Skip to content

ci: refactor PR commenting to use dedicated workflow #2290

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 26, 2025
Merged

ci: refactor PR commenting to use dedicated workflow #2290

merged 1 commit into from
Aug 26, 2025

Conversation

vprashar2929
Copy link
Collaborator

Split PR comment functionality into a separate reusable workflow to eliminate security risks associated with using pull_request_target event.

The new approach works as follows:

  • Source workflows upload comment message as artifacts
  • A dedicated pr-comment workflow downloads the artifact
  • Comments are posted using the safer workflow_run event trigger

This provides a better security isolation by ensuring PR comment workflows run in the context of the base branch rather than the potentially untrusted PR branch.

Benefits:

  • Eliminates pull_request_target event security risks
  • Centralizes PR commenting logic for consistency

Addresses #2287

@vprashar2929
ci: refactor PR commenting to use dedicated workflow
d0d72a9 
Split PR comment functionality into a separate reusable workflow to
eliminate security risks associated with using `pull_request_target`
event.

The new approach works as follows:
- Source workflows upload comment message as artifacts
- A dedicated `pr-comment` workflow downloads the artifact
- Comments are posted using the safer `workflow_run` event trigger

This provides a better security isolation by ensuring PR comment
workflows run in the context of the base branch rather than the potentially
untrusted PR branch.

Benefits:
- Eliminates `pull_request_target` event security risks
- Centralizes PR commenting logic for consistency

Addresses sustainable-computing-io#2287

Signed-off-by: vprashar2929 <[email protected]>
@vprashar2929 vprashar2929 marked this pull request as ready for review August 25, 2025 11:15
@github-actions github-actions bot added the ci Changes to the CI pipeline label Aug 25, 2025
@github-actions GitHub Actions
Copy link
Contributor

�[1m 🔆🔆🔆 Validating 🔆🔆🔆 �[0m
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📊 Profiling reports are ready to be viewed

⚠️ Variability in pprof CPU and Memory profiles
When comparing pprof profiles of Kepler versions, expect variability in CPU and memory. Focus only on significant, consistent differences.

💻 CPU Comparison with base Kepler 
File: kepler
Type: cpu
Time: 2025-08-25 11:19:18 UTC
Duration: 120s, Total samples = 450ms ( 0.37%)
Active filters:
   show=github.com/sustainable-computing-io
Showing nodes accounting for 0, 0% of 450ms total
      flat  flat%   sum%        cum   cum%
      50ms 11.11% 11.11%       50ms 11.11%  github.com/sustainable-computing-io/kepler/internal/resource.(*procWrapper).CPUTime
         0     0% 11.11%       50ms 11.11%  github.com/sustainable-computing-io/kepler/internal/resource.(*resourceInformer).Refresh
         0     0% 11.11%       50ms 11.11%  github.com/sustainable-computing-io/kepler/internal/resource.(*resourceInformer).refreshProcesses
         0     0% 11.11%       50ms 11.11%  github.com/sustainable-computing-io/kepler/internal/resource.(*resourceInformer).updateProcessCache
         0     0% 11.11%       50ms 11.11%  github.com/sustainable-computing-io/kepler/internal/resource.populateProcessFields
         0     0% 11.11%       40ms  8.89%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).calculatePower
     -30ms  6.67%  4.44%      -30ms  6.67%  github.com/sustainable-computing-io/kepler/internal/exporter/prometheus/collector.(*PowerCollector).collectProcessMetrics
     -10ms  2.22%  2.22%       30ms  6.67%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).refreshSnapshot
         0     0%  2.22%       30ms  6.67%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).synchronizedPowerRefresh
         0     0%  2.22%       30ms  6.67%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).synchronizedPowerRefresh.func1
         0     0%  2.22%       20ms  4.44%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).Snapshot
         0     0%  2.22%      -20ms  4.44%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).calculateProcessPower
         0     0%  2.22%       20ms  4.44%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).ensureFreshData
     -20ms  4.44%  2.22%      -20ms  4.44%  github.com/sustainable-computing-io/kepler/internal/monitor.newProcess (inline)
         0     0%  2.22%      -10ms  2.22%  github.com/sustainable-computing-io/kepler/internal/exporter/prometheus/collector.(*PowerCollector).Collect
      10ms  2.22%     0%       10ms  2.22%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).calculateContainerPower
         0     0%     0%       10ms  2.22%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).scheduleNextCollection.func1
💾 Memory Comparison with base Kepler (Inuse) 
File: kepler
Type: inuse_space
Time: 2025-08-25 11:21:18 UTC
Duration: 120.01s, Total samples = 2080.48kB 
Active filters:
   show=github.com/sustainable-computing-io
Showing nodes accounting for 1552.31kB, 74.61% of 2080.48kB total
      flat  flat%   sum%        cum   cum%
         0     0%     0%  1024.15kB 49.23%  github.com/sustainable-computing-io/kepler/internal/exporter/prometheus/collector.(*PowerCollector).Collect
         0     0%     0%   528.17kB 25.39%  github.com/sustainable-computing-io/kepler/internal/resource.computeTypeInfoFromProc.func1
  528.17kB 25.39% 25.39%   528.17kB 25.39%  github.com/sustainable-computing-io/kepler/internal/resource.containerInfoFromCgroupPaths
         0     0% 25.39%   528.17kB 25.39%  github.com/sustainable-computing-io/kepler/internal/resource.containerInfoFromProc
         0     0% 25.39%   512.14kB 24.62%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).Snapshot
         0     0% 25.39%   512.14kB 24.62%  github.com/sustainable-computing-io/kepler/internal/monitor.(*Process).Clone (inline)
         0     0% 25.39%   512.14kB 24.62%  github.com/sustainable-computing-io/kepler/internal/monitor.(*Snapshot).Clone
  512.14kB 24.62% 50.00%   512.14kB 24.62%  maps.Copy[go.shape.map[github.com/sustainable-computing-io/kepler/internal/device.EnergyZone]github.com/sustainable-computing-io/kepler/internal/monitor.Usage,go.shape.map[github.com/sustainable-computing-io/kepler/internal/device.EnergyZone]github.com/sustainable-computing-io/kepler/internal/monitor.Usage,go.shape.interface { Energy ; Index int; MaxEnergy github.com/sustainable-computing-io/kepler/internal/device.Energy; Name string; Path string },go.shape.struct { EnergyTotal github.com/sustainable-computing-io/kepler/internal/device.Energy; Power github.com/sustainable-computing-io/kepler/internal/device.Power }] (inline)
  512.01kB 24.61% 74.61%   512.01kB 24.61%  github.com/sustainable-computing-io/kepler/internal/exporter/prometheus/collector.(*PowerCollector).collectProcessMetrics
💾 Memory Comparison with base Kepler (Alloc) 
File: kepler
Type: alloc_space
Time: 2025-08-25 11:21:18 UTC
Duration: 120.01s, Total samples = 29085.49kB 
Active filters:
   show=github.com/sustainable-computing-io
Showing nodes accounting for 3088.72kB, 10.62% of 29085.49kB total
Dropped 6 nodes (cum <= 145.43kB)
      flat  flat%   sum%        cum   cum%
         0     0%     0%  3591.03kB 12.35%  github.com/sustainable-computing-io/kepler/internal/exporter/prometheus/collector.(*PowerCollector).Collect
 2048.20kB  7.04%  7.04%  2048.20kB  7.04%  github.com/sustainable-computing-io/kepler/internal/exporter/prometheus/collector.(*PowerCollector).collectProcessMetrics
 1536.30kB  5.28% 12.32%  1536.30kB  5.28%  github.com/sustainable-computing-io/kepler/internal/resource.(*procWrapper).CPUTime
         0     0% 12.32%  1030.79kB  3.54%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).Snapshot
         0     0% 12.32%  1026.83kB  3.53%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).ensureFreshData
         0     0% 12.32%  1024.24kB  3.52%  github.com/sustainable-computing-io/kepler/internal/resource.(*resourceInformer).updateProcessCache
         0     0% 12.32%  1024.24kB  3.52%  github.com/sustainable-computing-io/kepler/internal/resource.populateProcessFields
 -512.02kB  1.76% 10.56% -1024.04kB  3.52%  github.com/sustainable-computing-io/kepler/internal/resource.(*procFSReader).AllProcs
         0     0% 10.56%   528.17kB  1.82%  github.com/sustainable-computing-io/kepler/internal/resource.computeTypeInfoFromProc.func1
  528.17kB  1.82% 12.38%   528.17kB  1.82%  github.com/sustainable-computing-io/kepler/internal/resource.containerInfoFromCgroupPaths
         0     0% 12.38%   528.17kB  1.82%  github.com/sustainable-computing-io/kepler/internal/resource.containerInfoFromProc
         0     0% 12.38%  -514.46kB  1.77%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).scheduleNextCollection.func1
         0     0% 12.38%   512.38kB  1.76%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).calculatePower
         0     0% 12.38%   512.38kB  1.76%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).refreshSnapshot
         0     0% 12.38%   512.38kB  1.76%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).synchronizedPowerRefresh
         0     0% 12.38%   512.38kB  1.76%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).synchronizedPowerRefresh.func1
         0     0% 12.38%   512.17kB  1.76%  github.com/sustainable-computing-io/kepler/internal/monitor.(*PowerMonitor).calculateProcessPower
  512.17kB  1.76% 14.14%   512.17kB  1.76%  github.com/sustainable-computing-io/kepler/internal/monitor.newProcess (inline)
 -512.06kB  1.76% 12.38%  -512.06kB  1.76%  github.com/sustainable-computing-io/kepler/internal/resource.(*procWrapper).Executable
 -512.05kB  1.76% 10.62%  -512.05kB  1.76%  github.com/sustainable-computing-io/kepler/internal/monitor.(*Process).Clone (inline)
  512.03kB  1.76% 12.38%   512.03kB  1.76%  github.com/sustainable-computing-io/kepler/internal/exporter/prometheus/collector.(*PowerCollector).collectContainerMetrics
 -512.02kB  1.76% 10.62%  -512.02kB  1.76%  github.com/sustainable-computing-io/kepler/internal/resource.WrapProc (inline)

⬇️ Download the Profiling artifacts from the Actions Summary page

📦 Artifact name: profile-artifacts-2290

🔧 Or use GitHub CLI to download artifacts:

gh run download 17207212384 -n profile-artifacts-2290

@vprashar2929 vprashar2929 requested a review from sthaha August 25, 2025 11:30
sthaha
sthaha approved these changes Aug 26, 2025
View reviewed changes
Copy link
Collaborator

@sthaha sthaha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vprashar2929 , There seems like a lot going on here :) ..
we need to document this workflow in developer docs for future maintainers 🙏 ..
The doc should have the current workflow seq diagram and a reason for implementing it this way 🙏

@sthaha sthaha merged commit 571a2eb into sustainable-computing-io:main Aug 26, 2025
25 checks passed
This was referenced Aug 28, 2025
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sthaha sthaha sthaha approved these changes

Assignees
No one assigned
Labels
ci Changes to the CI pipeline
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vprashar2929 @sthaha