meta: merge `output-watcher` and `e2e` workflows (#4886)

The upsides are:

- We will run e2e test suite only on PRs that need it (because no output
  changes means same e2e result).
- The workflow will now
also add the `pending-e2e-tests` only on community PRs that actually
  need it.
- Adding the `safe to test` label will also allow the diff checker to be
  more precise – before it had to ignore all changes outside of
  `packages/`.

The downside is that the actual e2e will start only once the diff has
been calculated (which takes about 1 minute atm).

.github/workflows/e2e.yml

@@ -24,19 +24,191 @@ on:
     paths:
       - .github/workflows/e2e.yml
 
-concurrency: ${{ github.workflow }}--${{ github.ref }}
+concurrency:
+  group: ${{ github.workflow }}--${{ github.ref }}
+  cancel-in-progress:
+    # For PRs coming from forks, we need the previous job to run until the end
+    # to be sure it can remove the `safe to test` label before it affects the next run.
+    ${{ github.event.pull_request.head.repo.full_name == github.repository }}
 
+permissions:
+  pull-requests: write
 env:
   YARN_ENABLE_GLOBAL_CACHE: false
 
 jobs:
+  compare_diff:
+    runs-on: ubuntu-latest
+    env:
+      DIFF_BUILDER: true
+    outputs:
+      diff: ${{ steps.diff.outputs.OUTPUT_DIFF }}
+      is_accurate_diff: ${{ steps.diff.outputs.IS_ACCURATE_DIFF }}
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 2
+          ref: refs/pull/${{ github.event.pull_request.number }}/merge
+      - name: Check if there are "unsafe" changes
+        id: build_chain_changes
+        # If there are changes in JS script that generates the output, we cannot
+        # test them here without human review to make sure they don't contain
+        # someting "nasty".
+        run: |
+          EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
+          echo "MIGHT_CONTAIN_OTHER_CHANGES<<$EOF" >> "$GITHUB_OUTPUT"
+          git --no-pager diff HEAD^ --name-only bin package.json yarn.lock babel.config.js >> "$GITHUB_OUTPUT"
+          echo "$EOF" >> "$GITHUB_OUTPUT"
+      - run: git reset HEAD^ --hard
+      - name: Get yarn cache directory path
+        id: yarn-cache-dir-path
+        run:
+          echo "dir=$(corepack yarn config get cacheFolder)" >> $GITHUB_OUTPUT
+
+      - uses: actions/cache@v3
+        id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
+        with:
+          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
+          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-yarn-
+      - name: Install Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: lts/*
+      - name: Install dependencies
+        run:
+          corepack yarn workspaces focus $(corepack yarn workspaces list --json
+          | jq -r .name | awk '/^@uppy-example/{ next } { if ($0!="uppy.io")
+          print $0 }')
+        env:
+          # https://docs.cypress.io/guides/references/advanced-installation#Skipping-installation
+          CYPRESS_INSTALL_BINARY: 0
+      - run: corepack yarn build:lib
+      - name: Store output file
+        run: tar cf /tmp/previousVersion.tar packages/@uppy/*/lib
+      - name: Fetch source from the PR
+        if: steps.build_chain_changes.outputs.MIGHT_CONTAIN_OTHER_CHANGES == ''
+        run: |
+          git checkout FETCH_HEAD -- packages
+          echo 'IS_ACCURATE_DIFF=true' >> "$GITHUB_ENV"
+      - name: Fetch source from the PR
+        if:
+          steps.build_chain_changes.outputs.MIGHT_CONTAIN_OTHER_CHANGES != '' &&
+          (!github.event.pull_request ||
+          (contains(github.event.pull_request.labels.*.name, 'safe to test') &&
+          github.event.pull_request.state == 'open') ||
+          (github.event.pull_request.head.repo.full_name == github.repository &&
+          github.event.event_name != 'labeled'))
+        run: |
+          git reset FETCH_HEAD --hard
+          corepack yarn workspaces focus $(\
+            corepack yarn workspaces list --json | \
+            jq -r .name | \
+            awk '/^@uppy-example/{ next } { if ($0!="uppy.io") print $0 }'\
+          )
+          echo 'IS_ACCURATE_DIFF=true' >> "$GITHUB_ENV"
+        env:
+          # https://docs.cypress.io/guides/references/advanced-installation#Skipping-installation
+          CYPRESS_INSTALL_BINARY: 0
+      - run: corepack yarn build:lib
+      - name: Store output file
+        run: tar cf /tmp/newVersion.tar packages/@uppy/*/lib
+      - name: Setup git
+        run: |
+          git config --global user.email "actions@github.com"
+          git config --global user.name "GitHub Actions"
+          git init /tmp/uppy
+          echo '*.map' > /tmp/uppy/.gitignore
+      - name: Install dformat
+        run: |
+          curl -fsSL https://dprint.dev/install.sh | sh
+          cd /tmp/uppy && echo '{"plugins":[]}' > dprint.json && "$HOME/.dprint/bin/dprint" config add typescript
+      - name: Extract previous version
+        run: cd /tmp/uppy && tar xf /tmp/previousVersion.tar
+      - name: Format previous output code
+        run: cd /tmp/uppy && "$HOME/.dprint/bin/dprint" fmt **/*.js
+      - name: Commit previous version
+        run: cd /tmp/uppy && git add -A . && git commit -m 'previous version'
+      - name: Extract new version
+        run: cd /tmp/uppy && tar xf /tmp/newVersion.tar
+      - name: Format new output code
+        run: cd /tmp/uppy && "$HOME/.dprint/bin/dprint" fmt **/*.js
+      - name: Build diff
+        id: diff
+        run: |
+          EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
+          echo "OUTPUT_DIFF<<$EOF" >> "$GITHUB_OUTPUT"
+          cd /tmp/uppy && git --no-pager diff >> "$GITHUB_OUTPUT"
+          echo "$EOF" >> "$GITHUB_OUTPUT"
+          echo "IS_ACCURATE_DIFF=$IS_ACCURATE_DIFF" >> "$GITHUB_OUTPUT"
+      - name: Add/update comment
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          message: |
+            <details><summary>Diff output files</summary>
+
+            ```diff
+            ${{ steps.diff.outputs.OUTPUT_DIFF || 'No diff' }}
+            ```
+
+            ${{ env.IS_ACCURATE_DIFF != 'true' && format('The following build files have been modified and might affect the actual diff:\n\n```\n{}```', steps.build_chain_changes.outputs.MIGHT_CONTAIN_OTHER_CHANGES) || '' }}
+
+            </details>
+      - name: Remove 'safe to test' label if cancelled
+        if:
+          cancelled() && github.event.pull_request.head.repo.full_name !=
+          github.repository
+        run: gh pr edit "$NUMBER" --remove-label 'safe to test'
+        env:
+          NUMBER: ${{ github.event.pull_request.number }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  toggle-pending-e2e-label:
+    # Add the 'pending end-to-end tests' label for PRs that come from forks.
+    # For those PRs, we want to review the code before running e2e tests.
+    # See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/.
+    needs: [compare_diff]
+    if:
+      github.event.pull_request.state == 'open' &&
+      github.event.pull_request.head.repo.full_name != github.repository
+    runs-on: ubuntu-latest
+    steps:
+      - name: Add label
+        if:
+          (needs.compare_diff.outputs.diff != '' ||
+          !needs.compare_diff.outputs.is_accurate_diff) &&
+          (!contains(github.event.pull_request.labels.*.name, 'safe to test') &&
+          !contains(github.event.pull_request.labels.*.name, 'pending end-to-end
+          tests'))
+        env:
+          NUMBER: ${{ github.event.pull_request.number }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run:
+          gh pr edit "$NUMBER" --repo ${{ github.repository }} --add-label
+          'pending end-to-end tests'
+      - name: Remove label
+        if:
+          needs.compare_diff.outputs.diff == '' &&
+          needs.compare_diff.outputs.is_accurate_diff &&
+          (contains(github.event.pull_request.labels.*.name, 'safe to test') ||
+          contains(github.event.pull_request.labels.*.name, 'pending end-to-end
+          tests'))
+        env:
+          NUMBER: ${{ github.event.pull_request.number }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run:
+          gh pr edit "$NUMBER" --remove-label 'safe to test' --remove-label
+          'pending end-to-end tests'
+
   e2e:
+    needs: [compare_diff]
     if:
-      ${{ !github.event.pull_request ||
-      (contains(github.event.pull_request.labels.*.name, 'safe to test') &&
+      ${{ needs.compare_diff.outputs.diff != '' && (!github.event.pull_request
+      || (contains(github.event.pull_request.labels.*.name, 'safe to test') &&
       github.event.pull_request.state == 'open') ||
       (github.event.pull_request.head.repo.full_name == github.repository &&
-      github.event.event_name != 'labeled') }}
+      github.event.event_name != 'labeled')) }}
     name: Browser tests
     runs-on: ubuntu-latest
     steps:
@@ -109,41 +281,13 @@ jobs:
           path: |
             e2e/cypress/videos/
             e2e/cypress/screenshots/
-      - name: Remove 'pending end-to-end tests' label
-        # Remove the 'pending end-to-end tests' label if tests ran successfully
-        if:
-          github.event.pull_request &&
-          contains(github.event.pull_request.labels.*.name, 'pending end-to-end
-          tests')
-        run: gh pr edit "$NUMBER" --remove-label 'pending end-to-end tests'
-        env:
-          NUMBER: ${{ github.event.pull_request.number }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Remove 'safe to test' label
-        # Remove the 'safe to test' label to ensure next commit needs approval before re-running this.
+      - name: Remove labels
         if:
-          always() && github.event.pull_request &&
-          contains(github.event.pull_request.labels.*.name, 'safe to test')
-        run: gh pr edit "$NUMBER" --remove-label 'safe to test'
-        env:
-          NUMBER: ${{ github.event.pull_request.number }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  add-pending-e2e-label:
-    # Add the 'pending end-to-end tests' label for PRs that come from forks.
-    # For those PRs, we want to review the code before running e2e tests.
-    # See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/.
-    if:
-      github.event.pull_request.state == 'open' &&
-      github.event.pull_request.head.repo.full_name != github.repository &&
-      !contains(github.event.pull_request.labels.*.name, 'safe to test') &&
-      !contains(github.event.pull_request.labels.*.name, 'pending end-to-end
-      tests')
-    runs-on: ubuntu-latest
-    steps:
-      - name: Add label
+          always() && github.event.pull_request.head.repo.full_name !=
+          github.repository
+        run:
+          gh pr edit "$NUMBER" --remove-label 'safe to test' --remove-label
+          'pending end-to-end tests'
         env:
           NUMBER: ${{ github.event.pull_request.number }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run:
-          gh pr edit "$NUMBER" --repo ${{ github.repository }} --add-label
-          'pending end-to-end tests'

.github/workflows/output-watcher.yml

@@ -1,101 +0,0 @@
-name: Compare JS output
-
-on:
-  pull_request:
-    # We want all branches so we configure types to be the GH default again
-    types: [opened, synchronize, reopened]
-    paths:
-      - '.github/workflows/output-watcher.yml'
-      - 'bin/build-lib.js'
-  pull_request_target:
-    # We want all branches so we configure types to be the GH default again
-    types: [opened, synchronize, reopened]
-    paths:
-      - 'packages/@uppy/*/src/**/*'
-
-permissions:
-  pull-requests: write
-env:
-  YARN_ENABLE_GLOBAL_CACHE: false
-  DIFF_BUILDER: true
-
-jobs:
-  compare_diff:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout sources
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 2
-          ref: refs/pull/${{ github.event.pull_request.number }}/merge
-      - run: git reset HEAD^ --hard
-      - name: Get yarn cache directory path
-        id: yarn-cache-dir-path
-        run:
-          echo "dir=$(corepack yarn config get cacheFolder)" >> $GITHUB_OUTPUT
-
-      - uses: actions/cache@v3
-        id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
-        with:
-          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
-          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-yarn-
-      - name: Install Node.js
-        uses: actions/setup-node@v3
-        with:
-          node-version: lts/*
-      - name: Install dependencies
-        run:
-          corepack yarn workspaces focus $(corepack yarn workspaces list --json
-          | jq -r .name | awk '/^@uppy-example/{ next } { if ($0!="uppy.io")
-          print $0 }')
-        env:
-          # https://docs.cypress.io/guides/references/advanced-installation#Skipping-installation
-          CYPRESS_INSTALL_BINARY: 0
-      - run: corepack yarn build:lib
-      - name: Store output file
-        run: tar cf /tmp/previousVersion.tar packages/@uppy/*/lib
-      - name: Fetch source from the PR
-        run: git checkout FETCH_HEAD -- packages
-      - run: corepack yarn build:lib
-      - name: Store output file
-        run: tar cf /tmp/newVersion.tar packages/@uppy/*/lib
-      - name: Setup git
-        run: |
-          git config --global user.email "actions@github.com"
-          git config --global user.name "GitHub Actions"
-          git init /tmp/uppy
-          echo '*.map' > /tmp/uppy/.gitignore
-      - name: Install dformat
-        run: |
-          curl -fsSL https://dprint.dev/install.sh | sh
-          cd /tmp/uppy && echo '{"plugins":[]}' > dprint.json && "$HOME/.dprint/bin/dprint" config add typescript
-      - name: Extract previous version
-        run: cd /tmp/uppy && tar xf /tmp/previousVersion.tar
-      - name: Format previous output code
-        run: cd /tmp/uppy && "$HOME/.dprint/bin/dprint" fmt **/*.js
-      - name: Commit previous version
-        run: cd /tmp/uppy && git add -A . && git commit -m 'previous version'
-      - name: Extract new version
-        run: cd /tmp/uppy && tar xf /tmp/newVersion.tar
-      - name: Format new output code
-        run: cd /tmp/uppy && "$HOME/.dprint/bin/dprint" fmt **/*.js
-      - name: Build diff
-        id: diff
-        run: |
-          EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
-          echo "OUTPUT_DIFF<<$EOF" >> "$GITHUB_OUTPUT"
-          cd /tmp/uppy && git --no-pager diff >> "$GITHUB_OUTPUT"
-          echo "$EOF" >> "$GITHUB_OUTPUT"
-      - name: Add/update comment
-        uses: marocchino/sticky-pull-request-comment@v2
-        with:
-          message: |
-            <details><summary>Diff output files</summary>
-
-            ```diff
-            ${{ steps.diff.outputs.OUTPUT_DIFF || 'No diff' }}
-            ```
-
-            </details>