ci: track package bundle size with build report and PR comparison#467
Merged
Conversation
Add tools/bundle-size.ts to measure appkit and appkit-ui bundle size: tarball packed/unpacked, dist raw/gzip totals, and per-entry minified+gzip import cost (esbuild, deps external). Appended to `pnpm build` for an end-of-build report, and exposed as `pnpm size` / `size:baseline` / `size:compare`. A new bundle-size workflow diffs each PR against a committed baseline (bundle-size-baseline.json), posts a sticky comment, and fails only when a package's packed tarball grows past the budget (>5% and >10 KB). A push-to-main job regenerates and commits the baseline. Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
Contributor
|
Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
Contributor
📦 Bundle size reportCompared against ✅ No size changes vs the baseline.
|
| dist | raw | gzip |
|---|---|---|
| JS (runtime) | 689 KB | 241 KB |
| Type declarations | 268 KB | 91 KB |
| Source maps | 1.3 MB | 448 KB |
| Other | 11 KB | 3.7 KB |
| Total | 2.3 MB | 784 KB |
Per-entry composition (own code — deps external (as shipped))
| Entry | Initial (gz) | Lazy (gz) | Total (gz) | node_modules (min) | Own code (min) |
|---|---|---|---|---|---|
. |
74 KB | 2.5 KB | 76 KB | external | 244 KB |
./beta |
39 KB | 231 B | 39 KB | external | 117 KB |
./type-generator |
19 KB | 0 B | 19 KB | external | 54 KB |
Chunks:
| Entry | Chunk | Load | Size (gz) |
|---|---|---|---|
. |
index.js |
initial | 70 KB |
. |
utils.js |
initial | 4.0 KB |
. |
remote-tunnel-manager.js |
lazy | 2.5 KB |
./beta |
beta.js |
initial | 30 KB |
./beta |
databricks.js |
initial | 5.7 KB |
./beta |
service-context.js |
initial | 3.0 KB |
./beta |
client-options.js |
initial | 219 B |
./beta |
databricks.js |
lazy | 128 B |
./beta |
index.js |
lazy | 103 B |
./type-generator |
index.js |
initial | 19 KB |
@databricks/appkit-ui
npm tarball (packed): 297 KB — gzipped download (dist + bin; excludes release-only docs/NOTICE).
| dist | raw | gzip |
|---|---|---|
| JS (runtime) | 363 KB | 120 KB |
| Type declarations | 203 KB | 73 KB |
| Source maps | 672 KB | 219 KB |
| CSS | 16 KB | 3.3 KB |
| Total | 1.2 MB | 415 KB |
Per-entry composition (consumer bundle — deps bundled, peerDeps external)
| Entry | Initial (gz) | Lazy (gz) | Total (gz) | node_modules (min) | Own code (min) |
|---|---|---|---|---|---|
./js |
4.2 KB | 49 KB | 54 KB | 208 KB | 11 KB |
./js/beta |
20 B | 0 B | 20 B | 0 B | 0 B |
./react |
591 KB | 49 KB | 640 KB | 1.8 MB | 167 KB |
./react/beta |
20 B | 0 B | 20 B | 0 B | 0 B |
Chunks:
| Entry | Chunk | Load | Size (gz) |
|---|---|---|---|
./js |
index.js |
initial | 4.1 KB |
./js |
chunk |
initial | 120 B |
./js |
apache-arrow |
lazy | 49 KB |
./js/beta |
beta.js |
initial | 20 B |
./react |
index.js |
initial | 589 KB |
./react |
tslib |
initial | 2.1 KB |
./react |
apache-arrow |
lazy | 49 KB |
./react/beta |
beta.js |
initial | 20 B |
Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
Collapsed per-entry section from esbuild's metafile (code-splitting on): own-code size, initial vs lazy-loaded chunks, and — for browser packages whose deps are bundleable — the node_modules weight a consumer pays (peerDeps external). Node packages keep deps external, so node_modules reads "external". Composition runs only in --baseline/--compare, keeping the local build report fast. Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
Each lazy chunk is now listed with its own gzip size (labeled by its largest input module/dep), not just an aggregate count. Browser packages read their lazy chunks from the deps-bundled build, so appkit-ui no longer shows "none". Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
… chunk table Fix: esbuild sets entryPoint on dynamic-import chunks too, so the previous "has entryPoint => initial" rule miscounted lazy chunks (e.g. apache-arrow) as initial. Now classify by the static-import closure from the entry — anything reachable only via a dynamic import is lazy. The composition table shows Initial/Lazy/Total, and a new Chunks table lists every emitted chunk with its load type. Browser packages measure the consumer bundle (deps bundled, peerDeps external) so lazy-loaded deps like apache-arrow surface correctly. Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
Audit fixes for report veracity: - Break dist/ into JS (runtime) / type declarations / source maps / CSS, each raw+gzip. The old lump hid that ~55-58% of dist is sourcemaps and ~15-20% is .d.ts — only ~30% is runtime JS. (Also surfaces that ~1.3 MB of maps ship despite sourcemap:false, since files+dist include them wholesale.) - Add missing published entries: appkit ./type-generator; appkit-ui styles.css now shown via the CSS dist bucket. - Relabel the npm tarball line: it is npm pack of the package dir (dist+bin), which excludes release-only docs/NOTICE/llms/shared-CLI assembled at publish. Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
The push-to-main baseline job couldn't work: main is protected and only the databricks-appkit[bot] App (via the secure release repo) may push. Reuse that flow instead — prepare-release regenerates bundle-size-baseline.json from the released build and uploads it; finalize-release.ts copies it into the tree so the existing 'git add -A' release commit carries it, pushed via the App. PRs now diff against the last released version. Removes the broken push-to-main baseline job and its push trigger. Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
atilafassina
approved these changes
Jul 2, 2026
…r bundle 1. Entry points are now derived from each package's publishConfig.exports at measure time instead of a hardcoded list, so a newly published export is picked up automatically (JS targets only; skips .d.ts/.css/package.json). 2. The gate now also fails when a browser package's consumer bundle (deps bundled) grows past budget for any entry — so a heavy new/updated UI dependency fails the check, not just own-code growth. The offending entry's Total (gz) is flagged in the composition table. Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
…undle-size
- Read each package.json once in measurePackage and pass the manifest to
peerExternals + deriveEntries (was read twice per measure).
- Remove the write-only EntryMeasurement.minified / Analysis.totalMinified:
it was measured and stored in the baseline but never rendered. Slims each
baseline entry to { id, gzip, composition }. No output change.
Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
…, sanitize comment labels From the Xavier review of PR #467 (all non-blocking, applied anyway): - Run package + entry esbuild builds concurrently via Promise.all (was sequential; helps the deep/cold-CI path with the deps-bundled builds). Order preserved, so output stays deterministic. - Refuse to write a partial baseline: if measureAll drops a package, --baseline now errors + exits non-zero instead of committing a baseline that would make that package's gate fail open. - Sanitize dynamic labels (entry ids, chunk labels) rendered into the PR comment via mdSafe — strip backticks/pipes/angle-brackets so a crafted filename can't break out of a table cell or inject an HTML/marker (CWE-79). - Guard chunkLabel's @scope/undefined edge. Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
Deltas render inline per cell only when a value moves, so an all-unchanged report (e.g. this self-referential PR) showed plain tables with no visible sign the comparison ran. Add a '✅ No size changes vs the baseline.' line under the intro when a baseline exists and no delta was emitted. Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
The blanket main().catch swallowed errors in every mode, so a crash in --compare (the CI gate) exited 0 — the step passed with no comment and no 'exceeded' output, letting the gate fail open. Now only the default path (appended to `pnpm build`) swallows; --baseline/--compare let failures surface (exit non-zero) so CI shows them. Also folds the shared measure/json/baseline flow into one run() helper. Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
Signed-off-by: MarioCadenas <MarioCadenas@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds bundle-size tracking for the published packages (
@databricks/appkit,@databricks/appkit-ui):pnpm buildnow prints a size table for both packages. Also available standalone aspnpm size.Bundle Sizeworkflow diffs each PR against a committed baseline, posts a sticky comment, and fails the check only when a package's packed tarball grows past the budget.Metrics (per package)
npm pack --dry-run --json)dist/raw + gzip totalsHow it works
tools/bundle-size.ts— one tool, three modes: default (measure + print table),--baseline(writebundle-size-baseline.json),--compare(diff vs committed baseline, write markdown comment, emitexceededto$GITHUB_OUTPUT)..github/workflows/bundle-size.yml:pr-metadata.yml) → a separate step fails only if a package's packed tarball grew >5% and >10 KB. Fork PRs skip comment/gate (read-only token) but still log sizes.[skip ci]).esbuildis imported via the hoisted toolchain (tsdown/rolldown) rather than declared as a root devDep — declaring it re-keyed the entire docusaurus/webpack lockfile graph. Documented inline.Testing done
pnpm buildprints the report end-to-end.--baseline/--compareverified; two consecutive baseline writes are byte-identical.exceeded=true,biome check,knip,tsc, andpnpm install --frozen-lockfileall clean; no lockfile change.