-
Notifications
You must be signed in to change notification settings - Fork 0
feat: Chromium pipeline – headless smoke test, deep file scan, Docker build & artifacts on master #6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: actions
Are you sure you want to change the base?
feat: Chromium pipeline – headless smoke test, deep file scan, Docker build & artifacts on master #6
Changes from all commits
4b32484
fe3066f
0a0d35b
199e336
915a4bb
93b507b
3294cb6
6da6da5
4340972
6db718b
651b1ba
3868cee
bba14db
96d249c
2ddc1fd
63b9c15
522df16
6f7f96c
9b81214
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| dependencies: | ||
| - changed-files: | ||
| - any-glob-to-any-file: | ||
| - "**/package.json" | ||
| - "**/package-lock.json" | ||
| - "**/pnpm-lock.yaml" | ||
| - "**/yarn.lock" | ||
| - "**/requirements*.txt" | ||
| - "**/poetry.lock" | ||
| - "**/go.mod" | ||
| - "**/go.sum" | ||
|
|
||
| javascript: | ||
| - changed-files: | ||
| - any-glob-to-any-file: | ||
| - "**/*.js" | ||
| - "**/*.jsx" | ||
| - "**/*.ts" | ||
| - "**/*.tsx" | ||
|
|
||
| documentation: | ||
| - changed-files: | ||
| - any-glob-to-any-file: | ||
| - "**/*.md" | ||
| - "docs/**" |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,224 @@ | ||
| name: Chromium Pipeline – Docker Build & Artifacts | ||
|
|
||
| on: | ||
| push: | ||
| branches: ["master"] | ||
| paths: | ||
| - "src/**" | ||
| - "webapp/**" | ||
| - "marketing-site/**" | ||
| - ".github/workflows/chromium-pipeline.yml" | ||
| pull_request: | ||
| branches: ["master"] | ||
| paths: | ||
| - "src/**" | ||
| - "webapp/**" | ||
| - "marketing-site/**" | ||
| - ".github/workflows/chromium-pipeline.yml" | ||
| workflow_dispatch: | ||
|
|
||
| env: | ||
| REGISTRY: ghcr.io | ||
| IMAGE_NAME: ${{ github.repository }}/pinkflow-app | ||
|
|
||
|
Comment on lines
+20
to
+23
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 1. Misnamed docker image docker-build builds marketing-site/Dockerfile but tags/publishes under `IMAGE_NAME: .../pinkflow-app`, which will store the marketing-site container under an incorrect package name and can collide with any intended “pinkflow-app” image naming. Agent Prompt
|
||
| permissions: | ||
| contents: read | ||
| packages: write | ||
|
|
||
|
Comment on lines
+24
to
+27
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 3. Pr token too permissive The workflow grants packages: write at the workflow level while also running on pull_request, unnecessarily expanding what PR-run steps can do with GITHUB_TOKEN even though registry login/push only occurs on master pushes. Agent Prompt
|
||
| concurrency: | ||
| group: chromium-pipeline-${{ github.ref }} | ||
| cancel-in-progress: true | ||
|
|
||
| jobs: | ||
| # ──────────────────────────────────────────────── | ||
| # 1. Chromium headless smoke-test | ||
| # ──────────────────────────────────────────────── | ||
| chromium-check: | ||
| name: Chromium Headless Check | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Install Chromium | ||
| run: | | ||
| sudo apt-get update -qq | ||
| sudo apt-get install -y --no-install-recommends chromium-browser | ||
|
|
||
| - name: Verify Chromium version | ||
| run: chromium-browser --version | ||
|
|
||
| - name: Set up Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: "20" | ||
|
|
||
| - name: Install Puppeteer (headless Chromium driver) | ||
| run: | | ||
| npm install puppeteer-core | ||
|
|
||
| - name: Run headless Chromium smoke test | ||
| run: | | ||
| node - <<'EOF' 2>&1 | tee /tmp/chromium-smoke.log | ||
| const fs = require('fs'); | ||
| const puppeteer = require('puppeteer-core'); | ||
| const candidates = [ | ||
| process.env.CHROME_BIN, | ||
| '/usr/bin/chromium-browser', | ||
| '/usr/bin/chromium', | ||
| '/usr/bin/google-chrome', | ||
| '/usr/bin/google-chrome-stable', | ||
| ].filter(Boolean); | ||
| const executablePath = candidates.find((p) => fs.existsSync(p)); | ||
| if (!executablePath) { | ||
| throw new Error(`Chromium executable not found. Tried: ${candidates.join(', ')}`); | ||
| } | ||
| (async () => { | ||
| const browser = await puppeteer.launch({ | ||
| executablePath, | ||
| args: ['--no-sandbox', '--disable-setuid-sandbox', '--headless=new'], | ||
| }); | ||
| const page = await browser.newPage(); | ||
| await page.goto('about:blank'); | ||
| const title = await page.title(); | ||
| console.log('Chromium smoke test OK – page title:', title); | ||
| await browser.close(); | ||
| })(); | ||
| EOF | ||
|
|
||
| - name: Upload Chromium test log | ||
| if: always() | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: chromium-smoke-log-${{ github.run_id }} | ||
| path: /tmp/chromium-*.log | ||
| if-no-files-found: ignore | ||
| retention-days: 7 | ||
|
|
||
| # ──────────────────────────────────────────────── | ||
| # 2. Discover deeply nested source artifacts | ||
| # ──────────────────────────────────────────────── | ||
| discover-artifacts: | ||
| name: Discover Deep Nested Source Files | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| file_list: ${{ steps.scan.outputs.file_list }} | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Scan for deeply nested files (depth ≥ 5) | ||
| id: scan | ||
| run: | | ||
| echo "=== Deeply nested files (depth >= 5) ===" | ||
| find . -mindepth 5 \ | ||
| \( -path '*/.git' -o -path '*/node_modules' -o -path '*/.next' -o -path '*/dist' -o -path '*/build' -o -path '*/target' -o -path '*/.cache' \) -prune -o \ | ||
| -type f -print \ | ||
| | sort > /tmp/deep-nested-files.txt | ||
| cat /tmp/deep-nested-files.txt | ||
| COUNT=$(wc -l < /tmp/deep-nested-files.txt | tr -d ' ') | ||
| echo "Total: $COUNT files at depth >= 5" | ||
| { | ||
| echo "file_list<<EOF" | ||
| cat /tmp/deep-nested-files.txt | ||
| echo "EOF" | ||
| } >> "$GITHUB_OUTPUT" | ||
|
|
||
| - name: Upload deep-file discovery report | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: deep-nested-files-${{ github.run_id }} | ||
| path: /tmp/deep-nested-files.txt | ||
| retention-days: 14 | ||
|
|
||
| # ──────────────────────────────────────────────── | ||
| # 3. Docker image build | ||
| # ──────────────────────────────────────────────── | ||
| docker-build: | ||
| name: Docker Image Build | ||
| runs-on: ubuntu-latest | ||
| needs: [chromium-check] | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Log in to Container Registry | ||
| if: github.event_name == 'push' && github.ref == 'refs/heads/master' | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Extract Docker metadata | ||
| id: meta | ||
| uses: docker/metadata-action@v5 | ||
| with: | ||
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
| tags: | | ||
| type=ref,event=branch | ||
| type=ref,event=pr | ||
| type=semver,pattern={{version}} | ||
| type=sha,format=short,prefix=sha- | ||
| type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }} | ||
|
|
||
| - name: Build Docker image | ||
| id: docker-build | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| context: . | ||
| file: marketing-site/Dockerfile | ||
| push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} | ||
| load: ${{ github.event_name == 'pull_request' }} | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
|
|
||
| - name: Compute short SHA | ||
| if: github.event_name == 'pull_request' | ||
| id: short-sha | ||
| run: echo "value=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT | ||
|
|
||
| - name: Export image as tar artifact (PRs only) | ||
| if: github.event_name == 'pull_request' | ||
| run: | | ||
| IMAGE_TAG="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-${{ steps.short-sha.outputs.value }}" | ||
| if docker image inspect "$IMAGE_TAG" > /dev/null 2>&1; then | ||
| docker save "$IMAGE_TAG" -o /tmp/pinkflow-image.tar | ||
| else | ||
| echo "Expected image $IMAGE_TAG not found; skipping export." | ||
| exit 1 | ||
| fi | ||
|
|
||
| - name: Upload image artifact (PRs only) | ||
| if: github.event_name == 'pull_request' | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: docker-image-${{ github.run_id }} | ||
| path: /tmp/pinkflow-image.tar | ||
| retention-days: 3 | ||
|
|
||
| # ──────────────────────────────────────────────── | ||
| # 4. Pipeline summary | ||
| # ──────────────────────────────────────────────── | ||
| pipeline-summary: | ||
| name: Pipeline Summary | ||
| runs-on: ubuntu-latest | ||
| needs: [chromium-check, discover-artifacts, docker-build] | ||
| if: always() | ||
| steps: | ||
| - name: Write job summary | ||
| run: | | ||
| echo "## Chromium Pipeline Summary" >> $GITHUB_STEP_SUMMARY | ||
| echo "" >> $GITHUB_STEP_SUMMARY | ||
| echo "| Job | Status |" >> $GITHUB_STEP_SUMMARY | ||
| echo "|-----|--------|" >> $GITHUB_STEP_SUMMARY | ||
| echo "| Chromium Headless Check | ${{ needs.chromium-check.result }} |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| Discover Deep Nested Files | ${{ needs.discover-artifacts.result }} |" >> $GITHUB_STEP_SUMMARY | ||
| echo "| Docker Image Build | ${{ needs.docker-build.result }} |" >> $GITHUB_STEP_SUMMARY | ||
| echo "" >> $GITHUB_STEP_SUMMARY | ||
| echo "Branch: \`${{ github.ref_name }}\` · SHA: \`${{ github.sha }}\`" >> $GITHUB_STEP_SUMMARY | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2. Branch trigger mismatch
🐞 Bug☼ ReliabilityAgent Prompt
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools