forked from shaka-project/shaka-player
-
Notifications
You must be signed in to change notification settings - Fork 0
175 lines (148 loc) · 5.72 KB
/
update-screenshots.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
name: Update All Screenshots
# Updates all screenshots on an existing PR, assuming permission has been given
# to maintainers to make edits.
on:
workflow_dispatch:
# Allows for manual triggering on PRs. They should be reviewed first, to
# avoid malicious code executing in the lab.
inputs:
pr:
description: "A PR number to build and test in the lab."
required: true
jobs:
compute-sha:
name: Compute SHA
runs-on: ubuntu-latest
outputs:
SHA: ${{ steps.compute.outputs.SHA }}
steps:
- name: Compute SHA
id: compute
uses: shaka-project/shaka-github-tools/compute-sha@main
with:
ref: refs/pull/${{ inputs.pr }}/head
set-pending-status:
name: Set Pending Status
needs: compute-sha
runs-on: ubuntu-latest
permissions:
# "Write" to statuses to update commit status
statuses: write
steps:
- name: Set commit status to pending
uses: shaka-project/shaka-github-tools/set-commit-status@main
with:
context: Update All Screenshots
state: pending
token: ${{ secrets.GITHUB_TOKEN }}
run-lab-tests:
name: Get Selenium Lab Screenshots
needs: [set-pending-status]
uses: ./.github/workflows/selenium-lab-tests.yaml
permissions:
# "Write" to statuses to update commit status, needed by nested jobs.
statuses: write
with:
# Pass the pre-computed SHA directly to the nested workflow.
# Do NOT pass "pr" and reinterpret it into a SHA in the nested workflow.
sha: ${{ needs.compute-sha.outputs.SHA }}
test_filter: layout
ignore_test_status: true
job_name_prefix: "Get Selenium Lab Screenshots / "
update-pr:
name: Update PR
runs-on: ubuntu-latest
needs: [compute-sha, run-lab-tests]
permissions:
# "Write" to contents to update the PR with a new commit.
contents: write
steps:
- uses: actions/checkout@v4
with:
ref: ${{ needs.compute-sha.outputs.SHA }}
persist-credentials: false
- name: Get artifacts
uses: actions/download-artifact@v4
with:
path: test/test/assets/screenshots/
pattern: screenshots-*
merge-multiple: true
- name: Debug Intermediate # FIXME
uses: mxschmitt/[email protected]
with:
limit-access-to-actor: true
- name: Update screenshots
run: |
# NPM packages and the image update scripts could all be modified by
# an attacker to inject code into this step of the workflow. Use
# copies of those files from the main branch as a safeguard. Up to
# now, nothing controlled by the PR author has been executed.
git checkout main -- \
package-lock.json \
package.json \
build/shakaBuildHelpers.py \
build/updateScreenshots.py \
build/imageSimilarity.js
# Install prerequisites.
npm ci
# Update the official screenshots for any that have visibly changed.
# This is not a byte-for-byte comparison, but based on pixel diffs.
./build/updateScreenshots.py
# Act as Shaka Bot.
git config user.name "shaka-bot"
git config user.email "[email protected]"
# Commit the changes to the screenshots only. Ignore failure, in
# case there are no changes.
git add test/test/assets/screenshots/*/*.png || true
git commit -m ':robot: Update all screenshots' || true
- name: Update PR
env:
GH_TOKEN: ${{ github.token }}
run: |
# Update the PR.
PR_API_URL="/repos/${{ github.repository }}/pulls/${{ inputs.pr }}"
REMOTE=$(gh api $PR_API_URL | jq -r .head.repo.html_url)
BRANCH=$(gh api $PR_API_URL | jq -r .head.ref)
# If there were no changes, this will do nothing, but succeed.
git push "$REMOTE" HEAD:"$BRANCH"
- name: Debug
uses: mxschmitt/[email protected]
with:
limit-access-to-actor: true
if: failure()
set-final-status:
name: Set Final Status
runs-on: ubuntu-latest
permissions:
# "Write" to statuses to update commit status
statuses: write
needs: [compute-sha, run-lab-tests, update-pr]
# Will run on success or failure, but not if the workflow is cancelled.
if: ${{ success() || failure() }}
steps:
- name: Compute final status
id: compute
run: |
# The final status must be one of: success, failure, error, pending.
# However, the status from "result" from an earlier job is one of:
# success, failure, cancelled, skipped.
# We start by mapping those.
LAB_TEST_RESULT=$(echo "${{ needs.run-lab-tests.result }}" \
| sed -Ee 's/(cancelled|skipped)/error/')
UPDATE_PR_RESULT=$(echo "${{ needs.update-pr.result }}" \
| sed -Ee 's/(cancelled|skipped)/error/')
if [[ "$LAB_TEST_RESULT" == "success" ]]; then
# If run-lab-tests succeeded, use the status of update-pr, which
# comes after that. If that is blank, default to "error".
echo "status=${UPDATE_PR_RESULT:-error}" >> $GITHUB_OUTPUT
else
# If run-lab-tests failed, use that. If that is blank, default to
# "error".
echo "status=${LAB_TEST_RESULT:-error}" >> $GITHUB_OUTPUT
fi
- name: Report final status
uses: shaka-project/shaka-github-tools/set-commit-status@main
with:
context: Update All Screenshots
state: ${{ steps.compute.outputs.status }}
token: ${{ secrets.GITHUB_TOKEN }}