Preact: bundlesize not running on PR's

Created on 23 Feb 2018  路  11Comments  路  Source: preactjs/preact

@siddharthkp - any idea why that might be happening? Maybe we're on an old version?

builds performance
Source
picture developit

Most helpful comment

@developit Perhaps we are missing the github token?
https://github.com/siddharthkp/bundlesize#2-build-status

picture marvinhagemeister on 4 Mar 2018
🎉2

All 11 comments

@developit Perhaps we are missing the github token?
https://github.com/siddharthkp/bundlesize#2-build-status

marvinhagemeister picture marvinhagemeister on 4 Mar 2018
🎉2

Maybe we're on an old version?

Old but not too old

It seems to be running on developit/preact but not on forks (like siddharthkp/preact, because the forks don't have the travis secrets 馃槩

Even if you add the right secrets, it's not going to compare with the original repo 馃

Not sure how other tools handle this, is there a tool I can take inspiration from?

siddharthkp picture siddharthkp on 6 Mar 2018
👍1

not sure! explanation makes sense though

developit picture developit on 19 Mar 2018

A quick and dirty workaround that I used was: Merge the pull request into a temporary branch first and then create another PR from that (all from GitHub website)

siddharthkp picture siddharthkp on 19 Mar 2018
👍1

shouldn't it always take the secret from the repo being merged into?

ForsakenHarmony picture ForsakenHarmony on 24 Mar 2018

Definitly not @ForsakenHarmony.
See the Travis Docs on env vars

Encrypted environment variables are not available to pull requests from forks due to the security risk of exposing such information to unknown code.

If this weren't the case, you could leek the private keys stored within the env just by submitting a PR with malicious code executed from travis.
For example I could modify the npm run-script to http post the secret keys to my own servers and do ... whatever those keys would allow me to do.

How are other projects handling this with bundlesize ?

Kanaye picture Kanaye on 25 Mar 2018

How are other projects handling this with bundlesize ?

@Kanaye they are not

siddharthkp picture siddharthkp on 25 Mar 2018

@siddharthkp I'm not sure I really see the problem, bundlesize should have the secret because it's being merged into this repo?

ForsakenHarmony picture ForsakenHarmony on 25 Mar 2018

@ForsakenHarmony nah, as @kanaye pointed out:

Encrypted environment variables are not available to pull requests from forks due to the security risk of exposing such information to unknown code.

(even if it is being merged back to the original)

A quick and dirty workaround that I used was: Merge the pull request into a temporary branch first and then create another PR from that

siddharthkp picture siddharthkp on 25 Mar 2018

Update: we could just have our build job fail if the size is > 4kb. Ideally we'd run with a % delta from master, but that's hard to do in CI since its stateless.

developit picture developit on 5 Aug 2018

Closing, we switched to https://github.com/GoogleChromeLabs/travis-size-report

marvinhagemeister picture marvinhagemeister on 16 Jun 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

KnisterPeter picture KnisterPeter  路  3Comments
adriaanwm picture adriaanwm  路  3Comments
skaraman picture skaraman  路  3Comments
paulkatich picture paulkatich  路  3Comments
kay-is picture kay-is  路  3Comments