Dynamic Content Snippet - new component

[michelle0927]

Resolves #17769

Summary by CodeRabbit

Release Notes

• New Features

  • Added action to create or update website content with custom HTML at specified URLs

• Chores

  • Updated package version to 0.1.0 and added platform dependencies

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
pipedream-docs	Ignored			Nov 24, 2025 5:45pm
pipedream-docs-redirect-do-not-edit	Ignored			Nov 24, 2025 5:45pm

[coderabbitai]

Walkthrough

Introduces a new action module for creating or updating website content in the dynamic_content_snippet component. The component app module is refactored to replace authentication inspection logic with HTTP helper methods for making authenticated API requests. Package version is bumped to 0.1.0 with a new platform dependency.

Changes

Cohort / File(s)	Summary
New action module components/dynamic_content_snippet/actions/create-or-update-website-content/create-or-update-website-content.mjs	Adds a new action that accepts a URL and HTML content, invokes the app's createOrUpdateWebsiteContent method, and returns the API response. Includes metadata marking the action as destructive with open-world access.
App module refactoring components/dynamic_content_snippet/dynamic_content_snippet.app.mjs	Replaces authKeys() method with HTTP helper methods: _baseUrl() provides base API URL, _makeRequest() performs authenticated requests using axios with x-api-key header, and createOrUpdateWebsiteContent() POSTs to /mappings endpoint.
Package configuration components/dynamic_content_snippet/package.json	Bumps version from 0.0.1 to 0.1.0 and adds dependency on @pipedream/platform ^3.1.1.

Sequence Diagram

sequenceDiagram
    actor User
    participant Action as Create/Update Action
    participant App as App Module
    participant API as Content API

    User->>Action: Trigger with URL & HTML Content
    Action->>App: createOrUpdateWebsiteContent(url, htmlContent)
    App->>App: _baseUrl() resolves base URL
    App->>API: _makeRequest POST to /mappings<br/>(x-api-key auth header)
    API-->>App: Response with mapping result
    App-->>Action: Return response
    Action-->>User: Export summary & result

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

• HTTP authentication logic in _makeRequest() and authentication header construction—verify x-api-key header is correctly passed and request is properly authenticated
• API integration in createOrUpdateWebsiteContent() method—validate endpoint path, request structure, and parameter mapping from action to API call
• Action implementation in the new module—confirm proper invocation of app method and response handling, particularly around error propagation and summary export

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The PR description only contains 'Resolves #17769' without using the available template structure that includes a WHY section.	Complete the PR description using the provided template by adding a WHY section explaining the motivation and context for this component.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: introducing a new Dynamic Content Snippet component with clear and concise phrasing.
Linked Issues check	✅ Passed	The code implements the required dynamic_content_snippet component with the create-or-update-website-content action, documentation reference, and core functionality matching issue #17769 requirements.
Out of Scope Changes check	✅ Passed	All changes are scoped to implementing the dynamic_content_snippet component and its action; no out-of-scope modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch issue-17769

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b973300 and 5344c94.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• components/dynamic_content_snippet/actions/create-or-update-website-content/create-or-update-website-content.mjs (1 hunks)
• components/dynamic_content_snippet/dynamic_content_snippet.app.mjs (1 hunks)
• components/dynamic_content_snippet/package.json (2 hunks)

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-09-15T22:01:11.472Z

Learnt from: GTFalcao
Repo: PipedreamHQ/pipedream PR: 18362
File: components/leonardo_ai/actions/generate-image/generate-image.mjs:103-105
Timestamp: 2025-09-15T22:01:11.472Z
Learning: In Pipedream components, pipedream/platform's axios implementation automatically excludes undefined values from HTTP requests, so there's no need to manually check for truthiness before including properties in request payloads.

Applied to files:

• components/dynamic_content_snippet/dynamic_content_snippet.app.mjs

📚 Learning: 2024-12-12T19:23:09.039Z

Learnt from: jcortes
Repo: PipedreamHQ/pipedream PR: 14935
File: components/sailpoint/package.json:15-18
Timestamp: 2024-12-12T19:23:09.039Z
Learning: When developing Pipedream components, do not add built-in Node.js modules like `fs` to `package.json` dependencies, as they are native modules provided by the Node.js runtime.

Applied to files:

• components/dynamic_content_snippet/package.json

🧬 Code graph analysis (1)

components/dynamic_content_snippet/dynamic_content_snippet.app.mjs (1)

components/gmail/gmail.app.mjs (1)

• axios (415-423)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: pnpm publish
• GitHub Check: Publish TypeScript components
• GitHub Check: Ensure component commits modify component versions
• GitHub Check: Verify TypeScript components
• GitHub Check: Lint Code Base

🔇 Additional comments (5)

components/dynamic_content_snippet/package.json (2)

3-3: LGTM! Version bump is appropriate.

The version bump from 0.0.1 to 0.1.0 appropriately reflects the addition of new functionality (the create-or-update action).

---

15-17: No action required—the dependency version is current and secure.

The latest version of @pipedream/platform is 3.1.1, which matches the declared version in package.json. No security vulnerabilities are reported for this package, confirming the dependency is safe to use.

components/dynamic_content_snippet/dynamic_content_snippet.app.mjs (2)

22-28: LGTM! Method structure is correct.

The createOrUpdateWebsiteContent() method appropriately delegates to _makeRequest() with the correct HTTP method and endpoint path. Assuming the security issue in _makeRequest() is addressed, this method will function correctly.

---

11-21: Fix parameter spreading order to prevent authentication header override.

The current spreading order allows opts to potentially override the url and authentication headers. If calling code passes headers or url in opts, it could bypass authentication or call the wrong endpoint.

Apply this diff to ensure url and headers cannot be overridden:

     _makeRequest({
       $ = this, path, ...opts
     }) {
       return axios($, {
-        ...opts,
         url: `${this._baseUrl()}${path}`,
         headers: {
+          ...opts.headers,
           "x-api-key": `${this.$auth.api_key}`,
         },
+        ...opts,
       });
     },

This ensures:

1. The url is set and cannot be overridden
2. Any custom headers from opts.headers are merged, but the x-api-key header always takes precedence
3. Other axios options (method, data, params, etc.) can still be passed via opts

Likely an incorrect or invalid review comment.

components/dynamic_content_snippet/actions/create-or-update-website-content/create-or-update-website-content.mjs (1)

3-13: LGTM! Action metadata is well-structured and documentation link is accessible.

The action metadata is correctly configured with appropriate annotations for a destructive, external-facing operation. The documentation URL is accessible and valid.

[jcortes]

Hi @michelle0927 lgtm! Ready for QA!

[vunguyenhung]

Hi everyone, all test cases are passed! Ready for release!

Test reports

• [Components] dynamic_content_snippet - Actions Batch 1: https://www.notion.so/Components-dynamic_content_snippet-Actions-Batch-1-1-2b5bf548bb5e810497cbfc416ae2223a