Skip to content

ci: track package bundle size with build report and PR comparison#467

Merged
MarioCadenas merged 14 commits into
mainfrom
feat/bundle-size-tracking
Jul 2, 2026
Merged

ci: track package bundle size with build report and PR comparison#467
MarioCadenas merged 14 commits into
mainfrom
feat/bundle-size-tracking

Conversation

@MarioCadenas

@MarioCadenas MarioCadenas commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

What

Adds bundle-size tracking for the published packages (@databricks/appkit, @databricks/appkit-ui):

  • End-of-build reportpnpm build now prints a size table for both packages. Also available standalone as pnpm size.
  • Per-PR report + gate — a new Bundle Size workflow diffs each PR against a committed baseline, posts a sticky comment, and fails the check only when a package's packed tarball grows past the budget.

Metrics (per package)

  • Tarball packed / unpacked (npm pack --dry-run --json)
  • dist/ raw + gzip totals
  • Per-entry minified + gzip import cost (esbuild, deps kept external — consistent with how the packages ship)

How it works

  • tools/bundle-size.ts — one tool, three modes: default (measure + print table), --baseline (write bundle-size-baseline.json), --compare (diff vs committed baseline, write markdown comment, emit exceeded to $GITHUB_OUTPUT).
  • .github/workflows/bundle-size.yml:
    • PR: build → compare vs committed baseline → upsert sticky comment (same pattern as pr-metadata.yml) → a separate step fails only if a package's packed tarball grew >5% and >10 KB. Fork PRs skip comment/gate (read-only token) but still log sizes.
    • push to main: regenerate and commit the baseline ([skip ci]).
  • Baseline is deterministic (no timestamps), so the main job only commits when sizes actually change.
  • esbuild is imported via the hoisted toolchain (tsdown/rolldown) rather than declared as a root devDep — declaring it re-keyed the entire docusaurus/webpack lockfile graph. Documented inline.

Testing done

  • pnpm build prints the report end-to-end.
  • --baseline / --compare verified; two consecutive baseline writes are byte-identical.
  • Gate verified against a simulated +25% increase (exceeded=true, ⚠️ marker, footer note).
  • biome check, knip, tsc, and pnpm install --frozen-lockfile all clean; no lockfile change.

Add tools/bundle-size.ts to measure appkit and appkit-ui bundle size:
tarball packed/unpacked, dist raw/gzip totals, and per-entry minified+gzip
import cost (esbuild, deps external). Appended to `pnpm build` for an
end-of-build report, and exposed as `pnpm size` / `size:baseline` /
`size:compare`.

A new bundle-size workflow diffs each PR against a committed baseline
(bundle-size-baseline.json), posts a sticky comment, and fails only when a
package's packed tarball grows past the budget (>5% and >10 KB). A
push-to-main job regenerates and commits the baseline.

Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
@MarioCadenas MarioCadenas requested a review from a team as a code owner July 1, 2026 16:12
@MarioCadenas MarioCadenas requested a review from pkosiec July 1, 2026 16:12
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🔬  Run evals on this PR  ·  Go to Evals Monitor →

Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

📦 Bundle size report

Compared against bundle-size-baseline.json (main).

✅ No size changes vs the baseline.

@databricks/appkit

npm tarball (packed): 663 KB — gzipped download (dist + bin; excludes release-only docs/NOTICE).

dist raw gzip
JS (runtime) 689 KB 241 KB
Type declarations 268 KB 91 KB
Source maps 1.3 MB 448 KB
Other 11 KB 3.7 KB
Total 2.3 MB 784 KB
Per-entry composition (own code — deps external (as shipped))
Entry Initial (gz) Lazy (gz) Total (gz) node_modules (min) Own code (min)
. 74 KB 2.5 KB 76 KB external 244 KB
./beta 39 KB 231 B 39 KB external 117 KB
./type-generator 19 KB 0 B 19 KB external 54 KB

Chunks:

Entry Chunk Load Size (gz)
. index.js initial 70 KB
. utils.js initial 4.0 KB
. remote-tunnel-manager.js lazy 2.5 KB
./beta beta.js initial 30 KB
./beta databricks.js initial 5.7 KB
./beta service-context.js initial 3.0 KB
./beta client-options.js initial 219 B
./beta databricks.js lazy 128 B
./beta index.js lazy 103 B
./type-generator index.js initial 19 KB

@databricks/appkit-ui

npm tarball (packed): 297 KB — gzipped download (dist + bin; excludes release-only docs/NOTICE).

dist raw gzip
JS (runtime) 363 KB 120 KB
Type declarations 203 KB 73 KB
Source maps 672 KB 219 KB
CSS 16 KB 3.3 KB
Total 1.2 MB 415 KB
Per-entry composition (consumer bundle — deps bundled, peerDeps external)
Entry Initial (gz) Lazy (gz) Total (gz) node_modules (min) Own code (min)
./js 4.2 KB 49 KB 54 KB 208 KB 11 KB
./js/beta 20 B 0 B 20 B 0 B 0 B
./react 591 KB 49 KB 640 KB 1.8 MB 167 KB
./react/beta 20 B 0 B 20 B 0 B 0 B

Chunks:

Entry Chunk Load Size (gz)
./js index.js initial 4.1 KB
./js chunk initial 120 B
./js apache-arrow lazy 49 KB
./js/beta beta.js initial 20 B
./react index.js initial 589 KB
./react tslib initial 2.1 KB
./react apache-arrow lazy 49 KB
./react/beta beta.js initial 20 B

Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
Collapsed per-entry section from esbuild's metafile (code-splitting on):
own-code size, initial vs lazy-loaded chunks, and — for browser packages
whose deps are bundleable — the node_modules weight a consumer pays
(peerDeps external). Node packages keep deps external, so node_modules
reads "external". Composition runs only in --baseline/--compare, keeping
the local build report fast.

Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
Each lazy chunk is now listed with its own gzip size (labeled by its
largest input module/dep), not just an aggregate count. Browser packages
read their lazy chunks from the deps-bundled build, so appkit-ui no longer
shows "none".

Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
… chunk table

Fix: esbuild sets entryPoint on dynamic-import chunks too, so the previous
"has entryPoint => initial" rule miscounted lazy chunks (e.g. apache-arrow)
as initial. Now classify by the static-import closure from the entry —
anything reachable only via a dynamic import is lazy. The composition table
shows Initial/Lazy/Total, and a new Chunks table lists every emitted chunk
with its load type. Browser packages measure the consumer bundle (deps
bundled, peerDeps external) so lazy-loaded deps like apache-arrow surface
correctly.

Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
Audit fixes for report veracity:
- Break dist/ into JS (runtime) / type declarations / source maps / CSS, each
  raw+gzip. The old lump hid that ~55-58% of dist is sourcemaps and ~15-20% is
  .d.ts — only ~30% is runtime JS. (Also surfaces that ~1.3 MB of maps ship
  despite sourcemap:false, since files+dist include them wholesale.)
- Add missing published entries: appkit ./type-generator; appkit-ui styles.css
  now shown via the CSS dist bucket.
- Relabel the npm tarball line: it is npm pack of the package dir (dist+bin),
  which excludes release-only docs/NOTICE/llms/shared-CLI assembled at publish.

Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
The push-to-main baseline job couldn't work: main is protected and only the
databricks-appkit[bot] App (via the secure release repo) may push. Reuse that
flow instead — prepare-release regenerates bundle-size-baseline.json from the
released build and uploads it; finalize-release.ts copies it into the tree so
the existing 'git add -A' release commit carries it, pushed via the App. PRs
now diff against the last released version. Removes the broken push-to-main
baseline job and its push trigger.

Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
…r bundle

1. Entry points are now derived from each package's publishConfig.exports at
   measure time instead of a hardcoded list, so a newly published export is
   picked up automatically (JS targets only; skips .d.ts/.css/package.json).
2. The gate now also fails when a browser package's consumer bundle (deps
   bundled) grows past budget for any entry — so a heavy new/updated UI
   dependency fails the check, not just own-code growth. The offending entry's
   Total (gz) is flagged in the composition table.

Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
…undle-size

- Read each package.json once in measurePackage and pass the manifest to
  peerExternals + deriveEntries (was read twice per measure).
- Remove the write-only EntryMeasurement.minified / Analysis.totalMinified:
  it was measured and stored in the baseline but never rendered. Slims each
  baseline entry to { id, gzip, composition }. No output change.

Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
…, sanitize comment labels

From the Xavier review of PR #467 (all non-blocking, applied anyway):
- Run package + entry esbuild builds concurrently via Promise.all (was
  sequential; helps the deep/cold-CI path with the deps-bundled builds).
  Order preserved, so output stays deterministic.
- Refuse to write a partial baseline: if measureAll drops a package, --baseline
  now errors + exits non-zero instead of committing a baseline that would make
  that package's gate fail open.
- Sanitize dynamic labels (entry ids, chunk labels) rendered into the PR
  comment via mdSafe — strip backticks/pipes/angle-brackets so a crafted
  filename can't break out of a table cell or inject an HTML/marker (CWE-79).
- Guard chunkLabel's @scope/undefined edge.

Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
Deltas render inline per cell only when a value moves, so an all-unchanged
report (e.g. this self-referential PR) showed plain tables with no visible
sign the comparison ran. Add a '✅ No size changes vs the baseline.' line under
the intro when a baseline exists and no delta was emitted.

Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
The blanket main().catch swallowed errors in every mode, so a crash in
--compare (the CI gate) exited 0 — the step passed with no comment and no
'exceeded' output, letting the gate fail open. Now only the default path
(appended to `pnpm build`) swallows; --baseline/--compare let failures surface
(exit non-zero) so CI shows them. Also folds the shared measure/json/baseline
flow into one run() helper.

Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
@MarioCadenas MarioCadenas merged commit 17c7db6 into main Jul 2, 2026
10 checks passed
@MarioCadenas MarioCadenas deleted the feat/bundle-size-tracking branch July 2, 2026 15:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants