bundlesize icon indicating copy to clipboard operation
bundlesize copied to clipboard

Published 20 hours ago verified publisher icon siddharthkp

Support github integration for PRs from forks

Open rsimha opened this issue 6 years ago • 9 comments

@siddharthkp Nice work in creating bundlesize! We're using it to keep track of our binary sizes on the AMP project (https://github.com/ampproject/amphtml).

I was trying to make full use of PR integration using BUNDLESIZE_GITHUB_TOKEN as described here, but reached an impasse because Travis does not make secure tokens available to incoming pull requests from forks, and all incoming PRs on ampproject/amphtml come from forks.

Is there a way to approve bundlesize for GitHub PR status integration without having to make a token available in the Travis environment? I've successfully done so for other tools like Percy and LGTM.com, and this works for incoming PRs from forks. I was hoping something like this can be done with bundlesize.

rsimha avatar May 01 '18 23:05 rsimha

Hmm. After doing some more searching, I see that similar problems were encountered in #203. I'll leave this open until @siddharthkp gets a chance to take a look.

rsimha avatar May 01 '18 23:05 rsimha

Hey!

Yep, travisCI doesn't pass the tokens to forks because they can be logged + they allow ssh access to the instance

I don't really have an answer for you, do you know what's the approach taken by Percy/LGTM?

siddharthkp avatar May 02 '18 11:05 siddharthkp

@siddharthkp I believe they registered as GitHub apps, so the permission is granted through the API and not through a token.

See https://developer.github.com/apps/building-github-apps/

rsimha avatar May 02 '18 13:05 rsimha

A summary of how to do this is in the LGTM docs:

Pull request integration requires access to repository webhooks and services, and access to commit statuses.

rsimha avatar May 02 '18 14:05 rsimha

@siddharthkp Any word on this? We're still looking for a way to enable native Github integration for PRs originating from forks.

rsimha avatar Jun 26 '18 19:06 rsimha

Nothing yet.

I'm not working on bundlesize right now, Hopefully one day.

siddharthkp avatar Jun 27 '18 18:06 siddharthkp

Hi @siddharthkp and @rsimha! Indeed, LGTM works through GitHub webhooks (full disclosure: I'm on the team).

I've just added bundlesize to LGTM.com for JavaScript analysis, so you can see how the integration works. The code analysis results are available here, but... There are zero alerts! Great stuff.

At this stage no GitHub integration has been set up between LGTM and bundlesize, but if you wanted to enable automatic code review in pull requests, it's easy to set up by going here: https://lgtm.com/projects/g/siddharthkp/bundlesize/ci/. It'll redirect you to GitHub to make sure that you're happy to give LGTM permissions to comment on your PR, and you're done. It shouldn't be difficult to set something similar up for bundlesize, I think.

Let me know if you'd like to know more about how this was set up and how you could do something similar for bundlesize; I can always put you in touch with one of my colleagues.

sj avatar Jul 12 '18 14:07 sj

Hi @sjvs, thanks for reaching out!

I will work on this after a couple of weeks, will reach out to you If I need help!

Thanks again

siddharthkp avatar Jul 12 '18 15:07 siddharthkp

@siddharthkp is this still planned?

harunurhan avatar Aug 22 '18 11:08 harunurhan