created-github-action to check if screenshots or videos added to PR description if an html file changes.

[IITI-tushar]

fixes: issue#476

Summary by CodeRabbit

• New Features
  • Introduced an automated validation process that checks for media attachments whenever HTML content is modified. This enhancement ensures that visual updates are accompanied by relevant images or links, facilitating clearer reviews and more informative pull requests.

[coderabbitai]

Walkthrough

A new GitHub Actions workflow has been introduced to enforce that pull requests modifying HTML files include media attachments. The workflow triggers on pull request events (open, reopen, edit, or synchronize) and, after verifying exemptions via labels or title prefixes, checks if the changed files include HTML. If HTML files are present, it looks for media attachments in the pull request body. When no media is found and no prior bot comment exists, the workflow posts a comment detailing missing media along with instructions.

Changes

File(s)	Change Summary
.github/workflows/enforce-media-attachments.yml	New GitHub Actions workflow that enforces media attachments in PRs modifying HTML files, including exemption checks and bot comments.

Sequence Diagram(s)

sequenceDiagram
    participant User as PR Author
    participant GH as GitHub
    participant Workflow as Media Attachment Checker

    User->>GH: Open/Reopen/Edit/Synchronize PR
    GH->>Workflow: Trigger Workflow
    Workflow->>Workflow: Check for exempt labels/prefixes
    alt PR is exempt
        Workflow-->>GH: Log exemption and exit
    else
        Workflow->>Workflow: Retrieve changed files
        Workflow->>Workflow: Filter for HTML files
        alt No HTML files modified
            Workflow-->>GH: Log and exit
        else
            Workflow->>Workflow: Check PR body for media attachments
            alt Media attachments found
                Workflow-->>GH: Log confirmation
            else
                Workflow->>Workflow: Check for existing bot comment
                alt No bot comment exists
                    Workflow->>GH: Post comment on PR detailing missing media
                end
            end
        end
    end

Loading

Tip

⚡💬 Agentic Chat (Pro Plan, General Availability)

• We're introducing multi-step agentic chat in review comments and issue comments, within and outside of PR's. This feature enhances review and issue discussions with the CodeRabbit agentic chat by enabling advanced interactions, including the ability to create pull requests directly from comments and add commits to existing pull requests.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c2f7fa7 and 257ad5e.

📒 Files selected for processing (1)

• .github/workflows/enforce-media-attachments.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/enforce-media-attachments.yml

17-17: the runner of "actions/github-script@v6" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Run Tests

🔇 Additional comments (16)

.github/workflows/enforce-media-attachments.yml (16)

1-2: Workflow Naming: Clear and Descriptive

The workflow name, "Enforce Media Attachments for HTML Changes," is clear and accurately reflects its purpose.

---

7-10: Permissions Setup: Minimal and Appropriate

The permissions (pull-requests: write and contents: read) are set appropriately to allow commenting and file reading.

---

11-15: Job Configuration: Clear and Standard

The job check-media-attachments is well defined with a descriptive name and standard environment (ubuntu-latest).

---

21-24: PR Context Initialization: Clear and Concise

Extracting the pull request context (pr, prNumber, and repo) is handled cleanly and makes later references straightforward.

---

25-26: Informative Logging: Useful for Debugging

The log statement reporting the PR number and action purpose is clear and aids in debugging the workflow execution.

---

27-32: Label-Based Exemption Logic: Correct Implementation

The code checks if the PR has any exempt labels (e.g., dependencies, documentation, typo, ci, chore). This implementation is clear and effective in bypassing checks for exempt PRs.

---

33-36: Title Prefix Exemption: Well-Implemented

The logic for exempting PRs based on title prefixes (docs:, chore:, deps:, ci:) is straightforward and effective.

---

38-41: Exemption Handling: Efficient Early Return

The early return when either an exempt label or title prefix is detected ensures that unnecessary processing is avoided.

---

51-55: HTML File Filtering: Accurate Detection

Filtering for files ending with .html or .htm is implemented correctly and should reliably identify HTML files affected by the PR.

---

57-60: Early Exit on Non-HTML PRs: Optimizes Workflow

The script exits early if no HTML files are modified, which is an efficient way to avoid unnecessary checks.

---

62-63: Logging HTML Changes: Clear Confirmation

Logging the number of modified HTML files provides clear feedback in the logs and aids in debugging.

---

64-69: Media Attachment Detection: Comprehensive Regex Checks

The regular expressions for detecting Markdown images, direct image links, video links, and GitHub uploads are robust and should cover the most common cases.

---

71-74: Media Presence Check: Appropriate Conditional Handling

The conditional check correctly identifies if any media attachments are present in the PR body and exits early if found, which is the desired behavior.

---

75-86: Duplicate Comment Prevention: Effective Strategy

Fetching existing comments and checking for a previous bot comment with 'Missing Media Attachments' ensures that duplicate notifications are not posted.

---

88-113: Comment Posting: Detailed and User-Friendly

The code constructs a detailed comment that lists modified HTML files and provides clear instructions on how to add screenshots or videos. The use of template literals for dynamically generating the list of modified HTML files is effective. Ensure that the multiline string is correctly formatted in the context of the GitHub API payload.

---

3-6:

Details

❓ Verification inconclusive

Trigger Event Configuration: Use of pull_request_target

The workflow is configured to trigger on pull request target events (opened, reopened, edited, and synchronize). Ensure that using pull_request_target aligns with your security model, as it executes in the context of the base repository.

---

Subject: Verify use of pull_request_target trigger in security model

The configuration in .github/workflows/enforce-media-attachments.yml correctly uses the pull_request_target trigger. However, please ensure this choice aligns with your security model since workflows triggered via pull_request_target run with the base repository’s permissions.

• Action Required: Manually verify that the use of pull_request_target in this context does not expose unintended security risks. If your design already accounts for the implications of executing workflows with base repo permissions, then this configuration is acceptable.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 257ad5e and 05ab7ef.

📒 Files selected for processing (1)

• .github/workflows/enforce-media-attachments.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/enforce-media-attachments.yml

16-16: could not parse as YAML: yaml: line 16: did not find expected key

(syntax-check)

🪛 YAMLlint (1.35.1)

.github/workflows/enforce-media-attachments.yml

[warning] 3-3: truthy value should be one of [false, true]

(truthy)

---

[error] 17-17: syntax error: expected , but found '-'

(syntax)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Run Tests

🔇 Additional comments (8)

.github/workflows/enforce-media-attachments.yml (8)

1-15: Workflow Structure and Metadata are Solid.
The workflow’s name, trigger events (pull_request_target with specified types), and permissions are defined clearly. This provides a strong foundation for the job configuration and improves overall readability and maintainability.

🧰 Tools

🪛 YAMLlint (1.35.1)

[warning] 3-3: truthy value should be one of [false, true]

(truthy)

---

28-37: Exemption Logic is Robust.
The exemption mechanism—checking for specific labels (e.g., 'dependencies', 'documentation', etc.) and title prefixes (like docs:, chore:, etc.)—is well implemented. This ensures that PRs not requiring media attachments are properly excluded from further checks.

---

52-56: HTML File Filtering is Correct.
The filtering on file extensions (checking for both .html and .htm) is comprehensive and correctly captures all relevant HTML files.

---

58-61: Graceful Handling When No HTML Files are Modified.
The log message and early return logic when no HTML files are detected ensure that the workflow does not perform unnecessary checks. This is a clean and efficient approach.

---

65-70: Comprehensive Media Attachment Regex Checks.
The regular expressions used to detect Markdown images, direct image links, video links, and GitHub uploads are well-crafted. They effectively cover the common media types needed for visual verification.

---

77-88: Duplicate Bot Comment Check is Sound.
The logic that retrieves existing issue comments and checks for a prior comment from github-actions[bot] (containing the phrase "Missing Media Attachments") is effective. This avoids spamming the PR with duplicate messages.

---

89-113: Automated Comment for Missing Media is Well-Formatted.
The comment body that gets posted when no media attachments are found is clear and instructive. It lists the modified HTML files and provides actionable instructions for the contributor. This enhances communication and helps guide proper PR documentation.

---

114-115: Final Logging is Clear.
The console log at the end confirms that a comment has been added, which aids in debugging and verifying that the workflow has executed as intended.

[coderabbitai]

Actionable comments posted: 4

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 05ab7ef and 2973f14.

📒 Files selected for processing (1)

• .github/workflows/enforce-media-attachments.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Run Tests

🔇 Additional comments (11)

.github/workflows/enforce-media-attachments.yml (11)

1-2: Action Metadata is Clear and Descriptive
The workflow name clearly conveys its purpose of enforcing media attachments for HTML changes.

---

3-6: PR Event Triggers are Well-Defined
The workflow is triggered on the essential pull request events (opened, reopened, edited, synchronize), ensuring that changes are evaluated promptly.

---

7-10: Permissions are Appropriately Scoped
Defining pull-requests: write and contents: read ensures the action has the minimum necessary privileges to operate securely.

---

11-16: Job Configuration and Environment Setup are Correct
The job is set to run on ubuntu-latest and clearly describes its objective. The step names and structure aid in readability.

---

17-17: Updated GitHub Script Version
Using actions/github-script@v6.1.0 addresses previous issues with outdated versions. This update is aligned with best practices.

---

18-20: Inline Script Block Setup is Solid
The GitHub token is correctly injected and the inline script block is set up properly for executing the custom logic.

---

21-26: Proper Initialization and Logging
The script correctly extracts the pull request object, PR number, and repository context. The logging statement helps with debugging and traceability.

---

42-48: Comprehensive File Retrieval with Pagination
Using github.paginate with per_page: 100 guarantees that all files, even in very large PRs, are retrieved. This addresses the typical pitfalls with fixed-page queries.

---

50-54: Accurate HTML File Filtering
The filter correctly identifies files ending with .html or .htm, ensuring that only relevant changes trigger further media checks.

---

56-59: Efficient Early Exit on Non-HTML Changes
Exiting early when no HTML files are present avoids extra processing and unnecessary API calls, optimizing the workflow performance.

---

70-73: Early Return on Detected Media Attachments
The script promptly exits if any media attachment is found, which is efficient and prevents redundant processing.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2973f14 and 647bc7f.

📒 Files selected for processing (1)

• .github/workflows/enforce-media-attachments.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Run Tests

🔇 Additional comments (9)

.github/workflows/enforce-media-attachments.yml (9)

1-10: Workflow Trigger and Permissions Setup

The workflow’s metadata is clearly defined with a descriptive name, proper event triggers (pull_request_target with appropriate types), and minimal yet sufficient permissions (pull-requests: write, contents: read). This aligns well with the PR objective.

---

15-17: Updated GitHub Script Version

The step that invokes the media attachment check now uses actions/github-script@v6.1.0, which addresses the previous concerns about an outdated version. This update ensures you benefit from the latest fixes and improvements.

---

21-24: PR Context Initialization

The extraction of the PR context (via context.payload.pull_request and context.repo) is straightforward and correct, setting up necessary variables for subsequent checks.

---

27-33: Efficient File Pagination

Using github.paginate to retrieve the list of changed files with per_page: 100 is a robust solution that ensures even PRs with more than 100 file changes are handled correctly.

---

35-39: HTML File Filtering

Filtering the changed files by checking for .html or .htm extensions is implemented effectively. This covers the common cases for HTML files.

---

41-44: Early Exit on No Relevant Changes

The early return when no HTML files are modified is clearly implemented, which prevents unnecessary processing. The log message further aids in debugging.

---

48-53: Comprehensive Media Attachment Detection

The regex checks for Markdown images, direct image links, video links, and GitHub uploads are well-thought-out to detect various media attachment formats. This effectively minimizes false negatives.

---

55-58: Early Return on Media Presence

The conditional logic to log a confirmation message and exit when media attachments are found is efficient and helps avoid duplicate notifications.

---

72-74: Clean List Construction for Modified HTML Files

The code that constructs a bullet list of modified HTML files is clear and concise, ensuring that the subsequent comment provides a clear summary of affected files.