Skip to content

added temp workflow#4317

Open
adamhaeger wants to merge 2 commits into
mainfrom
chore/percy-baseline
Open

added temp workflow#4317
adamhaeger wants to merge 2 commits into
mainfrom
chore/percy-baseline

Conversation

@adamhaeger

@adamhaeger adamhaeger commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Description

Adds a workflow that will run a single time in order to establish a percy baseline in monorepo.

Related Issue(s)

  • closes #{issue number}

Verification/QA

  • Manual functionality testing
    • I have tested these changes manually
    • Creator of the original issue (or service owner) has been contacted for manual testing (or will be contacted when released in alpha)
    • No testing done/necessary
  • Automated tests
    • Unit test(s) have been added/updated
    • Cypress E2E test(s) have been added/updated
    • No automatic tests are needed here (no functional changes/additions)
    • I want someone to help me make some tests
  • UU/WCAG (follow these guidelines until we have our own)
    • I have tested with a screen reader/keyboard navigation/automated wcag validator
    • No testing done/necessary (no DOM/visual changes)
    • I want someone to help me perform accessibility testing
  • User documentation @ altinn-studio-docs
    • Has been added/updated
    • No functionality has been changed/added, so no documentation is needed
    • I will do that later/have created an issue
  • Support in Altinn Studio
    • Issue(s) created for support in Studio
    • This change/feature does not require any changes to Altinn Studio
  • Sprint board
    • The original issue (or this PR itself) has been added to the Team Apps project and to the current sprint board
    • I don't have permissions to do that, please help me out
  • Labels
    • I have added a kind/* and backport* label to this PR for proper release notes grouping
    • I don't have permissions to add labels, please help me out

Summary by CodeRabbit

  • Tests
    • Added a new automated Cypress run for relevant code changes, including visual checks with Percy.
    • Improved coverage for both internal and forked pull request runs, with better failure logs and artifacts.
  • Chores
    • Enabled manual triggering and expanded the workflow to run on additional relevant events.

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Warning

Review limit reached

@adamhaeger, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 36 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 38df9168-33d0-44bd-9985-1c865d067813

📥 Commits

Reviewing files that changed from the base of the PR and between 030d08e and 6b6ea93.

📒 Files selected for processing (1)
  • .github/workflows/cypress-percy-baseline.yml
📝 Walkthrough

Walkthrough

A new GitHub Actions workflow .github/workflows/cypress-percy-baseline.yml is added. It triggers on pushes to chore/percy-baseline, pull request events for specific paths, and manual dispatch. It defines three jobs: install (builds and uploads dist), cypress-run-internal (runs Cypress with Percy in a sharded matrix for non-fork scenarios), and cypress-run-external (runs Cypress without Percy for forked PRs).

Changes

Cypress Percy Baseline Workflow

Layer / File(s) Summary
Workflow triggers and install job
.github/workflows/cypress-percy-baseline.yml
Defines push, pull request, and workflow_dispatch triggers, then an install job that checks out code, installs dependencies, and uploads the compiled dist artifact.
Cypress internal and external run jobs
.github/workflows/cypress-percy-baseline.yml
Adds cypress-run-internal (non-fork, Percy recording via environment secrets, 6-shard matrix, logs on failure) and cypress-run-external (forked PRs, no Percy, uploads logs/screenshots/videos on failure).

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name Status Explanation Resolution
Title check ❓ Inconclusive The title is related to the change but too generic and non-descriptive to identify the main update. Use a concise, specific title like "Add temporary Percy baseline workflow".
✅ Passed checks (4 passed)
Check name Status Explanation
Description check ✅ Passed The description follows the required template and includes the main summary and verification sections.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/percy-baseline

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/cypress-percy-baseline.yml:
- Around line 77-82: The Percy command selection in the workflow is too narrow:
it only sets PERCY_COMMAND for main or non-draft PRs, so runs on the baseline
branch can leave command-prefix empty and skip baseline capture. Update the
conditional in the Percy setup step so the branch used for baseline generation
(the chore/percy-baseline ref) also sets PERCY_COMMAND, while keeping the
existing main and non-draft PR behavior intact. Use the existing Set Percy
command based on PR draft status or main branch step to locate the change.
- Around line 6-16: The path filters in this workflow still point to
cypress.yml, so changes to cypress-percy-baseline.yml will not trigger the
workflow. Update both the push.paths and pull_request.paths entries in
cypress-percy-baseline.yml to include this workflow file name, so its own edits
run the workflow. Use the workflow filename itself as the unique reference when
making the filter change.
- Around line 32-33: The Checkout steps in the Cypress Percy baseline workflow
are leaving credentials persisted, which exposes the repo token to PR-run code;
update every actions/checkout usage in this workflow by adding
persist-credentials: false. Make this change on each Checkout step so untrusted
yarn/Cypress execution cannot read the token from .git/config, and keep the
existing checkout action references intact.
- Around line 138-145: The external Cypress job is starting Cypress before the
local server is ready because the Cypress action block in the workflow lacks the
same wait step used elsewhere. Update the Cypress run step in the workflow to
include wait-on alongside the existing start command, using the same localhost
8080 URL so the job waits for http-server to be available before running tests.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: bf24a454-e766-4b41-93f3-9ba4f2825b49

📥 Commits

Reviewing files that changed from the base of the PR and between 4ba1915 and 030d08e.

📒 Files selected for processing (1)
  • .github/workflows/cypress-percy-baseline.yml

Comment thread .github/workflows/cypress-percy-baseline.yml Outdated
Comment on lines +32 to +33
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

file=".github/workflows/cypress-percy-baseline.yml"

echo "== full file with line numbers =="
cat -n "$file"

echo
echo "== checkout usages =="
rg -n "actions/checkout|persist-credentials|upload-artifact|artifact|pull_request|workflow_dispatch|checkout" "$file"

Repository: Altinn/app-frontend-react

Length of output: 7741


Disable credential persistence on every checkout.
These PR-facing jobs run untrusted code and upload artifacts, so leaving the repo token in .git/config lets that code exfiltrate it during yarn/Cypress execution. Add persist-credentials: false to all actions/checkout steps (32-33, 68-69, 129-130).

🧰 Tools
🪛 zizmor (1.26.1)

[warning] 32-33: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/cypress-percy-baseline.yml around lines 32 - 33, The
Checkout steps in the Cypress Percy baseline workflow are leaving credentials
persisted, which exposes the repo token to PR-run code; update every
actions/checkout usage in this workflow by adding persist-credentials: false.
Make this change on each Checkout step so untrusted yarn/Cypress execution
cannot read the token from .git/config, and keep the existing checkout action
references intact.

Source: Linters/SAST tools

Comment on lines +77 to +82
- name: Set Percy command based on PR draft status or main branch
shell: bash
run: |
if [ "${{ github.ref }}" == "refs/heads/main" ] || [ "${{ github.event.pull_request.draft }}" == "false" ]; then
echo "PERCY_COMMAND=percy exec --parallel -- npx" >> $GITHUB_ENV
fi

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

This disables Percy on the baseline branch.

The only push trigger here is chore/percy-baseline, but PERCY_COMMAND is only set for main or non-draft PRs. A push or manual run on the baseline branch therefore leaves command-prefix empty and records no Percy baseline, which defeats the purpose of this workflow.

Also applies to: 100-100

🧰 Tools
🪛 zizmor (1.26.1)

[error] 80-80: code injection via template expansion (template-injection): may expand into attacker-controllable code

(template-injection)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/cypress-percy-baseline.yml around lines 77 - 82, The Percy
command selection in the workflow is too narrow: it only sets PERCY_COMMAND for
main or non-draft PRs, so runs on the baseline branch can leave command-prefix
empty and skip baseline capture. Update the conditional in the Percy setup step
so the branch used for baseline generation (the chore/percy-baseline ref) also
sets PERCY_COMMAND, while keeping the existing main and non-draft PR behavior
intact. Use the existing Set Percy command based on PR draft status or main
branch step to locate the change.

Comment on lines +138 to +145
- name: Cypress run
uses: cypress-io/github-action@dace029018fcdf86e0df89a31bc3cfa5b32570d8 # v7.3.0
with:
start: 'npx http-server dist --cors="*" -p 8080'
browser: chrome
spec: test/e2e/integration
env: environment=tt02

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the workflow around the referenced lines
sed -n '120,165p' .github/workflows/cypress-percy-baseline.yml

# Find other Cypress action usages and any wait-on settings in the repo
rg -n "cypress-io/github-action|wait-on|http-server dist --cors" .github/workflows . -g '!**/node_modules/**'

# Pull the action docs from the source as available in the repo if referenced
rg -n "wait-on" .github . -g '!**/node_modules/**'

Repository: Altinn/app-frontend-react

Length of output: 2934


🌐 Web query:

cypress-io/github-action wait-on start command default behavior documentation

💡 Result:

In the cypress-io/github-action, the wait-on parameter is used to pause the execution of Cypress tests until a specified local server or service is ready [1][2]. Its behavior is as follows: - Purpose: When you provide a start command to run your application in the background, the action needs to ensure the application has finished booting up before attempting to execute Cypress tests [1][3]. The wait-on parameter specifies the URL (or multiple comma-separated URLs) the action should ping until it receives a response [1][2]. - Default Timeout: By default, the wait-on process will retry for 60 seconds [1][4]. - Configuration: You can override the default retry duration by using the wait-on-timeout parameter, which accepts a value in seconds [1][2]. - Relationship to Start Command: The wait-on parameter does not automatically run a start command; rather, it is a mechanism used in conjunction with the start parameter [1][5]. The action executes the start command first, then uses wait-on to verify the application's availability before starting the Cypress test process [1][2]. If you do not specify a wait-on parameter, the action will proceed to run Cypress tests immediately after executing the start command (if one is provided), which may lead to connection errors if your application requires time to initialize [1].

Citations:


Add wait-on to the external Cypress job.
cypress-io/github-action runs Cypress immediately after start unless wait-on is set, so this fork-PR path can race http-server startup and fail intermittently. Add the same wait-on: 'http://localhost:8080' used elsewhere.

Suggested fix
       - name: Cypress run
         uses: cypress-io/github-action@dace029018fcdf86e0df89a31bc3cfa5b32570d8 # v7.3.0
         with:
           start: 'npx http-server dist --cors="*" -p 8080'
+          wait-on: 'http://localhost:8080'
           browser: chrome
           spec: test/e2e/integration
           env: environment=tt02
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Cypress run
uses: cypress-io/github-action@dace029018fcdf86e0df89a31bc3cfa5b32570d8 # v7.3.0
with:
start: 'npx http-server dist --cors="*" -p 8080'
browser: chrome
spec: test/e2e/integration
env: environment=tt02
- name: Cypress run
uses: cypress-io/github-action@dace029018fcdf86e0df89a31bc3cfa5b32570d8 # v7.3.0
with:
start: 'npx http-server dist --cors="*" -p 8080'
wait-on: 'http://localhost:8080'
browser: chrome
spec: test/e2e/integration
env: environment=tt02
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/cypress-percy-baseline.yml around lines 138 - 145, The
external Cypress job is starting Cypress before the local server is ready
because the Cypress action block in the workflow lacks the same wait step used
elsewhere. Update the Cypress run step in the workflow to include wait-on
alongside the existing start command, using the same localhost 8080 URL so the
job waits for http-server to be available before running tests.

@adamhaeger adamhaeger added backport-ignore This PR is a new feature and should not be cherry-picked onto release branches kind/other Pull requests containing chores/repo structure/other changes labels Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport-ignore This PR is a new feature and should not be cherry-picked onto release branches kind/other Pull requests containing chores/repo structure/other changes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant