E2E: one-time global auth before test start

[phyllis-sy-wu]

WHY are these changes introduced?

E2E tests currently authenticate the CLI and browser per worker on every test run. This PR centralizes authentication into a single globalSetup step that runs once before tests start.

This lays the foundation for:

• Parallel workers (future PR): Without global auth, each worker would need to authenticate independently, causing redundant OAuth flows and potential rate limiting
• Per-test store creation (future PR): Browser needs pre-authenticated cookies for admin.shopify.com to create dev stores via the store creation form

WHAT is this pull request doing?

Adds a Playwright globalSetup that authenticates once before tests start, then reuses the session:

1. CLI auth (setup/global-auth.ts): Spawns shopify auth login via PTY, completes OAuth in a headless browser (with passkey/WebAuthn bypass), waits for "Logged in"
2. Browser session establishment: Visits admin.shopify.com and dev.shopify.com to establish cookies for both domains (not just accounts.shopify.com)
3. Session reuse (setup/auth.ts): Copies the pre-authenticated CLI session files (XDG dirs) and loads browser storageState — no re-authentication needed

Also includes a CodeQL fix: URL checks for accounts.shopify.com redirects now use new URL().hostname comparison instead of substring matching.

Files changed:

File	Change
setup/global-auth.ts	New: one-time auth + browser cookie establishment
setup/auth.ts	Copies session from global setup instead of re-authenticating
setup/browser.ts	Loads storageState from global setup
setup/env.ts	Adds globalLog() helper for pre-test logging
playwright.config.ts	Adds globalSetup entry

How to test your changes?

# Run with debug output to see global auth logs
DEBUG=1 pnpm --filter e2e exec playwright test

# Expected output before tests start:
# [e2e][auth] global setup starting
# [e2e][auth] browser sessions established for admin + dev dashboard
# [e2e][auth] global setup done, config at ...

Checklist

• I've considered possible cross-platform impacts (Mac, Linux, Windows)
• I've considered possible documentation changes
• I've considered analytics changes to measure impact
• The change is user-facing, so I've added a changelog entry with pnpm changeset add

[phyllis-sy-wu]

• E2E: per-test store isolation with robust teardown #7279
• E2E: temporary time limit bump #7282
• E2E: improve error context in assertions #7281
• E2E: one-time global auth before test start #7272 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[phyllis-sy-wu]

No issues found

---

Review assisted by pair-review

[Copilot]

Pull request overview

Introduces a Playwright globalSetup flow to authenticate the Shopify CLI and browser once per test run, then reuse the resulting CLI session files and browser storageState across worker-scoped fixtures.

Changes:

• Added setup/global-auth.ts global setup to perform one-time CLI OAuth login and persist browser storage state.
• Updated worker fixtures to reuse global session artifacts (copy XDG auth dirs + load storageState) instead of re-authenticating.
• Added a globalLog() helper for pre-worker logging gated behind DEBUG=1.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
packages/e2e/setup/global-auth.ts	New global setup that performs one-time login and writes reusable session artifacts.
packages/e2e/setup/auth.ts	Reuses global CLI session by copying XDG dirs; retains fallback per-worker login.
packages/e2e/setup/browser.ts	Loads Playwright storageState from global setup when available.
packages/e2e/setup/env.ts	Adds globalLog() for debug logging during global setup.
packages/e2e/playwright.config.ts	Registers the new Playwright globalSetup.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.