From 5ee0a0dd863ec5e739ca9313aefc1f2920b7e133 Mon Sep 17 00:00:00 2001 From: Pravus Date: Fri, 22 May 2026 17:10:45 +0200 Subject: [PATCH 1/5] commit for PR to test CI From db5207f8a5736ab9eb8c6a48cb9765bb9198f711 Mon Sep 17 00:00:00 2001 From: Pravus Date: Fri, 22 May 2026 20:57:25 +0200 Subject: [PATCH 2/5] temporarily changed the workflow to be on push --- .github/workflows/visual-regression.yml | 46 ++++++++----------------- 1 file changed, 15 insertions(+), 31 deletions(-) diff --git a/.github/workflows/visual-regression.yml b/.github/workflows/visual-regression.yml index 48e30909b2..d51033b053 100644 --- a/.github/workflows/visual-regression.yml +++ b/.github/workflows/visual-regression.yml @@ -31,9 +31,11 @@ name: Visual Regression # - secrets.DEV_EXPLORER_TEAM_AWS_ACCESS_KEY_ID # - secrets.DEV_EXPLORER_TEAM_AWS_SECRET_ACCESS_KEY +# TEMPORARY: triggered on push instead of /visual-tests comment for workflow debugging. +# Revert the `on:` block, the gate step, and the PR-resolution step (use issue.number again) +# before merging. on: - issue_comment: - types: [created] + push: permissions: contents: write @@ -46,9 +48,6 @@ concurrency: jobs: resolve: name: Resolve trigger - if: | - github.event.issue.pull_request && - startsWith(github.event.comment.body, '/visual-tests') runs-on: ubuntu-latest outputs: authorized: ${{ steps.gate.outputs.authorized }} @@ -60,43 +59,28 @@ jobs: head_ref: ${{ steps.pr.outputs.head_ref }} steps: - - name: Gate by author association + - name: Gate (push trigger — always authorized) id: gate - env: - ASSOC: ${{ github.event.comment.author_association }} - run: | - set -euo pipefail - case "$ASSOC" in - OWNER|MEMBER|COLLABORATOR) - echo "authorized=true" >> "$GITHUB_OUTPUT" - ;; - *) - echo "::notice::Ignoring /visual-tests from $ASSOC ${{ github.event.comment.user.login }} — write access required." - echo "authorized=false" >> "$GITHUB_OUTPUT" - ;; - esac - - - name: React to the trigger comment - if: steps.gate.outputs.authorized == 'true' - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - gh api -X POST \ - "repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions" \ - -f content=eyes >/dev/null + run: echo "authorized=true" >> "$GITHUB_OUTPUT" - name: Resolve PR head + build URL id: pr if: steps.gate.outputs.authorized == 'true' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PR_NUMBER: ${{ github.event.issue.number }} + PUSHED_REF: ${{ github.ref_name }} + PUSHED_SHA: ${{ github.sha }} PUBLIC_URL_PREFIX: ${{ vars.EXPLORER_TEAM_S3_BUCKET_PUBLIC_URL }} run: | set -euo pipefail - # 1. Fetch PR head — issue_comment events don't carry it in the payload. - PR_JSON=$(gh api "repos/${{ github.repository }}/pulls/${PR_NUMBER}") + # Find an open PR whose head matches the pushed branch. + PR_JSON=$(gh api "repos/${{ github.repository }}/pulls?head=${{ github.repository_owner }}:${PUSHED_REF}&state=open&per_page=1" --jq '.[0]') + if [ -z "$PR_JSON" ] || [ "$PR_JSON" = "null" ]; then + echo "::error::No open PR found for branch '${PUSHED_REF}'. Push trigger requires an open PR to derive the build URL." + exit 1 + fi + PR_NUMBER=$(echo "$PR_JSON" | jq -r '.number') HEAD_SHA=$(echo "$PR_JSON" | jq -r '.head.sha') HEAD_REF=$(echo "$PR_JSON" | jq -r '.head.ref') SHORT_SHA="${HEAD_SHA:0:7}" From dd6c816b8df3f530dda2db03a54f4e55346585d4 Mon Sep 17 00:00:00 2001 From: Pravus Date: Fri, 22 May 2026 21:15:00 +0200 Subject: [PATCH 3/5] update comment --- .github/workflows/visual-regression.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/visual-regression.yml b/.github/workflows/visual-regression.yml index d51033b053..844c42e966 100644 --- a/.github/workflows/visual-regression.yml +++ b/.github/workflows/visual-regression.yml @@ -26,10 +26,10 @@ name: Visual Regression # on this repo even though the dispatcher itself doesn't reference them: # - secrets.ALTTESTER_LICENSE # - secrets.REPOS_READ_ONLY_TOKEN -# - secrets.DEV_EXPLORER_TEAM_S3_BUCKET -# - secrets.DEV_EXPLORER_TEAM_AWS_DEFAULT_REGION -# - secrets.DEV_EXPLORER_TEAM_AWS_ACCESS_KEY_ID -# - secrets.DEV_EXPLORER_TEAM_AWS_SECRET_ACCESS_KEY +# - secrets.EXPLORER_TEAM_S3_BUCKET +# - secrets.EXPLORER_TEAM_AWS_DEFAULT_REGION +# - secrets.EXPLORER_TEAM_AWS_ACCESS_KEY_ID +# - secrets.EXPLORER_TEAM_AWS_SECRET_ACCESS_KEY # TEMPORARY: triggered on push instead of /visual-tests comment for workflow debugging. # Revert the `on:` block, the gate step, and the PR-resolution step (use issue.number again) From 07372797a2b039a60c601f4a8fbe8f9ddf14e894 Mon Sep 17 00:00:00 2001 From: Pravus Date: Fri, 22 May 2026 21:40:53 +0200 Subject: [PATCH 4/5] commit for PR to test CI From ebbe15cf37d82f4b9134469684ed7babf6fd2f23 Mon Sep 17 00:00:00 2001 From: Pravus Date: Fri, 22 May 2026 21:45:17 +0200 Subject: [PATCH 5/5] Revert "temporarily changed the workflow to be on push" This reverts commit db5207f8a5736ab9eb8c6a48cb9765bb9198f711. --- .github/workflows/visual-regression.yml | 46 +++++++++++++++++-------- 1 file changed, 31 insertions(+), 15 deletions(-) diff --git a/.github/workflows/visual-regression.yml b/.github/workflows/visual-regression.yml index 844c42e966..103df99055 100644 --- a/.github/workflows/visual-regression.yml +++ b/.github/workflows/visual-regression.yml @@ -31,11 +31,9 @@ name: Visual Regression # - secrets.EXPLORER_TEAM_AWS_ACCESS_KEY_ID # - secrets.EXPLORER_TEAM_AWS_SECRET_ACCESS_KEY -# TEMPORARY: triggered on push instead of /visual-tests comment for workflow debugging. -# Revert the `on:` block, the gate step, and the PR-resolution step (use issue.number again) -# before merging. on: - push: + issue_comment: + types: [created] permissions: contents: write @@ -48,6 +46,9 @@ concurrency: jobs: resolve: name: Resolve trigger + if: | + github.event.issue.pull_request && + startsWith(github.event.comment.body, '/visual-tests') runs-on: ubuntu-latest outputs: authorized: ${{ steps.gate.outputs.authorized }} @@ -59,28 +60,43 @@ jobs: head_ref: ${{ steps.pr.outputs.head_ref }} steps: - - name: Gate (push trigger — always authorized) + - name: Gate by author association id: gate - run: echo "authorized=true" >> "$GITHUB_OUTPUT" + env: + ASSOC: ${{ github.event.comment.author_association }} + run: | + set -euo pipefail + case "$ASSOC" in + OWNER|MEMBER|COLLABORATOR) + echo "authorized=true" >> "$GITHUB_OUTPUT" + ;; + *) + echo "::notice::Ignoring /visual-tests from $ASSOC ${{ github.event.comment.user.login }} — write access required." + echo "authorized=false" >> "$GITHUB_OUTPUT" + ;; + esac + + - name: React to the trigger comment + if: steps.gate.outputs.authorized == 'true' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh api -X POST \ + "repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions" \ + -f content=eyes >/dev/null - name: Resolve PR head + build URL id: pr if: steps.gate.outputs.authorized == 'true' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PUSHED_REF: ${{ github.ref_name }} - PUSHED_SHA: ${{ github.sha }} + PR_NUMBER: ${{ github.event.issue.number }} PUBLIC_URL_PREFIX: ${{ vars.EXPLORER_TEAM_S3_BUCKET_PUBLIC_URL }} run: | set -euo pipefail - # Find an open PR whose head matches the pushed branch. - PR_JSON=$(gh api "repos/${{ github.repository }}/pulls?head=${{ github.repository_owner }}:${PUSHED_REF}&state=open&per_page=1" --jq '.[0]') - if [ -z "$PR_JSON" ] || [ "$PR_JSON" = "null" ]; then - echo "::error::No open PR found for branch '${PUSHED_REF}'. Push trigger requires an open PR to derive the build URL." - exit 1 - fi - PR_NUMBER=$(echo "$PR_JSON" | jq -r '.number') + # 1. Fetch PR head — issue_comment events don't carry it in the payload. + PR_JSON=$(gh api "repos/${{ github.repository }}/pulls/${PR_NUMBER}") HEAD_SHA=$(echo "$PR_JSON" | jq -r '.head.sha') HEAD_REF=$(echo "$PR_JSON" | jq -r '.head.ref') SHORT_SHA="${HEAD_SHA:0:7}"