* ci: route Playwright reports through private Azure Storage container
Replaces the public `/playwright-reports/*` static-website uploads and all GitHub Actions artifact uploads for Playwright traces/videos/blob-reports with uploads to a new private container `playwright-reports` on the same storage account. PR comments now link to an Azure Portal blob-properties deep link (requires AAD sign-in) instead of the previously anonymous static-site URL.
Fixes MSRC finding: Playwright traces captured on test failure embed Authorization: Bearer headers, and the existing publish path made them anonymously downloadable. The new private container is RBAC-gated (Storage Blob Data Reader/Contributor at container scope) and the storage account already has anonymous blob access and shared-key access disabled.
* ci: TEMP smoke-test single Playwright spec to validate MSRC plumbing
Reduces the Playwright matrix to 1 shard and restricts the run to a single test in the searchableDropdown component fixture on Chrome. The fixture hits the local dev server only, so no Cosmos auth and no token captures happen \u2014 isolates the smoke test to the new Azure Storage upload/download/zip/PR-comment plumbing.
REVERT THIS COMMIT before merging the parent PR.
* ci: grant id-token: write to merge-playwright-reports job
The merge job overrides workflow-level permissions with its own block (contents: read, pull-requests: write), which silently drops the workflow-level id-token: write. Without it, Azure/login@v2 cannot fetch the federated OIDC token and fails.
Bug introduced when the Az login was relocated from the deleted publish-playwright-report job (which had id-token: write) into the merge job.
* ci: trigger re-run after RBAC propagation
* ci: trigger re-run after E2E_TESTS_CLIENT_ID SP grant
* ci: flatten downloaded shard reports before merge
az storage blob download-batch preserves the full blob path, but playwright merge-reports expects .zip files directly in the target directory. Flatten with find + mv after download.
* ci: switch PR comment to ContainerMenuBlade deep link
BlobPropertiesBladeV2 requires undocumented 'tabToload' and 'isDeleted' params we couldn't get past the Portal's grammar validator. ContainerMenuBlade has no required params and drops users directly into the playwright-reports container, where they navigate to \{run_id}-{attempt}/report.zip\ (one extra click vs. blob-direct).
* ci: make report path more prominent in PR comment
Surface the {run_id}-{attempt}/report.zip path on its own line so reviewers can copy-paste it into the Portal search instead of scanning the navigation prose.
* Revert "ci: TEMP smoke-test single Playwright spec to validate MSRC plumbing"
This reverts commit 308005f02b.
* ci: refresh OIDC token before shard upload
GitHub OIDC client assertions are valid for only 5 minutes (JWT iat -> exp window). Playwright shards that take >5 min exhaust the validity window before the upload step runs, causing AADSTS700024 'Client assertion is not within its valid time range'. Add a fresh Azure/login@v2 step right before the upload to mint a new OIDC token.
* Scale the number of test accounts used for SQL tests to one per shard.
* Set PLAYWRIGHT_SHARD_INDEX environment variable in CI workflow.
* Add log statement for the shared index and selected account.
* Remove console log.
* Fix order of accounts so that shard index maps to same account index.
* Try to fix the SQL account scope in ci.yml
* Get tokens for all accounts and use the shard index to pick which one.
* Set tokens without loop.
* Handcode the token use in tests.
* Fix database creation.
* Add debug for rbac token issues.
* Common function for retrieving NoSQL token.
* Disable eslint rule for noconsole temporarily.
* Move getNoSqlRbacToken to separate file.
* Fix ref to new function.
* mock Resource Graph API — fires on auto-subscription selection to populate account dropdown
* Code tidy-up.
* Fix build errors.
---------
Co-authored-by: Bikram Choudhury <bchoudhury@microsoft.com>
* Fix cleanupDBs.js: use async iteration for Azure SDK paged results
* update node version
* fix cleanup script to use new Cosmos SDK APIs correctly
* get rid of global crypto
* fix flakiness
* revert DE pipeline to use Node 18
* nit
---------
Co-authored-by: Asier Isayas <aisayas@microsoft.com>
* dont refresh tree when opening scale & settings
* disable offline/online migration tests
* delete db after each test
* DEBUG: expand console for mongo testing
* find first execute button for stored procedure
* DEBUG: wait for editor to process changes
* increase wait time to 5s
* verify document text was set
* keep document spec as original
* debug new document and save document count
* when loading a document, wait for document text to appear then click new document
* wait for document to be loaded
* remove debug statement
* wait for results to attach
* do forced wait instead
* cleanup tests
* uncomment container copy tests
* run test account cleanup every 12 hours
* change cleanup frequency to once a day
---------
Co-authored-by: Asier Isayas <aisayas@microsoft.com>
* Temporarily re-enable key based auth for Mongo and Cassandra tests.
* Increase number of shards for playwright tests.
* Another small bump to test shard count.
* click global new... button then collection in playwright tests
* get new table button
* create and delete container for every individual scale test
* for scale and settings, dont create sample data in container
* run scale tests serially
* refactor scale setup and tear down to be within each test
* record network traces
* record network calls on all retries
* when disposing of database during playwright test, refresh tree to remove deleted database
* refresh tree before opening scale and settings
* When opening scale and settings, refresh databases
* reload all databases before loading offers
* increase time for change partition key request
* increase time for change partition key request
* refresh databases in test instead of product code
* when refreshing containers, open console window to check for status completion
* close notification console window after seeing desired log
* create and delete a container for each individual test
* dont delete database after every test. leave it to the CI
* Don't refresh databases when opening Scale+Settings and only delete database if running locally
* only open scale and settings at the beginning of each test suite
* get it back to working
* change settings.spect.ts from serial to parallel
* don't delete database after each test
* update container creation throughpout to be 5000
* run tests with no throughput limit on the account
* adjust scale test to reflect no throughput limit on account
* remove test container throughput
* don't refresh collections when clicking settings in product code
* refactor and run cleanup during pr check
* copy cleanup accounts
* run cleanup after playwright tests
* run cleanup every three hours
* revert ci.yml
* update cpk test
* remove cpk
* remove cleanup accounts and add cpk
* add cpk
* remove cpk changes
* revert ci.yml
* run cleanup every two hours
---------
Co-authored-by: Jade Welton <jawelton@microsoft.com>
Co-authored-by: Asier Isayas <aisayas@microsoft.com>
* Add E2E test changes to support RBAC for Mongo and Cassandra.
* Uncomment Mongo changes.
* Be more selective with which tokens are passed to DE for each test.
* Acquire token for NoSQL account prior to running tests.
* Change client id to user assigned managed identity.
* Change to use managed identity. Add token variables for gremlin and
tables.
* Add RBAC details to test README.
* Add token for SQL readonly database. Skip resource token tests when RBAC
enabled.
* Use hardcoded account name for sql readonly.
* Use specific tag for sql readonly.
* Remove comment.
* assign default throughput based on workload type
* combined common logic
* fix unit tests
* add tests
* update tests
* npm run format
* Update ci.yml
---------
Co-authored-by: Asier Isayas <aisayas@microsoft.com>
* Changes to DE preview site to support managed identity. Changes to
infrastructure to use new preview site.
* Fix formatting.
* Potential fix for code scanning alert no. 56: Server-side request forgery
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* Use different secrets for subscription/tenant/client id's.
* Revert new id names.
* Update Az CLI config.
* Update to Node 18 and update security vulnerable dependencies.
---------
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* Specify actual package names in upload artifacts task.
* Revert path change, use unique names for upload task.
* Fix the right properties.
* Revert condition change
* Use Az login with OpenID connection to get test credentials.
* Set subscription id environment variable.
* Update testExplorer and cleanup job.
* Retrieve access token in test case and pass to testExplorer.
* Add debug tracing for tests.
* Set up other mongo test to use Az CLI creds.
* Revert subscription id retrieval.
* Add CLI credentials retrieval to rest of tests.
* Fix missing imports.
* Clean up redundant code.
* Remove commented import statement.
* Add Platform.Fabric to run in context of Fabric
* Use separate StyleConstants
We want to have more flexibility with Styles at runtime
but Constants depend on ConfigContext and therefore
get loaded very early at startup.
* Add Fabric specific styles and Fluent theme
documentDBFabric.less contains all styles for Fabric.
We use React.lazy to import them conditionally at
runtime preventing webpack from preprocessing
them into main.css.
* Restyle CommandBar for Fabric
with more roundness and native colors.
* Disable Notebooks when running in Fabric
* Disable Synapse and Scripts commands for Fabric
* Fix code formatting issues
* Fetch encrypted token from sessionStorage for fabric platform
* Fix Tabs style
* Dark refresh icons for Fabric
* Use new ResourceTree2 for Fabric
* Fluent tree should have a fixed width
otherwise the action buttons jump around on hover.
* Disable remaining Script actions in Fabric
* Revert accidentally committed change
which broke a test
* Fix cross-origin error second try
* Adjust @FabrixBoxMargin css
* Hide Database Scale node on Fabric
* Remove all Collection child nodes on Fabric
* Add a comment about why we need FabricPlatform.tsx
* Fix equality checks
* Fix more Colors for Fabric
* Switch resource tree to "medium" size
* Fix formatting again
* Fix formatting again
* Disable no-var-requires error on some intended var import.
* Increase memory limit for build
* Use standard Segoe UI font for Fabric
* Improve Tabs design for Fabric
* Fix active Tab style bug in Portal
introduced with 39a7765aef
---------
Co-authored-by: Laurent Nguyen <laurent.nguyen@microsoft.com>
* Update subscription for preview PRs
* Fix command line args
* Replace subid for sub name
* Remove --subscription from az storage commands
* revert other changes
* Changes to publish pane
* fixed format errors
* fixed failing test
* added test explorer changes for mongo accounts
* added log for test
* fixed lit errors
* added secrets to ci.yml file
* fixed failing self serve test
sunghyunkang1111
jawelton74
asier-isayas
BChoudhury-ms
Ashley Stanton-Nurse
Laurent Nguyen
Vsevolod Kukol
victor-meng
Armando Trejo Oliver
Steve Faulkner
Hardikkumar Nai
Steve Faulkner
Azure Static Web Apps
Srinath Narayanan