feat: Chromium pipeline – headless smoke test, deep file scan, Docker build & artifacts on master#6
feat: Chromium pipeline – headless smoke test, deep file scan, Docker build & artifacts on master#6Copilot wants to merge 19 commits into
Conversation
PR Summary by QodoAdd master-scoped Chromium CI pipeline with deep scan, Docker build, and artifacts
AI Description
Diagram
High-Level Assessment
Files changed (1)
|
There was a problem hiding this comment.
Pull request overview
Adds a new GitHub Actions workflow that combines a Chromium headless smoke test, deep file discovery, and Docker build/publish steps into a single pipeline for master-scoped changes.
Changes:
- Introduces
chromium-checkto install Chromium and run a Puppeteer-based headless smoke test. - Adds
discover-artifactsto scan for deeply nested files and upload a file list artifact. - Adds
docker-buildto build (and onmasterpushes, publish) a Docker image, plus apipeline-summaryjob that reports job status.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Code Review by Qodo
1. Misnamed Docker image
|
| env: | ||
| REGISTRY: ghcr.io | ||
| IMAGE_NAME: ${{ github.repository }}/pinkflow-app | ||
|
|
There was a problem hiding this comment.
1. Misnamed docker image 🐞 Bug ≡ Correctness
docker-build builds marketing-site/Dockerfile but tags/publishes under `IMAGE_NAME: .../pinkflow-app`, which will store the marketing-site container under an incorrect package name and can collide with any intended “pinkflow-app” image naming.
Agent Prompt
## Issue description
The workflow builds `marketing-site/Dockerfile` but sets `IMAGE_NAME` to `.../pinkflow-app`, making the produced/pushed image name inconsistent with the actual content.
## Issue Context
The existing marketing-site deployment workflow builds the same Dockerfile and names the image `.../marketing-site`, suggesting this pipeline should follow the same convention.
## Fix Focus Areas
- .github/workflows/chromium-pipeline.yml[20-23]
- .github/workflows/chromium-pipeline.yml[150-168]
- .github/workflows/deploy-marketing-site.yml[11-14]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
| on: | ||
| push: | ||
| branches: ["master"] | ||
| paths: | ||
| - "src/**" | ||
| - "webapp/**" | ||
| - "marketing-site/**" | ||
| - ".github/workflows/chromium-pipeline.yml" | ||
| pull_request: | ||
| branches: ["master"] | ||
| paths: | ||
| - "src/**" | ||
| - "webapp/**" | ||
| - "marketing-site/**" | ||
| - ".github/workflows/chromium-pipeline.yml" |
There was a problem hiding this comment.
2. Branch trigger mismatch 🐞 Bug ☼ Reliability
This workflow only triggers for master, while other repo workflows are configured to run on main, so it will not run for the same push/PR targets if main is the active branch used by CI.
Agent Prompt
## Issue description
The workflow is scoped to `branches: ["master"]` for both push and pull_request, but other workflows in this repo are scoped to `main`. If `main` is the default/active branch, this pipeline will not execute when expected.
## Issue Context
Multiple existing workflows use `branches: [main]`, indicating branch naming inconsistency.
## Fix Focus Areas
- .github/workflows/chromium-pipeline.yml[3-17]
- .github/workflows/ci-matrix.yml[3-15]
- .github/workflows/deploy-marketing-site.yml[3-9]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
| permissions: | ||
| contents: read | ||
| packages: write | ||
|
|
There was a problem hiding this comment.
3. Pr token too permissive 🐞 Bug ⛨ Security
The workflow grants packages: write at the workflow level while also running on pull_request, unnecessarily expanding what PR-run steps can do with GITHUB_TOKEN even though registry login/push only occurs on master pushes.
Agent Prompt
## Issue description
Top-level `permissions` includes `packages: write`, which applies to all jobs/events including `pull_request`. This is broader than needed because the workflow only logs into GHCR / pushes on `push` to `master`.
## Issue Context
The `docker/login-action` step is already gated to `push` on `refs/heads/master`, so PR runs do not require `packages: write`.
## Fix Focus Areas
- .github/workflows/chromium-pipeline.yml[24-27]
- .github/workflows/chromium-pipeline.yml[11-17]
- .github/workflows/chromium-pipeline.yml[142-149]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
|
@copilot would electron help for remoteuser n internal%? |
Adds a new GitHub Actions workflow that wires together Chromium headless testing, deep-nested source file discovery, and Docker image build/publish into a single path-aware pipeline on
master.New workflow:
.github/workflows/chromium-pipeline.ymlmasterscoped tosrc/**,webapp/**,marketing-site/**; alsoworkflow_dispatchchromium-check: installschromium-browser, runs a Puppeteer headless smoke test viapuppeteer-core, uploads log artifact (7d)discover-artifacts:findat depth ≥ 5, excluding.git,node_modules,dist,build,target,.cache; uploads file-list artifact (14d) using heredoc multilineGITHUB_OUTPUTdocker-build(depends onchromium-check):load: true+ exports image tar viadocker saveusing a shell-computed short SHA (${GITHUB_SHA::7}), uploaded as artifact (3d)masterpush: pushes to GHCR withsha-,branch,latesttags; uses GHA layer cachepipeline-summary: always-runs job writing a Markdown status table to$GITHUB_STEP_SUMMARY