Update All Screenshots #22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update All Screenshots | |
| # Updates all screenshots on an existing PR, assuming permission has been given | |
| # to maintainers to make edits. | |
| on: | |
| workflow_dispatch: | |
| # Allows for manual triggering on PRs. They should be reviewed first, to | |
| # avoid malicious code executing in the lab. | |
| inputs: | |
| pr: | |
| description: "A PR number to build and test in the lab." | |
| required: true | |
| jobs: | |
| compute-sha: | |
| name: Compute SHA | |
| runs-on: ubuntu-latest | |
| outputs: | |
| SHA: ${{ steps.compute.outputs.SHA }} | |
| steps: | |
| - name: Compute SHA | |
| id: compute | |
| uses: shaka-project/shaka-github-tools/compute-sha@main | |
| with: | |
| ref: refs/pull/${{ inputs.pr }}/head | |
| set-pending-status: | |
| name: Set Pending Status | |
| needs: compute-sha | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # "Write" to statuses to update commit status | |
| statuses: write | |
| steps: | |
| - name: Set commit status to pending | |
| uses: shaka-project/shaka-github-tools/set-commit-status@main | |
| with: | |
| context: Update All Screenshots | |
| state: pending | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| run-lab-tests: | |
| name: Get Selenium Lab Screenshots | |
| needs: [set-pending-status] | |
| uses: ./.github/workflows/selenium-lab-tests.yaml | |
| permissions: | |
| # "Write" to statuses to update commit status, needed by nested jobs. | |
| statuses: write | |
| with: | |
| # Pass the pre-computed SHA directly to the nested workflow. | |
| # Do NOT pass "pr" and reinterpret it into a SHA in the nested workflow. | |
| sha: ${{ needs.compute-sha.outputs.SHA }} | |
| test_filter: layout | |
| ignore_test_status: true | |
| job_name_prefix: "Get Selenium Lab Screenshots / " | |
| update-pr: | |
| name: Update PR | |
| runs-on: ubuntu-latest | |
| needs: [compute-sha, run-lab-tests] | |
| permissions: | |
| # "Write" to contents to update the PR with a new commit. | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ needs.compute-sha.outputs.SHA }} | |
| persist-credentials: false | |
| - name: Get artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: test/test/assets/screenshots/ | |
| pattern: screenshots-* | |
| merge-multiple: true | |
| - name: Debug Intermediate # FIXME | |
| uses: mxschmitt/[email protected] | |
| with: | |
| limit-access-to-actor: true | |
| - name: Update screenshots | |
| run: | | |
| # NPM packages and the image update scripts could all be modified by | |
| # an attacker to inject code into this step of the workflow. Use | |
| # copies of those files from the main branch as a safeguard. Up to | |
| # now, nothing controlled by the PR author has been executed. | |
| git checkout main -- \ | |
| package-lock.json \ | |
| package.json \ | |
| build/shakaBuildHelpers.py \ | |
| build/updateScreenshots.py \ | |
| build/imageSimilarity.js | |
| # Install prerequisites. | |
| npm ci | |
| # Update the official screenshots for any that have visibly changed. | |
| # This is not a byte-for-byte comparison, but based on pixel diffs. | |
| ./build/updateScreenshots.py | |
| # Act as Shaka Bot. | |
| git config user.name "shaka-bot" | |
| git config user.email "[email protected]" | |
| # Commit the changes to the screenshots only. Ignore failure, in | |
| # case there are no changes. | |
| git add test/test/assets/screenshots/*/*.png || true | |
| git commit -m ':robot: Update all screenshots' || true | |
| - name: Update PR | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| # Update the PR. | |
| PR_API_URL="/repos/${{ github.repository }}/pulls/${{ inputs.pr }}" | |
| REMOTE=$(gh api $PR_API_URL | jq -r .head.repo.html_url) | |
| BRANCH=$(gh api $PR_API_URL | jq -r .head.ref) | |
| # If there were no changes, this will do nothing, but succeed. | |
| git push "$REMOTE" HEAD:"$BRANCH" | |
| - name: Debug | |
| uses: mxschmitt/[email protected] | |
| with: | |
| limit-access-to-actor: true | |
| if: failure() | |
| set-final-status: | |
| name: Set Final Status | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # "Write" to statuses to update commit status | |
| statuses: write | |
| needs: [compute-sha, run-lab-tests, update-pr] | |
| # Will run on success or failure, but not if the workflow is cancelled. | |
| if: ${{ success() || failure() }} | |
| steps: | |
| - name: Compute final status | |
| id: compute | |
| run: | | |
| # The final status must be one of: success, failure, error, pending. | |
| # However, the status from "result" from an earlier job is one of: | |
| # success, failure, cancelled, skipped. | |
| # We start by mapping those. | |
| LAB_TEST_RESULT=$(echo "${{ needs.run-lab-tests.result }}" \ | |
| | sed -Ee 's/(cancelled|skipped)/error/') | |
| UPDATE_PR_RESULT=$(echo "${{ needs.update-pr.result }}" \ | |
| | sed -Ee 's/(cancelled|skipped)/error/') | |
| if [[ "$LAB_TEST_RESULT" == "success" ]]; then | |
| # If run-lab-tests succeeded, use the status of update-pr, which | |
| # comes after that. If that is blank, default to "error". | |
| echo "status=${UPDATE_PR_RESULT:-error}" >> $GITHUB_OUTPUT | |
| else | |
| # If run-lab-tests failed, use that. If that is blank, default to | |
| # "error". | |
| echo "status=${LAB_TEST_RESULT:-error}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Report final status | |
| uses: shaka-project/shaka-github-tools/set-commit-status@main | |
| with: | |
| context: Update All Screenshots | |
| state: ${{ steps.compute.outputs.status }} | |
| token: ${{ secrets.GITHUB_TOKEN }} |