refactor: replace adaptivecards-templating and @actions/github with native code#130
Open
ahanoff wants to merge 4 commits into
Open
refactor: replace adaptivecards-templating and @actions/github with native code#130ahanoff wants to merge 4 commits into
ahanoff wants to merge 4 commits into
Conversation
…t builder
The adaptivecards-templating library (plus its transitive deps adaptive-expressions and antlr4ts) accounted for ~60% of the bundle size (~900KB minified) but was only used for simple ${$root.x} property interpolation.
Replaced with a plain JS object builder using template literals. The `s()` helper converts undefined/null to empty string, matching adaptivecards-templating's expansion behavior.
Output shape is identical — all 28 existing tests pass unchanged.
Side benefit: eliminates the entire class of JSON injection bugs (PR #121) since there is no longer a template expansion engine to misuse.
… parsing
@actions/github (plus undici, @octokit/*, @actions/http-client — ~400KB minified) was used for only two things:
1. github.context — convenience wrapper around GITHUB_* env vars and GITHUB_EVENT_PATH JSON file. Replaced with direct process.env reads + readFileSync.
2. github.getOctokit(token).rest.actions.{listJobsForWorkflowRun,getWorkflowRun} — two GET requests. Replaced with native fetch() using Authorization: Bearer header.
The token still comes from the github-token action input — no change for consumers. GITHUB_API_URL respected for GHE compatibility.
Production dependencies: 6 -> 1 (@actions/core only).
Removed:
- @actions/github (replaced by native fetch in main.ts)
- adaptivecards-templating (replaced by manual builder in card.ts)
- adaptivecards (transitive of adaptivecards-templating, never directly imported)
- adaptive-expressions (transitive of adaptivecards-templating, peer dep)
- cockatiel (unused — no imports in any source file)
rollup.config.mjs: removed @rollup/plugin-json (no longer needed without adaptivecards-templating's require('./../package.json')). Kept @rollup/plugin-commonjs (still needed for the tunnel CJS package transitively pulled by @actions/core -> @actions/http-client).
Bundle size comparison: - ncc CJS (Scope B): 1.7 MB - rollup ESM minified (Scope C): 1.5 MB - rollup ESM minified (this PR): 411 KB (-73%) Build time: 2.1s -> 0.67s. Test time: 0.43s -> 0.20s.
ahanoff
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Eliminate the two heaviest dependency chains from the action. Stacked on top of PR #129 (Scope C).
adaptivecards-templating→ adaptive-expressions + antlr4ts + xpath + xmldom@actions/github→ undici + @octokit/* + @actions/http-clientcockatiel(unused — never imported)Production dependencies: 6 → 1 (just
@actions/core).Bundle size progression
dist/index.js73% smaller than Scope C. 76% smaller than Scope B.
How
adaptivecards-templating→ manual JS object builderThe library's
${$root.x}template syntax was only used for simple property access. Replaced with JS template literals:An
s()helper convertsundefined/null→''to match adaptivecards-templating's expansion behavior. All 28 existing tests pass unchanged (they validate output shape, not implementation).Side benefit: eliminates the JSON injection bug class (PR #121) entirely — no template expansion engine to misuse.
@actions/github→ nativefetch+ env varsgithub.contextwas justGITHUB_*env var reads +GITHUB_EVENT_PATHJSON parse.github.getOctokit(token)was used for exactly 2 GET requests:No change for consumers — token still comes from
github-token: ${{ github.token }}.GITHUB_API_URLrespected for GHE compatibility.Verification
npm run lintnpm run build(tsc --noEmit)npm test(28 tests)npm run packageRemaining 411 KB
Mostly
@actions/core's transitive chain (@actions/http-client,@actions/exec,tunnel,undici). Removing@actions/coreitself is possible (replace 5 API calls withprocess.env+process.exitCode) but diminishing returns — the action would become dependency-free at ~20KB.Risk
Medium. The card output shape is identical (28 tests confirm). The GitHub API calls match the same endpoints Octokit used. The main risk is edge cases in env var parsing or API response shapes that Octokit's types previously caught at compile time — mitigated by runtime type assertions on fetch responses.