Build: Remove local Danger Docker build and use ghcr.io runtime

[yoshi-taka]

What I did

Replaced Storybook’s previous Danger setup which rebuilt a Docker image on every CI run;

Changes

• Switched from danger/danger-js (Dockerfile-based build) to a prebuilt image
• Removed all local Danger Dockerfile usage and Docker builds
• Modernized scripts/Dangerfile.ts:
• Converted to ESM
• Removed execSync-based npm install
• Dropped lodash (flatten, intersection, isEmpty) in favor of native JS

Workflow reference:
https://github.com/storybookjs/storybook/actions/workflows/danger-js.yml

Why this change

The previous configuration:

- uses: danger/danger-js

does not simply pull a prebuilt image.
Instead, GitHub Actions detects the included Dockerfile and performs:

• a full docker build
• dependency installation inside the image
• node tooling setup during the build

This happens on every CI run, resulting in significant overhead.

In practice, this means CI was repeatedly:

• the runner pulls a cached, prebuilt image
• no Docker build happens
• Danger starts instantly

What changed

Switching to the official GHCR image.

This removes the entire Docker build step.

Notes

Danger’s behavior remains unchanged; only its execution path has been optimized.

Checklist for Contributors

Testing

The changes in this PR are covered in the following automated tests:

• stories
• unit tests
• integration tests
• end-to-end tests

Manual testing

This section is mandatory for all contributions. If you believe no manual test is necessary, please state so explicitly. Thanks!

1. Run a sandbox for template, e.g. yarn task --task sandbox --start-from auto --template react-vite/default-ts
2. Open Storybook in your browser
3. Access X story

Documentation

• Add or update documentation reflecting your changes
• If you are deprecating/removing a feature, make sure to update
  MIGRATION.MD

Checklist for Maintainers

• When this PR is ready for testing, make sure to add ci:normal, ci:merged or ci:daily GH label to it to run a specific set of sandboxes. The particular set of sandboxes can be found in code/lib/cli-storybook/src/sandbox-templates.ts

• Make sure this PR contains one of the labels below:

  Available labels

  • bug: Internal changes that fixes incorrect behavior.
  • maintenance: User-facing maintenance tasks.
  • dependencies: Upgrading (sometimes downgrading) dependencies.
  • build: Internal-facing build tooling & test updates. Will not show up in release changelog.
  • cleanup: Minor cleanup style change. Will not show up in release changelog.
  • documentation: Documentation only changes. Will not show up in release changelog.
  • feature request: Introducing a new feature.
  • BREAKING CHANGE: Changes that break compatibility in some way with current major version.
  • other: Changes that don't fit in the above categories.

🦋 Canary release

This PR does not have a canary release associated. You can request a canary release of this pull request by mentioning the @storybookjs/core team here.

core team members can create a canary release here or locally with gh workflow run --repo storybookjs/storybook publish.yml --field pr=<PR_NUMBER>

Summary by CodeRabbit

• Chores
  • Updated CI/CD workflow to execute Danger JS via Docker image (v13.0.5) instead of GitHub Action setup for improved reliability and consistency in automated code reviews
  • Refactored PR validation script to optimize label checking logic, improve configuration handling, and reduce reliance on external libraries

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 0085130

Command	Status	Duration	Result
nx run-many -t build --parallel=3	✅ Succeeded	45s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-11-18 08:43:29 UTC

[yoshi-taka]

Failing the build, there are 2 fails.

I updated the PR title since that was likely the reason it was failing.

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

The Danger JS workflow is updated to execute via Docker image version 13.0.5 instead of the GitHub Action. The dangerfile.ts script removes lodash dependencies, introduces a configuration object from package.json, and refactors label validation logic using length-based checks instead of utility functions.

Changes

Cohort / File(s)	Summary
Workflow Configuration .github/workflows/danger-js.yml	Removed setup-node step; switched from GitHub Action (danger/danger-js@11.2.6) to Docker-based execution using ghcr.io/danger/danger-js:13.0.5.
Script Refactoring scripts/dangerfile.ts	Added package.json import and local intersection helper; removed lodash dependencies (flatten, intersection, isEmpty) and execSync; introduced PrLogConfig type and config constant from package.json; replaced isEmpty checks with length-based checks; refactored forbidden and required labels assembly using config properties; minor error message formatting updates.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

• Workflow update is straightforward version and execution method change
• Script refactoring follows consistent patterns (removing lodash, adding length checks, applying config-driven logic)
• Control flow and functionality remain unchanged despite internal restructuring
• Consider reviewing the new intersection helper implementation and how prLogConfig properties (skipLabels, validLabels) integrate with label validation logic

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8f6ab08 and 0085130.

📒 Files selected for processing (2)

• .github/workflows/danger-js.yml (1 hunks)
• scripts/dangerfile.ts (3 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}