fix: bump version and add caching for playwright

[wassimoo]

The test-playwright job was hitting the 60-minute limit and getting canceled on every run due to microsoft/playwright#40998

Checklist

• I have read the contributing guidelines and signed the CLA.
• I have referenced an issue containing the design document if my change introduces a new feature.
• I have read the security policy.
• I confirm that this pull request does not address a security vulnerability.
  If this pull request addresses a security vulnerability,
  I confirm that I got approval (please contact security@ory.com) from the maintainers to push the changes.
• I have added tests that prove my fix is effective or that my feature works.
• I have added the necessary documentation within the code base (if appropriate).

Summary by CodeRabbit

• Chores
  • Added CI caching for Playwright browser artifacts to speed builds and reduce repeated downloads.
  • Bumped Playwright test tooling in dev dependencies to a newer version.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a GitHub Actions cache step to persist Playwright browser binaries at ~/.cache/ms-playwright keyed by runner OS and package-lock.json, and bumps @playwright/test devDependency to v1.60.0.

Changes

CI Optimization

Layer / File(s)	Summary
Playwright browser cache setup .github/workflows/playwright.yml	Adds an actions/cache@v4 step to cache ~/.cache/ms-playwright with key playwright-${{ runner.os }}-${{ hashFiles('package-lock.json') }}.
Playwright test dependency bump package.json	Updates @playwright/test devDependency from 1.56.1 to 1.60.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I hid the browsers in a cozy cache,
CI hums along without a crash,
Versions nudged to keep things spry,
Tests scurry fast, no time to sigh,
A rabbit winks — the pipeline's brash.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	PR description addresses the problem (test-playwright timeout) and references the upstream issue, but lacks detailed explanation of the solution, impact assessment, and complete checklist.	Expand the description to explain how the version bump and caching resolve the timeout issue, document the Playwright version upgrade impact, and clarify what the CI command changes accomplish.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The title accurately summarizes the main changes: bumping @playwright/test from 1.56.1 to 1.60.0 and adding GitHub Actions caching for Playwright browser binaries.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/playwright-ci-timeout

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/playwright.yml:
- Around line 51-55: The workflow step named "Cache Playwright browsers"
currently uses actions/cache@v4; update that step to pin the action to the
specific commit SHA recommended for v4.2.0 by replacing actions/cache@v4 with
actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 so the cache action is
SHA-pinned and stable (keep the step name, path, and key unchanged).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: bb776884-d10b-49ef-8226-3f333040421e

📥 Commits

Reviewing files that changed from the base of the PR and between dd3d83e and ecc0c4a.

📒 Files selected for processing (1)

• .github/workflows/playwright.yml

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/playwright.yml (1)

51-55: ⚡ Quick win

Add a same-OS restore-keys fallback.

Hashing the entire package-lock.json makes this cache cold on any lockfile churn, even when the Playwright browser revision is unchanged. That cuts into the CI win this step is meant to provide. A same-OS fallback keeps prior browser caches reusable, and Line 57 will still download anything missing.

Suggested change

       - name: Cache Playwright browsers
         uses: actions/cache@v4
         with:
           path: ~/.cache/ms-playwright
           key: playwright-${{ runner.os }}-${{ hashFiles('package-lock.json') }}
+          restore-keys: |
+            playwright-${{ runner.os }}-

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/playwright.yml around lines 51 - 55, The cache step named
"Cache Playwright browsers" currently uses a full package-lock.json hash as the
sole key, which makes the cache cold on lockfile changes; add a restore-keys
fallback so prior same-OS browser caches can be reused by CI. Modify the step
that uses actions/cache@v4 (the "Cache Playwright browsers" step) to include a
restore-keys entry such as a same-OS prefix like "playwright-${{ runner.os }}-"
so the action can fall back to any prior cache matching the runner OS when the
exact package-lock hash key misses.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/playwright.yml:
- Around line 51-55: The cache step named "Cache Playwright browsers" currently
uses a full package-lock.json hash as the sole key, which makes the cache cold
on lockfile changes; add a restore-keys fallback so prior same-OS browser caches
can be reused by CI. Modify the step that uses actions/cache@v4 (the "Cache
Playwright browsers" step) to include a restore-keys entry such as a same-OS
prefix like "playwright-${{ runner.os }}-" so the action can fall back to any
prior cache matching the runner OS when the exact package-lock hash key misses.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 1e7c4b68-99d6-4a76-a3f7-51a181e1ed8c

📥 Commits

Reviewing files that changed from the base of the PR and between c28c819 and 7f0b57b.

📒 Files selected for processing (1)

• .github/workflows/playwright.yml