fix(ci): Fix NPM auth when running Playwright E2E tests (#231)

xnyo · web-flow · commit 8da89c22b1e9 · 2025-08-12T16:09:28.000+02:00
* fix(ci): Fix NPM auth when running Playwright E2E tests * Switch branch for testing * fix string to bool * Revert "Switch branch for testing" This reverts commit 78073db.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -462,6 +462,7 @@ jobs:
       grafana-url: ${{ inputs.playwright-grafana-url }}
       secrets: ${{ (fromJson(needs.test-and-build.outputs.workflow-context).isTrusted && inputs.playwright-secrets != '') && inputs.playwright-secrets || '' }}
       node-version: ${{ inputs.node-version }}
+      npm-registry-auth: ${{ inputs.npm-registry-auth }}
 
   playwright-docker:
     name: Plugins - Dockerized Playwright E2E tests
@@ -480,6 +481,8 @@ jobs:
       report-path: ${{ inputs.playwright-report-path }}
       grafana-url: ${{ inputs.playwright-grafana-url }}
       secrets: ${{ (fromJson(needs.test-and-build.outputs.workflow-context).isTrusted && inputs.playwright-secrets != '') && inputs.playwright-secrets || '' }}
+      # TODO: add support for NPM auth in Dockerized Playwright as well
+      # npm-registry-auth: ${{ inputs.npm-registry-auth }}
 
   upload-to-gcs:
     name: Upload to GCS
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
@@ -63,7 +63,13 @@ on:
         description: Node.js version to use
         type: string
         required: false
-
+      npm-registry-auth:
+        description: |
+          Whether to authenticate to the npm registry in Google Artifact Registry.
+          If true, the root of the plugin repository must contain a `.npmrc` file.
+        type: boolean
+        required: false
+        default: false
 permissions:
   contents: read
   id-token: write
@@ -110,6 +116,20 @@ jobs:
           node-version: ${{ inputs.node-version }}
           node-version-file: ${{ inputs.plugin-directory }}/.nvmrc
 
+      - name: Login to Google Cloud
+        if: inputs.npm-registry-auth == true
+        uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12
+        with:
+          token_format: access_token
+          workload_identity_provider: "projects/304398677251/locations/global/workloadIdentityPools/github/providers/github-provider"
+          service_account: github-plugin-ci-workflows@grafanalabs-workload-identity.iam.gserviceaccount.com
+
+      - name: NPM registry auth
+        if: inputs.npm-registry-auth == true
+        shell: bash
+        working-directory: ${{ inputs.plugin-directory }}
+        run: GOOGLE_APPLICATION_CREDENTIALS=${{ env.GOOGLE_APPLICATION_CREDENTIALS }} npx google-artifactregistry-auth --credential-config ./.npmrc
+
       - name: Install npm dependencies
         # TODO: find a better way
         run: |
