Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add permissions to workflow #567

Merged
merged 1 commit into from
Aug 30, 2024
Merged

Add permissions to workflow #567

merged 1 commit into from
Aug 30, 2024

Conversation

jibrang
Copy link
Contributor

@jibrang jibrang commented Aug 29, 2024

I am adding permissions to the workflow as described in the code scanning alert: https://github.com/github/webpack-bundlesize-compare-action/security/code-scanning/2

@jibrang jibrang requested a review from a team as a code owner August 29, 2024 21:42
@github-actions GitHub Actions
Copy link

Bundle Stats — With chunk and module information

Hey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle.

As this PR is updated, I'll keep you updated on how the bundle size is impacted.

Total

Files count Total bundle size % Changed
2 1.98 MB 0%
Changeset
File Δ Size
src/client/this/file/has/a/long/name/so-that-it-will-hopefully-wrap.tsx 🆕 +2.72 kB 0 B → 2.72 kB
src/client/this-file-was-added.ts 🆕 +1.46 kB 0 B → 1.46 kB
src/client/this-is-another-file-with-a-long-name-to-test-the-table-sizing.tsx 🆕 +1.04 kB 0 B → 1.04 kB
src/client/helpers/this-file-is-much-larger.ts 📈 +11.66 kB (+865.77%) 1.35 kB → 13.01 kB
src/client/this-file-grew-larger.tsx 📈 +200 B (+35.59%) 562 B → 762 B
src/client/helpers/this-file-grew-smaller.ts 📉 -200 B (-7.94%) 2.46 kB → 2.26 kB
src/client/this-file-is-much-smaller.tsx 📉 -11.66 kB (-99.92%) 11.67 kB → 10 B
src/client/routes.tsx 🔥 -2.72 kB (-100%) 2.72 kB → 0 B
src/client/this-file-will-be-deleted.ts 🔥 -1.46 kB (-100%) 1.46 kB → 0 B
src/client/render-memex.tsx 🔥 -1.04 kB (-100%) 1.04 kB → 0 B
View detailed bundle breakdown

Added

No assets were added

Removed

No assets were removed

Bigger

No assets were bigger

Smaller

No assets were smaller

Unchanged

Asset File Size % Changed
app.bundle.js 1.98 MB 0%
manifest.json 91 B 0%

@github-actions GitHub Actions
Copy link

Bundle Stats

Hey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle.

As this PR is updated, I'll keep you updated on how the bundle size is impacted.

Total

Files count Total bundle size % Changed
7 → 2 1.34 MB → 1.29 MB (-53.65 kB)
386.44 kB → N/A (gzip)		 -3.91%
View detailed bundle breakdown

Added

No assets were added

Removed

Asset File Size % Changed
296.chunk.js 124.57 kB → 0 B (-124.57 kB)
35.05 kB → 0 B (gzip)		 -100%
288.chunk.js 57.24 kB → 0 B (-57.24 kB)
16.33 kB → 0 B (gzip)		 -100%
920.chunk.js 54.98 kB → 0 B (-54.98 kB)
17.08 kB → 0 B (gzip)		 -100%
912.chunk.js 44.37 kB → 0 B (-44.37 kB)
14.31 kB → 0 B (gzip)		 -100%
699.chunk.js 26.39 kB → 0 B (-26.39 kB)
6.14 kB → 0 B (gzip)		 -100%

Bigger

Asset File Size % Changed
app.bundle.js 1.04 MB → 1.29 MB (+254.35 kB)
297.38 kB → N/A (gzip)		 +23.91%

Smaller

Asset File Size % Changed
manifest.json 551 B → 91 B (-460 B)
151 B → N/A (gzip)		 -83.48%

Unchanged

No assets were unchanged

@github-actions GitHub Actions
Copy link

Bundle Stats — Flipped around

Hey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle.

As this PR is updated, I'll keep you updated on how the bundle size is impacted.

Total

Files count Total bundle size % Changed
2 → 7 1.29 MB → 1.34 MB (+53.65 kB)
N/A → 386.44 kB (gzip)		 +4.07%
View detailed bundle breakdown

Added

Asset File Size % Changed
296.chunk.js 0 B → 124.57 kB (+124.57 kB)
0 B → 35.05 kB (gzip)		 -
288.chunk.js 0 B → 57.24 kB (+57.24 kB)
0 B → 16.33 kB (gzip)		 -
920.chunk.js 0 B → 54.98 kB (+54.98 kB)
0 B → 17.08 kB (gzip)		 -
912.chunk.js 0 B → 44.37 kB (+44.37 kB)
0 B → 14.31 kB (gzip)		 -
699.chunk.js 0 B → 26.39 kB (+26.39 kB)
0 B → 6.14 kB (gzip)		 -

Removed

No assets were removed

Bigger

Asset File Size % Changed
manifest.json 91 B → 551 B (+460 B)
N/A → 151 B (gzip)		 +505.49%

Smaller

Asset File Size % Changed
app.bundle.js 1.29 MB → 1.04 MB (-254.35 kB)
N/A → 297.38 kB (gzip)		 -19.29%

Unchanged

No assets were unchanged

@github-actions GitHub Actions
Copy link

Bundle Stats — Non existent

Hey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle.

As this PR is updated, I'll keep you updated on how the bundle size is impacted.

Total

Files count Total bundle size % Changed
0 0 B 0%
View detailed bundle breakdown

Added

No assets were added

Removed

No assets were removed

Bigger

No assets were bigger

Smaller

No assets were smaller

Unchanged

No assets were unchanged

@github-actions GitHub Actions
Copy link

Bundle Stats — No changes

Hey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle.

As this PR is updated, I'll keep you updated on how the bundle size is impacted.

Total

Files count Total bundle size % Changed
7 1.34 MB
386.44 kB		 0%
View detailed bundle breakdown

Added

No assets were added

Removed

No assets were removed

Bigger

No assets were bigger

Smaller

No assets were smaller

Unchanged

Asset File Size % Changed
app.bundle.js 1.04 MB
297.38 kB		 0%
296.chunk.js 124.57 kB
35.05 kB		 0%
288.chunk.js 57.24 kB
16.33 kB		 0%
920.chunk.js 54.98 kB
17.08 kB		 0%
912.chunk.js 44.37 kB
14.31 kB		 0%
699.chunk.js 26.39 kB
6.14 kB		 0%
manifest.json 551 B
151 B		 0%

@github-actions GitHub Actions
Copy link

Bundle Stats — With describe-assets: 'none'

Hey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle.

As this PR is updated, I'll keep you updated on how the bundle size is impacted.

Total

Files count Total bundle size % Changed
7 → 2 1.34 MB → 1.29 MB (-53.65 kB)
386.44 kB → N/A (gzip)		 -3.91%
View detailed bundle breakdown

@jibrang jibrang removed the request for review from a team August 29, 2024 21:42
@github-actions GitHub Actions
Copy link

Bundle Stats — With describe-assets: 'changed-only'

Hey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle.

As this PR is updated, I'll keep you updated on how the bundle size is impacted.

Total

Files count Total bundle size % Changed
7 1.34 MB
386.44 kB		 0%
View detailed bundle breakdown

Added

No assets were added

Removed

No assets were removed

Bigger

No assets were bigger

Smaller

No assets were smaller

peterbe
peterbe reviewed Aug 29, 2024
View reviewed changes
.github/workflows/check-dist.yml
@@ -4,6 +4,9 @@
# For our project, we generate this file through a build process from other source files.
# We need to make sure the checked-in `index.js` actually matches what we expect it to be.
name: Check dist/
permissions:
contents: read
pull-requests: write
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does it need this for the upload-artifact?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The repo says that it needs write permissions:

This action requires the write permission for the [permissions.pull-requests scope](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idpermissions).

https://github.com/github/webpack-bundlesize-compare-action

peterbe
peterbe requested changes Aug 29, 2024
View reviewed changes
Copy link

@peterbe peterbe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's try without the write permission first.

.github/workflows/check-dist.yml
@@ -4,6 +4,9 @@
# For our project, we generate this file through a build process from other source files.
# We need to make sure the checked-in `index.js` actually matches what we expect it to be.
name: Check dist/
permissions:
contents: read
pull-requests: write
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
pull-requests: write

I find it strange that it needs a write-permission on pull-requests when all it does is upload-artifacts.
Can we try without first?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually the repo says that it needs write permissions:

This action requires the write permission for the [permissions.pull-requests scope](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idpermissions).

https://github.com/github/webpack-bundlesize-compare-action

peterbe
peterbe approved these changes Aug 30, 2024
View reviewed changes
Copy link

@peterbe peterbe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @jibrang for checking.

@jibrang jibrang added this pull request to the merge queue Aug 30, 2024
Merged via the queue into main with commit 97681ed Aug 30, 2024
6 checks passed
@jibrang jibrang deleted the jibrang/fix-permissions-issue branch August 30, 2024 15:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peterbe peterbe peterbe approved these changes

@gracepark gracepark gracepark approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jibrang @peterbe @gracepark