feat(ci): assert gzip transfer sizes against ADR-0017 budgets

Angular CLI's `budgets` only compare RAW sizes — there's no native
gzip-mode budget. ADR-0017 specifies thresholds in gzip-transfer
terms (initial bundle ≤ 300 KB gzip, any lazy chunk ≤ 100 KB gzip,
total stylesheet ≤ 150 KB gzip), so the project.json values today
are an approximate raw-size translation. The follow-up flagged in
ADR-0017's confirmation list — a CI check that asserts the actual
gzipped transfer size — lands here.

`scripts/check-gzip-budgets.mjs`:

- Parses Angular's emitted index.html to separate initial assets
  (anything referenced via src=/href=) from lazy chunks (the rest).
- Gzips every JS / CSS file at level 9 — what most HTTP servers
  serve for static assets — and reports a per-file + per-bucket
  size table.
- Compares against the ADR-0017 budgets and exits non-zero on any
  breach. Plain Node, no deps; ~120 lines.

Wired through:

- `pnpm ci:gzip-budgets` invokes the script with the default dist
  path (`dist/apps/portal-shell/browser`).
- `ci:perf` chains build → gzip check → Lighthouse, so a
  budget breach short-circuits before Lighthouse even runs (saves
  several minutes on a failing PR).

ADR-0017 §Confirmation updated: the previous "future follow-up
will add a CI check" line is replaced by a description of how the
script works, with a link to it.

Verified locally on the production build:
- Initial JS total: 92.88 KB / 300 KB budget ✓
- Lazy chunks largest: 1.38 KB / 100 KB per-chunk budget ✓
- CSS total: 3.35 KB / 150 KB budget ✓
This commit is contained in:
Julien Gautier
2026-05-10 04:26:26 +02:00
parent 261203ec5a
commit f776ce732a
3 changed files with 144 additions and 2 deletions
@@ -209,7 +209,8 @@ No browser-side RUM SDK in v1. The OTel browser tracing from [ADR-0012](0012-obs
### Confirmation
- `lighthouserc.js` exists at the repo root with the critical-routes list, the assertions matching the thresholds above, and a 3-iteration median configuration.
- `apps/portal-shell/project.json` declares `budgets` with `maximumWarning == maximumError` (so an overshoot fails the build, matching `type: "error"` in spirit). Four entries: `initial` (≤ 1 MB raw), `anyScript` (≤ 300 KB raw), `anyComponentStyle` (≤ 6 KB raw, with 5 KB warning floor), `bundle name=styles` (≤ 150 KB raw). Angular CLI compares **raw** sizes; the values above are translated from the gzip-based ADR targets at the conventional ≈ 3× JS / ≈ 4× CSS compression ratios. A future follow-up will add a CI check that asserts the **actual** gzipped transfer size against the ADR thresholds — Angular CLI does not natively support a gzip-mode budget.
- `apps/portal-shell/project.json` declares `budgets` with `maximumWarning == maximumError` (so an overshoot fails the build, matching `type: "error"` in spirit). Four entries: `initial` (≤ 1 MB raw), `anyScript` (≤ 300 KB raw), `anyComponentStyle` (≤ 6 KB raw, with 5 KB warning floor), `bundle name=styles` (≤ 150 KB raw). Angular CLI compares **raw** sizes; the values above are translated from the gzip-based ADR targets at the conventional ≈ 3× JS / ≈ 4× CSS compression ratios.
- A complementary CI check in [`scripts/check-gzip-budgets.mjs`](../../scripts/check-gzip-budgets.mjs) (wired into `pnpm ci:perf` between the production build and Lighthouse) asserts the **actual** gzipped transfer size against the ADR thresholds: initial-JS-total ≤ 300 KB, any single lazy chunk ≤ 100 KB, total CSS ≤ 150 KB. Angular CLI does not natively support a gzip-mode budget — this script is the explicit gate. It parses `index.html` to distinguish initial assets from lazy chunks, gzips each file at level 9 (matching what HTTP servers typically serve), and exits non-zero on any breach.
- `package.json` exposes `ci:perf`, runnable locally with the same exit code as CI.
- CI's `perf` gate from [ADR-0015](0015-cicd-gitea-actions.md) calls `pnpm ci:perf`. It is blocking on human PRs and on `push` to `main`; skipped on PRs authored by the Renovate bot user (`apf-portal-bot`) per the gating-policy subsection above.
- `apps/portal-shell` exposes a Nx target `analyze` invoking `source-map-explorer` against the production build's source maps.