@cleartrip/frontguard 0.2.7 → 0.2.9

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cleartrip/frontguard",
-  "version": "0.2.7",
+  "version": "0.2.9",
   "description": "Org-wide frontend PR guardrails: linting, hygiene, any-delta, cycles, dead code, bundle/CWV hints, custom rules, optional LLM brief",
   "type": "module",
   "bin": {

package/templates/bitbucket-pipelines.yml

@@ -1,10 +1,11 @@
-# FrontGuard — PR comment: checks screenshot (inline) + FreeKit full report
+# FrontGuard — PR comment: checks screenshot + FreeKit full report
 #
-# • The checks-table PNG is generated with @resvg/resvg-js (SVG → raster; no Playwright/Chromium).
-# • The PNG is embedded in the PR comment as a small base64 image (no Bitbucket Downloads / extra tokens).
-# • Full HTML report is uploaded to FreeKit; the comment links to that URL for details.
+# • Bitbucket’s PR renderer does NOT load data:image/... (base64) — it shows “Preview unavailable”.
+#   This pipeline uploads the PNG to Repository → Downloads, then uses an https://bitbucket.org/.../downloads/... URL in Markdown.
+# • Token must allow: pull request comments AND POST …/downloads (Repositories: write / equivalent API scope).
+# • Raster: @resvg/resvg-js (no browser). Full HTML report → FreeKit; comment links there for details.
 #
-# Secured variable: BITBUCKET_ACCESS_TOKEN — must be allowed to post pull request comments.
+# Secured variable: BITBUCKET_ACCESS_TOKEN — comments + downloads upload (see above).
 #
 # Optional: FREEKIT_BASE_URL — override FreeKit API host (default https://freekit.dev).
 #
@@ -29,7 +30,7 @@ pipelines:
             - frontguard-checks.png
           script:
             - corepack enable
-            - apt-get update && apt-get install -y --no-install-recommends fonts-dejavu-core
+            - apt-get update && apt-get install -y --no-install-recommends fonts-dejavu-core fonts-liberation
             - yarn install --immutable || yarn install
             - |
               yarn frontguard run --markdown \
@@ -38,16 +39,26 @@ pipelines:
                 --checksPngOut frontguard-checks.png \
                 > frontguard-report.md
             - |
+              test -n "${BITBUCKET_ACCESS_TOKEN:-}" || { echo "Missing secured var BITBUCKET_ACCESS_TOKEN"; exit 1; }
+              BB_PNG_NAME="frontguard-checks-pipeline-${BITBUCKET_BUILD_NUMBER}-pr-${BITBUCKET_PR_ID}.png"
+              cp frontguard-checks.png "${BB_PNG_NAME}"
+              if curl --silent --show-error --fail --request POST \
+                --url "https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_FULL_NAME}/downloads" \
+                --header "Authorization: Bearer ${BITBUCKET_ACCESS_TOKEN}" \
+                --form "files=@${BB_PNG_NAME}"; then
+                export FRONTGUARD_CHECKS_IMAGE_URL="https://bitbucket.org/${BITBUCKET_REPO_FULL_NAME}/downloads/${BB_PNG_NAME}"
+                echo "Uploaded checks PNG to Downloads; image URL set for PR comment."
+              else
+                echo "WARNING: Downloads upload failed (token needs repository write for uploads). PR comment will not include an inline image."
+                export FRONTGUARD_CHECKS_IMAGE_URL=""
+              fi
               python3 << 'PY'
-              import base64
               import json
               import os
               from urllib.error import HTTPError
               from urllib.request import Request, urlopen
 
               DETAILED = "For detailed check analysis, please open the full interactive report:"
-              # Keep in sync with src/lib/bitbucket-checks-image-md.ts (markdown line length cap).
-              MAX_IMAGE_LINE = 300_000
               PNG_SIG = bytes([0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A])
 
               base = os.environ.get("FREEKIT_BASE_URL", "https://freekit.dev").rstrip("/")
@@ -80,13 +91,15 @@ pipelines:
                   raw = f.read()
               if len(raw) < 8 or raw[:8] != PNG_SIG:
                   raise SystemExit("frontguard-checks.png is missing or not a valid PNG file.")
-              b64 = base64.standard_b64encode(raw).decode("ascii")
-              # ASCII alt text; standard Base64 — matches FrontGuard pngBufferToBitbucketImageMarkdownLine.
-              img_line = f"![FrontGuard checks summary](data:image/png;base64,{b64})"
-              if len(img_line) > MAX_IMAGE_LINE:
-                  raise SystemExit(
-                      f"Checks PNG too large for inline comment ({len(raw)} bytes, line {len(img_line)} chars). "
-                      "Shrink the table or host the PNG and link it; see bitbucket-checks-image-md.ts limits."
+
+              img_url = (os.environ.get("FRONTGUARD_CHECKS_IMAGE_URL") or "").strip()
+              if img_url:
+                  # Bitbucket PR comments: only normal https:// URLs render; data: URIs show “Preview unavailable”.
+                  img_line = f"![FrontGuard checks summary]({img_url})"
+              else:
+                  img_line = (
+                      "_Checks summary image: open **Pipeline artifacts** (`frontguard-checks.png`) "
+                      "or grant the pipeline token permission to **upload to Repository → Downloads**._"
                   )
 
               body = f"{img_line}\n\n{DETAILED}\n{report_url}\n"
@@ -96,7 +109,6 @@ pipelines:
                   json.dump({"content": {"raw": body}}, out, ensure_ascii=False)
               PY
             - |
-              test -n "${BITBUCKET_ACCESS_TOKEN:-}" || { echo "Missing secured var BITBUCKET_ACCESS_TOKEN"; exit 1; }
               curl --silent --show-error --fail --request POST \
                 --url "https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_FULL_NAME}/pullrequests/${BITBUCKET_PR_ID}/comments" \
                 --header 'Accept: application/json' \

package/templates/freekit-ci-setup.md

@@ -1,6 +1,6 @@
 # FreeKit.dev + FrontGuard (Bitbucket Pipelines)
 
-The Bitbucket template (`templates/bitbucket-pipelines.yml`) runs FrontGuard with **`--checksPngOut`** (SVG → PNG via **`@resvg/resvg-js`**, no headless browser), uploads the full HTML to **FreeKit**, and posts a PR comment that **inlines** the checks PNG as `data:image/png;base64,...` plus the FreeKit URL. You only need **`BITBUCKET_ACCESS_TOKEN`** with permission to **comment on pull requests** — no Repository Downloads or `repository:write`.
+The Bitbucket template runs FrontGuard with **`--checksPngOut`** (SVG → PNG via **`@resvg/resvg-js`**), uploads the full HTML to **FreeKit**, **uploads the checks PNG to Repository → Downloads**, and posts a PR comment with **`![alt](https://bitbucket.org/.../downloads/...png)`** plus the FreeKit URL. Bitbucket does **not** render `data:image/...` in PR comments (you get “Preview unavailable”), so the template uses an HTTPS Downloads link instead. **`BITBUCKET_ACCESS_TOKEN`** must allow **PR comments** and **POST** to **`/2.0/repositories/{workspace}/{repo}/downloads`** (Repositories write / equivalent).
 
 The same step uploads `frontguard-report.html` to FreeKit’s public API:
 
@@ -26,7 +26,7 @@ On **Bitbucket Pipelines** pull-request builds, FrontGuard reads **`BITBUCKET_PR
 
 ## Checks table image in PR comments
 
-The default pipeline uses **`--checksPngOut`** so FrontGuard writes **`frontguard-checks.png`** (raster from the checks table). A short Python step base64-embeds that image in the PR comment (no extra hosting). If the PNG is too large for Bitbucket, raise the limit in the pipeline script cautiously or host the image and set **`FRONTGUARD_CHECKS_IMAGE_URL`** with **`--prCommentOut`** instead.
+The pipeline writes **`frontguard-checks.png`**, uploads it via the Downloads API, and references that **HTTPS** URL in Markdown. If the upload fails (token scope), the comment falls back to text pointing at pipeline artifacts. You can still set **`FRONTGUARD_CHECKS_IMAGE_URL`** before a custom comment step if you host the PNG elsewhere.
 
 ## Compared to Surge