Port the sizes workflow from glimmer-vm (#20883)

NullVoxPopuli · web-flow · commit fbcd8c80570e · 2025-03-25T11:33:54.000-04:00
* Port the sizes workflow from glimmer-vm

* Explicity set permission

* Adjust permissions

* Use pull_request_target for safety

* pull_requset_target =&gt; pull_request

* Try to not be vulnerable to basic attacks in GH Actions

* Don't upload the whole dist as an artifact

* Cache main on main

* Build on #main

* Rename

* Updates

* Concat the run id

* Fix path

* Fix paths

* paths
diff --git a/.github/workflows/size-comment.yml b/.github/workflows/size-comment.yml
@@ -0,0 +1,95 @@
+name: "Size: Comment"
+
+# read-write repo token
+# access to secrets
+#
+# https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
+on:
+  workflow_run:
+    workflows: ["Size: PR"]
+    types:
+      - completed
+
+jobs:
+  compare_sizes:
+    name: 'Compare Sizes and Comment'
+    runs-on: 'ubuntu-latest'
+
+    steps:
+      - run: sudo snap install dust
+
+      - uses: actions/download-artifact@v4
+        with:
+          name: pr-${{ github.event.workflow_run.id }}
+          run-id: ${{ github.event.workflow_run.id }}
+
+      - uses: actions/download-artifact@v4
+        with:
+          name: sizes-main
+
+      - name: "[PR] Get sizes for development outputs"
+        id: dev
+        run: |
+          cd pr/
+
+          echo 'sizes<<EOF' >> $GITHUB_OUTPUT
+          while IFS= read -r line; do
+              echo "$line" >> $GITHUB_OUTPUT
+          done <<< $(cat out.txt)
+          echo 'EOF' >> $GITHUB_OUTPUT
+          cat out.txt
+
+      - name: "[PR]: Get PR Number"
+        id: pr-number
+        run: echo "number=$(cat pr/NR)" >> $GITHUB_OUTPUT
+
+      - name: "[Main] Get sizes for development outputs"
+        id: main-dev
+        run: |
+          cd main/
+
+          echo 'sizes<<EOF' >> $GITHUB_OUTPUT
+          while IFS= read -r line; do
+              echo "$line" >> $GITHUB_OUTPUT
+          done <<< $(cat out.txt)
+          echo 'EOF' >> $GITHUB_OUTPUT
+          cat out.txt
+
+      #########################
+      # Intended Layout:
+      #
+      #  |      | This PR | Main |
+      #  | Dev  |   x1    |  y1  |
+      #  | Prod |   x2    |  y2  |
+      #
+      #  NOTE: we we don't have a prod build for this library
+      #        because we currently expect non-compiler usage
+      #        (so consumers should have terser or similar properly configured for DCE)
+      #
+      #########################
+      - uses: mshick/add-pr-comment@v2
+        with:
+          issue: ${{ steps.pr-number.outputs.number }}
+          message: |
+            <table><thead><tr><th></th><th>This PR</th><th>main</th></tr></thead>
+            <tbody>
+            <tr><td>Dev</td><td>
+
+            ```
+            ${{ steps.dev.outputs.sizes }}
+            ```
+
+            </td><td>
+
+            ```
+            ${{ steps.main-dev.outputs.sizes }}
+            ```
+
+            </td></tr>
+            </tbody></table>
+
+
+
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
diff --git a/.github/workflows/size-main.yml b/.github/workflows/size-main.yml
@@ -0,0 +1,37 @@
+name: "Size: main"
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    name: 'Build'
+    runs-on: 'ubuntu-latest'
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/setup
+      - run: sudo snap install dust
+      - run: pnpm build
+
+      - name: "Get sizes for development outputs"
+        id: main-dev
+        run: |
+          mkdir -p main
+          cd dist
+          dust --ignore_hidden \
+              --reverse --apparent-size \
+              --filter ".+.js$" \
+              --no-percent-bars \
+              --only-file \
+              --full-paths > out.txt
+          cp out.txt ../main/
+
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: sizes-main
+          path: main/
+          overwrite: true
diff --git a/.github/workflows/size-pr.yml b/.github/workflows/size-pr.yml
@@ -0,0 +1,46 @@
+# https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
+#
+# Do a build
+# Measure assets sizes
+# Upload artifact
+# Consumed by size.yml for comparison
+name: "Size: PR"
+
+# read-only repo token
+# no access to secrets
+on:
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/setup
+      - run: pnpm build
+      - run: sudo snap install dust
+
+      - name: Save PR number
+        run: |
+          mkdir -p ./pr
+          echo ${{ github.event.number }} > ./pr/NR
+
+      - name: "Get sizes for development outputs"
+        id: dev
+        run: |
+          cd dist
+          dust --ignore_hidden \
+              --reverse --apparent-size \
+              --filter ".+.js$" \
+              --no-percent-bars \
+              --only-file \
+              --full-paths > out.txt
+          cp out.txt ../pr/
+
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: pr-${{ github.event.workflow_run.id }}
+          path: pr/
+          overwrite: true
