.github/workflows/comment.yml
# NOTE: For screenshots to work in untrusted PRs we need to do the screenshot comment in a trusted job like this one.
# See this post for details: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
name: Comment
on:
workflow_run:
workflows: ["Build"]
types:
- completed
jobs:
comment:
runs-on: ubuntu-latest
if: github.event.workflow_run.conclusion == 'success'
# TODO: Maybe add `github.event.workflow_run.event == 'pull_request'` to avoid spam?
steps:
- uses: actions/checkout@v4
- uses: iterative/setup-cml@v1
# Doesn't work for fetching artifacts from separate workflows
#- name: Download screenshots
# uses: actions/download-artifact@v2
# with:
# name: screenshots
# path: screenshots
- name: 'Download artifact'
uses: actions/github-script@v7
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{ github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "screenshots"
})[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/screenshots.zip', Buffer.from(download.data));
- run: unzip -d screenshots screenshots.zip
- name: Compose comment
env:
repo_token: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "Here are screenshots of this commit:" >> comment.md
echo "" >> comment.md # just for the newline
for aw_server_dir in screenshots/aw-*; do
for aw_version_dir in $aw_server_dir/*; do
aw_server=$(basename $aw_server_dir)
aw_version=$(basename $aw_version_dir)
echo "<details><summary>Screenshots using $aw_server $aw_version (click to expand)</summary>" >> comment.md
echo '<p float="left">' >> comment.md
cml-publish $aw_version_dir/activity.png | sed -E 's/.+/<img width="45%" src="\0"\/>/' >> comment.md
cml-publish $aw_version_dir/timeline.png | sed -E 's/.+/<img width="45%" src="\0"\/>/' >> comment.md
cml-publish $aw_version_dir/settings.png | sed -E 's/.+/<img width="45%" src="\0"\/>/' >> comment.md
cml-publish $aw_version_dir/home.png | sed -E 's/.+/<img width="45%" src="\0"\/>/' >> comment.md
cml-publish $aw_version_dir/buckets.png | sed -E 's/.+/<img width="45%" src="\0"\/>/' >> comment.md
cml-publish $aw_version_dir/stopwatch.png | sed -E 's/.+/<img width="45%" src="\0"\/>/' >> comment.md
echo '</p>' >> comment.md
echo -n '</details>' >> comment.md
done
done
- name: Post screenshots in commit comment
env:
repo_token: ${{ secrets.GITHUB_TOKEN }}
head_sha: ${{ github.event.workflow_run.head_sha }}
run: |
cml-send-comment --target=commit/$head_sha --repo https://github.com/ActivityWatch/aw-webui comment.md