Microsoft/vscode
1
0
Fork 0
mirror of https://github.com/microsoft/vscode.git synced 2026-06-29 19:06:00 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
a4f90ca16a40d7f8d423ceee3c19d072eaa0d53e
vscode/.github/workflows/css-order-scan.yml
T
Henning Dieterichs a4f90ca16a Fetch oidc token just before uploading
2026-06-22 12:14:06 +02:00

243 lines
9.2 KiB
YAML
Raw Blame History

name: CSS Cascade-Order Scan
on:
schedule:
# Once per day at 05:17 UTC (off the hour to avoid scheduler contention).
- cron: '17 5 * * *'
workflow_dispatch:
permissions:
contents: read
id-token: write
concurrency:
group: css-order-scan-${{ github.ref }}
cancel-in-progress: true
jobs:
scan:
name: Scan CSS cascade-order dependencies
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 1
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version-file: .nvmrc
- name: Restore node_modules cache
id: cache-node-modules
uses: ./.github/actions/restore-node-modules
with:
key-prefix: node_modules-css-order-scan
key-args: "compile $(node -p process.arch)"
- name: Install dependencies
if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: npm ci --ignore-scripts
env:
ELECTRON_SKIP_BINARY_DOWNLOAD: 1
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install build dependencies
if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: npm ci
working-directory: build
- name: Install rspack dependencies
if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: npm ci
working-directory: build/rspack
- name: Save node_modules cache
if: steps.cache-node-modules.outputs.cache-hit != 'true'
uses: ./.github/actions/save-node-modules
- name: Copy codicons
run: cp node_modules/@vscode/codicons/dist/codicon.ttf src/vs/base/browser/ui/codicons/codicon/codicon.ttf
- name: Transpile source
run: npm run transpile-client
- name: Install Playwright Chromium
run: npx playwright install chromium
- name: Start serve-out
# The scan attaches to an already-running serve (component-explorer-attach.json).
# Start it in the background and wait until the dev server accepts connections.
# Probe the port directly instead of grepping the log: rspack's stdout is
# block-buffered when redirected to a file, so the "Loopback" line can take
# minutes to land in the log even though the server is already listening.
run: |
npm run serve-out-rspack > /tmp/serve-out.log 2>&1 &
echo "SERVE_PID=$!" >> "$GITHUB_ENV"
for i in $(seq 1 120); do
if curl -s -o /dev/null "http://localhost:5123/"; then
echo "serve-out is ready"
exit 0
fi
sleep 2
done
echo "::error::serve-out did not become ready in time"
cat /tmp/serve-out.log
exit 1
- name: Run CSS order scan
run: |
node test/componentFixtures/cssOrderScan.mts \
--fixture-id-regex ".*" \
--image-base-url "https://hediet-screenshots.azurewebsites.net/images"
- name: Generate random commit SHA
id: random_sha
run: |
RANDOM_SHA=$(node -e "const { randomBytes } = require('node:crypto'); process.stdout.write(randomBytes(20).toString('hex'));")
echo "sha=$RANDOM_SHA" >> "$GITHUB_OUTPUT"
- name: Prepare CSS order upload payload
id: prepare_upload
run: |
REPORT_DIR="test/componentFixtures/.build/css-order-report"
REPORT_JSON="$REPORT_DIR/report.json"
UPLOAD_DIR="/tmp/css-order-upload"
rm -rf "$UPLOAD_DIR"
mkdir -p "$UPLOAD_DIR"
node -e "
const fs = require('node:fs');
const path = require('node:path');
const reportDir = process.env.REPORT_DIR;
const reportJson = process.env.REPORT_JSON;
const uploadDir = process.env.UPLOAD_DIR;
const randomSha = process.env.RANDOM_SHA;
const repo = process.env.GITHUB_REPOSITORY || '';
const [owner, name] = repo.split('/');
const report = JSON.parse(fs.readFileSync(reportJson, 'utf8'));
const fixtures = [];
for (const problem of report.problems || []) {
const background = (problem.background === 'dark' || problem.background === 'light') ? problem.background : 'light';
if (problem.baselineHash && problem.baselineImage) {
fixtures.push({
fixtureId: problem.fixtureId + '#baseline',
imageHash: problem.baselineHash,
imagePath: problem.baselineImage,
background,
labels: ['css-order-scan', 'baseline'],
expectedVisualDescriptions: [],
hasError: false,
events: [],
renderTimeMs: { sync: 0, total: 0 },
});
}
if (problem.reversedHash && problem.reversedImage) {
fixtures.push({
fixtureId: problem.fixtureId + '#reversed',
imageHash: problem.reversedHash,
imagePath: problem.reversedImage,
background,
labels: ['css-order-scan', 'reversed'],
expectedVisualDescriptions: [],
hasError: false,
events: [],
renderTimeMs: { sync: 0, total: 0 },
});
}
}
const manifest = {
version: 1,
repository: { owner, name },
commit: {
hash: randomSha,
parentHashes: ['ac6e93443c08ba377136572a17477d45f2e17504'],
author: {
name: 'css-order-scan',
email: 'css-order-scan@users.noreply.github.com',
},
timestamp: new Date().toISOString(),
message: 'CSS order scan image upload',
},
fixtures,
};
fs.writeFileSync(path.join(uploadDir, 'manifest.json'), JSON.stringify(manifest, null, 2));
for (const fixture of fixtures) {
const src = path.join(reportDir, fixture.imagePath);
const dst = path.join(uploadDir, fixture.imagePath);
fs.mkdirSync(path.dirname(dst), { recursive: true });
fs.copyFileSync(src, dst);
}
"
FIXTURE_COUNT=$(node -e "const m = require('/tmp/css-order-upload/manifest.json'); process.stdout.write(String((m.fixtures || []).length));")
echo "fixture_count=$FIXTURE_COUNT" >> "$GITHUB_OUTPUT"
cd "$UPLOAD_DIR"
zip -qr "$GITHUB_WORKSPACE/css-order-screenshots.zip" .
env:
REPORT_DIR: test/componentFixtures/.build/css-order-report
REPORT_JSON: test/componentFixtures/.build/css-order-report/report.json
UPLOAD_DIR: /tmp/css-order-upload
RANDOM_SHA: ${{ steps.random_sha.outputs.sha }}
- name: Get OIDC token
id: oidc
if: steps.prepare_upload.outputs.fixture_count != '0'
run: |
TOKEN=$(curl -sS -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
"$ACTIONS_ID_TOKEN_REQUEST_URL&audience=https://hediet-screenshots.azurewebsites.net" \
| jq -r .value)
echo "::add-mask::$TOKEN"
echo "token=$TOKEN" >> "$GITHUB_OUTPUT"
- name: Upload CSS order images to service
if: steps.prepare_upload.outputs.fixture_count != '0'
run: |
set +e
STATUS=$(curl -sS -o /tmp/css-order-upload.out -w '%{http_code}' \
-X POST "https://hediet-screenshots.azurewebsites.net/upload" \
-H "Content-Type: application/zip" \
-H "Authorization: Bearer $SCREENSHOT_SERVICE_TOKEN" \
--data-binary @"$GITHUB_WORKSPACE/css-order-screenshots.zip")
CURL_EXIT=$?
set -e
if [ "$CURL_EXIT" -ne 0 ]; then
echo "::warning::Screenshot service unreachable (curl exit $CURL_EXIT) -- links in report may not resolve."
elif [ "${STATUS:0:1}" != "2" ]; then
echo "::warning::Screenshot service returned HTTP $STATUS -- links in report may not resolve."
cat /tmp/css-order-upload.out || true
else
echo "Uploaded CSS order images (HTTP $STATUS)."
fi
env:
SCREENSHOT_SERVICE_TOKEN: ${{ steps.oidc.outputs.token }}
- name: Stop serve-out
if: always()
run: kill "$SERVE_PID" 2>/dev/null || true
- name: Upload serve-out log
if: always()
uses: actions/upload-artifact@v7
with:
name: serve-out-log
path: /tmp/serve-out.log
- name: Upload report
if: always()
uses: actions/upload-artifact@v7
with:
name: css-order-report
path: test/componentFixtures/.build/css-order-report/
- name: Write job summary
if: always()
run: |
REPORT="test/componentFixtures/.build/css-order-report/report.md"
if [ -f "$REPORT" ]; then
cat "$REPORT" >> "$GITHUB_STEP_SUMMARY"
else
echo "No report was produced." >> "$GITHUB_STEP_SUMMARY"
fi
Reference in New Issue View Git Blame Copy Permalink