Skip to content

Task 5 of the automated tests framework - Performance and robustness optimization

Ticket #171: Playwright framework performance and robustness optimization (Storage State and external Windows secrets)
Type: Automation / Performance / Security / Reliability
Affected Component: e2e/playwright.config.ts, e2e/src/tests/auth.setup.ts, e2e/src/tests/skipLogin.spec.ts, e2e/src/tests/loginTest.spec.ts, e2e/src/utils/requiredEnv.ts, e2e/scripts/save-windows-secrets.ps1, e2e/scripts/run-with-windows-secrets.ps1, e2e/package.json, .gitignore

1. Context and objective

This intervention corresponds to Task 5 of the E2E automation framework implementation plan.

After establishing the baseline (Ticket #167), stabilizing navigation (Ticket #168), hardening environments (Ticket #169), and industrializing test data (Ticket #170), the objective of Task 5 is to reduce execution cost and increase E2E run robustness through session reuse and an out-of-repo secret model.

2. Phase 1 - Storage State optimization

The flow was consolidated into two steps:

  • a setup scenario that authenticates the user and generates a session state;
  • functional scenarios that reuse this state to start directly in authenticated areas.

Playwright configuration was aligned around:

  • a dedicated setup project to create session state;
  • dependent browser projects (chromium, firefox, webkit) consuming that state automatically.

Expected outcome: faster and more stable executions, both locally and in pipelines.

3. Phase 2 - Security: secrets fully outside the project

The authentication model was strengthened to avoid any secret presence in versioned code:

  • removal of dependency on project secret files;
  • mandatory USER_ID and PASSWORD sourcing from external environment variables;
  • explicit fail-fast guardrail if a required variable is missing;
  • strict exclusion of local session-state artifacts to prevent token leaks.

This approach harmonizes local and CI security practices without exposing application credentials.

4. Phase 3 - Secure local Windows ergonomics

To avoid repeated credential entry for every session:

  • a one-shot script was added to save user secrets;
  • local encryption uses native Windows DPAPI, bound to the user account;
  • a launcher script reloads protected secrets and executes Playwright.

Dedicated npm commands were added to standardize daily test execution.

5. Incidents encountered and resolutions

Incident 1 - Invalid login selector
An obsolete selector caused timeouts.
Resolution: switched to the real submit button selector.

Incident 2 - Fragile post-login validation
A non-stable UI assertion triggered element(s) not found failures.
Resolution: replaced with stronger authenticated-state assertions.

Incident 3 - Missing external variables
Setup failed when USER_ID / PASSWORD were not injected.
Resolution: explicit guardrail and documented execution flow.

Incident 4 - Windows wrapper execution via npx
npm/npx module resolution errors appeared depending on shell context.
Resolution: direct execution of the local Playwright binary for stable launches.

6. Validation and results

Final validation confirmed:

  • correct generation of session state;
  • successful skip-login scenario execution in Chromium;
  • elimination of manual credential re-entry for each session;
  • consistent out-of-repo security model.

7. Conclusion and roadmap

Task 5 delivers concrete improvements in execution performance and operational robustness for the Playwright framework.

Next step (Task 6): add advanced API and visual tests.
Final step (Task 7): implement traceability, retry, and CI/CD.