Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update danger.js token #26066

Merged
merged 4 commits into from
Jan 27, 2023
Merged

Update danger.js token #26066

merged 4 commits into from
Jan 27, 2023

Conversation

kassens
Copy link
Member

@kassens kassens commented Jan 27, 2023

The old token was revoked, this updates the token by reading from CI secrets instead, I'm not sure there's benefit in making it publicly visible.

@facebook-github-bot facebook-github-bot added CLA Signed React Core Team Opened by a member of the React Core Team labels Jan 27, 2023
@eps1lon
Copy link
Collaborator

eps1lon commented Jan 27, 2023

Pipeline secrets are usually excluded from PRs from forks. We could expose Pipeline secrets to forks which would at least show use once they got leaked. Hard-coding secrets into code has the downside of not knowing when secrets get leaked. Either way, we have to pass these secrets to untrusted sources (forks). The only decision we can make is wether we're ok with accidentally leaking (hard-coding) or leaking to "malicious" actors (pipeline secrets).

@react-sizebot
Copy link

Comparing: 0652bdb...4166084

Critical size changes

Includes critical production bundles, as well as any change greater than 2%:

Name +/- Base Current +/- gzip Base gzip Current gzip
oss-stable/react-dom/cjs/react-dom.production.min.js = 154.83 kB 154.83 kB = 49.11 kB 49.11 kB
oss-experimental/react-dom/cjs/react-dom.production.min.js = 156.83 kB 156.83 kB = 49.77 kB 49.77 kB
facebook-www/ReactDOM-prod.classic.js = 532.96 kB 532.96 kB = 94.93 kB 94.93 kB
facebook-www/ReactDOM-prod.modern.js = 518.06 kB 518.06 kB = 92.69 kB 92.69 kB

Significant size changes

Includes any change greater than 0.2%:

(No significant changes)

Generated by 🚫 dangerJS against 4166084

rickhanlonii
rickhanlonii approved these changes Jan 27, 2023
View reviewed changes
Copy link
Member

@rickhanlonii rickhanlonii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm thanks for switching back to public token for forks

@kassens kassens merged commit cb16201 into facebook:main Jan 27, 2023
@kassens kassens deleted the sizebot-token branch January 27, 2023 19:05
github-actions bot pushed a commit that referenced this pull request Jan 27, 2023
@kassens
Update danger.js token (#26066)
eb30382 
The old token was revoked, this updates the token by reading from CI
secrets instead, I'm not sure there's benefit in making it publicly
visible.

DiffTrain build for [cb16201](cb16201)
[View git log for this commit](https://github.com/facebook/react/commits/cb16201180a2642696303d4aac3a04e5fd348512)
@kassens kassens mentioned this pull request Feb 10, 2023
Closed
@sammy-SC sammy-SC mentioned this pull request Apr 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rickhanlonii rickhanlonii rickhanlonii approved these changes

@alunyov alunyov Awaiting requested review from alunyov

Assignees
No one assigned
Labels
CLA Signed React Core Team Opened by a member of the React Core Team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kassens @eps1lon @react-sizebot @rickhanlonii @facebook-github-bot