Skip to content

Refactor: Improve Build Workflow #576

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Agilulfo1820 merged 7 commits into from
Jan 12, 2026
Merged

Refactor: Improve Build Workflow #576

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
e4b7670
refactor: update workflow to share same build
victorkl400 Dec 29, 2025
d4813d7
fix: adding trigger gate with label
victorkl400 Dec 29, 2025
e538915
fix: update comment
victorkl400 Dec 29, 2025
7c2f15e
fix: add ref to checkout
victorkl400 Dec 29, 2025
e932b86
Merge remote-tracking branch 'origin/main' into feat/cleanup-gha
Agilulfo1820 Jan 12, 2026
ebeb8d2
use checkout action sha
mikeredmond Jan 12, 2026
3a2c767
Merge branch 'main' into feat/cleanup-gha
mikeredmond Jan 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 0 additions & 83 deletions .github/workflows/build-size.yaml
View file
Open in desktop

This file was deleted.

107 changes: 72 additions & 35 deletions .github/workflows/lint-build-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,41 +1,78 @@
name: Lint & Build
name: Lint & Build & Compare package sizes

on:
push:
branches: [main]
pull_request:
branches: [main]
# zizmor: ignore[dangerous-triggers] - Mitigated by checking repository origin
pull_request_target:
types: [labeled, opened, synchronize, reopened]
branches:
- main

concurrency:
group: ${{ github.head_ref || github.ref_name }}-build-test-scan
cancel-in-progress: true
group: ${{ github.head_ref || github.ref_name }}-lint-build-test
cancel-in-progress: true

permissions:
contents: read
Comment on lines +14 to +15
Copy link

@coderabbitai coderabbitai bot Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Missing pull-requests: write permission for the build job.

The compressed-size-action (line 70) needs pull-requests: write permission to post size comparison comments on the PR. Currently, only contents: read is set at the workflow level, and the build-and-test-job doesn't override this.

Proposed fix

Add permissions to the build-and-test-job:

   build-and-test-job:
     runs-on: ubuntu-latest
     name: Lint & Build & Compare package sizes
+    permissions:
+      contents: read
+      pull-requests: write
     if: |
🤖 Prompt for AI Agents 
In @.github/workflows/lint-build-test.yaml around lines 14 - 15, The workflow
currently only sets top-level permissions to "contents: read", preventing the
compressed-size-action from posting PR comments; update the permissions for the
build-and-test-job (job name: build-and-test-job) to include "pull-requests:
write" (or add the same permission at the workflow level) so the
compressed-size-action can post size comparison comments—modify the permissions
block that references permissions: contents: read to also include pull-requests:
write for that job.


jobs:
build-and-test:
runs-on: ubuntu-latest
name: Lint & Build

steps:
- name: Checkout
uses: actions/checkout@v3

- name: Setup Node
uses: actions/setup-node@v3
with:
node-version-file: .nvmrc
cache: 'yarn'

- name: Install
run: yarn && yarn install:all
env:
NODE_OPTIONS: '--max-old-space-size=4096'

- name: Lint
run: yarn run lint
env:
NODE_OPTIONS: '--max-old-space-size=4096'

- name: Build
run: yarn run build
env:
NODE_OPTIONS: '--max-old-space-size=4096'

# Job 1: Post instruction comment for external PRs
comment-external-pr:
runs-on: ubuntu-latest
permissions:
pull-requests: write
if: |
github.event.pull_request.head.repo.full_name != github.repository &&
github.event.action == 'opened'
steps:
- name: Comment on external PR
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
issue-number: ${{ github.event.pull_request.number }}
body: |
## 👋 Thanks for your contribution!

Since this PR comes from a forked repository, the lint and build will only run for internal PRs for security reasons.
Please ensure that your PR is coming from a meaningful branch name. Eg. feature/my-feature **not main**

**Next steps:**
1. A maintainer will review your code
2. If approved, they'll add the `safe-to-build` label to trigger build and test
3. **After each new commit**, the maintainer will need to remove and re-add the label for security

Thank you for your patience! 🙏
Comment on lines +32 to +43
Copy link

@coderabbitai coderabbitai bot Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Inconsistent indentation in comment body will render poorly.

Lines 38-42 have extra leading spaces that will cause them to render as a code block in Markdown, breaking the visual consistency of the comment.

Proposed fix 
           body: |
             ## 👋 Thanks for your contribution!

             Since this PR comes from a forked repository, the lint and build will only run for internal PRs for security reasons.
             Please ensure that your PR is coming from a meaningful branch name. Eg. feature/my-feature **not main**

-                      **Next steps:**
-                      1. A maintainer will review your code
-                      2. If approved, they'll add the `safe-to-build` label to trigger build and test
-                      3. **After each new commit**, the maintainer will need to remove and re-add the label for security
+            **Next steps:**
+            1. A maintainer will review your code
+            2. If approved, they'll add the `safe-to-build` label to trigger build and test
+            3. **After each new commit**, the maintainer will need to remove and re-add the label for security

             Thank you for your patience! 🙏
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
body: |
## 👋 Thanks for your contribution!
Since this PR comes from a forked repository, the lint and build will only run for internal PRs for security reasons.
Please ensure that your PR is coming from a meaningful branch name. Eg. feature/my-feature **not main**
**Next steps:**
1. A maintainer will review your code
2. If approved, they'll add the `safe-to-build` label to trigger build and test
3. **After each new commit**, the maintainer will need to remove and re-add the label for security
Thank you for your patience! 🙏
body: |
## 👋 Thanks for your contribution!
Since this PR comes from a forked repository, the lint and build will only run for internal PRs for security reasons.
Please ensure that your PR is coming from a meaningful branch name. Eg. feature/my-feature **not main**
**Next steps:**
1. A maintainer will review your code
2. If approved, they'll add the `safe-to-build` label to trigger build and test
3. **After each new commit**, the maintainer will need to remove and re-add the label for security
Thank you for your patience! 🙏
🤖 Prompt for AI Agents 
In @.github/workflows/lint-build-test.yaml around lines 32 - 43, The comment
body in the workflow step (the YAML "body" string) contains extra leading spaces
on the lines starting with "**Next steps:**" through "3. **After each new
commit**..." which makes Markdown treat them as a code block; edit the "body"
value to remove the additional indentation on those lines so all lines align
with the paragraph text (no leading spaces before the bullets and phrases),
preserving the same text but normalizing indentation to avoid unintended
code-block rendering.


# Job 2: Build, Lint and Compare package sizes
build-and-test-job:
runs-on: ubuntu-latest
name: Lint & Build & Compare package sizes
if: |
(github.event.label.name == 'safe-to-build') ||
(github.event.pull_request.head.repo.full_name == github.repository) && github.event.pull_request.head.ref != 'main'
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}

- name: Setup Node
uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
cache: yarn

- name: Install
run: yarn && yarn install:all

- name: Build
run: yarn build
- name: Compare package sizes
uses: preactjs/compressed-size-action@946a292cd35bd1088e0d7eb92b69d1a8d5b5d76a # v2
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
pattern: "packages/vechain-kit/dist/**/*"
exclude: "{**/node_modules/**}"
compression: none
minimum-change-threshold: 1000
- name: Lint
run: yarn lint
Loading