chore(ci): no more pull_request_target#8992
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
PR SummaryMedium Risk Overview Bundle size: Deletes Lighthouse: Switches to Leave Comment (new): On completion of Build or Lighthouse, downloads Chromatic: Uses Reviewed by Cursor Bugbot for commit 27b091a. Bugbot is set up for automated code reviews on this repo. Configure here. |
| on: | ||
| workflow_run: | ||
| # Any Workflow that uploads a `pr-comment` artifact should be listed here | ||
| workflows: ['Build', 'Lighthouse'] | ||
| types: [completed] |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #8992 +/- ##
==========================================
+ Coverage 75.41% 75.44% +0.02%
==========================================
Files 98 98
Lines 8636 8636
Branches 318 318
==========================================
+ Hits 6513 6515 +2
+ Misses 2119 2117 -2
Partials 4 4 ☔ View full report in Codecov by Harness. |
There was a problem hiding this comment.
Pull request overview
This PR removes usage of the privileged pull_request_target trigger in CI workflows and replaces direct PR-commenting with a safer two-workflow pattern: untrusted pull_request workflows serialize comment data into an artifact, and a trusted workflow_run workflow posts the comment after completion.
Changes:
- Switch Lighthouse and Chromatic workflows from
pull_request_targettopull_requestand adjust permissions/commenting behavior accordingly. - Add a new
Leave Commentworkflow that downloads apr-commentartifact onworkflow_runcompletion and posts it to the PR. - Replace the standalone bundle-compare
workflow_runworkflow by integrating bundle comparison into the main Build workflow and emitting apr-commentartifact.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/lighthouse.yml | Runs Lighthouse in pull_request context and uploads a pr-comment artifact instead of commenting directly. |
| .github/workflows/leave-comment.yml | New trusted workflow_run workflow intended to post PR comments based on downloaded artifacts. |
| .github/workflows/chromatic.yml | Moves Chromatic to pull_request and changes how the Chromatic token is sourced. |
| .github/workflows/bundle-compare.yml | Removes the old standalone bundle compare workflow_run workflow. |
| .github/workflows/build.yml | Adds an in-workflow bundle size comparison job and uploads pr-comment artifacts for trusted commenting. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| leave-comment: | ||
| name: Leave Comment | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| pull-requests: write |
|
Not sure why Next.js didn't generate the stats file... maybe something changed? |
|
Looks like |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using default effort and found 1 potential issue.
There are 2 total unresolved issues (including 1 from previous review).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit c075acf. Configure here.
Signed-off-by: Aviv Keller <me@aviv.sh>

No description provided.