Skip to content

fix(ci): build site before capturing visual baselines#185

Merged
cuberhaus merged 1 commit into
mainfrom
fix/visual-baselines-build
Jun 19, 2026
Merged

fix(ci): build site before capturing visual baselines#185
cuberhaus merged 1 commit into
mainfrom
fix/visual-baselines-build

Conversation

@cuberhaus

@cuberhaus cuberhaus commented Jun 19, 2026

Copy link
Copy Markdown
Owner

Problem

The Refresh visual baselines workflow failed at Capture baselines with:

```n
## Cause

In CI, Playwright's `webServer` runs `npm run preview:static` (serves the prebuilt `dist/`) — it does **not** build. The capture job went straight from installing browsers to `playwright test --update-snapshots` with no `npm run build`, so `dist/` never existed, the preview server served nothing, and Playwright timed out after 240s.

## Fix

Add a `Build site` step (`npm run build`) before the capture step, mirroring the working `playwright` jobs in `test.yml`.

## Validation

- `actionlint` clean.
- Matches the build+preview pattern already proven green by `test.yml`'s playwright jobs.
- Workflow is `workflow_dispatch`-only, so it won't run on this PR — trigger it manually from the Actions tab after merge.

@cuberhaus
fix(ci): build site before capturing visual baselines
388ccfb 
The capture step ran 'playwright test --update-snapshots' directly. In CI the
Playwright webServer is 'npm run preview:static' (serves prebuilt dist/) with
no build, so it served nothing and timed out after 240s. test.yml's playwright
jobs build first; mirror that here.
@cuberhaus cuberhaus merged commit c5317d3 into main Jun 19, 2026
2 checks passed
@cuberhaus cuberhaus deleted the fix/visual-baselines-build branch June 19, 2026 02:38
cursor[bot]
cursor Bot reviewed Jun 19, 2026
View reviewed changes

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security review

Result: No high-confidence vulnerabilities found.

This PR adds a single CI step (npm run build) to .github/workflows/visual-baselines.yml before Playwright captures visual baselines. The change aligns that workflow with the existing playwright-visual job in test.yml.

Scope reviewed

Area Assessment
Injection (command, path, template) None. The added step is a static npm run build invocation with no user-controlled inputs.
Authn / authz Unchanged. Workflow remains workflow_dispatch-only; trigger permissions are unchanged.
Secrets / logging Unchanged. No new secrets, tokens, or log output.
SSRF / XSS / deserialization Not applicable. No runtime application code or network-facing logic changed.
Supply chain Unchanged. No new dependencies or third-party actions introduced.

Context

In CI, Playwright's webServer runs npm run preview:static (serves prebuilt dist/) and does not build. Without an explicit build step, the preview server had no artifacts to serve. Adding npm run build fixes that operational gap and matches the pattern already used in test.yml.

Pre-existing notes (not introduced by this PR)

  • The workflow already grants contents: write and pull-requests: write and uses peter-evans/create-pull-request@v8 to open baseline-refresh PRs. That is intentional for this automation; only users who can manually dispatch workflows can trigger it.
  • Anyone with workflow_dispatch permission can regenerate committed snapshot PNGs. That is a process/integrity consideration, not a new exposure from this diff.

No remediation required for security purposes.

Open in Web View Automation 

Sent by Cursor Automation: Find vulnerabilities

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cuberhaus