sentry/.github/workflows/visual-diff.yml

name: visual diff
on:
  # This allows PRs opened from forks to execute the Visual Snapshots
  # since secrets are not passed to workflows when triggered via forks
  # Using workflow_run is less preferred since it executes even when jobs
  # do not pass
  workflow_run:
    workflows:
      - acceptance
    types:
      - completed

jobs:
  files-changed:
    name: detect what files changed
    runs-on: ubuntu-20.04
    timeout-minutes: 3
    # Map a step output to a job output
    outputs:
      acceptance: ${{ steps.changes.outputs.acceptance }}
    steps:
      - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e  # v2

      - name: Check for files changed
        uses: getsentry/paths-filter@66f7f1844185eb7fb6738ea4ea59d74bb99199e5  # v2
        id: changes
        with:
          token: ${{ github.token }}
          filters: .github/file-filters.yml

  visual-diff:
    needs: files-changed
    # Only execute this check when a PR is opened from a fork rather than the upstream repo
    if: github.event.workflow_run.head_repository.full_name != 'getsentry/sentry' && needs.files-changed.outputs.acceptance == 'true'
    runs-on: ubuntu-20.04
    timeout-minutes: 20

    steps:
      - name: Diff snapshots
        id: visual-snapshots-diff
        uses: getsentry/action-visual-snapshot@e832d70549c14886ddc2ab809b436ba72e30e19b  # main
        with:
          api-token: ${{ secrets.VISUAL_SNAPSHOT_SECRET }}
          gcs-bucket: 'sentry-visual-snapshots'
          gcp-service-account-key: ${{ secrets.SNAPSHOT_GOOGLE_SERVICE_ACCOUNT_KEY }}