Skip to content

feat: externalize bundle size comments#16

Merged
jasonsaayman merged 2 commits into
mainfrom
feat/allow-posting-comments-on-forks
May 19, 2026
Merged

feat: externalize bundle size comments#16
jasonsaayman merged 2 commits into
mainfrom
feat/allow-posting-comments-on-forks

Conversation

@jasonsaayman
Copy link
Copy Markdown
Member

@jasonsaayman jasonsaayman commented May 19, 2026
edited by cubic-dev-ai Bot
Loading

Summary

  • Remove built-in GitHub PR comment posting and token inputs from the action runtime.
  • Add a generated Markdown report alongside the JSON report so workflows can post the exact bundle-size comment body themselves.
  • Document same-repository and fork-safe comment workflows that read bundle-size-comparison.md.
  • Update OpenSpec, docs, tests, and dist/index.js for the new external-comment flow.

Testing

  • pnpm run lint
  • pnpm run typecheck
  • pnpm test
  • pnpm run build
  • openspec validate "externalize-pr-commenting" --strict

Checklist

  • I updated tests or explained why no test changes are needed.
  • I updated documentation when behavior, inputs, outputs, or workflow usage changed.
  • I updated dist/index.js when runtime source, dependencies, or action metadata changed.
  • I kept JSON report behavior machine-readable and backward-compatible unless intentionally changed.

Summary by cubic

Removes built‑in PR commenting and writes a Markdown report so workflows can post bundle‑size comments themselves. This keeps the action read‑only by default and enables fork‑safe commenting.

  • New Features

    • Generate a Markdown report alongside JSON (markdown-output-file, default bundle-size-comparison.md).
    • New action output markdown-file with the absolute path to the Markdown report.
    • Docs show same‑repo comment upsert and a fork‑safe workflow_run pattern using artifacts, and warn against using pull_request_target to run untrusted builds.
    • Keeps the existing comment format and hidden marker; updates OpenSpec, tests, and dist/index.js.

  • Migration

    • Remove comment-pr and github-token inputs from workflows.
    • After running the action, read the Markdown file and create/update the PR comment in a separate step.
    • For public forks, upload the Markdown in pull_request, then post from a trusted workflow_run with pull-requests: write.
    • Comparison job can run with contents: read only; grant write perms only in the comment workflow if needed.

Written for commit 2a70bd9. Summary will update on new commits. Review in cubic

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed May 19, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 25 files

Reply with feedback, questions, or to request a fix.

Re-trigger cubic

Comment thread src/report.ts
@jasonsaayman jasonsaayman self-assigned this May 19, 2026
@jasonsaayman jasonsaayman added commit::feat The PR is related to a feature priority::medium A medium priority labels May 19, 2026
@jasonsaayman jasonsaayman merged commit 6940d76 into main May 19, 2026
7 checks passed
@jasonsaayman jasonsaayman deleted the feat/allow-posting-comments-on-forks branch May 19, 2026 11:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

@jasonsaayman jasonsaayman

Labels

commit::feat The PR is related to a feature priority::medium A medium priority

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jasonsaayman