forked from flashbots/rbuilder
-
Notifications
You must be signed in to change notification settings - Fork 2
129 lines (107 loc) · 4.72 KB
/
bench_upload_for_pr.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: Benchmark upload
#
# This workflow runs after every benchmark, to upload the report to S3.
#
# It is its own workflow and starts with a safety check, because PRs can contain malicious code and run in a context with secrets..
#
# See also https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
#
on:
workflow_run:
workflows: ["Benchmarks"]
types:
- completed
permissions:
actions: read
contents: read
issues: write
pull-requests: write
jobs:
upload:
name: Upload benchmark report
runs-on: warp-ubuntu-latest-x64-16x
if: github.event.workflow_run.conclusion == 'success'
steps:
- name: Safety check
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }}
SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
run: |
# Was triggering workflow triggered by a PR?
PR_NUMBER=$(gh api /repos/${{ github.repository }}/actions/runs/${{ github.event.workflow_run.id }} \
--jq '.pull_requests[0].number')
if [ -z "$PR_NUMBER" ] || [ "$PR_NUMBER" = "null" ]; then
echo "No PR associated with this the triggering workflow run: ${{ github.event.workflow_run.id }}."
exit 0
fi
# Were workflow files changed in the PR?
CHANGED_FILES=$(gh api /repos/${{ github.repository }}/pulls/$PR_NUMBER/files --jq '.[].filename')
echo -e "These files were modified in PR #$PR_NUMBER which triggered workflow run ${{ github.event.workflow_run.id }}:\n$CHANGED_FILES"
if echo "$CHANGED_FILES" | grep -q "^\.github/workflows/"; then
echo -e "\n## :x: Error\nWorkflow file change detected. Failing the workflow for security reasons." >> $GITHUB_STEP_SUMMARY
curl --silent --data '{"text":"A workflow file change was included in <https://github.com/flashbots/rbuilder/pull/'"$PR_NUMBER"'|PR '"$PR_NUMBER"'>."}' \
-H "Content-type: application/json" -X POST $SLACK_WEBHOOK > /dev/null 2>&1
exit 1
else
echo "No workflow file changes detected."
fi
# https://github.com/actions/download-artifact
- uses: actions/download-artifact@v4
with:
name: benchmark-report.zip
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ github.token }}
- name: Extract report
run: |
unzip benchmark-report.zip
ls -alh benchmark-report/
- name: Prepare variables
id: prepare
run: |
while IFS='=' read -r key value; do
if [[ $key && $value ]]; then
export "$key=$value"
fi
done < benchmark-report/vars.txt
S3_UPLOAD_DIR="benchmark/${HEAD_SHA_SHORT}-${BASE_SHA_SHORT}"
echo "S3_UPLOAD_DIR=${S3_UPLOAD_DIR}" >> "$GITHUB_OUTPUT"
echo "PR_NUMBER=${PR_NUMBER}" >> "$GITHUB_OUTPUT"
# Upload S3 (using https://github.com/shallwefootball/upload-s3-action)
- name: Upload to S3
uses: shallwefootball/s3-upload-action@master
id: S3
with:
aws_key_id: ${{secrets.AWS_KEY_ID}}
aws_secret_access_key: ${{secrets.AWS_SECRET_ACCESS_KEY}}
aws_bucket: flashbots-rbuilder-ci-stats
source_dir: benchmark-report
destination_dir: ${{ steps.prepare.outputs.S3_UPLOAD_DIR }}
#
# POST SUMMARY (to PR comment and CI job summary)
#
- name: Add summary to CI job summary
run: |
BENCH_URL="https://flashbots-rbuilder-ci-stats.s3.us-east-2.amazonaws.com/${{steps.S3.outputs.object_key}}/report/index.html"
sed -i "s|__BENCH_URL__|${BENCH_URL}|" benchmark-report/benchmark-pr-comment.md
cat benchmark-report/benchmark-pr-comment.md
cat benchmark-report/benchmark-pr-comment.md >> $GITHUB_STEP_SUMMARY
cat benchmark-report/benchmark-summary.md >> $GITHUB_STEP_SUMMARY
# https://github.com/peter-evans/find-comment
- name: Find previous PR comment
if: steps.prepare.outputs.PR_NUMBER != ''
uses: peter-evans/find-comment@v3
id: fc
with:
issue-number: ${{ steps.prepare.outputs.PR_NUMBER }}
comment-author: 'github-actions[bot]'
body-includes: Benchmark results
# https://github.com/peter-evans/create-or-update-comment
- name: Create or update PR comment
if: steps.prepare.outputs.PR_NUMBER != ''
uses: peter-evans/create-or-update-comment@v4
with:
comment-id: ${{ steps.fc.outputs.comment-id }}
issue-number: ${{ steps.prepare.outputs.PR_NUMBER }}
edit-mode: replace
body-path: benchmark-report/benchmark-pr-comment.md