Refresh visual snapshots #20
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Refresh visual snapshots | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| direct: | |
| description: "Commit goldens straight to the dispatched branch (bypasses PR + auto-merge). Requires the App to bypass branch protection." | |
| required: false | |
| type: boolean | |
| default: false | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: snapshot-refresh-${{ github.ref }} | |
| cancel-in-progress: false | |
| jobs: | |
| refresh: | |
| name: Recompile and open PR | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| env: | |
| BRANCH: ci/snapshot-refresh | |
| COMMIT: "chore(tests): refresh visual snapshots" | |
| steps: | |
| # Mint the App token first so checkout can use it; that way every | |
| # subsequent `git push` authenticates as the App and the | |
| # `mcanouil-dev` bypass on branch protection applies. No need for | |
| # per-push extraheader overrides. | |
| - name: Create GitHub App token | |
| id: app-token | |
| uses: actions/create-github-app-token@v3 | |
| with: | |
| client-id: ${{ vars.APP_ID }} | |
| private-key: ${{ secrets.APP_KEY }} | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| token: ${{ steps.app-token.outputs.token }} | |
| - name: Set up Git user | |
| uses: ./.github/actions/setup-git-user | |
| with: | |
| token: ${{ steps.app-token.outputs.token }} | |
| app-slug: ${{ steps.app-token.outputs.app-slug }} | |
| gh-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Read Typst version from typst.toml | |
| id: typst-version | |
| uses: ./.github/actions/typst-version | |
| - name: Set up Typst | |
| uses: typst-community/setup-typst@v5 | |
| with: | |
| typst-version: ${{ steps.typst-version.outputs.version }} | |
| - name: Set up Lua | |
| uses: leafo/gh-actions-lua@v11 | |
| with: | |
| luaVersion: "5.4" | |
| - name: Regenerate goldens | |
| uses: ./.github/actions/typst-snapshot | |
| with: | |
| mode: update | |
| - name: Commit goldens (PR or direct) | |
| env: | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| DIRECT: ${{ inputs.direct }} | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| git add tests/visual/golden | |
| if git diff --cached --quiet; then | |
| echo "No golden changes." >> "${GITHUB_STEP_SUMMARY}" | |
| exit 0 | |
| fi | |
| git commit -m "${COMMIT}" | |
| if [[ "${DIRECT}" == "true" ]]; then | |
| # Checkout was performed with the App token, so the App | |
| # identity drives this push and the `mcanouil-dev` bypass on | |
| # the branch protection rule applies. | |
| git push origin "HEAD:${GITHUB_REF_NAME}" | |
| { | |
| echo "## Visual snapshots refreshed (direct push)" | |
| echo "" | |
| git diff --stat HEAD~1 HEAD || true | |
| } >> "${GITHUB_STEP_SUMMARY}" | |
| exit 0 | |
| fi | |
| if git show-ref --quiet "refs/heads/${BRANCH}"; then | |
| git branch -D "${BRANCH}" | |
| fi | |
| if git ls-remote --exit-code --heads origin "${BRANCH}" >/dev/null 2>&1; then | |
| git push origin --delete "${BRANCH}" | |
| fi | |
| git checkout -b "${BRANCH}" | |
| git push --force origin "${BRANCH}" | |
| sleep 5 | |
| PR_URL=$(gh pr create \ | |
| --fill-first \ | |
| --base "${GITHUB_REF_NAME}" \ | |
| --head "${BRANCH}" \ | |
| --label "Type: CI/CD :robot:") | |
| sleep 5 | |
| gh pr merge --auto --squash --delete-branch "${BRANCH}" | |
| { | |
| echo "## Visual snapshots refreshed" | |
| echo "" | |
| echo "- PR: ${PR_URL}" | |
| git diff --stat "origin/${GITHUB_REF_NAME}" HEAD || true | |
| } >> "${GITHUB_STEP_SUMMARY}" |