Skip to content

pull_request triggered compare-binary-size workflow#6444

Merged
nihui merged 4 commits intoTencent:masterfrom
nihui:split-workflow
Dec 8, 2025
Merged

pull_request triggered compare-binary-size workflow#6444
nihui merged 4 commits intoTencent:masterfrom
nihui:split-workflow

Conversation

@nihui
Copy link
Member

@nihui nihui commented Dec 8, 2025

No description provided.

@tencent-adm
Copy link
Member

tencent-adm commented Dec 8, 2025

CLA assistant check
Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@github-actions
Copy link

github-actions bot commented Dec 8, 2025

The binary size change of libncnn.so (bytes)

architecture base size pr size difference
x86_64 15316400 15316400 0 😘
armhf 6229892 6229892 0 😘
aarch64 9527616 9527616 0 😘

@barakharyati
Copy link

barakharyati commented Dec 8, 2025
edited
Loading

Hi @nihui
I can see that you're changing the copmare_binary_size to be triggered by pull request only. Good call, it will also solve the issue.

Please let me know if you like me to close the other PR #6443

@nihui nihui requested a review from Copilot December 8, 2025 07:05
Copilot AI reviewed Dec 8, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR refactors the binary size comparison workflow from using pull_request_target (which runs in the context of the base branch with write permissions) to a more secure two-workflow pattern: a pull_request-triggered workflow that builds and uploads results as an artifact, and a separate workflow_run-triggered workflow that downloads the artifact and posts a PR comment with elevated permissions.

Key Changes:

  • Changed trigger from pull_request_target to pull_request with path filters for efficiency
  • Split PR commenting into a separate workflow (compare-binary-size-pr-comment.yml) triggered by workflow_run
  • Replaced direct PR commenting with artifact upload/download pattern for improved security

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
.github/workflows/compare-binary-size.yml Converted to use pull_request trigger, added path filters, removed PR commenting logic in favor of artifact upload, updated checkout to use merge ref
.github/workflows/compare-binary-size-pr-comment.yml New workflow that handles PR commenting via workflow_run trigger, downloads artifacts, and posts/updates PR comments using GitHub API

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

nihui and others added 2 commits December 8, 2025 15:09
@nihui
Update .github/workflows/compare-binary-size-pr-comment.yml
ec4b42d 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@nihui
Update .github/workflows/compare-binary-size-pr-comment.yml
36435b3 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@nihui
Copy link
Member Author

nihui commented Dec 8, 2025

Hi @nihui I can see that your changing copmare_binary_soze to be triggered by pull request only, Good call it will also solve the issue.

Please let me now if you like me to close the other PR #6443

Hello, thank you very much for your report. Your modifications did not work with contributions to the fork repository, so I modified it to two workflows to be compatible with the external contributors' pattern.

@nihui nihui merged commit 7ad4f10 into Tencent:master Dec 8, 2025
6 of 7 checks passed
This was referenced Dec 8, 2025
Closed
Closed
@barakharyati
Copy link

barakharyati commented Dec 21, 2025

Hi @nihui
Can you enable security vulnerability report option on the repo? That we can register the vulnerability and future researchers will be able to disclose vulnerability privatly ?

I shared the github manual for that .

https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

Its also recommended to create security policy with instructions for future researches on how to report critical vulnerabilities.

@nihui
Copy link
Member Author

nihui commented Jan 6, 2026

Hi @nihui Can you enable security vulnerability report option on the repo? That we can register the vulnerability and future researchers will be able to disclose vulnerability privatly ?

I shared the github manual for that .

https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

Its also recommended to create security policy with instructions for future researches on how to report critical vulnerabilities.

The security vulnerability report is now enabled.

Thanks!

@barakharyati
Copy link

barakharyati commented Jan 6, 2026

Hi @nihui Can you enable security vulnerability report option on the repo? That we can register the vulnerability and future researchers will be able to disclose vulnerability privatly ?
I shared the github manual for that .
https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
Its also recommended to create security policy with instructions for future researches on how to report critical vulnerabilities.

The security vulnerability report is now enabled.

Thanks!

Hi @nihui ,
Thank you for enable it
I created the GHSA-c44p-qr97-jccv Report. Can you please review and publish it?
Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nihui @tencent-adm @barakharyati