feat(Safe Shield): Recipient analysis data fetching #3443
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) HashiCorp, Inc. | |
| # SPDX-License-Identifier: MPL-2.0 | |
| name: 'Web Next.js Bundle Analysis' | |
| on: | |
| pull_request: | |
| paths: | |
| - apps/web/** | |
| push: | |
| branches: | |
| - dev | |
| paths: | |
| - apps/web/** | |
| - packages/** | |
| permissions: | |
| contents: read # for checkout repository | |
| actions: read # for fetching base branch bundle stats | |
| pull-requests: write # for comments | |
| jobs: | |
| analyze: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Install dependencies | |
| uses: ./.github/actions/yarn | |
| - name: Build next.js app | |
| uses: ./.github/actions/build | |
| with: | |
| secrets: ${{ toJSON(secrets) }} | |
| - name: Analyze bundle | |
| run: | | |
| cd apps/web | |
| npx -p nextjs-bundle-analysis report | |
| - name: Upload bundle | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: bundle | |
| path: apps/web/.next/analyze/__bundle_analysis.json | |
| - name: List artifacts from default branch | |
| id: list_artifacts | |
| run: | | |
| runs=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
| "https://api.github.com/repos/${{ github.repository }}/actions/workflows/web-nextjs-bundle-analysis.yml/runs?event=push&branch=dev&status=success&per_page=1") | |
| artifacts_url=$(echo "$runs" | jq -r '.workflow_runs[0].artifacts_url') | |
| artifacts=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "$artifacts_url") | |
| artifact_id=$(echo "$artifacts" | jq -r '.artifacts[] | select(.name=="bundle" and .expired==false) | .id') | |
| echo "artifact_id=$artifact_id" >> $GITHUB_OUTPUT | |
| - name: Download artifact zip | |
| run: | | |
| curl -L \ | |
| -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
| -o artifact.zip \ | |
| "https://api.github.com/repos/${{ github.repository }}/actions/artifacts/${{ steps.list_artifacts.outputs.artifact_id }}/zip" | |
| - name: Unzip artifact | |
| run: unzip artifact.zip -d apps/web/.next/analyze/base && mkdir -p apps/web/.next/analyze/base/bundle && mv apps/web/.next/analyze/base/__bundle_analysis.json apps/web/.next/analyze/base/bundle/ | |
| - name: Compare with base branch bundle | |
| if: success() && github.event.number | |
| run: | | |
| cd apps/web | |
| ls -laR .next/analyze/base && npx -p nextjs-bundle-analysis compare | |
| - name: Get Comment Body | |
| id: get-comment-body | |
| if: success() && github.event.number | |
| # https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings | |
| run: | | |
| cd apps/web | |
| echo "body<<EOF" >> $GITHUB_OUTPUT | |
| echo "$(cat .next/analyze/__bundle_analysis_comment.txt)" >> $GITHUB_OUTPUT | |
| echo EOF >> $GITHUB_OUTPUT | |
| - name: Comment | |
| uses: marocchino/sticky-pull-request-comment@v2 | |
| with: | |
| header: next-bundle-analysis | |
| message: ${{ steps.get-comment-body.outputs.body }} |