Fix safe React Doctor frontend findings #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # React Doctor — finds security, performance, correctness, accessibility, | |
| # bundle-size, and architecture issues in React codebases. | |
| # | |
| # Docs: https://www.react.doctor/ci | |
| # Source: https://github.com/millionco/react-doctor | |
| name: React Doctor | |
| on: | |
| # Scans the PR's changed files and posts a sticky summary comment listing only the new issues introduced relative to the merge base of the target branch. | |
| pull_request: | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| # Scans `main` on every push to track the health-score trend and catch regressions that slipped past PR review. | |
| push: | |
| branches: ["main"] | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| issues: write | |
| statuses: write | |
| # Cancels any in-flight scan for the same PR (or branch, on push) the moment a new commit arrives, so reviewers only ever see the latest run. | |
| concurrency: | |
| group: react-doctor-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| react-doctor: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: millionco/react-doctor@v2 | |
| # Advisory by default: React Doctor reports findings on every PR — a | |
| # sticky summary comment, inline review comments, and a commit status | |
| # with the health score — but never fails the check, so it won't red-X | |
| # a teammate's PR on day one. When your team trusts the signal, graduate | |
| # the gate: uncomment the block below and set blocking to "error" (fail | |
| # on new error-severity findings) or "warning" (fail on any finding). | |
| # Full reference: https://www.react.doctor/ci | |
| # with: | |
| # blocking: error # Gate level: "none" (advisory, the default) | "warning" | "error" | |
| # scope: full # On PRs, scan the whole project instead of just changed files | |
| # comment: false # Disable the sticky PR summary comment | |
| # review-comments: false # Disable inline review comments on changed lines | |
| # commit-status: false # Disable the commit status (score + counts, links to the run) | |
| # version: "0.4.0" # Pin to a specific react-doctor version instead of "latest" | |
| # directory: apps/web # Scan a sub-directory (default: ".") | |
| # project: "web,admin" # In a monorepo, scan specific workspace project(s) |