Benchmark upload #261
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Benchmark upload | |
| # | |
| # This workflow runs after every benchmark, to upload the report to S3. | |
| # | |
| # It is its own workflow and starts with a safety check, because PRs can contain malicious code and run in a context with secrets.. | |
| # | |
| # See also https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ | |
| # | |
| on: | |
| workflow_run: | |
| workflows: ["Benchmarks"] | |
| types: | |
| - completed | |
| permissions: | |
| actions: read | |
| contents: read | |
| issues: write | |
| pull-requests: write | |
| jobs: | |
| upload: | |
| name: Upload benchmark report | |
| runs-on: warp-ubuntu-latest-x64-16x | |
| if: github.event.workflow_run.conclusion == 'success' | |
| steps: | |
| - name: Safety check | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }} | |
| SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} | |
| run: | | |
| # Was triggering workflow triggered by a PR? | |
| PR_NUMBER=$(gh api /repos/${{ github.repository }}/actions/runs/${{ github.event.workflow_run.id }} \ | |
| --jq '.pull_requests[0].number') | |
| if [ -z "$PR_NUMBER" ] || [ "$PR_NUMBER" = "null" ]; then | |
| echo "No PR associated with this the triggering workflow run: ${{ github.event.workflow_run.id }}." | |
| exit 0 | |
| fi | |
| # Were workflow files changed in the PR? | |
| CHANGED_FILES=$(gh api /repos/${{ github.repository }}/pulls/$PR_NUMBER/files --jq '.[].filename') | |
| echo -e "These files were modified in PR #$PR_NUMBER which triggered workflow run ${{ github.event.workflow_run.id }}:\n$CHANGED_FILES" | |
| if echo "$CHANGED_FILES" | grep -q "^\.github/workflows/"; then | |
| echo -e "\n## :x: Error\nWorkflow file change detected. Failing the workflow for security reasons." >> $GITHUB_STEP_SUMMARY | |
| curl --silent --data '{"text":"A workflow file change was included in <https://github.com/flashbots/rbuilder/pull/'"$PR_NUMBER"'|PR '"$PR_NUMBER"'>."}' \ | |
| -H "Content-type: application/json" -X POST $SLACK_WEBHOOK > /dev/null 2>&1 | |
| exit 1 | |
| else | |
| echo "No workflow file changes detected." | |
| fi | |
| # https://github.com/actions/download-artifact | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: benchmark-report.zip | |
| run-id: ${{ github.event.workflow_run.id }} | |
| github-token: ${{ github.token }} | |
| - name: Extract report | |
| run: | | |
| unzip benchmark-report.zip | |
| ls -alh benchmark-report/ | |
| - name: Prepare variables | |
| id: prepare | |
| run: | | |
| while IFS='=' read -r key value; do | |
| if [[ $key && $value ]]; then | |
| export "$key=$value" | |
| fi | |
| done < benchmark-report/vars.txt | |
| S3_UPLOAD_DIR="benchmark/${HEAD_SHA_SHORT}-${BASE_SHA_SHORT}" | |
| echo "S3_UPLOAD_DIR=${S3_UPLOAD_DIR}" >> "$GITHUB_OUTPUT" | |
| echo "PR_NUMBER=${PR_NUMBER}" >> "$GITHUB_OUTPUT" | |
| # Upload S3 (using https://github.com/shallwefootball/upload-s3-action) | |
| - name: Upload to S3 | |
| uses: shallwefootball/s3-upload-action@master | |
| id: S3 | |
| with: | |
| aws_key_id: ${{secrets.AWS_KEY_ID}} | |
| aws_secret_access_key: ${{secrets.AWS_SECRET_ACCESS_KEY}} | |
| aws_bucket: flashbots-rbuilder-ci-stats | |
| source_dir: benchmark-report | |
| destination_dir: ${{ steps.prepare.outputs.S3_UPLOAD_DIR }} | |
| # | |
| # POST SUMMARY (to PR comment and CI job summary) | |
| # | |
| - name: Add summary to CI job summary | |
| run: | | |
| BENCH_URL="https://flashbots-rbuilder-ci-stats.s3.us-east-2.amazonaws.com/${{steps.S3.outputs.object_key}}/report/index.html" | |
| sed -i "s|__BENCH_URL__|${BENCH_URL}|" benchmark-report/benchmark-pr-comment.md | |
| cat benchmark-report/benchmark-pr-comment.md | |
| cat benchmark-report/benchmark-pr-comment.md >> $GITHUB_STEP_SUMMARY | |
| cat benchmark-report/benchmark-summary.md >> $GITHUB_STEP_SUMMARY | |
| # https://github.com/peter-evans/find-comment | |
| - name: Find previous PR comment | |
| if: steps.prepare.outputs.PR_NUMBER != '' | |
| uses: peter-evans/find-comment@v3 | |
| id: fc | |
| with: | |
| issue-number: ${{ steps.prepare.outputs.PR_NUMBER }} | |
| comment-author: 'github-actions[bot]' | |
| body-includes: Benchmark results | |
| # https://github.com/peter-evans/create-or-update-comment | |
| - name: Create or update PR comment | |
| if: steps.prepare.outputs.PR_NUMBER != '' | |
| uses: peter-evans/create-or-update-comment@v4 | |
| with: | |
| comment-id: ${{ steps.fc.outputs.comment-id }} | |
| issue-number: ${{ steps.prepare.outputs.PR_NUMBER }} | |
| edit-mode: replace | |
| body-path: benchmark-report/benchmark-pr-comment.md |