A test suite is only as valuable as when it runs. You can have the most comprehensive Playwright tests, the best contract testing setup, and meticulous performance benchmarks — but if they don't run at the right moment in your delivery pipeline, they're documentation, not quality gates. The when and where of test execution is just as important as the what.
This article maps out the complete testing pipeline — from the moment a developer hits save to the moment a change reaches production. I'll share the architecture I use across teams, with concrete GitHub Actions configurations you can adapt to your own projects.
The Testing Pipeline Spectrum
Think of your delivery pipeline as a series of quality gates, each with increasing scope and cost:
- Pre-commit — runs on the developer's machine before code is committed. Sub-second to seconds.
- PR / Pull Request — runs in CI when a PR is opened or updated. Minutes.
- Merge to main — runs after code lands on the main branch. Minutes to tens of minutes.
- Deployment — runs after deployment to an environment. Minutes.
- Production — runs continuously against live systems. Ongoing.
Each gate should catch different categories of defects. The principle: fail fast, fail cheap. Catch what you can locally before it costs CI minutes, catch integration issues in PR checks before they block the team, and validate production behavior continuously.
Pre-Commit: The First Gate
Pre-commit hooks are the cheapest quality gate you have. They run on the developer's machine with zero CI cost. The goal is to catch obvious issues before they enter the repository.
I use Husky with lint-staged for this:
#!/usr/bin/env sh
# .husky/pre-commit
npx lint-staged{
"*.{ts,tsx}": [
"eslint --fix --max-warnings 0",
"prettier --write"
],
"*.{ts,tsx}": [
"tsc --noEmit --pretty"
],
"tests/unit/**/*.test.ts": [
"vitest run --reporter=dot"
]
}This ensures every commit has clean linting, correct types, and passing unit tests for changed files. Total execution time: under 10 seconds for most changesets. Developers who skip this step (using --no-verify) should be gently reminded that they're trading 10 seconds of local feedback for 10 minutes of CI failure.
PR Stage: Integration and Visual Regression
When a PR is opened, the pipeline should validate everything the pre-commit hook doesn't cover: integration tests, visual regression, security scans, and cross-browser checks. This is where most of your CI budget should go.
Here's the GitHub Actions workflow I use as a baseline:
# .github/workflows/pr-checks.yml
name: PR Quality Gates
on:
pull_request:
branches: [main]
concurrency:
group: pr-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
unit-and-lint:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
- run: npm ci
- run: npm run lint
- run: npm run typecheck
- run: npm run test:unit -- --coverage
- uses: actions/upload-artifact@v4
with:
name: coverage-report
path: coverage/
integration:
runs-on: ubuntu-latest
timeout-minutes: 15
services:
postgres:
image: postgres:16
env:
POSTGRES_DB: test_db
POSTGRES_PASSWORD: test
ports:
- 5432:5432
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
- run: npm ci
- run: npm run test:integration
env:
DATABASE_URL: postgresql://postgres:test@localhost:5432/test_db
e2e:
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
- run: npm ci
- run: npx playwright install --with-deps chromium
- run: npm run test:e2e -- --shard=${{ matrix.shard }}
strategy:
matrix:
shard: [1/3, 2/3, 3/3]
- uses: actions/upload-artifact@v4
if: failure()
with:
name: playwright-traces-${{ matrix.shard }}
path: test-results/
security:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- run: npm audit --audit-level=high
- uses: aquasecurity/trivy-action@master
with:
scan-type: fs
severity: CRITICAL,HIGHSeveral design decisions are important here. The concurrency block cancels in-progress runs when a PR is updated — no point running checks on a commit the developer has already superseded. The E2E job uses sharding to split the Playwright suite across three parallel runners, reducing wall-clock time by roughly 60%. And the if: failure() condition on trace uploads ensures you only store debugging artifacts when tests actually fail, keeping storage costs low.
Merge to Main: Full Regression
After a PR is merged, the main branch should run the complete test suite — including tests that are too slow or too expensive for every PR. This typically includes:
- Full E2E suite across all browsers (Chromium, Firefox, WebKit)
- Performance benchmarks compared against baseline
- Contract test verification against all consumer pacts
- Visual regression with screenshot comparison
The merge-to-main pipeline is your safety net. PR checks might be optimized for speed (running only Chromium, skipping slow tests), but the merge pipeline runs everything. If something slips through, this gate catches it before deployment.
# Part of .github/workflows/merge-checks.yml
performance:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
- run: npm ci
- run: npm run build
- run: npm run test:perf
- uses: actions/upload-artifact@v4
with:
name: perf-results
path: perf-results/
- name: Check performance budgets
run: |
node scripts/check-perf-budgets.js \
--baseline perf-results/baseline.json \
--current perf-results/current.json \
--threshold 10Deployment: Smoke Tests and Canaries
After deployment to staging or production, run smoke tests — a small, fast subset of your E2E suite that validates critical user paths work in the deployed environment. These tests answer one question: "is the deployment healthy enough to receive traffic?"
For production deployments, I recommend a canary strategy: route a small percentage of traffic (5-10%) to the new version while running smoke tests. If the tests pass and error rates remain stable, gradually increase traffic. If anything fails, roll back automatically.
// tests/smoke/critical-paths.spec.ts
import { test, expect } from '@playwright/test';
test.describe('Smoke Tests - Critical Paths', () => {
test('homepage loads and displays key elements', async ({ page }) => {
await page.goto(process.env.DEPLOY_URL!);
await expect(page).toHaveTitle(/MyApp/);
await expect(page.getByRole('navigation')).toBeVisible();
});
test('user can authenticate', async ({ page }) => {
await page.goto(`${process.env.DEPLOY_URL}/login`);
await page.getByLabel('Email').fill(process.env.SMOKE_USER!);
await page.getByLabel('Password').fill(process.env.SMOKE_PASS!);
await page.getByRole('button', { name: 'Sign in' }).click();
await expect(page.getByText('Dashboard')).toBeVisible({ timeout: 10000 });
});
test('API health check returns OK', async ({ request }) => {
const response = await request.get(`${process.env.DEPLOY_URL}/api/health`);
expect(response.ok()).toBeTruthy();
const body = await response.json();
expect(body.status).toBe('healthy');
expect(body.database).toBe('connected');
});
});Smoke tests should complete in under 2 minutes. If they take longer, you're running too many. Be ruthless about keeping this suite small and fast — its job is to detect catastrophic deployment failures, not catch edge cases.
Parallelization Strategies
Pipeline speed is a feature. Slow pipelines reduce developer productivity, encourage skipping checks, and increase the batch size of changes — which increases risk. Here are the parallelization strategies I apply consistently:
- Job-level parallelism: Unit tests, integration tests, E2E tests, and security scans should all run as separate jobs that start simultaneously. A pipeline where these run sequentially is wasting 60-70% of its wall-clock time.
- Test sharding: Split large test suites across multiple runners using Playwright's built-in
--shardflag. Three shards typically cut E2E execution from 15 minutes to 5. - Selective execution: Use path filters to skip irrelevant jobs. A change to documentation shouldn't trigger E2E tests. GitHub Actions'
pathsfilter makes this straightforward. - Caching aggressively: Cache
node_modules, Playwright browsers, and Docker layers. The difference between a cold and warm pipeline can be 3-5 minutes.
Artifact Management
When tests fail in CI, developers need enough context to debug without reproducing the failure locally. This means collecting and storing the right artifacts:
- Playwright traces: A trace file contains every network request, DOM snapshot, and console log from a test run. Upload these on failure and developers can debug visually in the Trace Viewer.
- Screenshots and videos: Configure Playwright to capture screenshots on failure and videos for retried tests. These are invaluable for visual bugs and timing-related failures.
- Test reports: Generate HTML reports that summarize pass/fail/skip counts, execution time per test, and failure trends over time.
- Coverage reports: Upload coverage data and track trends. Declining coverage on a feature should trigger a conversation, not an automated block.
Measuring Pipeline Health
A pipeline is a system, and like any system, it needs observability. These are the metrics I track:
- P95 pipeline duration: How long does the 95th percentile PR take to get feedback? Target: under 15 minutes for the full PR check suite.
- Flake rate: What percentage of test failures are false positives? Track this weekly. A flake rate above 5% erodes trust in the pipeline. Developers start ignoring failures, and real bugs slip through.
- MTTR (Mean Time to Repair): When the pipeline breaks, how long until it's green again? This measures how quickly the team responds to quality regressions.
- Queue time: How long do jobs wait for a runner before executing? If queue times are consistently above 2 minutes, you need more runners or better concurrency management.
#!/bin/bash
# scripts/pipeline-metrics.sh — collect weekly pipeline health metrics
echo "=== Pipeline Health Report ==="
echo "Period: $(date -d '7 days ago' +%Y-%m-%d) to $(date +%Y-%m-%d)"
echo ""
# P95 duration (from GitHub API)
gh api repos/$REPO/actions/runs \
--jq '[.workflow_runs[] | select(.conclusion=="success") | .run_started_at as $start | .updated_at as $end | (($end | fromdate) - ($start | fromdate))] | sort | .[length * 0.95 | floor]' \
| xargs -I {} echo "P95 Duration: {} seconds"
# Flake rate (tests that failed then passed on retry)
echo "Flake Rate: $(cat test-results/flake-report.json | jq '.flakeRate')"
# Failed runs this week
gh api repos/$REPO/actions/runs \
--jq '[.workflow_runs[] | select(.conclusion=="failure")] | length' \
| xargs -I {} echo "Failed Runs: {}"A fast, reliable pipeline is a competitive advantage. Teams with 10-minute feedback loops ship 3x more often than teams with 45-minute pipelines — and with fewer production incidents.
Your CI/CD pipeline is the backbone of your quality strategy. Design it with the same care you'd design your application architecture: clear separation of concerns at each stage, fast feedback loops, comprehensive artifact collection, and observable health metrics. The pipeline shouldn't just run tests — it should give your team confidence that every merge to main is safe to deploy.
Comments
0 commentsAll comments are moderated and will appear after review.