Fix VRT comment posting for fork PRs (#6420)

* Fix VRT comment posting for fork PRs Use workflow_run trigger to post VRT failure comments with elevated permissions, enabling comments on PRs from fork repositories where GITHUB_TOKEN is read-only. * Update permissions in e2e-vrt-comment workflow to allow read access for actions * Enhance VRT comment posting in workflow by using environment variables for PR number and artifact URL
2026-04-28 01:58:40 -05:00 · 2025-12-15 22:22:43 +00:00
parent 3d19873e4f
commit 9d0d21fdef
4 changed files with 89 additions and 11 deletions
--- a/.github/workflows/e2e-test.yml
+++ b/.github/workflows/e2e-test.yml
@@ -124,14 +124,17 @@ jobs:
          path: packages/desktop-client/playwright-report
          retention-days: 30
          overwrite: true
-      - name: Comment on PR with VRT report link
-        if: github.event_name == 'pull_request' && needs.vrt.result == 'failure'
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+      - name: Save VRT metadata for comment workflow
+        if: github.event_name == 'pull_request'
+        run: |
+          mkdir -p vrt-metadata
+          echo "${{ github.event.pull_request.number }}" > vrt-metadata/pr-number.txt
+          echo "${{ needs.vrt.result }}" > vrt-metadata/vrt-result.txt
+          echo "${{ steps.playwright-report-vrt.outputs.artifact-url }}" > vrt-metadata/artifact-url.txt
+      - name: Upload VRT metadata
+        if: github.event_name == 'pull_request'
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
-          script: |
-            await github.rest.issues.createComment({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: `VRT tests ❌ failed. [View the test report](${{ steps.playwright-report-vrt.outputs.artifact-url }}).\n\nTo update the VRT screenshots, comment \`/update-vrt\` on this PR.`
-            });
+          name: vrt-comment-metadata
+          path: vrt-metadata/
+          retention-days: 1
--- a/.github/workflows/e2e-vrt-comment.yml
+++ b/.github/workflows/e2e-vrt-comment.yml
@@ -0,0 +1,69 @@
+name: VRT Comment
+# This workflow posts VRT failure comments on PRs, including fork PRs.
+# It runs with elevated permissions via workflow_run trigger.
+on:
+  workflow_run:
+    workflows: ['E2E Tests']
+    types:
+      - completed
+
+permissions:
+  actions: read
+  pull-requests: write
+
+jobs:
+  comment:
+    name: Post VRT Comment
+    runs-on: ubuntu-latest
+    if: github.event.workflow_run.event == 'pull_request'
+    steps:
+      - name: Download VRT metadata
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.workflow_run.id }}
+          name: vrt-comment-metadata
+          path: /tmp/vrt-metadata
+        continue-on-error: true
+
+      - name: Extract metadata
+        id: metadata
+        run: |
+          if [ ! -f "/tmp/vrt-metadata/pr-number.txt" ]; then
+            echo "No metadata found, skipping..."
+            echo "should_comment=false" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          PR_NUMBER=$(cat "/tmp/vrt-metadata/pr-number.txt")
+          VRT_RESULT=$(cat "/tmp/vrt-metadata/vrt-result.txt")
+          ARTIFACT_URL=$(cat "/tmp/vrt-metadata/artifact-url.txt")
+
+          echo "pr_number=$PR_NUMBER" >> "$GITHUB_OUTPUT"
+          echo "vrt_result=$VRT_RESULT" >> "$GITHUB_OUTPUT"
+          echo "artifact_url=$ARTIFACT_URL" >> "$GITHUB_OUTPUT"
+
+          if [ "$VRT_RESULT" = "failure" ]; then
+            echo "should_comment=true" >> "$GITHUB_OUTPUT"
+            echo "VRT tests failed for PR #$PR_NUMBER"
+          else
+            echo "should_comment=false" >> "$GITHUB_OUTPUT"
+            echo "VRT tests passed or skipped for PR #$PR_NUMBER"
+          fi
+
+      - name: Comment on PR with VRT report link
+        if: steps.metadata.outputs.should_comment == 'true'
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        env:
+          PR_NUMBER: ${{ steps.metadata.outputs.pr_number }}
+          ARTIFACT_URL: ${{ steps.metadata.outputs.artifact_url }}
+        with:
+          script: |
+            const prNumber = parseInt(process.env.PR_NUMBER, 10);
+            const artifactUrl = process.env.ARTIFACT_URL;
+            await github.rest.issues.createComment({
+              issue_number: prNumber,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: `VRT tests ❌ failed. [View the test report](${artifactUrl}).\n\nTo update the VRT screenshots, comment \`/update-vrt\` on this PR.`
+            });
--- a/.github/workflows/vrt-update-generate.yml
+++ b/.github/workflows/vrt-update-generate.yml
@@ -12,7 +12,7 @@ permissions:

 concurrency:
  group: ${{ github.workflow }}-${{ github.event.issue.number }}
-  cancel-in-progress: true
+  cancel-in-progress: false

 jobs:
  generate-vrt-updates: