Files
vscode/.github/workflows/css-order-scan.yml
T
Alexandru Dima 37e7e85b10 Optimize node_modules caching for CI & PR checks (#322074)
* CI: speed up node_modules cache with zstd + shared scripts

Switch the Linux/macOS node_modules cache from single-threaded gzip
(tar -czf) to multi-threaded zstd. The "Create node_modules archive"
step was spending ~5min of single-core gzip on a multi-GB tree on every
cache miss; zstd -T0 uses all cores and decompresses much faster, so
cache-hit jobs benefit too. Windows stays on 7-Zip (already threaded).

Extract the archive/extract commands into shared per-platform scripts
under .github/workflows/node_modules_cache/ (cache.sh / cache.ps1, each
dispatching on an archive|extract argument) so the format and flags live
in one place instead of being duplicated across ~8 workflows. Bump
build/.cachesalt to invalidate existing gzip caches.

Also remove the obsolete extensions/copilot CI workflows
(copilot-setup-steps.yml, ensure-node-modules-cache.yml, pr.yml) and the
unused build/listBuildCacheFiles.js, and drop their now-stale entries
(plus lit-html and signals-core) from .eslint-allowed-javascript-files.

* ci: seed copilot node_modules cache on main and rename cache keys

Add copilot-linux and copilot-windows jobs to pr-node-modules.yml so the
copilot node_modules cache is populated on main. Rename the copilot cache
keys to copilot-node_modules-linux / copilot-node_modules-windows in pr.yml.

* ci: extract node_modules cache into composite actions

Factor the repeated node_modules cache plumbing into two local composite
actions, restore-node-modules and save-node-modules, and migrate all
workflows that used the cache.sh/cache.ps1 archive flow (pr, pr-node-modules,
pr-{linux,darwin,win32}-test, copilot-setup-steps, component-fixtures,
css-order-scan).

- restore-node-modules computes the key, restores the cache, optionally
  extracts on a hit, and exports the resolved key via $GITHUB_ENV.
- save-node-modules archives node_modules and saves it to the cache, reusing
  the key exported by restore so callers don't repeat the prefix.
- Bespoke install steps stay in the workflows, so per-job env/secrets never
  cross the action boundary.
- Only seed the cache on branch pushes (component-fixtures skips PRs, whose
  caches aren't shared).

* save the node_modules cache for now to test it

* ci: fix node_modules cache save dropping the archive

cache.sh wrote its archive as cache.tzst, but actions/cache reserves that
name for its own tarball and passes --exclude cache.tzst, so our archive was
excluded and an empty (~200 B) cache was saved on Linux/macOS. Rename the
archive to node-modules.tzst and bump build/.cachesalt to invalidate the
broken cache entries.

* empty commit

* Remove again saving to the node modules cache from PR steps
2026-06-19 17:21:43 +02:00

241 lines
9.1 KiB
YAML

name: CSS Cascade-Order Scan
on:
schedule:
# Once per day at 05:17 UTC (off the hour to avoid scheduler contention).
- cron: '17 5 * * *'
workflow_dispatch:
permissions:
contents: read
id-token: write
concurrency:
group: css-order-scan-${{ github.ref }}
cancel-in-progress: true
jobs:
scan:
name: Scan CSS cascade-order dependencies
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 1
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version-file: .nvmrc
- name: Restore node_modules cache
id: cache-node-modules
uses: ./.github/actions/restore-node-modules
with:
key-prefix: node_modules-css-order-scan
key-args: "compile $(node -p process.arch)"
- name: Install dependencies
if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: npm ci --ignore-scripts
env:
ELECTRON_SKIP_BINARY_DOWNLOAD: 1
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install build dependencies
if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: npm ci
working-directory: build
- name: Install rspack dependencies
if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: npm ci
working-directory: build/rspack
- name: Save node_modules cache
if: steps.cache-node-modules.outputs.cache-hit != 'true'
uses: ./.github/actions/save-node-modules
- name: Copy codicons
run: cp node_modules/@vscode/codicons/dist/codicon.ttf src/vs/base/browser/ui/codicons/codicon/codicon.ttf
- name: Transpile source
run: npm run transpile-client
- name: Install Playwright Chromium
run: npx playwright install chromium
- name: Start serve-out
# The scan attaches to an already-running serve (component-explorer-attach.json).
# Start it in the background and wait until the dev server accepts connections.
# Probe the port directly instead of grepping the log: rspack's stdout is
# block-buffered when redirected to a file, so the "Loopback" line can take
# minutes to land in the log even though the server is already listening.
run: |
npm run serve-out-rspack > /tmp/serve-out.log 2>&1 &
echo "SERVE_PID=$!" >> "$GITHUB_ENV"
for i in $(seq 1 120); do
if curl -s -o /dev/null "http://localhost:5123/"; then
echo "serve-out is ready"
exit 0
fi
sleep 2
done
echo "::error::serve-out did not become ready in time"
cat /tmp/serve-out.log
exit 1
- name: Get OIDC token
id: oidc
run: |
TOKEN=$(curl -sS -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
"$ACTIONS_ID_TOKEN_REQUEST_URL&audience=https://hediet-screenshots.azurewebsites.net" \
| jq -r .value)
echo "::add-mask::$TOKEN"
echo "token=$TOKEN" >> "$GITHUB_OUTPUT"
- name: Generate random commit SHA
id: random_sha
run: |
RANDOM_SHA=$(node -e "const { randomBytes } = require('node:crypto'); process.stdout.write(randomBytes(20).toString('hex'));")
echo "sha=$RANDOM_SHA" >> "$GITHUB_OUTPUT"
- name: Run CSS order scan
run: |
node test/componentFixtures/cssOrderScan.mts \
--fixture-id-regex ".*" \
--image-base-url "https://hediet-screenshots.azurewebsites.net/images"
- name: Prepare CSS order upload payload
id: prepare_upload
run: |
REPORT_DIR="test/componentFixtures/.build/css-order-report"
REPORT_JSON="$REPORT_DIR/report.json"
UPLOAD_DIR="/tmp/css-order-upload"
rm -rf "$UPLOAD_DIR"
mkdir -p "$UPLOAD_DIR"
node -e "
const fs = require('node:fs');
const path = require('node:path');
const reportDir = process.env.REPORT_DIR;
const reportJson = process.env.REPORT_JSON;
const uploadDir = process.env.UPLOAD_DIR;
const randomSha = process.env.RANDOM_SHA;
const repo = process.env.GITHUB_REPOSITORY || '';
const [owner, name] = repo.split('/');
const report = JSON.parse(fs.readFileSync(reportJson, 'utf8'));
const fixtures = [];
for (const problem of report.problems || []) {
const background = (problem.background === 'dark' || problem.background === 'light') ? problem.background : 'light';
if (problem.baselineHash && problem.baselineImage) {
fixtures.push({
fixtureId: problem.fixtureId + '#baseline',
imageHash: problem.baselineHash,
imagePath: problem.baselineImage,
background,
labels: ['css-order-scan', 'baseline'],
expectedVisualDescriptions: [],
hasError: false,
events: [],
renderTimeMs: { sync: 0, total: 0 },
});
}
if (problem.reversedHash && problem.reversedImage) {
fixtures.push({
fixtureId: problem.fixtureId + '#reversed',
imageHash: problem.reversedHash,
imagePath: problem.reversedImage,
background,
labels: ['css-order-scan', 'reversed'],
expectedVisualDescriptions: [],
hasError: false,
events: [],
renderTimeMs: { sync: 0, total: 0 },
});
}
}
const manifest = {
version: 1,
repository: { owner, name },
commit: {
hash: randomSha,
parentHashes: ['ac6e93443c08ba377136572a17477d45f2e17504'],
author: {
name: 'css-order-scan',
email: 'css-order-scan@users.noreply.github.com',
},
timestamp: new Date().toISOString(),
message: 'CSS order scan image upload',
},
fixtures,
};
fs.writeFileSync(path.join(uploadDir, 'manifest.json'), JSON.stringify(manifest, null, 2));
for (const fixture of fixtures) {
const src = path.join(reportDir, fixture.imagePath);
const dst = path.join(uploadDir, fixture.imagePath);
fs.mkdirSync(path.dirname(dst), { recursive: true });
fs.copyFileSync(src, dst);
}
"
FIXTURE_COUNT=$(node -e "const m = require('/tmp/css-order-upload/manifest.json'); process.stdout.write(String((m.fixtures || []).length));")
echo "fixture_count=$FIXTURE_COUNT" >> "$GITHUB_OUTPUT"
cd "$UPLOAD_DIR"
zip -qr "$GITHUB_WORKSPACE/css-order-screenshots.zip" .
env:
REPORT_DIR: test/componentFixtures/.build/css-order-report
REPORT_JSON: test/componentFixtures/.build/css-order-report/report.json
UPLOAD_DIR: /tmp/css-order-upload
RANDOM_SHA: ${{ steps.random_sha.outputs.sha }}
- name: Upload CSS order images to service
if: steps.prepare_upload.outputs.fixture_count != '0'
run: |
set +e
STATUS=$(curl -sS -o /tmp/css-order-upload.out -w '%{http_code}' \
-X POST "https://hediet-screenshots.azurewebsites.net/upload" \
-H "Content-Type: application/zip" \
-H "Authorization: Bearer $SCREENSHOT_SERVICE_TOKEN" \
--data-binary @"$GITHUB_WORKSPACE/css-order-screenshots.zip")
CURL_EXIT=$?
set -e
if [ "$CURL_EXIT" -ne 0 ]; then
echo "::warning::Screenshot service unreachable (curl exit $CURL_EXIT) -- links in report may not resolve."
elif [ "${STATUS:0:1}" != "2" ]; then
echo "::warning::Screenshot service returned HTTP $STATUS -- links in report may not resolve."
cat /tmp/css-order-upload.out || true
else
echo "Uploaded CSS order images (HTTP $STATUS)."
fi
env:
SCREENSHOT_SERVICE_TOKEN: ${{ steps.oidc.outputs.token }}
- name: Stop serve-out
if: always()
run: kill "$SERVE_PID" 2>/dev/null || true
- name: Upload serve-out log
if: always()
uses: actions/upload-artifact@v7
with:
name: serve-out-log
path: /tmp/serve-out.log
- name: Upload report
if: always()
uses: actions/upload-artifact@v7
with:
name: css-order-report
path: test/componentFixtures/.build/css-order-report/
- name: Write job summary
if: always()
run: |
REPORT="test/componentFixtures/.build/css-order-report/report.md"
if [ -f "$REPORT" ]; then
cat "$REPORT" >> "$GITHUB_STEP_SUMMARY"
else
echo "No report was produced." >> "$GITHUB_STEP_SUMMARY"
fi