Loading repository data…
Loading repository data…
roman-pinchuk / repository
Senior-level Playwright + TypeScript template for UI and API test automation with CI reporting, Allure, CTRF, and clean test architecture.
Playwright + TypeScript template that showcases a senior-level automation approach for both UI and API testing.
| Dependency | Type | Current Version | Security Status | Latest npm Version |
|---|---|---|---|---|
| @dotenvx/dotenvx | devDependencies | ^2.7.0 | No known issues | 2.7.0 |
| @eslint/js | devDependencies | ^10.0.1 | No known issues | 10.0.1 |
| @playwright/test | devDependencies | 1.61.1 | No known issues | 1.61.1 |
| @types/node | devDependencies | ^26.1.1 | No known issues | 26.1.1 |
| allure-playwright | devDependencies | ^3.10.2 | No known issues | 3.10.2 |
| eslint | devDependencies | ^10.7.0 | No known issues | 10.7.0 |
| eslint-plugin-playwright | devDependencies | ^2.10.5 | No known issues | 2.10.5 |
| lint-staged | devDependencies | ^17.0.8 | No known issues | 17.0.8 |
| pino | dependencies | ^10.3.1 | No known issues | 10.3.1 |
| pino-pretty | dependencies | ^13.1.3 | No known issues |
https://www.saucedemo.com┌───────────────────────────────────────────────────────────────────────────────────┐
│ TESTS LAYER (tests/) │
│ │
│ ┌───────────────────────┐ ┌───────────────────────┐ ┌───────────────┐ │
│ │ api/*.spec.ts │ │ ui/*.spec.ts │ │ auth.setup.ts │ │
│ │ (4 API specs) │ │ (7 UI specs) │ └───────┬───────┘ │
│ └───────────┬───────────┘ └─────┬───────────┬─────┘ │ │
└───────────────┼────────────────────────┼───────────┼──────────────────┼───────────┘
│ │ │ │
│ │ └───────┐ │
▼ ▼ │ │
┌───────────────────────────────┐ ┌──────────────────────┐ │ │
│ INFRASTRUCTURE │ │ CORE BUSINESS LOGIC │ │ │
│ (infrastructure/) │ │ (business/) │ │ │
│ │ │ │ │ │
│ ┌─────────────────────────┐ │ │ ┌────────────────┐ │ │ │
│ │ Fixtures ├──┼──┼─▶│ API Domain │ │ │ │
│ │ api.fixture.ts, │ │ │ │ objects, │ │ │ │
│ │ ui.fixture.ts │ │ │ │ assertions, │ │ │ │
│ └────────────┬────────────┘ │ │ │ factories │ │ │ │
│ │ │ │ └───────┬────────┘ │ │ │
│ │ │ │ │ │ │ │
│ ▼ │ │ │ │ │ │
│ ┌─────────────────────────┐ │ │ │ │ │ │
│ │ restful.client.ts │◀─┼──┼──────────┘ │ │ │
│ └────────────┬────────────┘ │ │ ┌────────────────┐ │ │ │
│ │ │ │ │ Journeys │◀─┼──┘ │
│ ▼ │ │ │ login, cart, │ │ │
│ ┌─────────────────────────┐ │ │ │ checkout, etc. │ │ │
│ │ config/env.ts │ │ │ └───────┬────────┘ │ │
│ └─────────────────────────┘ │ └──────────┼───────────┘ │
└───────────────────────────────┘ │ │
▼ ▼
┌────────────────────────────────────────┐
│ PAGE OBJECTS (pages/) │
│ │
│ ┌──────────────────┐ ┌────────────┐ │
│ │ Flow │ │login.page │ │
│ │ inventory, cart, │ │ .ts │ │
│ │ checkout, detail │ └────────────┘ │
│ └──────────────────┘ │
└────────────────────────────────────────┘
npm install
npx playwright install chromium firefox
npm run check
This repo includes a VS Code devcontainer that mirrors the Playwright Docker image used in CI:
mcr.microsoft.com/playwright:v1.61.1-noblenpm cinpm run verify:playwright checks devcontainer and CI
Playwright Docker images against package-lock.json--ipc=host9323To use it:
.env.local exists. UI tests still load
playwright.config.ts, so API_BASE_URL must be present even when you only
run SauceDemo UI tests.npm run test:ui:mode
The UI Mode server binds to 0.0.0.0:9323 so VS Code can forward it from the
container to your browser.
To run API tests, complete the Supabase API setup first, then:
npm run test:api # API only
npm test # Full suite (UI + API)
The API tests run against a Supabase PostgREST endpoint. Here's how to set it up:
awesome-pw-tests), generate a
database password, pick the closest region, and select the Free plan.Open the SQL Editor in your Supabase dashboard and run:
create table objects (
id uuid default gen_random_uuid() primary key,
"collectionName" text not null,
name text not null,
data jsonb default '{}'::jsonb,
"createdAt" timestamptz default now(),
"updatedAt" timestamptz default now()
);
alter table objects enable row level security;
create policy "anon_crud" on objects
for all
using (true)
with check (true);
Go to Settings → Data API in your Supabase dashboard and copy:
https://abc123.supabase.co)Add them to your env files:
# .env.local (local development)
API_BASE_URL=https://<your-project>.supabase.co
API_KEY=<your-supabase-anon-key>
# .env.production (CI, encrypted)
API_BASE_URL=https://<your-project>.supabase.co
API_KEY=<your-supabase-anon-key>
For CI, encrypt .env.production using dotenvx:
npx dotenvx encrypt
npm run test:api
npm test — Run the full suite (UI + API)npm run test:ui — Run SauceDemo across Chromium, Firefox, WebKitnpm run test:api — Run API tests against the configured Supabase projectnpm run test:headed — Run SauceDemo Chromium in headed modenpm run test:debug — Debug SauceDemo Chromiumnpm run test:ui:mode — Open Playwright UI Mode on forwarded port 9323npm run report — Open the HTML test reportnpm run check — Verify Playwright Docker image versions, lint, and typecheckLocal hooks are managed by simple-git-hooks and installed by npm install
through the prepare script:
pre-commit — runs lint-stagedpre-push — runs npm run typechecklint-staged runs ESLint autofix and Prettier on staged TypeScript files, and
Prettier on staged JS, JSON, Markdown, and YAML files.
npm run test:ci — Full suite via encrypted .env.productionnpm run test:ui:ci — UI tests (Chromium, Firefox, WebKit) via encrypted
.env.productionnpm run test:api:ci — API tests via encrypted .env.productionThe .github/workflows/playwright.yml workflow runs on every push to main
and pull request.
.github/dependabot.yml keeps npm packages and GitHub Actions versions fresh
with weekly Monday update checks..github/workflows/snyk-security.yml runs on dependency changes, manual
dispatch, non-Dependabot pull requests, and a weekly Monday schedule.SNYK_TOKEN.
Dependabot PRs skip this workflow because GitHub does not expose Actions
secrets to Dependabot-triggered runs.roman-pinchuk/dependency-security-matrix-action@v1 to update the dependency
matrix on non-PR runs. When SNYK_TOKEN is unavailable or invalid, the
matrix still updates with dependency versions and latest npm versions, but
without scanner-backed security status.SNYK_TOKEN is available, the workf13.1.3 |
| playwright-ctrf-json-reporter | devDependencies | ^0.0.29 | No known issues | 0.0.29 |
| prettier | devDependencies | ^3.9.5 | No known issues | 3.9.5 |
| simple-git-hooks | devDependencies | ^2.13.1 | No known issues | 2.13.1 |
| typescript | devDependencies | ^6.0.3 | No known issues | 7.0.2 |
| typescript-eslint | devDependencies | 8.63.0 | No known issues | 8.64.0 |
| zod | devDependencies | ^4.4.3 | No known issues | 4.4.3 |