mirror of
https://github.com/actualbudget/actual.git
synced 2026-07-16 23:26:48 -05:00
* [AI] Migrate CI workflows to Depot-managed runners Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * [AI] Rename release notes to match PR number Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * [AI] Empty commit to trigger CI Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * [AI] Keep VRT jobs on GitHub-hosted runners Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * [AI] Use 4-vCPU Depot Windows runners for Electron builds Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * [AI] Use 4-vCPU Depot Ubuntu runners for Electron builds Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * [AI] Use 4-vCPU Depot runners for functional e2e tests Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * [AI] Scale Electron build runners to 8 vCPUs Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * [AI] Scale Ubuntu Electron builds to 4 vCPUs and move Windows builds back to GitHub runners Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * [AI] Move Microsoft Store publish back to GitHub Windows runner Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * [AI] Add actionlint config for Depot runner labels Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> --------- Co-authored-by: Claude Fable 5 <noreply@anthropic.com> Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Matiss Janis Aboltins <MatissJanis@users.noreply.github.com>
204 lines
8.8 KiB
YAML
204 lines
8.8 KiB
YAML
name: Compare Sizes
|
|
|
|
##########################################################################################
|
|
# WARNING! This workflow uses the 'pull_request_target' event. That mans that it will #
|
|
# always run in the context of the main actualbudget/actual repo, even if the PR is from #
|
|
# a fork. This is necessary to get access to a GitHub token that can post a comment on #
|
|
# the PR. Be VERY CAREFUL about adding things to this workflow, since forks can inject #
|
|
# arbitrary code into their branch, and can pollute the artifacts we download. Arbitrary #
|
|
# code execution in this workflow could lead to a compromise of the main repo. #
|
|
##########################################################################################
|
|
# See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests #
|
|
##########################################################################################
|
|
|
|
on:
|
|
# See banner above: checks out base ref only; PR-side artifacts are
|
|
# treated as data (JSON stats) and never executed.
|
|
pull_request_target: # zizmor: ignore[dangerous-triggers]
|
|
paths:
|
|
- 'packages/**'
|
|
- 'package.json'
|
|
- 'yarn.lock'
|
|
- '.github/workflows/size-compare.yml'
|
|
- '!packages/sync-server/**' # Sync server changes don't affect the size of the web/api
|
|
- '!packages/ci-actions/**' # CI actions changes don't affect the size of the web/api
|
|
- '!packages/docs/**' # Docs changes don't affect the size of the web/api
|
|
- '!packages/eslint-plugin-actual/**' # Eslint plugin changes don't affect the size of the web/api
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
compare:
|
|
runs-on: depot-ubuntu-latest
|
|
permissions:
|
|
pull-requests: write
|
|
contents: read
|
|
actions: read
|
|
steps:
|
|
- name: Checkout base branch
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
ref: ${{ github.base_ref }}
|
|
persist-credentials: false
|
|
- name: Set up environment
|
|
uses: ./.github/actions/setup
|
|
with:
|
|
download-translations: 'false'
|
|
|
|
# Resolve one successful `build.yml` run for each side (master and PR
|
|
# head) up front, then pin every download below to its `run_id`. This
|
|
# ensures artifact downloads are consistent and prevents race conditions.
|
|
- name: Resolve build runs
|
|
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
|
|
id: build-runs
|
|
env:
|
|
BASE_REF: ${{ github.base_ref }}
|
|
HEAD_SHA: ${{ github.event.pull_request.head.sha }}
|
|
with:
|
|
script: |
|
|
const TIMEOUT_MS = 30 * 60 * 1000;
|
|
const SLEEP_MS = 15000;
|
|
|
|
async function resolveRun({ label, filter, notFoundHint }) {
|
|
const deadline = Date.now() + TIMEOUT_MS;
|
|
while (true) {
|
|
const { data } = await github.rest.actions.listWorkflowRuns({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
workflow_id: 'build.yml',
|
|
...filter,
|
|
status: 'success',
|
|
per_page: 1,
|
|
});
|
|
if (data.workflow_runs.length > 0) {
|
|
const run = data.workflow_runs[0];
|
|
core.info(`Found ${label} build run ${run.id} (${run.html_url})`);
|
|
return run.id;
|
|
}
|
|
if (Date.now() > deadline) {
|
|
throw new Error(
|
|
`No successful build.yml run found for ${label} within 30 min — ${notFoundHint}.`,
|
|
);
|
|
}
|
|
core.info(`No successful ${label} build run yet — sleeping 15s.`);
|
|
await new Promise(r => setTimeout(r, SLEEP_MS));
|
|
}
|
|
}
|
|
|
|
const baseRef = process.env.BASE_REF;
|
|
const headSha = process.env.HEAD_SHA;
|
|
const [masterRunId, headRunId] = await Promise.all([
|
|
resolveRun({
|
|
label: baseRef,
|
|
filter: { branch: baseRef },
|
|
notFoundHint: `${baseRef} may be broken`,
|
|
}),
|
|
resolveRun({
|
|
label: `PR head ${headSha}`,
|
|
filter: { head_sha: headSha },
|
|
notFoundHint:
|
|
'build may still be running, have failed, or the branch may have been force-pushed',
|
|
}),
|
|
]);
|
|
core.setOutput('master_run_id', masterRunId);
|
|
core.setOutput('head_run_id', headRunId);
|
|
|
|
- name: Download web build artifact from ${{github.base_ref}}
|
|
uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
|
|
with:
|
|
run_id: ${{ steps.build-runs.outputs.master_run_id }}
|
|
workflow: build.yml
|
|
name: build-stats
|
|
path: base
|
|
- name: Download API build artifact from ${{github.base_ref}}
|
|
uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
|
|
with:
|
|
run_id: ${{ steps.build-runs.outputs.master_run_id }}
|
|
workflow: build.yml
|
|
name: api-build-stats
|
|
path: base
|
|
- name: Download build stats from PR
|
|
uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
|
|
with:
|
|
run_id: ${{ steps.build-runs.outputs.head_run_id }}
|
|
workflow: build.yml
|
|
name: build-stats
|
|
path: head
|
|
- name: Download API stats from PR
|
|
uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
|
|
with:
|
|
run_id: ${{ steps.build-runs.outputs.head_run_id }}
|
|
workflow: build.yml
|
|
name: api-build-stats
|
|
path: head
|
|
- name: Download CLI build artifact from ${{github.base_ref}}
|
|
uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
|
|
with:
|
|
run_id: ${{ steps.build-runs.outputs.master_run_id }}
|
|
workflow: build.yml
|
|
name: cli-build-stats
|
|
path: base
|
|
- name: Download CLI stats from PR
|
|
uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
|
|
with:
|
|
run_id: ${{ steps.build-runs.outputs.head_run_id }}
|
|
workflow: build.yml
|
|
name: cli-build-stats
|
|
path: head
|
|
- name: Download CRDT build artifact from ${{github.base_ref}}
|
|
uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
|
|
with:
|
|
run_id: ${{ steps.build-runs.outputs.master_run_id }}
|
|
workflow: build.yml
|
|
name: crdt-build-stats
|
|
path: base
|
|
- name: Download CRDT stats from PR
|
|
uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
|
|
with:
|
|
run_id: ${{ steps.build-runs.outputs.head_run_id }}
|
|
workflow: build.yml
|
|
name: crdt-build-stats
|
|
path: head
|
|
- name: Strip content hashes from stats files
|
|
run: |
|
|
if [ -f ./head/web-stats.json ]; then
|
|
sed -i -E 's/index\.[0-9a-zA-Z_-]{8,}\./index./g' ./head/web-stats.json
|
|
sed -i -E 's/\.[0-9a-zA-Z_-]{8,}\.chunk\././g' ./head/web-stats.json
|
|
fi
|
|
if [ -f ./base/web-stats.json ]; then
|
|
sed -i -E 's/index\.[0-9a-zA-Z_-]{8,}\./index./g' ./base/web-stats.json
|
|
sed -i -E 's/\.[0-9a-zA-Z_-]{8,}\.chunk\././g' ./base/web-stats.json
|
|
fi
|
|
for file in ./head/*.json ./base/*.json; do
|
|
if [ -f "$file" ]; then
|
|
sed -i -E 's/\.[0-9a-f]{8,}\././g' "$file"
|
|
fi
|
|
done
|
|
- name: Generate combined bundle stats comment
|
|
run: |
|
|
node packages/ci-actions/bin/bundle-stats-comment.mjs \
|
|
--base desktop-client=./base/web-stats.json \
|
|
--base loot-core=./base/loot-core-stats.json \
|
|
--base api=./base/api-stats.json \
|
|
--base cli=./base/cli-stats.json \
|
|
--base crdt=./base/crdt-stats.json \
|
|
--head desktop-client=./head/web-stats.json \
|
|
--head loot-core=./head/loot-core-stats.json \
|
|
--head api=./head/api-stats.json \
|
|
--head cli=./head/cli-stats.json \
|
|
--head crdt=./head/crdt-stats.json \
|
|
--identifier combined \
|
|
--format pr-body > bundle-stats-comment.md
|
|
- name: Post combined bundle stats comment
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
GITHUB_REPOSITORY: ${{ github.repository }}
|
|
PR_NUMBER: ${{ github.event.pull_request.number }}
|
|
run: |
|
|
node packages/ci-actions/bin/update-bundle-stats-comment.mjs \
|
|
--comment-file bundle-stats-comment.md \
|
|
--identifier combined \
|
|
--target pr-body
|