Skip to content

feat: visual comparison CI workflow #3884

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
lennessyy wants to merge 17 commits into
base: main
Choose a base branch
from
Open

feat: visual comparison CI workflow #3884

lennessyy wants to merge 17 commits into from

Conversation

@lennessyy
Copy link
Contributor

@lennessyy lennessyy commented Oct 1, 2025

What does this PR do?

  • This PR adds a visual comparison CI workflow to help us feel more confident about changes that touch the entire site and be sure there is no unintended visual drift

Notes to reviewers

@vercel
Copy link

vercel bot commented Oct 1, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
temporal-documentation Ready Ready Preview, Comment Dec 22, 2025 11:40pm

semgrep-managed-scans[bot]
semgrep-managed-scans bot reviewed Oct 1, 2025
View reviewed changes
@lennessyy lennessyy changed the title feat: first stab at visual comparison CI workflow feat: visual comparison CI workflow Oct 1, 2025
semgrep-managed-scans[bot]
semgrep-managed-scans bot reviewed Oct 6, 2025
View reviewed changes
@github-actions
Copy link
Contributor

github-actions bot commented Dec 17, 2025
edited
Loading

📖 Docs PR preview links

This PR does not change any pages in /docs. If you make updates, links to the modified pages will appear here.

@semgrep-managed-scans
Copy link

semgrep-managed-scans bot commented Dec 17, 2025

Semgrep found 9 missing-explicit-permissions findings:

No explicit GITHUB_TOKEN permissions found at the workflow or job level. Add a permissions: block at the workflow root (applies to all jobs) or per job with least privilege (e.g., contents: read and only specific writes like pull-requests: write if needed).

@lennessyy @claude
fix: add explicit permissions to all workflow jobs
c977a94 
Add explicit permissions blocks to all jobs in the visual comparison
workflows to address Semgrep security findings. Following least-privilege
principle:

- visual-comparison.yml: Added permissions for contents, actions, and pull-requests
- screenshot-capture.yml: Added permissions for contents and actions
- cleanup-report.yml: Added permissions for contents write

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@lennessyy @claude
fix: prevent script injection in GitHub context usage
2f1ed92 
Move all GitHub context variables in run steps to environment variables
to prevent script injection attacks. This addresses Semgrep findings for:
- visual-comparison.yml: github.base_ref, github.head_ref, github.ref_name, github.run_id, github.run_attempt
- cleanup-report.yml: github.event.ref

Branch names and other GitHub context data can contain special characters
that could lead to command injection when directly interpolated in bash.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@lennessyy @claude
fix: use visual-comparison label and remove branch ignores
a92b26d 
- Change trigger label from 'visual-tests' to 'visual-comparison'
- Remove branches-ignore for version-* and docs-rel-* (not applicable to this repo)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@lennessyy lennessyy added visual-comparison Triggers the visual-comparison.yml GitHub work flow. and removed visual-comparison labels Dec 19, 2025
@lennessyy lennessyy marked this pull request as ready for review December 19, 2025 21:43
@lennessyy lennessyy requested a review from a team as a code owner December 19, 2025 21:43
@lennessyy lennessyy added visual-comparison Triggers the visual-comparison.yml GitHub work flow. and removed visual-comparison Triggers the visual-comparison.yml GitHub work flow. labels Dec 19, 2025
@lennessyy @claude
fix: remove duplicate @playwright/test from dependencies
e34b988 
Remove @playwright/test from dependencies to resolve conflict with
devDependencies. Playwright is a testing tool and should only be in
devDependencies (^1.55.1).

This fixes the "Your lockfile needs to be updated" error in CI.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@lennessyy @claude
fix: create gh-pages branch if it doesn't exist
d68ba12 
Add step to automatically create the gh-pages branch when it doesn't
exist, allowing the workflow to publish HTML reports on first run.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@lennessyy @claude
fix: improve gh-pages branch creation logic
8e52aec 
Check if gh-pages branch exists before attempting checkout or creation.
This avoids the git state issues that were causing the previous approach
to fail.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@lennessyy @claude
fix: set git user before creating gh-pages branch
3bae3dd 
Move git config step before the commit to avoid "empty ident name" error.
Also set git user for both the creation and existing branch paths.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@lennessyy @claude
fix: explicitly specify remote and branch in git commands
2af1cf4 
- Use `git push -u origin gh-pages` when creating the branch
- Use explicit `origin gh-pages` in pull/push commands to avoid tracking issues

This fixes the "no tracking information for the current branch" error.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@lennessyy @claude
fix: handle race condition in gh-pages branch creation
82f0c33 
- Make branch creation non-failing if branch already exists (race condition)
- Always checkout gh-pages after creation attempt, simplifying the flow
- Set git user once for all cases

The gh-pages branch now exists, so future runs will skip creation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@github-actions
Copy link
Contributor

github-actions bot commented Dec 22, 2025

📋 Visual Report for branch visual-comparison with CI run 20446936180 and attempt 1 is ready at
https://temporalio.github.io/documentation/reports/visual-comparison/20446936180/1

💡 You may have to wait for DNS to resolve or the GitHub Pages job to complete. You can view the progress of the GitHub Pages job here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@semgrep-managed-scans semgrep-managed-scans[bot] semgrep-managed-scans[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

visual-comparison Triggers the visual-comparison.yml GitHub work flow.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lennessyy