FoundryVTT Integration Workflow

[gisikw]

Set up FoundryVTT integration workflow

Create a Github action that can:

• Pull down FoundryVTT from source
• Set the license
• Add the module
• Create a default game and login
• Launch a Selenium environment that allows for basic testing

[gisikw]

Dealing with multiple secrets here:

• Download URL (which can vary)
• License Key (which does not)
• Username & Password (necessary to get the latest Download URL)

Need to ensure that PRs from malicious accounts can't simply update the workflow and output secrets - particularly given that Download URL at least must be a derived secret, and thus won't have protections Github might afford to first-class secrets. Further reading to be done: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

[gisikw]

Work continues - thus far, have been leveraging local Foundry install, and got install working via Github workflow. That said, feels like perhaps the downloading and spinning up of this env ought to be be managed inside package.json, hitting a different port, to bring local and CI development into parity.