From 736d52fa8646c14a3a75d003e984874f7ab07de7 Mon Sep 17 00:00:00 2001
From: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Date: Thu, 14 May 2026 02:30:10 +0200
Subject: [PATCH] ci/web: cache uploaded Playwright reports for 30 days
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

S3 key already includes run_id + attempt-N, so each path is write-once
— bumping cache-control to max-age=2592000 + immutable avoids hammering
S3 on report reloads. Matches the GHA artifact retention.

Co-Authored-By: Agent (authentik-i21994-better-mobile-tangelo) <279763771+playpen-agent@users.noreply.github.com>
---
 .github/workflows/ci-web.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci-web.yml b/.github/workflows/ci-web.yml
index 85c301c6ba..16f9d1f07c 100644
--- a/.github/workflows/ci-web.yml
+++ b/.github/workflows/ci-web.yml
@@ -231,10 +231,13 @@ jobs:
             echo "No playwright-report/ produced; skipping S3 upload"
             exit 0
           fi
+          # Reports are stamped with run_id + attempt in S3_KEY_PREFIX, so a given
+          # key is immutable once written — safe to cache aggressively. 30 days
+          # matches the retention-days on the GHA artifact upload above.
           aws s3 cp \
             --recursive \
             --acl=public-read \
-            --cache-control "public, max-age=600" \
+            --cache-control "public, max-age=2592000, immutable" \
             web/playwright-report/ \
             "s3://${S3_BUCKET}/${S3_KEY_PREFIX}/"
       # Same-repo guard: fork PRs run with a read-only GITHUB_TOKEN (even after