flashinfer/.github/workflows/ci-bot-commands.yml at e284274e2eb67538bb9c884f2ed9c0143772d3ac · flashinfer-ai/flashinfer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
# Bot command handler for CI permissions
# Authorized users (ci-users team) can comment to control CI:
#   @flashinfer-bot run          - Add run-ci label to trigger CI
#   @flashinfer-bot rerun        - Cancel and rerun all workflows
#   @flashinfer-bot rerun failed - Rerun failed and cancelled jobs
#   @flashinfer-bot stop         - Cancel all in-progress workflows

name: CI Bot Commands

on:
  issue_comment:
    types: [created]

permissions:
  contents: read
  pull-requests: write
  actions: write

jobs:
  handle-command:
    # Only run on PR comments mentioning @flashinfer-bot
    if: |
      github.event.issue.pull_request &&
      contains(github.event.comment.body, '@flashinfer-bot')
    runs-on: ubuntu-latest

    steps:
      - name: Check team membership
        id: check-permission
        env:
          GH_TOKEN: ${{ secrets.FLASHINFER_GITHUB_TOKEN }}
          ORG: ${{ github.repository_owner }}
          TEAM: ci-users
          ACTOR: ${{ github.event.comment.user.login }}
        run: |
          echo "Checking if $ACTOR is a member of $ORG/$TEAM..."

          # Verify token is set
          if [[ -z "$GH_TOKEN" ]]; then
            echo "::error::FLASHINFER_GITHUB_TOKEN secret is not set"
            echo "authorized=false" >> "$GITHUB_OUTPUT"
            exit 0
          fi

          # List team members and check if commenter is in the list
          MEMBERS=$(gh api \
            -H "Accept: application/vnd.github+json" \
            -H "X-GitHub-Api-Version: 2022-11-28" \
            --paginate \
            "/orgs/${ORG}/teams/${TEAM}/members" \
            --jq '.[].login' 2>&1) || {
            echo "::error::Failed to get team members: $MEMBERS"
            echo "authorized=false" >> "$GITHUB_OUTPUT"
            exit 0
          }

          if echo "$MEMBERS" | grep -qx "$ACTOR"; then
            echo "$ACTOR is a member of $TEAM"
            echo "authorized=true" >> "$GITHUB_OUTPUT"
          else
            echo "$ACTOR is not a member of $TEAM"
            echo "authorized=false" >> "$GITHUB_OUTPUT"
          fi

      - name: Parse command
        id: parse
        env:
          COMMENT_BODY: ${{ github.event.comment.body }}
        run: |
          if echo "$COMMENT_BODY" | grep -qi "@flashinfer-bot rerun failed"; then
            echo "command=rerun-failed" >> "$GITHUB_OUTPUT"
          elif echo "$COMMENT_BODY" | grep -qi "@flashinfer-bot rerun"; then
            echo "command=rerun" >> "$GITHUB_OUTPUT"
          elif echo "$COMMENT_BODY" | grep -qi "@flashinfer-bot stop"; then
            echo "command=stop" >> "$GITHUB_OUTPUT"
          elif echo "$COMMENT_BODY" | grep -qi "@flashinfer-bot run"; then
            echo "command=run" >> "$GITHUB_OUTPUT"
          else
            echo "command=unknown" >> "$GITHUB_OUTPUT"
          fi

      - name: Handle @flashinfer-bot run
        if: steps.check-permission.outputs.authorized == 'true' && steps.parse.outputs.command == 'run'
        env:
          GH_TOKEN: ${{ secrets.FLASHINFER_BOT_TOKEN }}
        run: |
          echo "Adding run-ci label to PR #${{ github.event.issue.number }}"

          # Add run-ci label
          gh pr edit ${{ github.event.issue.number }} \
            --repo ${{ github.repository }} \
            --add-label "run-ci"

          # React with thumbs up
          gh api \
            -X POST \
            "/repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions" \
            -f content='+1'

          echo "Label added successfully"

      - name: Handle @flashinfer-bot rerun
        if: steps.check-permission.outputs.authorized == 'true' && steps.parse.outputs.command == 'rerun'
        env:
          GH_TOKEN: ${{ secrets.FLASHINFER_BOT_TOKEN }}
        run: |
          echo "Rerunning all jobs for PR #${{ github.event.issue.number }}"

          # Get PR head SHA
          PR_SHA=$(gh pr view ${{ github.event.issue.number }} \
            --repo ${{ github.repository }} \
            --json headRefOid -q '.headRefOid')

          echo "PR HEAD SHA: $PR_SHA"

          # Cancel in-progress and queued runs first
          echo "Cancelling in-progress runs..."
          gh run list \
            --repo ${{ github.repository }} \
            --commit "$PR_SHA" \
            --json databaseId,status -q '.[] | select(.status == "in_progress" or .status == "queued") | .databaseId' | \
          while read -r run_id; do
            if [ -n "$run_id" ]; then
              echo "Cancelling workflow $run_id..."
              gh run cancel "$run_id" --repo ${{ github.repository }} || true
            fi
          done

          # Wait for cancellations to complete
          sleep 2

          # Rerun all workflow runs for this commit
          echo "Rerunning all workflows..."
          gh run list \
            --repo ${{ github.repository }} \
            --commit "$PR_SHA" \
            --json databaseId -q '.[].databaseId' | \
          while read -r run_id; do
            if [ -n "$run_id" ]; then
              echo "Rerunning workflow $run_id..."
              gh run rerun "$run_id" --repo ${{ github.repository }} || true
            fi
          done

          # React with thumbs up
          gh api \
            -X POST \
            "/repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions" \
            -f content='+1'

          echo "Rerun triggered successfully"

      - name: Handle @flashinfer-bot rerun failed
        if: steps.check-permission.outputs.authorized == 'true' && steps.parse.outputs.command == 'rerun-failed'
        env:
          GH_TOKEN: ${{ secrets.FLASHINFER_BOT_TOKEN }}
        run: |
          echo "Rerunning failed/cancelled jobs for PR #${{ github.event.issue.number }}"

          # Get PR head SHA
          PR_SHA=$(gh pr view ${{ github.event.issue.number }} \
            --repo ${{ github.repository }} \
            --json headRefOid -q '.headRefOid')

          echo "PR HEAD SHA: $PR_SHA"

          # Rerun failed and cancelled workflow runs for this commit
          # (cancelled jobs are common with fail-fast when one job fails)
          for STATUS in failure cancelled; do
            gh run list \
              --repo ${{ github.repository }} \
              --commit "$PR_SHA" \
              --status "$STATUS" \
              --json databaseId -q '.[].databaseId' | \
            while read -r run_id; do
              if [ -n "$run_id" ]; then
                echo "Rerunning $STATUS workflow $run_id..."
                gh run rerun "$run_id" --repo ${{ github.repository }} --failed || true
              fi
            done
          done

          # React with thumbs up
          gh api \
            -X POST \
            "/repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions" \
            -f content='+1'

          echo "Rerun-failed triggered successfully"

      - name: Handle @flashinfer-bot stop
        if: steps.check-permission.outputs.authorized == 'true' && steps.parse.outputs.command == 'stop'
        env:
          GH_TOKEN: ${{ secrets.FLASHINFER_BOT_TOKEN }}
        run: |
          echo "Stopping all workflows for PR #${{ github.event.issue.number }}"

          # Get PR head SHA
          PR_SHA=$(gh pr view ${{ github.event.issue.number }} \
            --repo ${{ github.repository }} \
            --json headRefOid -q '.headRefOid')

          echo "PR HEAD SHA: $PR_SHA"

          # Cancel all in-progress and queued runs
          CANCEL_COUNT=0
          gh run list \
            --repo ${{ github.repository }} \
            --commit "$PR_SHA" \
            --json databaseId,status -q '.[] | select(.status == "in_progress" or .status == "queued") | .databaseId' | \
          while read -r run_id; do
            if [ -n "$run_id" ]; then
              echo "Cancelling workflow $run_id..."
              gh run cancel "$run_id" --repo ${{ github.repository }} || true
              CANCEL_COUNT=$((CANCEL_COUNT + 1))
            fi
          done

          # React with thumbs up
          gh api \
            -X POST \
            "/repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions" \
            -f content='+1'

          echo "Stop triggered successfully"

      - name: Unauthorized user
        if: steps.check-permission.outputs.authorized != 'true' && steps.parse.outputs.command != 'unknown'
        env:
          GH_TOKEN: ${{ secrets.FLASHINFER_BOT_TOKEN }}
        run: |
          echo "User ${{ github.event.comment.user.login }} is not authorized"

          # React with confused emoji
          gh api \
            -X POST \
            "/repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions" \
            -f content='confused'