From 2b6c42a9fd757652d431ff551f5a5a0ff57f02fb Mon Sep 17 00:00:00 2001 From: b-ma Date: Wed, 19 Jul 2023 13:18:26 +0200 Subject: [PATCH 1/2] chore: change bench bot behavior --- ...result.yaml => benchmark-post-result.yaml} | 25 ++++----- .../workflows/{rust.yaml => benchmark.yaml} | 49 ++++-------------- .github/workflows/build.yaml | 51 +++++++++++++++++++ 3 files changed, 70 insertions(+), 55 deletions(-) rename .github/workflows/{post-pr-result.yaml => benchmark-post-result.yaml} (72%) rename .github/workflows/{rust.yaml => benchmark.yaml} (60%) create mode 100644 .github/workflows/build.yaml diff --git a/.github/workflows/post-pr-result.yaml b/.github/workflows/benchmark-post-result.yaml similarity index 72% rename from .github/workflows/post-pr-result.yaml rename to .github/workflows/benchmark-post-result.yaml index cf457b16..ccd24852 100644 --- a/.github/workflows/post-pr-result.yaml +++ b/.github/workflows/benchmark-post-result.yaml @@ -1,6 +1,6 @@ # yaml-language-server: $schema=https://json.schemastore.org/github-workflow -name: Post benchmark results +name: benchmark post results # read-write repo token # access to secrets @@ -9,42 +9,37 @@ name: Post benchmark results # see https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ on: workflow_run: - branches-ignore: - - "main" - workflows: ["Build"] + workflows: ["benchmark"] types: - completed jobs: upload: runs-on: ubuntu-latest - if: > - ${{ github.event.workflow_run.event == 'pull_request' && - github.event.workflow_run.conclusion == 'success' }} steps: - name: "Download artifact" - uses: actions/github-script@v3.1.0 + uses: actions/github-script@v6 with: script: | - const artifacts = await github.actions.listWorkflowRunArtifacts({ + const fs = require('fs'); + const artifacts = await github.rest.actions.listWorkflowRunArtifacts({ owner: context.repo.owner, repo: context.repo.repo, run_id: ${{github.event.workflow_run.id }}, }); - const matchArtifact = artifacts.data.artifacts.filter((artifact) => { + const matchArtifact = artifacts.data.artifacts.find((artifact) => { return artifact.name == "pr" - })[0]; - const download = await github.actions.downloadArtifact({ + }); + const download = await github.rest.actions.downloadArtifact({ owner: context.repo.owner, repo: context.repo.repo, artifact_id: matchArtifact.id, archive_format: 'zip', }); - const fs = require('fs'); fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data)); - run: unzip pr.zip - name: "Write result in PR" - uses: actions/github-script@v3 + uses: actions/github-script@v6 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -54,7 +49,7 @@ jobs: const message = '```\nBenchmark result:\n\n' + iai_feature + '\n```\n'; - await github.issues.createComment({ + await github.rest.issues.createComment({ owner: context.repo.owner, repo: context.repo.repo, issue_number: issue_number, diff --git a/.github/workflows/rust.yaml b/.github/workflows/benchmark.yaml similarity index 60% rename from .github/workflows/rust.yaml rename to .github/workflows/benchmark.yaml index 5b709703..ea3b99c1 100644 --- a/.github/workflows/rust.yaml +++ b/.github/workflows/benchmark.yaml @@ -1,6 +1,6 @@ # yaml-language-server: $schema=https://json.schemastore.org/github-workflow -name: Build +name: benchmark # read-only repo token, no access to secrets permissions: @@ -8,51 +8,16 @@ permissions: # no access to secrets on: - push: - branches: [main] - pull_request: + issue_comment: + types: [created, edited] env: CARGO_TERM_COLOR: always jobs: - verify-build: - runs-on: ubuntu-latest - - steps: - - name: Install ALSA and Jack dependencies - run: | - sudo apt-get update && sudo apt-get install -y libasound2-dev libjack-jackd2-dev cmake - - - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@stable - with: - components: clippy, rustfmt - - - name: Check out repository - uses: actions/checkout@v3 - - - name: Generate Cargo.lock - run: cargo generate-lockfile - - # restore cargo cache from previous runs - - name: Rust Cache - uses: Swatinem/rust-cache@v2 - with: - # Distinguished by the action name to avoid sharing! - shared-key: "rust" - - # check it builds - - name: Build - run: cargo build --verbose --all-targets --all-features - - # run tests - - name: Run tests - run: cargo test --verbose --all-features - benchmark: runs-on: ubuntu-latest - if: github.ref != 'refs/heads/main' + if: ${{ github.event.issue.pull_request }} && contains(github.event.comment.body, '/bench') steps: # checkout repo, install dependencies @@ -83,12 +48,16 @@ jobs: - name: Run bench against baseline run: cargo bench --no-default-features | sed '0,/^test result:/d' | tee bench.txt + # for testing + # - name: create mock results + # run: echo "my bench results" > bench.txt + ## Save results ## see https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ - name: Save PR number and bench results run: | mkdir -p ./pr - echo ${{ github.event.number }} > ./pr/pr_number.txt + echo ${{ github.event.issue.number }} > ./pr/pr_number.txt mv bench.txt ./pr/bench.txt - uses: actions/upload-artifact@v2 with: diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 00000000..29d5a5ce --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,51 @@ +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow + +name: build + +# read-only repo token, no access to secrets +permissions: + contents: read + +# no access to secrets +on: + push: + branches: [main] + pull_request: + +env: + CARGO_TERM_COLOR: always + +jobs: + verify-build: + runs-on: ubuntu-latest + + steps: + - name: Install ALSA and Jack dependencies + run: | + sudo apt-get update && sudo apt-get install -y libasound2-dev libjack-jackd2-dev cmake + + - name: Install Rust toolchain + uses: dtolnay/rust-toolchain@stable + with: + components: clippy, rustfmt + + - name: Check out repository + uses: actions/checkout@v3 + + - name: Generate Cargo.lock + run: cargo generate-lockfile + + # restore cargo cache from previous runs + - name: Rust Cache + uses: Swatinem/rust-cache@v2 + with: + # Distinguished by the action name to avoid sharing! + shared-key: "rust" + + # check it builds + - name: Build + run: cargo build --verbose --all-targets --all-features + + # run tests + - name: Run tests + run: cargo test --verbose --all-features From 0b546dce7febcbf9f1576bf3f1a676e91696db54 Mon Sep 17 00:00:00 2001 From: b-ma Date: Wed, 19 Jul 2023 15:25:47 +0200 Subject: [PATCH 2/2] fix: use PR branch in benchmarks --- .github/workflows/benchmark.yaml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/benchmark.yaml b/.github/workflows/benchmark.yaml index ea3b99c1..cb16c3a7 100644 --- a/.github/workflows/benchmark.yaml +++ b/.github/workflows/benchmark.yaml @@ -20,11 +20,18 @@ jobs: if: ${{ github.event.issue.pull_request }} && contains(github.event.comment.body, '/bench') steps: - # checkout repo, install dependencies - - uses: actions/checkout@v3 - with: - fetch-depth: 0 + # the workflow is triggered from main branch + # cf. https://github.com/actions/checkout/issues/331 + # need this first step to init the git repo + - name: Checkout + uses: actions/checkout@v3 + + - name: Checkout Pull Request + run: hub pr checkout ${{ github.event.issue.number }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # install dependencies - name: Install Rust toolchain uses: dtolnay/rust-toolchain@stable