From 7a7c8108672a04f7c136e7d52cd05d781c94fc28 Mon Sep 17 00:00:00 2001
From: David Gracia <david.gracia@code-sherpas.rocks>
Date: Tue, 12 May 2026 15:19:58 -0600
Subject: [PATCH 1/2] ci(chromatic): skip snapshots on docs-only changes +
 Dependabot PRs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Cuts the snapshot quota burn on changes that cannot affect the visual
output. Two filters added:

1. `paths-ignore` skips Chromatic when the only modified files are
   markdown, changelogs, changesets, or the auto-merge workflow.

2. Top-level `if: github.actor != 'dependabot[bot]'` skips Chromatic
   for Dependabot-authored PRs. The auto-merge workflow already covers
   low-risk dev-dep bumps; running Chromatic on every patch of
   vite/eslint/prettier/etc. spends ~67 snapshots per PR × 2 (PR +
   merge to main) without changing pixels. Major bumps still get a
   manual review, where the maintainer runs Chromatic locally if a
   visual check is warranted.

TurboSnap stays off — the documented `pharos-tokens` CSS-from-
node_modules problem is still real. Tracking issue for re-enabling
TurboSnap once we cache the pharos-tokens content hash in a git-tracked
file is filed separately.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/chromatic.yml | 36 +++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml
index 3ea3e8b..7f9b7d0 100644
--- a/.github/workflows/chromatic.yml
+++ b/.github/workflows/chromatic.yml
@@ -4,12 +4,43 @@ name: Chromatic
 # visual regressions are caught before merge. The first build was seeded
 # locally; subsequent builds run here with CHROMATIC_PROJECT_TOKEN from
 # repo secrets.
+#
+# Snapshot quota lives under a budget (free tier 5000 / OSS tier 7500 per
+# month). Two filters keep CI from spending snapshots on changes that
+# cannot affect the visual output:
+#
+#   - `paths-ignore` skips Chromatic when the only modified files are docs,
+#     changelogs, changesets, or the PR-only `dependabot-auto-merge.yml`.
+#     None of these touch the published bundle or any story.
+#
+#   - The job's top-level `if:` skips Chromatic for Dependabot-authored PRs.
+#     The auto-merge workflow already covers low-risk dev-dep bumps; running
+#     Chromatic on every patch bump of vite/eslint/prettier/etc. spends ~67
+#     snapshots per PR × 2 (PR + merge to main) without ever changing the
+#     pixel output. Major bumps still go through manual review, where a
+#     visual check is done locally before merge.
 
 on:
   push:
     branches: [main]
+    paths-ignore:
+      - '**/*.md'
+      - '**/*.mdx'
+      - '.changeset/**'
+      - 'CHANGELOG.md'
+      - 'LICENSE'
+      - '.github/dependabot.yml'
+      - '.github/workflows/dependabot-auto-merge.yml'
   pull_request:
     branches: [main]
+    paths-ignore:
+      - '**/*.md'
+      - '**/*.mdx'
+      - '.changeset/**'
+      - 'CHANGELOG.md'
+      - 'LICENSE'
+      - '.github/dependabot.yml'
+      - '.github/workflows/dependabot-auto-merge.yml'
 
 permissions:
   contents: read
@@ -21,6 +52,11 @@ concurrency:
 jobs:
   chromatic:
     name: Publish Storybook
+    # Dependabot PRs do not change visuals (dev-deps only after the
+    # auto-merge filter, runtime-dep bumps still receive a manual review
+    # which a maintainer runs Chromatic against locally if needed). Skipping
+    # them here saves the snapshot quota for human-authored PRs.
+    if: github.actor != 'dependabot[bot]'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6

From 4e3c3a4fc8b524be2b32434fc46d9dc9336eb5a0 Mon Sep 17 00:00:00 2001
From: David Gracia <david.gracia@code-sherpas.rocks>
Date: Tue, 12 May 2026 15:44:38 -0600
Subject: [PATCH 2/2] ci(chromatic): drop the Dependabot filter from the quota
 fix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reverts the `if: github.actor != 'dependabot[bot]'` clause introduced
in the previous commit. The path-based filter (`paths-ignore`) stays;
that's pure quota cleanup with zero behaviour change for human PRs.

Reason for the revert: the CTO would rather try TurboSnap first as
the primary quota saver. With TurboSnap reading a content-hash
`pharos-tokens` fingerprint (separate PR, in flight), a Dependabot
bump that does not change the fingerprint will already skip every
snapshot, and a bump that does change it still wants a visual check
— skipping all Dependabot PRs unconditionally would mask the latter
case. The two strategies aren't additive; pick TurboSnap and keep
Dependabot in the pipeline.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/chromatic.yml | 27 ++++++++++-----------------
 1 file changed, 10 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml
index 7f9b7d0..6de66c1 100644
--- a/.github/workflows/chromatic.yml
+++ b/.github/workflows/chromatic.yml
@@ -6,19 +6,17 @@ name: Chromatic
 # repo secrets.
 #
 # Snapshot quota lives under a budget (free tier 5000 / OSS tier 7500 per
-# month). Two filters keep CI from spending snapshots on changes that
-# cannot affect the visual output:
+# month). A `paths-ignore` filter keeps Chromatic from spending snapshots
+# on changes that cannot affect the visual output (docs, changelogs,
+# changesets, dependabot config, the auto-merge workflow). None of these
+# touch the published bundle or any story.
 #
-#   - `paths-ignore` skips Chromatic when the only modified files are docs,
-#     changelogs, changesets, or the PR-only `dependabot-auto-merge.yml`.
-#     None of these touch the published bundle or any story.
-#
-#   - The job's top-level `if:` skips Chromatic for Dependabot-authored PRs.
-#     The auto-merge workflow already covers low-risk dev-dep bumps; running
-#     Chromatic on every patch bump of vite/eslint/prettier/etc. spends ~67
-#     snapshots per PR × 2 (PR + merge to main) without ever changing the
-#     pixel output. Major bumps still go through manual review, where a
-#     visual check is done locally before merge.
+# Dependabot PRs continue to run Chromatic on purpose: a future PR is
+# expected to re-enable TurboSnap with a content-hash fingerprint of
+# `pharos-tokens`, after which a Dependabot bump that does not change the
+# fingerprint will skip every snapshot anyway, and the rare bump that
+# does change it (typically a pharos-tokens release) still wants a
+# visual check.
 
 on:
   push:
@@ -52,11 +50,6 @@ concurrency:
 jobs:
   chromatic:
     name: Publish Storybook
-    # Dependabot PRs do not change visuals (dev-deps only after the
-    # auto-merge filter, runtime-dep bumps still receive a manual review
-    # which a maintainer runs Chromatic against locally if needed). Skipping
-    # them here saves the snapshot quota for human-authored PRs.
-    if: github.actor != 'dependabot[bot]'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6