replace Imgur with GitHub Release Assets for screenshot hosting

[AshBuk]

Fixes #3548

Problem

Imgur API returns "Too Many Requests" errors (code 1025), blocking successfully tested applications from being merged.

Solution

Replace Imgur with GitHub Release Assets:

• Screenshots are uploaded to a draft release named 'ci-screenshots'
• Inline images displayed in PR comments
• Works for PRs from external contributors using workflow_run trigger

Workflow

1. PR created → Test workflow runs
2. worker.sh creates screenshot → database/{APP}/screenshot.png
3. Test workflow uploads artifact (7 days retention) - modify as needed
4. Test succeeds → Publish workflow activates
5. Downloads artifact → Uploads to release ci-screenshots
6. Posts comment on PR with inline images

Security

1. Separation of contexts:

• Untrusted code (PR) → limited permissions → only artifacts
• Trusted code (base repo) → write permissions → data processing

2. Does not execute code from PR in privileged context:

• Only data (PNG) from PR

Reference: Keeping your GitHub Actions and workflows secure: Preventing pwn requests

[AshBuk]

@probonopd
Needs testing as the workflow only triggers on data/** changes.
P.S. If a release asset suddenly fails to render inline on GitHub (rare, but it happens), the easiest fallback is to commit it to a dedicated screenshots branch instead of using a release.

[AshBuk]

This prevents workflow execution in forks - ensures releases and PR comments
are only created in the upstream repository.

[AshBuk]

screenshots are now extracted directly to out/
(matching the actual artifact structure)

[AshBuk]

publish release (not draft) so that URLs render as inline images in PR comments, not just clickable links

[probonopd]

Thank you very much @AshBuk. Let's try this out. It'd be even more elegant if we wouldn't need artifacts or releases for this, but I understand GitHub doesn't allow for posting comments in PRs with pictures via API directly yet.

[probonopd]

Hello @AshBuk could you please have a look as to why no screenshot has been posted to

• Add penguins-eggs data file with GitHub link #3575
• Create FileShows #3571

Looking at the Release, screenshots seem to have been taken.

Thanks!

[AshBuk]

Hi @probonopd ! check #3577
I can see from the logs that the screenshot artifact is present in both PRs, but the second “publisher” workflow didn’t run. Could you please confirm that Actions “Workflow permissions: Read and write” are enabled for the repo?
I re-verified the flow on my fork AshBuk#3
1 screen - The bot triggers on the initial PR run.
2 screen “Re-run all jobs” on the Test workflow also triggers the publisher

If permissions are enabled but the bot still doesn’t run in the upstream repo, I’ll dig into it tomorrow and will try provide a fix.