chore: enhance telemetry CI scan to detect Mixpanel and Impact

Expand the existing CI telemetry scan workflow to detect additional telemetry libraries beyond Google Tag Manager. Added detection patterns for: - Mixpanel (mixpanel-browser, api/cdn domains, init/track/identify methods) - Impact Analytics (impactcdn.com, tracking ID) Also improved error messaging to: - List all telemetry providers being checked - Provide troubleshooting guidance - Reference PR #8311 for historical context This prevents accidental inclusion of telemetry code in OSS builds, similar to the GTM incident in PR #8311. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-04-20 14:30:41 +00:00 · 2026-02-14 12:56:47 +00:00
parent 5f7a6e7aba
commit 2691df34ec
1 changed files with 23 additions and 2 deletions
--- a/.github/workflows/ci-dist-telemetry-scan.yaml
+++ b/.github/workflows/ci-dist-telemetry-scan.yaml
@@ -45,8 +45,29 @@ jobs:
            -e '(?i)\bgtm\.js\b' \
            -e '(?i)googletagmanager\.com/gtm\.js\\?id=' \
            -e '(?i)googletagmanager\.com/ns\.html\\?id=' \
+            -e 'mixpanel-browser' \
+            -e '(?i)api\.mixpanel\.com' \
+            -e '(?i)cdn\.mxpnl\.com' \
+            -e '(?i)mixpanel\.init' \
+            -e '(?i)mixpanel\.track' \
+            -e '(?i)mixpanel\.identify' \
+            -e '(?i)mixpanel\.people' \
+            -e '(?i)impactcdn\.com' \
+            -e 'A6951770-3747-434a-9ac7-4e582e67d91f1' \
            dist; then
-            echo 'Telemetry references found in dist assets.'
+            echo '❌ Telemetry references found in dist assets.'
+            echo ''
+            echo 'This CI check scans for telemetry libraries that should not be included in OSS builds:'
+            echo '  - Google Tag Manager (GTM)'
+            echo '  - Mixpanel'
+            echo '  - Impact Analytics'
+            echo ''
+            echo 'If you see this error:'
+            echo '  1. Check your build configuration to ensure telemetry code is properly excluded'
+            echo '  2. Verify conditional imports are working correctly'
+            echo '  3. Review the matched lines above to identify the source'
+            echo ''
+            echo 'For context, see PR #8311 which accidentally shipped GTM code to OSS builds.'
            exit 1
          fi
-          echo 'No telemetry references found in dist assets.'
+          echo '✅ No telemetry references found in dist assets.'