#8220: Inject sandbox into document root instead of body #3005
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR | |
on: pull_request | |
jobs: | |
# TODO: remove after https://github.com/pixiebrix/pixiebrix-extension/issues/6526 | |
strictNullMessenger: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: package.json | |
cache: npm | |
- run: npm ci | |
- id: tsc | |
run: | | |
npm run build:strictNullChecks -- --explainFiles > LOG || { | |
if grep -q "keyof MessengerMethods" LOG; then | |
grep -Pazo "\nsrc/(background|contentScript)/messenger/api.ts(\n .+)+" LOG > REASON | |
cat REASON | |
{ | |
echo 'reason<<EOF' | |
# Drop null character at the end caused by -z | |
cat REASON | sed 's/.$/\n/' | |
echo 'EOF' | |
} >> "$GITHUB_OUTPUT" | |
exit 1 # Make the job fail for visibility https://github.com/pixiebrix/pixiebrix-extension/pull/7700#issuecomment-1969527384 | |
fi | |
} | |
- name: Hide previous comment if resolved | |
uses: marocchino/sticky-pull-request-comment@v2 | |
with: | |
header: strictNullChecksMessenger # Unique identifier for the comment | |
hide: true | |
- name: Add comment with more info if failed | |
if: failure() | |
uses: marocchino/sticky-pull-request-comment@v2 | |
with: | |
header: strictNullChecksMessenger # Unique identifier for the comment | |
recreate: true | |
message: | | |
It looks like one of the non-strict `messenger/api.ts` files ended up being imported by one of the strict files. Don't be fooled by "just a few type errors", this hides hundreds of type errors. | |
See details and solutions in: https://github.com/pixiebrix/pixiebrix-extension/issues/6526#issuecomment-1926391817 | |
There might be further information about how the non-strict Messenger files are ending up in the strict config: | |
``` | |
${{ steps.tsc.outputs.reason }} | |
``` | |
strictNullChecks: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Get list of changed files | |
id: changedfiles | |
uses: tj-actions/changed-files@v44 | |
with: | |
json: "true" | |
files: "src/**/*.{ts,tsx}" | |
- name: List all changed files | |
run: echo '${{ steps.changed-files.outputs.all_changed_files }}' | |
- name: Verify that new files in this PR appear in tsconfig.strictNullChecks.json | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const tsconfigJson = require('./src/tsconfig.strictNullChecks.json'); | |
const newFiles = JSON.parse('${{ steps.changedfiles.outputs.added_files }}') | |
if (newFiles.length === 0) { | |
console.log('No new files found'); | |
return; | |
} | |
for (const newFile of newFiles) { | |
if (tsconfigJson.files.includes(newFile.replace('src', '.'))) { | |
console.log(`${newFile} is in tsconfig.strictNullChecks.json`); | |
continue; | |
} | |
core.error(`${newFile} was not found in tsconfig.strictNullChecks.json`, { | |
title: 'strictNullChecks', | |
file: newFile, | |
}); | |
process.exitCode = 1; | |
} | |
lockfile: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
sparse-checkout: package-lock.json | |
- name: Detect changes | |
id: stats | |
run: | | |
git fetch origin ${{ github.base_ref }} | |
STAT="$(git diff --numstat origin/${{ github.base_ref }}..HEAD -- package-lock.json)" | |
DELETED=$(echo $STAT | cut -d " " -f 1) | |
ADDED=$(echo $STAT | cut -d " " -f 2) | |
TOTAL_CHANGES=$((DELETED + ADDED)) | |
echo "STAT=$STAT" | |
echo "DELETED=$DELETED" | |
echo "ADDED=$ADDED" | |
echo "TOTAL_CHANGES=$TOTAL_CHANGES" | |
echo "changes=$TOTAL_CHANGES" >> $GITHUB_OUTPUT | |
- if: steps.stats.outputs.changes <= 1000 | |
uses: marocchino/sticky-pull-request-comment@v2 | |
with: | |
header: lockfile # Unique identifier for the comment | |
hide: true | |
- if: steps.stats.outputs.changes > 1000 | |
uses: marocchino/sticky-pull-request-comment@v2 | |
with: | |
header: lockfile # Unique identifier for the comment | |
recreate: true | |
message: | | |
## ⚠️ Large diff for package-lock.json | |
There are ${{ steps.stats.outputs.changes }} line changes in package-lock.json. This should not happen unless you're updating a lot of dependencies at once. Regenerating the lockfile should not be necessary. | |
If you're seeing Vercel deployment failures, this is likely the cause. | |
Run these commands to reset these changes: | |
```sh | |
git checkout origin/main -- package-lock.json | |
npm install | |
``` | |
You might want to click on "Update branch" first so that the results are accurate. | |
- if: steps.stats.outputs.changes > 1000 | |
run: exit 1 | |
vendors: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Get list of changed vendored files | |
id: changedfiles | |
uses: tj-actions/changed-files@v44 | |
with: | |
files: "src/vendors/**/*.*" | |
- name: Leave annotations | |
if: steps.changedfiles.outputs.any_changed == 'true' | |
env: | |
ALL_CHANGED_FILES: ${{ steps.changedfiles.outputs.all_changed_files }} | |
run: | | |
for FILE in ${ALL_CHANGED_FILES}; do | |
echo "::warning file=$FILE,line=0::Vendored files should rarely change: https://github.com/pixiebrix/pixiebrix-extension/pull/7941" | |
done | |
exit 1 # Make the job fail for visibility https://github.com/pixiebrix/pixiebrix-extension/pull/7941#discussion_r1528517121 |