chore: consolidate chromatic workflow #1578
Conversation
|
| Caution Review failedThe pull request is closed. WalkthroughEnables labeled pull_request triggers and refines gating logic in .github/workflows/chromatic.yml; upgrades Node setup action to v4 and Node.js to 20; removes the separate .github/workflows/test-storybook.yml workflow; includes minor formatting changes. Changes
Sequence Diagram(s)sequenceDiagram autonumber actor Dev as Developer participant GH as GitHub Events participant WF as chromatic.yml Workflow participant Job as chromatic job Dev->>GH: push to main OR label PR "deploy-storybook" GH-->>WF: Trigger evaluation alt repo == rad-ui/ui AND (push OR (pull_request labeled "deploy-storybook")) WF->>Job: Start job Job->>Job: actions/checkout@vX Job->>Job: setup-node@v4 (Node 20) Job->>Job: Install deps / run Chromatic Job-->>WF: Job complete else Gate not satisfied WF-->>GH: Skip job end note over WF,Job: Gating refined via github.event_name and github.event.label.name Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Poem
✨ Finishing touches🧪 Generate unit tests
📜 Recent review detailsConfiguration used: CodeRabbit UI Review profile: CHILL Plan: Pro 📒 Files selected for processing (2)
Comment |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| if: github.repository == 'rad-ui/ui' && (github.event_name == 'push' || github.event.label.name == 'deploy-storybook') | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 # Required for Chromatic to retrieve git history | ||
| | ||
| - name: Use Node.js | ||
| uses: actions/setup-node@v3 | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '18' # Adjust this to your project's Node.js version | ||
| node-version: '20' | ||
| | ||
| - name: Install dependencies | ||
| run: npm ci # Use 'yarn install --frozen-lockfile' if you use Yarn | ||
| | ||
| - name: Publish to Chromatic | ||
| uses: chromaui/action@v1 | ||
| with: | ||
| projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }} | ||
| # Optional: Add any additional Chromatic CLI flags here | ||
| # For example: --exit-zero-on-changes | ||
| # For example: --exit-zero-on-changes | ||
| |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion Hide autofix suggestion
Copilot Autofix
AI about 2 months ago
To resolve the issue, add a top-level permissions block to the workflow, specifying the least privilege required. In this case, placing permissions: contents: read after the name and before on: at the workflow root is recommended so it applies to all jobs (unless overridden). This change limits what the GITHUB_TOKEN can do, following least privilege principles.
Edit the .github/workflows/chromatic.yml file to insert the following lines after the name: line.
| @@ -1,4 +1,6 @@ | ||
| name: 'Chromatic Deployment' | ||
| permissions: | ||
| contents: read | ||
| | ||
| on: | ||
| push: |
CoverageThis report compares the PR with the base branch. “Δ” shows how the PR affects each metric.
Coverage improved or stayed the same. Great job! Run |
Summary by CodeRabbit