Feature/msdk 3826 binary size measurement

[islameldesoky95]

User description

Summary by CodeRabbit

• Chores
  • Updated release workflow configuration for npm package publishing.
  • Added internal script for measuring and comparing package binary sizes.

---

CodeAnt-AI Description

Add release-time binary size reporting for the React Native SDK

What Changed

• After publishing, the release pipeline now measures the SDK tarball size and saves the results as a CI artifact
• The report includes compressed and unpacked size, plus a comparison against the previously published version
• The pipeline now uploads the size report file so it can be reviewed after the release

Impact

✅ Visible package size tracking after each release
✅ Easier release checks for size increases
✅ Faster review of binary growth in CI

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

CodeAnt AI is reviewing your PR.

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[coderabbitai]

📝 Walkthrough

Walkthrough

Release workflow is enhanced with npm authentication token setup and a new binary size measurement step. A companion Bash script builds npm tarballs, measures compressed and uncompressed byte sizes, optionally compares against the previously published version, and outputs results in both human-readable and JSON formats.

Changes

Release automation with binary size tracking

Layer / File(s)	Summary
Release workflow npm auth and binary size step setup .github/workflows/release.yml	npm publish step now includes NODE_AUTH_TOKEN environment variable set from secrets.NPM_TOKEN, and workflow adds subsequent steps to measure binary sizes and upload the resulting artifact.
Script initialization, CLI parsing, and helper functions scripts/measure_binary_sizes.sh	Script establishes strict Bash execution settings, determines root paths, and parses --compare and --output command-line flags. Utility functions provide stderr warnings, byte size measurement, human-readable KB/MB formatting, and table row rendering with optional published and delta columns.
Tarball building and size measurement scripts/measure_binary_sizes.sh	Cleans stale .tgz artifacts, runs npm pack to build tarball, identifies the generated archive, and computes both compressed and uncompressed byte sizes. Package name and version are extracted from package.json via embedded Python.
Optional registry comparison and output rendering scripts/measure_binary_sizes.sh	When --compare is enabled, script URL-encodes the scoped package name, fetches npm registry JSON via curl, derives the previous published version by semver ordering, and extracts published sizes. Prints human-readable banner and table with current and optional published sizes plus deltas. Generates JSON document with current sizes and comparison data, writing to stdout or file path via --output.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• Usercentrics/react-native-sdk#175: Both PRs modify .github/workflows/release.yml's npm publishing step to adjust how the npm auth token is provided (including moving/adding NODE_AUTH_TOKEN/granular token handling), so the changes are directly connected.

Suggested labels

Review effort 2/5, size:XS

Suggested reviewers

• uc-brunosouza

Poem

🐰 A script hops in to measure, measure, measure,
npm tarballs packed with size and pleasure!
Comparing versions, delta bytes in sight,
The binary tracker makes releases bright! 📦✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: adding binary size measurement functionality via a new script and workflow configuration.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/MSDK-3826-binary-size-measurement

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

Review Summary by Qodo

Add binary size measurement to release pipeline

✨ Enhancement

Walkthroughs

Description

• Add binary size measurement script to track npm tarball sizes
• Integrate size measurement into release pipeline after npm publish
• Compare current version sizes against previously published version
• Upgrade GitHub Actions setup-java to v4 with temurin distribution

Diagram

flowchart LR
  A["npm publish"] --> B["measure_binary_sizes.sh"]
  B --> C["Fetch published sizes<br/>from npm registry"]
  C --> D["Compare & generate<br/>binary-sizes-rn.json"]
  D --> E["Upload artifact"]

Loading

File Changes

1. scripts/measure_binary_sizes.sh ✨ Enhancement +205/-0

Binary size measurement script for npm tarball

• New bash script that packs npm tarball and measures compressed/uncompressed sizes
• Supports optional comparison against previously published version via npm registry
• Generates JSON output with version, timestamp, and size deltas
• Includes helper functions for byte formatting and registry data fetching

scripts/measure_binary_sizes.sh

---

2. .github/workflows/release.yml ✨ Enhancement +8/-1

Integrate binary size measurement into release workflow

• Add step to run measure_binary_sizes.sh after npm publish with --compare flag
• Upload generated binary-sizes-rn.json as CI artifact using actions/upload-artifact@v4
• Output file enables tracking size changes across releases

.github/workflows/release.yml

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (3) 📘 Rule violations (0)

1. COMPARE option misapplied 🐞 Bug ≡ Correctness

Description

measure_binary_sizes.sh always passes a “published” argument to print_row via ${COMPARE:+...}
because COMPARE is initialized to the non-empty string "false". Running the script without --compare
will still print published columns (with nulls) while the header is printed in non-compare mode,
producing misleading/misaligned output.

Code

scripts/measure_binary_sizes.sh[R163-164]

Evidence

The script sets COMPARE to the literal string "false" and then uses bash ${var:+word} expansion,
which expands whenever the variable is set and non-empty (so it expands even when COMPARE=="false").
Because print_row checks -n "$pub", it enters compare formatting whenever the third argument is
present, regardless of intended compare mode.

scripts/measure_binary_sizes.sh[19-24]
scripts/measure_binary_sizes.sh[48-55]
scripts/measure_binary_sizes.sh[163-164]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`print_row` is invoked with a third argument using `${COMPARE:+...}`. Since `COMPARE` is initialized to the non-empty string `false`, this expansion still produces the “published” argument even when the user did not pass `--compare`, so the script prints compare-mode rows while emitting a non-compare header.

### Issue Context
The script uses `COMPARE=true/false` strings, and `print_row` decides whether to render published/delta columns based on whether the third parameter is non-empty.

### Fix Focus Areas
- scripts/measure_binary_sizes.sh[19-27]
- scripts/measure_binary_sizes.sh[48-73]
- scripts/measure_binary_sizes.sh[151-165]

### Suggested fix
Use an explicit boolean check instead of `${VAR:+...}`. For example:
- Call `print_row` with only 2 args when `COMPARE != true`.
- Or change `COMPARE` to be empty when false (e.g., `COMPARE=""` / `COMPARE=1`) and update the `[[ ... ]]` checks accordingly.
- Ensure the header and row formats match in both modes.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. Hardcoded package label 🐞 Bug ⚙ Maintainability

Description

The script reads PACKAGE_NAME from package.json but prints a hardcoded package name in the
human-readable output. This can mislead consumers if the package name is ever renamed or the script
is reused in another repo.

Code

scripts/measure_binary_sizes.sh[162]

Evidence

The script explicitly loads the package name into PACKAGE_NAME but does not use it for display,
instead echoing a fixed string.

scripts/measure_binary_sizes.sh[77-79]
scripts/measure_binary_sizes.sh[162-162]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The output line `echo "npm (@usercentrics/react-native-sdk)"` is hardcoded even though `PACKAGE_NAME` is already read from `package.json`.

### Issue Context
A hardcoded name can easily drift from reality (renames/forks) and makes the script less reusable.

### Fix Focus Areas
- scripts/measure_binary_sizes.sh[77-79]
- scripts/measure_binary_sizes.sh[162-162]

### Suggested fix
Replace the hardcoded echo with `echo "npm (${PACKAGE_NAME})"` (or similar), leveraging the already-populated variable.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

3. Requirements comment incomplete 🐞 Bug ⚙ Maintainability

Description

The script’s header says it requires node, npm, python3, and curl, but the implementation also
invokes tools like bc and gunzip. This makes the script harder to run/debug outside CI because the
documented requirements are incomplete.

Code

scripts/measure_binary_sizes.sh[R11-13]

Evidence

The top-of-file comment lists a smaller set of tools than the script actually executes; the
implementation directly calls bc and gunzip.

scripts/measure_binary_sizes.sh[11-13]
scripts/measure_binary_sizes.sh[37-45]
scripts/measure_binary_sizes.sh[94-96]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The script header's "Requires" list is incomplete compared to the actual commands used (e.g., `bc`, `gunzip`).

### Issue Context
Keeping the dependency comment accurate helps contributors run the script locally and reduces troubleshooting time.

### Fix Focus Areas
- scripts/measure_binary_sizes.sh[11-13]
- scripts/measure_binary_sizes.sh[37-45]
- scripts/measure_binary_sizes.sh[94-96]

### Suggested fix
Update the "Requires" line to include the additional CLI tools used (at least `bc` and `gzip`/`gunzip`; optionally also coreutils like `wc`).

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[pantoaibot]

PR Summary:

Add binary-size measurement to release workflow and a new script that packs the npm tarball, records compressed/uncompressed sizes, optionally compares to the previously published version, and uploads a JSON artifact.

• Workflow (.github/workflows/release.yml):

  • After publishing, runs ./scripts/measure_binary_sizes.sh --compare --output binary-sizes-rn.json
  • Uploads binary-sizes-rn.json as artifact named "binary-sizes-rn"
  • Runs on release creation (no change to trigger)

• New script (scripts/measure_binary_sizes.sh):

  • Runs npm pack to build a .tgz and measures:
    • compressed size (.tgz)
    • uncompressed tar size (gunzip + wc)
  • Optional compare mode (--compare):
    • Fetches npm registry data, finds the version immediately preceding the current one, and compares sizes (size and unpackedSize)
    • Prints human-readable delta (B/KB/MB and %)
    • Skips comparison if registry fetch or previous-version detection fails
  • Optional output file (--output ) writes a JSON summary:
    • keys: version, timestamp, published_version (if compared), npm.compressed/uncompressed with bytes/published_bytes/delta_bytes
  • Requires: node/npm, python3, curl, gunzip, bc, standard Unix tools
  • Handles errors gracefully and prints warnings when comparison is skipped

• Behavior/impact:

  • Purpose: track binary size regressions on releases
  • No code-breaking changes
  • Adds CI artifact for size tracking and reporting
  • Runs after npm publish, so current tarball is measured; comparison chooses the previous version from registry data (not necessarily the tag named "latest")

Reviewed by Panto AI

[coderabbitai]

Actionable comments posted: 5

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/release.yml:
- Line 27: Replace the mutable action tag "uses: actions/upload-artifact@v4"
with an immutable full commit SHA pin: locate the line containing uses:
actions/upload-artifact@v4 and update it to uses:
actions/upload-artifact@<full-commit-sha> (obtain the exact SHA from the
actions/upload-artifact repository and paste it in place of `@v4`).

In `@scripts/measure_binary_sizes.sh`:
- Line 108: The curl call that populates REGISTRY_DATA for
"https://registry.npmjs.org/${ENCODED_NAME}" has no network timeouts and can
hang; update the invocation that sets REGISTRY_DATA to include appropriate curl
timeout flags (e.g., --connect-timeout and --max-time, and optionally --retry
and --retry-delay) so the fetch for ENCODED_NAME fails fast on network issues
and doesn't stall the pipeline.
- Around line 163-164: The compare columns are being passed because
${COMPARE:+"$PUB_COMPRESSED"} and ${COMPARE:+"$PUB_UNCOMPRESSED"} expand when
COMPARE is non-empty (even "false"); change the conditional to only pass the
published values when COMPARE is explicitly true (e.g., test [ "$COMPARE" =
"true" ] or use a COMPARE_ENABLED boolean that is empty when disabled) so calls
to print_row "compressed   (.tgz)" "$COMPRESSED_BYTES" and print_row
"uncompressed (tar)" "$UNCOMPRESSED_BYTES" only include "$PUB_COMPRESSED" /
"$PUB_UNCOMPRESSED" when comparison is enabled; update occurrences referencing
COMPARE, PUB_COMPRESSED, PUB_UNCOMPRESSED, and print_row accordingly.
- Line 116: The current sorting line (versions = sorted(d.get('versions',
{}).keys(), key=lambda v: [int(x) for x in v.split('.')[:3]])) fails for
prerelease/semver strings like "1.2.3-rc.1"; replace the ad‑hoc int-splitting
key with a proper semver/PEP 440 parser (e.g. use packaging.version.parse or a
semver library) and sort using key=lambda v: parse(v) so prereleases and build
metadata are compared correctly; update imports to bring in the chosen parser
and adjust the sorted call that assigns versions accordingly.
- Line 24: The --output case currently unconditionally reads the next token
(OUTPUT_FILE="$2") and will trigger an unbound-variable error under set -u when
no value is provided; update the '--output)' branch in the option parsing to
first check that a next argument exists and is not another option (e.g., not
empty and not starting with '-') and if missing print a clear error/usage
message and exit nonzero, otherwise assign OUTPUT_FILE and shift 2; reference
the '--output)' case and the OUTPUT_FILE variable when making the change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 250acd13-12aa-44a4-a624-71a82de62786

📥 Commits

Reviewing files that changed from the base of the PR and between 11f1dde and 2067230.

📒 Files selected for processing (2)

• .github/workflows/release.yml
• scripts/measure_binary_sizes.sh

[codeant-ai]

CodeAnt AI finished reviewing your PR.