Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix sizebot not working due to missing auth token #26423

Merged
merged 1 commit into from
Mar 18, 2023
Merged

Fix sizebot not working due to missing auth token #26423

merged 1 commit into from
Mar 18, 2023

Conversation

acdlite
Copy link
Collaborator

@acdlite acdlite commented Mar 18, 2023
edited
Loading

Sizebot works by fetching the base artifacts from CI. CircleCI recently updated this endpoint to require an auth token. This is a problem for PR branches, where sizebot runs, because we don't want to leak the token to arbitrary code written by an outside contributor.

This only affects PR branches. CI workflows that run on the main branch are allowed to access environment variables, because only those with push access can land code in main.

As a temporary workaround, we'll fetch the assets from a mirror, react-builds.vercel.app. This is the same app that hosts the sizebot diff previews.

Need to figure out a longer term solution. Perhaps by converting sizebot into a proper GitHub app.

@facebook-github-bot facebook-github-bot added CLA Signed React Core Team Opened by a member of the React Core Team labels Mar 18, 2023
@acdlite
Fix sizebot not working due to missing auth token
63b579c 
Sizebot works by fetching the base artifacts from CI. CircleCI recently
updated this endpoint to require an auth token. This is a problem for PR
branches, where sizebot runs, because we don't want to leak the token to
arbitrary code written by an outside contributor.

This only affects PR branches. CI workflows that run on the main
work are allowed to access environment variables, because only those
with push access can land code in main.

As a temporary workaround, we'll fetch the assets from a mirror,
react-builds.vercel.app. This is the same app that hosts the sizebot
diff previews.

Need to figure out a longer term solution. Perhaps by converting sizebot
into a proper GitHub app.
@acdlite acdlite force-pushed the fix-sizebot-fetch-from-mirror branch from 95e4799 to 63b579c Compare March 18, 2023 20:09
@react-sizebot
Copy link

Comparing: db281b3...63b579c

Critical size changes

Includes critical production bundles, as well as any change greater than 2%:

Name +/- Base Current +/- gzip Base gzip Current gzip
oss-stable/react-dom/cjs/react-dom.production.min.js = 157.77 kB 157.77 kB = 50.28 kB 50.28 kB
oss-experimental/react-dom/cjs/react-dom.production.min.js = 159.36 kB 159.36 kB = 50.79 kB 50.79 kB
facebook-www/ReactDOM-prod.classic.js = 542.73 kB 542.73 kB = 96.62 kB 96.62 kB
facebook-www/ReactDOM-prod.modern.js = 526.47 kB 526.47 kB = 94.16 kB 94.16 kB

Significant size changes

Includes any change greater than 0.2%:

(No significant changes)

Generated by 🚫 dangerJS against 63b579c

@acdlite acdlite marked this pull request as ready for review March 18, 2023 20:22
@acdlite acdlite merged commit 842bd78 into facebook:main Mar 18, 2023
@sammy-SC sammy-SC mentioned this pull request Apr 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
CLA Signed React Core Team Opened by a member of the React Core Team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@acdlite @react-sizebot @facebook-github-bot