node-core 57.86 kB +0.02% +6 B 🔺
@sentry/node 174.8 kB +0.01% +14 B 🔺
@sentry/node - without tracing 97.63 kB +0.01% +7 B 🔺
@sentry/aws-serverless 114.98 kB +0.01% +6 B 🔺

View base workflow run

mydea and others added 9 commits April 14, 2026 10:23
@mydea @claude
chore(ci): Run Playwright image build on PRs, verify version consistency
d341175 
- Trigger the build workflow on PRs that change the Dockerfile, Playwright
  version, or any e2e test application package.json
- Add a version consistency check that verifies all packages and e2e test
  applications use the same @playwright/test version as the canonical
  source (dev-packages/browser-integration-tests)
- On PRs, the image is built (to verify the Dockerfile) but not pushed
- On push to develop and workflow_dispatch, the image is built and pushed

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@mydea @claude
chore(ci): Extract ensure-playwright-image composite action, remove s…
ea7b1c2 
…tandalone workflow

Replace the standalone build-playwright-docker-image workflow with a
composite action that runs as a prerequisite job in each workflow:

- Verifies all @playwright/test versions are consistent across the repo
- Checks if the GHCR image already exists (noop if so)
- Builds and pushes only when the image is missing

Each workflow (build, canary, flaky-test-detector) now has a small
`job_playwright_image` prerequisite job that runs the composite action
and outputs the image reference for downstream container jobs.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@mydea @claude
fix(ci): Remove hardcoded default from Playwright Dockerfile
e804926 
Remove the default value for PLAYWRIGHT_VERSION ARG so the build
fails if the arg isn't passed. The ensure-playwright-image action
reads the version from browser-integration-tests/package.json and
passes it as a build arg — that is the single source of truth.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@mydea @claude
chore(ci): Remove sparse-checkout from Playwright image jobs
74de4ec 
Simplify the checkout steps — full checkout is fine here and avoids
potential issues with missing files.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@mydea @claude
fix(ci): Fix Playwright version extraction in ensure-playwright-image
0af56ad 
@playwright/test is in `dependencies` (not `devDependencies`) in
browser-integration-tests/package.json. Check both fields so the
version is found regardless of which section it's declared in.

Also cleaned up the version consistency check to use a shared function
and log the canonical version for easier debugging.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@mydea @claude
fix(ci): Add --ipc=host to Playwright container options
19ff180 
Firefox fails with "Sandbox: CanCreateUserNamespace() clone() failure:
EPERM" when running in a Docker container on GitHub Actions because user
namespaces are restricted. Adding --ipc=host allows the browser sandbox
to work correctly for all browsers (chromium, firefox, webkit).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@mydea @claude
chore: Format ensure-playwright-image action
2c9a23b 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@mydea @claude
fix(ci): Include Dockerfile hash in Playwright image tag
9c9a53b 
The image tag was only based on the Playwright version, so changes to
the Dockerfile (e.g. adding yarn, system deps) didn't trigger a rebuild.

Tag is now `v<playwright-version>-<8-char-dockerfile-hash>`, e.g.
`v1.56.0-a1b2c3d4`. Any change to the Dockerfile produces a new tag,
which misses the GHCR cache and triggers a fresh build.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@mydea @claude
fix(ci): Set HOME=/root for Playwright containers
c5cca34 
GitHub Actions runs containers as root but sets HOME=/github/home
(owned by pwuser). Firefox refuses to launch as root in another
user's home directory. Setting HOME=/root fixes this.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mydea