Mention that uncontrolled form elements are reset by form actions #5788
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Analyze Bundle | |
on: | |
pull_request: | |
push: | |
branches: | |
- main # change this if your default branch is named differently | |
workflow_dispatch: | |
jobs: | |
analyze: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '20.x' | |
cache: yarn | |
cache-dependency-path: yarn.lock | |
- name: Restore cached node_modules | |
uses: actions/cache@v4 | |
with: | |
path: "**/node_modules" | |
key: node_modules-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('yarn.lock') }} | |
- name: Install deps | |
run: yarn install --frozen-lockfile | |
- name: Restore next build | |
uses: actions/cache@v4 | |
id: restore-build-cache | |
env: | |
cache-name: cache-next-build | |
with: | |
path: .next/cache | |
# change this if you prefer a more strict cache | |
key: ${{ runner.os }}-build-${{ env.cache-name }} | |
- name: Build next.js app | |
# change this if your site requires a custom build command | |
run: ./node_modules/.bin/next build | |
# Here's the first place where next-bundle-analysis' own script is used | |
# This step pulls the raw bundle stats for the current bundle | |
- name: Analyze bundle | |
run: npx -p [email protected] report | |
- name: Upload bundle | |
uses: actions/upload-artifact@v4 | |
with: | |
path: .next/analyze/__bundle_analysis.json | |
name: bundle_analysis.json | |
- name: Download base branch bundle stats | |
uses: dawidd6/action-download-artifact@v2 | |
if: success() && github.event.number | |
with: | |
workflow: analyze.yml | |
branch: ${{ github.event.pull_request.base.ref }} | |
name: bundle_analysis.json | |
path: .next/analyze/base/bundle | |
# And here's the second place - this runs after we have both the current and | |
# base branch bundle stats, and will compare them to determine what changed. | |
# There are two configurable arguments that come from package.json: | |
# | |
# - budget: optional, set a budget (bytes) against which size changes are measured | |
# it's set to 350kb here by default, as informed by the following piece: | |
# https://infrequently.org/2021/03/the-performance-inequality-gap/ | |
# | |
# - red-status-percentage: sets the percent size increase where you get a red | |
# status indicator, defaults to 20% | |
# | |
# Either of these arguments can be changed or removed by editing the `nextBundleAnalysis` | |
# entry in your package.json file. | |
- name: Compare with base branch bundle | |
if: success() && github.event.number | |
run: ls -laR .next/analyze/base && npx -p nextjs-bundle-analysis compare | |
- name: Upload analysis comment | |
uses: actions/upload-artifact@v4 | |
with: | |
name: analysis_comment.txt | |
path: .next/analyze/__bundle_analysis_comment.txt | |
- name: Save PR number | |
run: echo ${{ github.event.number }} > ./pr_number | |
- name: Upload PR number | |
uses: actions/upload-artifact@v4 | |
with: | |
name: pr_number | |
path: ./pr_number | |
# The actual commenting happens in the other action, matching the guidance in | |
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ |