Decide next track: GitHub App auth vs real GPU CI

[bniladridas]

Right now gpucomm-bot is simulation-level: it receives GitHub webhooks and logs events.

To make it real, we should pick an implementation track:

(A) Secure webhook + GitHub App auth

• Verify X-Hub-Signature-256 using a WEBHOOK_SECRET (reject unsigned/invalid payloads).
• Add GitHub App JWT + installation token flow.
• Start taking actions: comment/label PRs, set a “GPU required” check, etc.

(B) Real GPU CI first

• Add a self-hosted runner with an NVIDIA GPU.
• Update gpu.yml to run actual CUDA/PyTorch/nvcc build + tests/benchmarks (instead of simulated steps).

Question: which track do we want next, (A) or (B)?

Suggested decision criteria:

• If we need the bot to interact with GitHub (comments/labels/checks), pick (A).
• If we need real GPU validation ASAP, pick (B).

Checklist after decision:

• Confirm target repos/org scope
• Define minimal first milestone (comment + label OR CUDA smoke test)
• Add secrets + deployment/tunnel plan (local dev + prod)

[bniladridas]

Implemented GitHub App auth. Bot is now deployed on Render and responds to PRs with GPU/CUDA in the title.

Completed:

• Decide next track: GitHub App auth vs real GPU CI #1 Webhook signature verification
• Test PR: GPU CUDA support #2 Deployment guide in README
• Test PR: GPU CUDA support #3 Production deployment on Render

See #3 and #4 for testing.

[bniladridas]

Implemented track (A) - GitHub App auth.

Completed:

• Webhook signature verification (X-Hub-Signature-256)
• GitHub App JWT + installation token flow
• Bot comments on PRs with GPU/CUDA in title
• Bot applies gpu-required label
• Deployed on Render: https://gpucomm-bot.onrender.com

Notes:

• Target scope: gpucomm-bot repo (this repo)
• Minimal milestone: ✓ comment + label PRs
• Secrets configured in Render environment variables

Not completed (track B - Real GPU CI):

• Self-hosted GPU runner with NVIDIA GPU
• Actual CUDA/PyTorch tests/benchmarks

The bot is now functional for GitHub interaction. Ready for track (B) when GPU runner is available.

[bniladridas]

Tested bot on issues - see #5 (bot should auto-comment on this GPU-related issue)

[bniladridas]

Implementation Summary

Completed (Track A - GitHub App Auth)

Feature	Status	Notes
Webhook signature verification	✅ Done	X-Hub-Signature-256 verification
GitHub App JWT + installation tokens	✅ Done	See
Comment on GPU/CUDA PRs	✅ Done	PRs with GPU/CUDA in title
Label PRs with gpu-required	✅ Done	Auto-applied via GitHub App
Comment on GPU/CUDA Issues	✅ Done	Issues with GPU/CUDA in title
Label Issues with gpu-required	✅ Done	Auto-applied
Webhook verification	✅ Done	HMAC-SHA256
Production deployment	✅ Done	Render free tier

Test Issues (Closed)

Issue	Purpose	Status
#5-#12	Testing bot interactions	✅ Closed

Not Completed (Track B - Real GPU CI)

Feature	Status	Notes
Self-hosted GPU runner	❌ Pending	Needs NVIDIA GPU setup
CUDA smoke tests	❌ Pending
PyTorch GPU tests	❌ Pending

Deployment

• Production: https://gpucomm-bot.onrender.com
• Webhook:

Next Steps

Ready for Track B when GPU runner is available.

[bniladridas]

Implementation Summary

Completed (Track A - GitHub App Auth)

• Webhook signature verification (X-Hub-Signature-256)
• GitHub App JWT + installation tokens
• Comment on GPU/CUDA PRs
• Label PRs with gpu-required
• Comment on GPU/CUDA Issues
• Label Issues with gpu-required
• Production deployment on Render

Test Issues

Closed test issues #5-#12 after testing bot interactions.

Not Completed (Track B - Real GPU CI)

• Self-hosted GPU runner (needs NVIDIA GPU setup)
• CUDA smoke tests
• PyTorch GPU tests

Deployment

• Production: https://gpucomm-bot.onrender.com
• Webhook: https://gpucomm-bot.onrender.com/webhook

Next Steps

Ready for Track B when GPU runner is available.

[bniladridas]

Implementation Status

✅ Completed (Track A)

Feature	PRs	Issues
Comment on GPU/CUDA	✅	✅
Apply gpu-required label	✅	✅
Webhook verification	✅	✅
Production deploy	✅ Render	✅

❌ Pending (Track B)

• GPU runner with NVIDIA GPU
• CUDA/PyTorch tests

Links

• Test issues: Test Issue: GPU memory optimization #5, Test Issue 2: CUDA memory optimization #6, Test Issue 3: GPU Performance Bottleneck #7, Test Issue 4: NVIDIA CUDA Optimization #8, Test Issue 5: GPU CUDA Test #9, Test Issue 6: GPU Debug #10, Test Issue 7: GPU Check #11, Test Issue 8: GPU Final Test #12
• Test PRs: Test PR: GPU CUDA support #2, Test PR: GPU CUDA support #3, Test PR: GPU CUDA support #4
• Bot deployed: https://gpucomm-bot.onrender.com

[bniladridas]

Update (2026-03-22): pushed Track B enablement changes.

Code changes (now on main):

• GPU workflow is gated to only run when PR has gpu-required label OR title contains gpu/cuda (avoids endless queue if no GPU runner online): .github/workflows/gpu.yml
• Optional CUDA toolkit version enforcement via GPUCOMM_ENFORCE_CUDA_VERSION=true, using config/gpu.json.allowed_cuda_versions: scripts/gpu-ci.sh
• Guardrail: ignore accidental private key PEMs (*private-key*.pem) and removed a stray key file locally: .gitignore

Next actions (non-code):

• Provision self-hosted runner labeled self-hosted, linux, x64, gpu with NVIDIA driver + CUDA toolkit (nvcc) available.
• Set Actions variable PYTORCH_INDEX_URL (e.g. https://download.pytorch.org/whl/cu121).
• Create/ensure label gpu-required exists; apply it to a PR to trigger GPU CI.