Comments (9)
siddharthkp
commented on June 10, 2024
1
@maestromac You are right. CI tools don't expose the token in forks to protect your tokens. The solution to this is not to make your token public either :)
I have an alternate solution in mind and will test it in the beta branch soon 👍
from bundlesize.
maestromac
commented on June 10, 2024
1
@siddharthkp yes Travis provides TRAVIS_REPO_SLUG which should return the source repo (source).
I think the new version sound like the exact solution we need. I'm going to give bundlesize2 a try soon and let you know.
from bundlesize.
maestromac
commented on June 10, 2024
1
@siddharthkp initial use seems to be working without issue 👍 . Will let you know if we hit anything
from bundlesize.
siddharthkp
commented on June 10, 2024
1
That's great! Closing the issue here. But will explore fork use case in the other repo
from bundlesize.
Haroenv
commented on June 10, 2024
No, the GitHub token is private
from bundlesize.
fgerschau
commented on June 10, 2024
Just encrypt it with
travis encrypt BUNDLESIZE_GITHUB_TOKEN="your-key" --add env.global
or add it as an environment variable in the settings of your travis repo
from bundlesize.
maestromac
commented on June 10, 2024
@fgerschau Thanks for the suggestion but that wouldn't work because PR from forked repository won't have access to it ref
Encrypted environment variables are not available to pull requests from forks due to the security risk of exposing such information to unknown code.
from bundlesize.
rhymes
commented on June 10, 2024
@siddharthkp any updates on the alternate solution? Thank you!
from bundlesize.
siddharthkp
commented on June 10, 2024
Hey! I'm working on a new version (1.0.0) of bundlesize that fixes all of these problems. For source repo - it uses github apps + checks
Don't have a solution for forks yet - but something I want to play around with more.
It doesn't require a token but still needs a way to identify the repo
- If there is a way to get source repo from the fork in CI environments then it would be very easy.
- Otherwise, might want to add an additional row in bundlesize config which identifies the repo
- I'm not sure if it can be read from .git/config or package.json to avoid step 2
Ideas welcome
If you'd like you can try it out: https://github.com/siddharthkp/bundlesize2
Migration path:
- Use the npm package
bundlesize2instead ofbundlesize - If you'd like status reported back to github, use the flag
--enable-github-checks+ authorize bundlesize2 app. More in the docs - If anything breaks, let me know :)
Note: This is only until the new version is ready and then it will be merged back in this project as a major release
from bundlesize.
Related Issues (20)
- Support for codesandbox HOT 12
- Support of Asset Map in addition to the Path Parameters to Define the list of Files HOT 4
- Assorted TODO
- Not working on GitHub Actions? HOT 14
- Leverage source-map-explorer when viewing details through Github
- Feature: Override wildcards with specific settings HOT 6
- bundlesize-store.now.sh not working for private repos? HOT 2
- Details of security checks unavailable in Github pull requests HOT 1
- Feature: Support for Buddy CI HOT 5
- Could not add github status. 403: Resource not accessible by integration HOT 2
- Add Diff budgeting in addition to maxSize budget HOT 2
- Update axios dependency due to security vulnerability HOT 8
- Bundlesize 404 from googleapis/urlshortener
- Add support for node versions 12.x and above HOT 2
- Test for the sum of all chunks sizes HOT 1
- Does BundleSize is also generate report for Azuare Devops Pipeline HOT 1
- Bundle size throws and fails if a file at the path provided in config does not exist. No way to opt out of this
- Axios dependency has vulnerability HOT 8
- Allow default file size to ensure no big files are added later
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bundlesize.