viaprog/shaka-player
1
0
Fork 0
mirror of https://github.com/shaka-project/shaka-player.git synced 2026-06-26 17:46:26 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
de4bb9e8a80d3cf9f51947f55b295b87a36498f9
shaka-player/.github/workflows/update-screenshots.yaml
T
Joey Parrish 9dbed29b97 ci: Handle screenshot updates with no changes (#8135) 
If a maintainer requests screenshot updates in a new PR, but there are
no changes, simply don't create a PR.

Also adds logs to make it clear which path was taken.
2025-02-20 10:34:47 -08:00

268 lines
9.2 KiB
YAML
Raw Blame History

name: Update All Screenshots
# Updates all screenshots on an existing PR, assuming permission has been given
# to maintainers to make edits.
on:
workflow_dispatch:
# Allows for manual triggering on PRs. They should be reviewed first, to
# avoid malicious code executing in the lab.
inputs:
pr:
description: "A PR number to build and test in the lab. Otherwise, will create a new PR."
required: false
jobs:
compute-sha:
name: Compute SHA
runs-on: ubuntu-latest
outputs:
SHA: ${{ steps.compute.outputs.SHA }}
steps:
- name: Compute SHA
id: compute
uses: shaka-project/shaka-github-tools/compute-sha@main
with:
ref: ${{ inputs.pr && format('refs/pull/{0}/head', inputs.pr) || 'refs/heads/main' }}
set-pending-status:
name: Set Pending Status
needs: compute-sha
runs-on: ubuntu-latest
permissions:
# "Write" to statuses to update commit status
statuses: write
steps:
- uses: actions/checkout@v4
with:
ref: ${{ needs.compute-sha.outputs.SHA }}
persist-credentials: false
- name: Set commit status to pending
uses: shaka-project/shaka-github-tools/set-commit-status@main
with:
context: Update All Screenshots
state: pending
token: ${{ secrets.GITHUB_TOKEN }}
run-lab-tests:
name: Get Selenium Lab Screenshots
needs: [set-pending-status]
uses: ./.github/workflows/selenium-lab-tests.yaml
permissions:
# "Write" to statuses to update commit status, needed by nested jobs.
statuses: write
with:
# Pass the pre-computed SHA directly to the nested workflow.
# Do NOT pass "pr" and reinterpret it into a SHA in the nested workflow.
sha: ${{ needs.compute-sha.outputs.SHA }}
test_filter: layout
ignore_test_status: true
job_name_prefix: "Get Selenium Lab Screenshots / "
commit-new-screenshots:
name: Commit New Screenshots
runs-on: ubuntu-latest
needs: [compute-sha, run-lab-tests]
# NOTE: NO PERMISSIONS ON THIS JOB. It runs PR-author-controlled code from
# the PR, and so must be untrusted!
steps:
- uses: actions/checkout@v4
with:
ref: ${{ needs.compute-sha.outputs.SHA }}
fetch-depth: 0
persist-credentials: false
- name: Get artifacts
uses: actions/download-artifact@v4
with:
path: test/test/assets/screenshots/
pattern: screenshots-*
merge-multiple: true
- name: Update screenshots
run: |
# NOTE: Steps of this could be influenced by the PR author, which is
# why we run this job without any accessible tokens or special
# permissions.
# Install prerequisites.
npm ci
# Update the official screenshots for any that have visibly changed.
# This is not a byte-for-byte comparison, but based on pixel diffs.
./build/updateScreenshots.py
# Act as Shaka Bot.
git config user.name "shaka-bot"
git config user.email "shaka-bot@users.noreply.github.com"
# Commit the changes to the screenshots only. Ignore failure, in
# case there are no changes.
git add test/test/assets/screenshots/*/*.png || true
git commit -m ':robot: Update all screenshots' || true
- name: Cache Commits
# Here we cache commits, made above in an untrusted job, to pull into a
# separate, trusted job with permission to push to the repo. The
# untrusted job can't pollute the environment of the trusted job by,
# say, modifying /usr/bin/gh.
uses: actions/cache/save@v4
with:
path: .git/
key: screenshot-commits-${{ needs.compute-sha.outputs.SHA }}
- name: Debug
uses: mxschmitt/action-tmate@v3.17
with:
limit-access-to-actor: true
if: failure()
manage-pr:
name: Manage PR
runs-on: ubuntu-latest
needs: [compute-sha, commit-new-screenshots]
# NOTE: No granular permissions here, because we use SHAKA_BOT_TOKEN
# instead of the default token. The action to push to the PR must be done
# by an actor with permission, and the default GitHub token doesn't work.
steps:
- uses: actions/checkout@v4
with:
ref: ${{ needs.compute-sha.outputs.SHA }}
fetch-depth: 0
persist-credentials: false
- name: Restore Commits
# Here we restore commits, made above in the above untrusted job, to
# pull into this trusted job. See comments above on "Cache Commits".
uses: actions/cache/restore@v4
with:
path: .git/
key: screenshot-commits-${{ needs.compute-sha.outputs.SHA }}
- name: Create PR
if: ${{ inputs.pr == '' }}
env:
GH_TOKEN: ${{ secrets.SHAKA_BOT_TOKEN }}
run: |
# Create a local branch.
git checkout -b update-screenshots
# Lean on $GH_TOKEN to authenticate the push.
gh auth setup-git
# If there were no changes, this will do nothing, but succeed.
git push -f origin HEAD:refs/heads/update-screenshots
# Check if a PR already exists.
REPO_OWNER=$(echo "${{ github.repository }}" | cut -f 1 -d /)
REPO_NAME=$(echo "${{ github.repository }}" | cut -f 2 -d /)
gh pr list \
--json number,headRepository,headRefName,headRepositoryOwner \
| jq "map(select(
.headRepositoryOwner.login == \"$REPO_OWNER\" and
.headRepository.name == \"$REPO_NAME\" and
.headRefName == \"update-screenshots\").number)[0]" > pr-number
PR=$(cat pr-number)
if [[ "$PR" == "null" ]]; then
# No PR exists.
if git diff --quiet remotes/origin/main; then
# Exit code 0 means "no changes". No need to make a PR.
echo "No changes. Not creating a PR."
else
echo "Creating a new PR."
# Create a PR.
gh pr create \
--title 'chore: Update all screenshots' \
--body ':robot:' \
--reviewer 'shaka-project/shaka-player'
fi
else
# If a PR already existed, pushing to the branch was enough to
# update it.
echo "PR #$PR already exists, and has been updated."
fi
- name: Update PR
if: ${{ inputs.pr != '' }}
env:
GH_TOKEN: ${{ secrets.SHAKA_BOT_TOKEN }}
run: |
# Update the PR.
# Compute the destination for the push. This uses the GitHub API
# because this workflow is not triggered directly by a PR, so there
# is no context variable that supplies these details.
PR_API_URL="/repos/${{ github.repository }}/pulls/${{ inputs.pr }}"
REMOTE=$(gh api $PR_API_URL | jq -r .head.repo.html_url)
BRANCH=$(gh api $PR_API_URL | jq -r .head.ref)
echo "Updating PR #${{ inputs.pr }} at remote $REMOTE, branch $BRANCH"
# Lean on $GH_TOKEN to authenticate the push.
gh auth setup-git
# If there were no changes, this will do nothing, but succeed.
git push "$REMOTE" HEAD:"$BRANCH"
- name: Debug
uses: mxschmitt/action-tmate@v3.17
with:
limit-access-to-actor: true
if: failure()
set-final-status:
name: Set Final Status
runs-on: ubuntu-latest
permissions:
# "Write" to statuses to update commit status
statuses: write
needs: [compute-sha, run-lab-tests, manage-pr]
# Will run on success or failure, but not if the workflow is cancelled.
if: ${{ success() || failure() }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ needs.compute-sha.outputs.SHA }}
persist-credentials: false
- name: Compute final status
id: compute
run: |
# The final status must be one of: success, failure, error, pending.
# However, the status from "result" from an earlier job is one of:
# success, failure, cancelled, skipped.
# We start by mapping those.
LAB_TEST_RESULT=$(echo "${{ needs.run-lab-tests.result }}" \
| sed -Ee 's/(cancelled|skipped)/error/')
UPDATE_PR_RESULT=$(echo "${{ needs.manage-pr.result }}" \
| sed -Ee 's/(cancelled|skipped)/error/')
if [[ "$LAB_TEST_RESULT" == "success" ]]; then
# If run-lab-tests succeeded, use the status of manage-pr, which
# comes after that. If that is blank, default to "error".
echo "status=${UPDATE_PR_RESULT:-error}" >> $GITHUB_OUTPUT
else
# If run-lab-tests failed, use that. If that is blank, default to
# "error".
echo "status=${LAB_TEST_RESULT:-error}" >> $GITHUB_OUTPUT
fi
- name: Report final status
uses: shaka-project/shaka-github-tools/set-commit-status@main
with:
context: Update All Screenshots
state: ${{ steps.compute.outputs.status }}
token: ${{ secrets.GITHUB_TOKEN }}
Reference in New Issue View Git Blame Copy Permalink