forked from shaka-project/shaka-player
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
98a8d79
commit a1af728
Showing
1 changed file
with
50 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -64,14 +64,12 @@ jobs: | |
| ignore_test_status: true | ||
| job_name_prefix: "Get Selenium Lab Screenshots / " | ||
|
|
||
| update-pr: | ||
| commit-new-screenshots: | ||
| name: Update PR | ||
| runs-on: ubuntu-latest | ||
| needs: [compute-sha, run-lab-tests] | ||
|
|
||
| permissions: | ||
| # "Write" to contents to update the PR with a new commit. | ||
| contents: write | ||
| # NOTE: NO PERMISSIONS ON THIS JOB. It runs PR-author-controlled code from | ||
| # the PR, and so must be untrusted! | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
@@ -87,11 +85,6 @@ jobs: | |
| pattern: screenshots-* | ||
| merge-multiple: true | ||
|
|
||
| - name: Debug Intermediate # FIXME | ||
| uses: mxschmitt/[email protected] | ||
| with: | ||
| limit-access-to-actor: true | ||
|
|
||
| - name: Update screenshots | ||
| run: | | ||
| # NPM packages and the image update scripts could all be modified by | ||
|
|
@@ -121,17 +114,62 @@ jobs: | |
| git add test/test/assets/screenshots/*/*.png || true | ||
| git commit -m ':robot: Update all screenshots' || true | ||
| - name: Cache Commits | ||
| # Here we cache commits, made above in an untrusted job, to pull into a | ||
| # separate, trusted job with permission to push to the repo. The | ||
| # untrusted job can't pollute the environment of the trusted job by, | ||
| # say, modifying /usr/bin/gh. | ||
| uses: actions/cache/save@v4 | ||
| with: | ||
| path: .git/ | ||
| key: screenshot-commits-${{ needs.compute-sha.outputs.SHA }} | ||
|
|
||
| - name: Debug | ||
| uses: mxschmitt/[email protected] | ||
| with: | ||
| limit-access-to-actor: true | ||
| if: failure() | ||
|
|
||
| update-pr: | ||
| name: Update PR | ||
| runs-on: ubuntu-latest | ||
| needs: [compute-sha, commit-new-screenshots] | ||
|
|
||
| permissions: | ||
| # "Write" to contents to update the PR with a new commit. | ||
| contents: write | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ needs.compute-sha.outputs.SHA }} | ||
| fetch-depth: 0 | ||
| persist-credentials: false | ||
|
|
||
| - name: Restore Commits | ||
| # Here we restore commits, made above in the above untrusted job, to | ||
| # pull into this trusted job. See comments above on "Cache Commits". | ||
| uses: actions/cache/restore@v4 | ||
| with: | ||
| path: .git/ | ||
| key: screenshot-commits-${{ needs.compute-sha.outputs.SHA }} | ||
|
|
||
| - name: Update PR | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: | | ||
| # Update the PR. | ||
| # Compute the destination for the push. | ||
| # Compute the destination for the push. This uses the GitHub API | ||
| # because this workflow is not triggered directly by a PR, so there | ||
| # is no context variable that supplies these details. | ||
| PR_API_URL="/repos/${{ github.repository }}/pulls/${{ inputs.pr }}" | ||
| REMOTE=$(gh api $PR_API_URL | jq -r .head.repo.html_url) | ||
| BRANCH=$(gh api $PR_API_URL | jq -r .head.ref) | ||
| # Lean on $GH_TOKEN to authenticate the push. | ||
| gh auth setup-git | ||
| # If there were no changes, this will do nothing, but succeed. | ||
| git push "$REMOTE" HEAD:"$BRANCH" | ||
|
|
||