Files
actual/.github/workflows/size-compare.yml
Matiss Janis Aboltins bba89d1fd8 [AI] Migrate CI workflows to Depot-managed runners (#8205)
* [AI] Migrate CI workflows to Depot-managed runners

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* [AI] Rename release notes to match PR number

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* [AI] Empty commit to trigger CI

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* [AI] Keep VRT jobs on GitHub-hosted runners

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* [AI] Use 4-vCPU Depot Windows runners for Electron builds

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* [AI] Use 4-vCPU Depot Ubuntu runners for Electron builds

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* [AI] Use 4-vCPU Depot runners for functional e2e tests

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* [AI] Scale Electron build runners to 8 vCPUs

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* [AI] Scale Ubuntu Electron builds to 4 vCPUs and move Windows builds back to GitHub runners

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* [AI] Move Microsoft Store publish back to GitHub Windows runner

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* [AI] Add actionlint config for Depot runner labels

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Matiss Janis Aboltins <MatissJanis@users.noreply.github.com>
2026-06-17 07:36:33 +00:00

204 lines
8.8 KiB
YAML

name: Compare Sizes
##########################################################################################
# WARNING! This workflow uses the 'pull_request_target' event. That mans that it will #
# always run in the context of the main actualbudget/actual repo, even if the PR is from #
# a fork. This is necessary to get access to a GitHub token that can post a comment on #
# the PR. Be VERY CAREFUL about adding things to this workflow, since forks can inject #
# arbitrary code into their branch, and can pollute the artifacts we download. Arbitrary #
# code execution in this workflow could lead to a compromise of the main repo. #
##########################################################################################
# See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests #
##########################################################################################
on:
# See banner above: checks out base ref only; PR-side artifacts are
# treated as data (JSON stats) and never executed.
pull_request_target: # zizmor: ignore[dangerous-triggers]
paths:
- 'packages/**'
- 'package.json'
- 'yarn.lock'
- '.github/workflows/size-compare.yml'
- '!packages/sync-server/**' # Sync server changes don't affect the size of the web/api
- '!packages/ci-actions/**' # CI actions changes don't affect the size of the web/api
- '!packages/docs/**' # Docs changes don't affect the size of the web/api
- '!packages/eslint-plugin-actual/**' # Eslint plugin changes don't affect the size of the web/api
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
compare:
runs-on: depot-ubuntu-latest
permissions:
pull-requests: write
contents: read
actions: read
steps:
- name: Checkout base branch
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ github.base_ref }}
persist-credentials: false
- name: Set up environment
uses: ./.github/actions/setup
with:
download-translations: 'false'
# Resolve one successful `build.yml` run for each side (master and PR
# head) up front, then pin every download below to its `run_id`. This
# ensures artifact downloads are consistent and prevents race conditions.
- name: Resolve build runs
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
id: build-runs
env:
BASE_REF: ${{ github.base_ref }}
HEAD_SHA: ${{ github.event.pull_request.head.sha }}
with:
script: |
const TIMEOUT_MS = 30 * 60 * 1000;
const SLEEP_MS = 15000;
async function resolveRun({ label, filter, notFoundHint }) {
const deadline = Date.now() + TIMEOUT_MS;
while (true) {
const { data } = await github.rest.actions.listWorkflowRuns({
owner: context.repo.owner,
repo: context.repo.repo,
workflow_id: 'build.yml',
...filter,
status: 'success',
per_page: 1,
});
if (data.workflow_runs.length > 0) {
const run = data.workflow_runs[0];
core.info(`Found ${label} build run ${run.id} (${run.html_url})`);
return run.id;
}
if (Date.now() > deadline) {
throw new Error(
`No successful build.yml run found for ${label} within 30 min — ${notFoundHint}.`,
);
}
core.info(`No successful ${label} build run yet — sleeping 15s.`);
await new Promise(r => setTimeout(r, SLEEP_MS));
}
}
const baseRef = process.env.BASE_REF;
const headSha = process.env.HEAD_SHA;
const [masterRunId, headRunId] = await Promise.all([
resolveRun({
label: baseRef,
filter: { branch: baseRef },
notFoundHint: `${baseRef} may be broken`,
}),
resolveRun({
label: `PR head ${headSha}`,
filter: { head_sha: headSha },
notFoundHint:
'build may still be running, have failed, or the branch may have been force-pushed',
}),
]);
core.setOutput('master_run_id', masterRunId);
core.setOutput('head_run_id', headRunId);
- name: Download web build artifact from ${{github.base_ref}}
uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
with:
run_id: ${{ steps.build-runs.outputs.master_run_id }}
workflow: build.yml
name: build-stats
path: base
- name: Download API build artifact from ${{github.base_ref}}
uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
with:
run_id: ${{ steps.build-runs.outputs.master_run_id }}
workflow: build.yml
name: api-build-stats
path: base
- name: Download build stats from PR
uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
with:
run_id: ${{ steps.build-runs.outputs.head_run_id }}
workflow: build.yml
name: build-stats
path: head
- name: Download API stats from PR
uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
with:
run_id: ${{ steps.build-runs.outputs.head_run_id }}
workflow: build.yml
name: api-build-stats
path: head
- name: Download CLI build artifact from ${{github.base_ref}}
uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
with:
run_id: ${{ steps.build-runs.outputs.master_run_id }}
workflow: build.yml
name: cli-build-stats
path: base
- name: Download CLI stats from PR
uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
with:
run_id: ${{ steps.build-runs.outputs.head_run_id }}
workflow: build.yml
name: cli-build-stats
path: head
- name: Download CRDT build artifact from ${{github.base_ref}}
uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
with:
run_id: ${{ steps.build-runs.outputs.master_run_id }}
workflow: build.yml
name: crdt-build-stats
path: base
- name: Download CRDT stats from PR
uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
with:
run_id: ${{ steps.build-runs.outputs.head_run_id }}
workflow: build.yml
name: crdt-build-stats
path: head
- name: Strip content hashes from stats files
run: |
if [ -f ./head/web-stats.json ]; then
sed -i -E 's/index\.[0-9a-zA-Z_-]{8,}\./index./g' ./head/web-stats.json
sed -i -E 's/\.[0-9a-zA-Z_-]{8,}\.chunk\././g' ./head/web-stats.json
fi
if [ -f ./base/web-stats.json ]; then
sed -i -E 's/index\.[0-9a-zA-Z_-]{8,}\./index./g' ./base/web-stats.json
sed -i -E 's/\.[0-9a-zA-Z_-]{8,}\.chunk\././g' ./base/web-stats.json
fi
for file in ./head/*.json ./base/*.json; do
if [ -f "$file" ]; then
sed -i -E 's/\.[0-9a-f]{8,}\././g' "$file"
fi
done
- name: Generate combined bundle stats comment
run: |
node packages/ci-actions/bin/bundle-stats-comment.mjs \
--base desktop-client=./base/web-stats.json \
--base loot-core=./base/loot-core-stats.json \
--base api=./base/api-stats.json \
--base cli=./base/cli-stats.json \
--base crdt=./base/crdt-stats.json \
--head desktop-client=./head/web-stats.json \
--head loot-core=./head/loot-core-stats.json \
--head api=./head/api-stats.json \
--head cli=./head/cli-stats.json \
--head crdt=./head/crdt-stats.json \
--identifier combined \
--format pr-body > bundle-stats-comment.md
- name: Post combined bundle stats comment
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REPOSITORY: ${{ github.repository }}
PR_NUMBER: ${{ github.event.pull_request.number }}
run: |
node packages/ci-actions/bin/update-bundle-stats-comment.mjs \
--comment-file bundle-stats-comment.md \
--identifier combined \
--target pr-body