Skip to content

[TRTLLMINF-188][infra] Require approval for broad post-merge bot runs#16318

Open
chzblych wants to merge 5 commits into
NVIDIA:mainfrom
chzblych:trtllminf-188-post-merge-approval
Open

[TRTLLMINF-188][infra] Require approval for broad post-merge bot runs#16318
chzblych wants to merge 5 commits into
NVIDIA:mainfrom
chzblych:trtllminf-188-post-merge-approval

Conversation

@chzblych

@chzblych chzblych commented Jul 13, 2026

Copy link
Copy Markdown
Collaborator

Summary by CodeRabbit

  • New Features

    • Added a post-merge approval guard workflow that verifies the ci: post-merge approved label is applied by an active team member.
    • Automatically removes invalid approvals and posts an explanatory pull request comment.
  • Documentation

    • Updated /bot run help and developer guidance to require the approval label for broad wildcard stage selections, and clarified label persistence across commits.
  • Tests

    • Added a Node.js test harness covering approval validation, fail-closed behavior, and label cleanup scenarios.

Description

TRTLLMINF-188 prevents unapproved broad post-merge bot runs from consuming shared CI resources.

This PR:

  • Adds the Guard Post-Merge Approval Label workflow for the ci: post-merge approved label.
  • Accepts the label only when it is applied by an active member of NVIDIA/trt-llm-ci-approvers.
  • Fails closed by removing the label and posting an explanatory comment when membership cannot be verified.
  • Serializes guard runs per PR and binds each membership result to the corresponding label event, so a stale unauthorized run cannot remove a newer approval.
  • Uses pull_request_target without checking out or executing PR code.
  • Keeps the approval label when new commits are pushed, as required.
  • Documents that --post-merge, --stage-list "*", --extra-stage "*", --stage-list "*Post-Merge*", --extra-stage "*Post-Merge*", and equivalent escaped/repeated-star or comma-list forms require approval.
  • Preserves existing behavior for limited patterns such as *PerfSanity*.

The membership check uses the repository secret TRTLLM_AGENT_SHARED_TOKEN. That token must be able to read active membership in NVIDIA/trt-llm-ci-approvers; label cleanup and PR comments continue to use the scoped GITHUB_TOKEN.

The Jenkins-side pre-dispatch label gate is implemented in companion internal MR ftp/infra/trtllm-github-ci!86.

The canonical .github/workflows/blossom-ci.yml is unchanged.

Test Coverage

  • node .github/scripts/test_post_merge_approval_workflow.js
  • Covers distinct webhook sender/fallback actors plus stale-run re-label races, including a newer event from the same actor.
  • Workflow YAML parsing and public-repository pre-commit checks
  • Cross-repository policy contract and 10 Jenkins gate tests
  • Controller-only Jenkins CPS sandbox: build #1 passed label-refresh, single synthetic dispatch, API-failure fail-closed, wildcard classification, and final Groovy gate checks
  • Renamed TRTLLM_AGENT_SHARED_TOKEN positive membership smoke: workflow run 29241460945 returned HTTP 200 and active membership for chzblych in NVIDIA/trt-llm-ci-approvers
  • Final-head personal-fork E2E, using the production workflow with only the repository-name predicate adapted to chzblych/TensorRT-LLM:
    • Authorized Team member: guard 29313955207 retained the label with no denial comment.
    • Commit persistence: after the approved PR head changed to 7a52965662566cdadbf92487da472b3cd6beacb1, the label remained; no synchronize-triggered guard run or comment appeared.
    • Real non-member GitHub App: driver 29314224912 / guard 29314238025 removed the label and posted exactly one denial comment. Artifact SHA-256: 379031ee7497bec37975d9f56050cd10609a32acb3b2e9a3317714ac15c93a4e.
    • Stale unauthorized → newer authorized race: driver 29316619579, Guard A 29316632435, and Guard B 29316686368 proved that A leaves the newer event for B and the authorized label survives. Artifact SHA-256: 68651377063abe7cdef8b375bf919c48f2c53ef4cfafba4c1828a24786ab020f.
    • Same-App remove/re-add race: driver 29316978715, Guard A 29316989757, and Guard B 29317000810 proved serialized handoff; the label was removed once and exactly one denial comment was posted. Artifact SHA-256: f175430b9cbc023c46f6cf6d7d4fb6c9d77fdf462e7f3bbfc94dd10b15d958e1.
  • Both race artifacts passed their embedded SHA256SUMS. An initial D driver run failed only in the test audit/cleanup harness after the product Guard terminal assertion passed; the harness was corrected, reviewed, and the accepted D run above passed end to end.
  • Test PRs update aarch64 libraries to release/0.5.0 branch #7update aarch64 batch manager libraries to release/0.5.0 #10 are closed, draft, and unmerged; branches and Actions evidence are retained. Temporary race workflows were removed, the long-term negative-E2E driver remains, Blossom stayed byte-identical, and no issue_comment/Blossom or production downstream run was triggered.
  • git diff --check
  • Verified zero diff for .github/workflows/blossom-ci.yml

No production downstream Blossom pipeline was triggered. Jenkins runtime validation used an isolated controller-only Sandbox/yanchaol job with synthetic GitHub and downstream-dispatch fixtures.

Deployment Prerequisite

  • Confirm that the upstream repository contains TRTLLM_AGENT_SHARED_TOKEN with organization/team-membership read access. The fork-only positive smoke proves the configured token value can perform the required lookup, but it cannot read or attest the upstream repository's secret configuration.

PR Checklist

Please review the following before submitting your PR:

  • PR description clearly explains what and why. If using CodeRabbit's summary, please make sure it makes sense.

  • PR Follows TRT-LLM CODING GUIDELINES to the best of your knowledge.

  • Test cases are provided for new code paths (see test instructions)

  • If PR introduces API changes, an appropriate PR label is added - either api-compatible or api-breaking. For api-breaking, include BREAKING in the PR title.

  • Any new dependencies have been scanned for license and vulnerabilities

  • CODEOWNERS updated if ownership changes

  • Documentation updated as needed

  • Update tava architecture diagram if there is a significant design change in PR.

  • The reviewers assigned automatically/manually are appropriate for the PR.

  • Please check this after reviewing the above items as appropriate for this PR.

GitHub Bot Help

To see a list of available CI bot commands, please comment /bot help.

Signed-off-by: Yanchao Lu <yanchaol@nvidia.com>
@chzblych chzblych marked this pull request as ready for review July 13, 2026 09:31
@chzblych chzblych requested review from a team as code owners July 13, 2026 09:31
@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

Adds a label-triggered GitHub Actions workflow that validates post-merge approval actors, removes invalid approval labels, and comments on affected pull requests. It also adds workflow tests and updates bot help and CI documentation for approval-label and wildcard requirements.

Changes

Post-merge approval enforcement

Layer / File(s) Summary
Approval validation and cleanup
.github/workflows/post-merge-approval.yml
Adds a pull_request_target label workflow that verifies active approver-team membership, removes invalid approval labels, and posts explanatory comments.
Workflow contract and behavior tests
.github/scripts/test_post_merge_approval_workflow.js
Adds contract checks and mocked authorization and cleanup scenarios covering successful, denied, missing-member, stale-run, and API-failure cases.
Command guidance and CI documentation
.github/workflows/bot-command.yml, docs/source/developer-guide/ci-overview.md
Documents approval-label requirements, wildcard constraints, approver identity, label persistence, and invalid-approval handling.

Estimated code review effort: 4 (Complex) | ~45 minutes

Suggested reviewers: dpitman-nvda, kaiyux, laikhtewari, mlefeb01

Sequence Diagram(s)

sequenceDiagram
  participant PullRequest
  participant ApprovalWorkflow
  participant TeamsAPI
  participant PullRequestAPI
  PullRequest->>ApprovalWorkflow: Apply ci: post-merge approved
  ApprovalWorkflow->>TeamsAPI: Validate labeling actor
  TeamsAPI-->>ApprovalWorkflow: Return membership status
  ApprovalWorkflow->>PullRequestAPI: Remove label if invalid
  ApprovalWorkflow->>PullRequestAPI: Post explanatory comment
Loading
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title matches the required [ticket][type] format and clearly summarizes the main change.
Description check ✅ Passed The description includes the required Description, Test Coverage, and PR Checklist sections and is sufficiently detailed.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/scripts/test_post_merge_approval_workflow.js:
- Around line 87-129: Update the runValidation test fixture so context.actor and
payload.sender.login use distinct values when sender is present, then assert the
result uses the sender login (for example, retain the expected label actor while
using a different fallback actor). Preserve the sender=false case to verify
context.actor is used when no sender exists.

In @.github/workflows/post-merge-approval.yml:
- Around line 70-103: Update the post-merge approval workflow to serialize or
debounce runs per pull request, then re-check the latest label event and
authorization state immediately before any removeLabel cleanup. Ensure an older
unauthorized run exits without removing a label re-added by a later valid
approval.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 43c183c7-c921-4987-97dc-214454fce7d4

📥 Commits

Reviewing files that changed from the base of the PR and between 01291f9 and 3e82b91.

📒 Files selected for processing (4)
  • .github/scripts/test_post_merge_approval_workflow.js
  • .github/workflows/bot-command.yml
  • .github/workflows/post-merge-approval.yml
  • docs/source/developer-guide/ci-overview.md

Comment thread .github/scripts/test_post_merge_approval_workflow.js Outdated
Comment thread .github/workflows/post-merge-approval.yml
chzblych added 2 commits July 13, 2026 17:49
Signed-off-by: Yanchao Lu <yanchaol@nvidia.com>
Signed-off-by: Yanchao Lu <yanchaol@nvidia.com>

Copy link
Copy Markdown
Collaborator Author

@coderabbitai full review

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Full review finished.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
docs/source/developer-guide/ci-overview.md (1)

1-1: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Add the required NVIDIA copyright header.

This modified Markdown file starts directly with the document title and has no NVIDIA copyright header. Add the repository-standard header in a Markdown-safe comment and use the latest meaningful modification year.

As per coding guidelines, all files matching **/* must contain or update the NVIDIA copyright header.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/source/developer-guide/ci-overview.md` at line 1, Add the
repository-standard NVIDIA copyright header at the beginning of the Markdown
document using a Markdown-safe comment, and set its year to the latest
meaningful modification year. Keep the existing “Continuous Integration
Overview” title and document content unchanged.

Source: Coding guidelines

🧹 Nitpick comments (1)
.github/workflows/post-merge-approval.yml (1)

18-20: 🔒 Security & Privacy | 🔵 Trivial | 💤 Low value

pull_request_target dangerous-trigger finding is an expected trade-off here, not a defect.

zizmor's dangerous-triggers rule fires on any pull_request_target use, but this workflow never checks out or executes PR code — the script body is static and only reads timeline/label metadata via the API, so the usual fork-RCE/secret-exfiltration vector doesn't apply. Consider documenting this rationale near the trigger (or adding a suppression entry in zizmor's config, if supported) so the finding doesn't need to be re-litigated on every scan.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/post-merge-approval.yml around lines 18 - 20, Document the
intentional use of pull_request_target beside the trigger in the workflow,
noting that the job runs only static logic and reads timeline/label metadata
through the API without checking out or executing pull-request code.
Alternatively, add the supported zizmor suppression for this expected finding,
preserving the existing trigger behavior.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/post-merge-approval.yml:
- Around line 22-24: Add issues: write to the permissions block in the
post-merge approval workflow, preserving the existing contents and pull-requests
permissions so github.rest.issues.removeLabel can execute successfully.

---

Outside diff comments:
In `@docs/source/developer-guide/ci-overview.md`:
- Line 1: Add the repository-standard NVIDIA copyright header at the beginning
of the Markdown document using a Markdown-safe comment, and set its year to the
latest meaningful modification year. Keep the existing “Continuous Integration
Overview” title and document content unchanged.

---

Nitpick comments:
In @.github/workflows/post-merge-approval.yml:
- Around line 18-20: Document the intentional use of pull_request_target beside
the trigger in the workflow, noting that the job runs only static logic and
reads timeline/label metadata through the API without checking out or executing
pull-request code. Alternatively, add the supported zizmor suppression for this
expected finding, preserving the existing trigger behavior.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: f8a7cfaf-7771-40f5-8315-71b47658331e

📥 Commits

Reviewing files that changed from the base of the PR and between 01291f9 and f39f1da.

📒 Files selected for processing (4)
  • .github/scripts/test_post_merge_approval_workflow.js
  • .github/workflows/bot-command.yml
  • .github/workflows/post-merge-approval.yml
  • docs/source/developer-guide/ci-overview.md

Comment thread .github/workflows/post-merge-approval.yml
chzblych added 2 commits July 14, 2026 14:58
Signed-off-by: Yanchao Lu <yanchaol@nvidia.com>
Signed-off-by: Yanchao Lu <yanchaol@nvidia.com>

Copy link
Copy Markdown
Collaborator Author

Addressed the latest CodeRabbit review on head 9d79005:

  • Added an accurate rationale beside pull_request_target: the workflow runs static default-branch API logic and never checks out or executes PR code.
  • Kept least-privilege pull-requests: write; GitHub documents it as sufficient for both label removal and PR timeline comments, and the fork E2E cleanup path already succeeded with that permission only.
  • Did not add a copyright header to docs/source/developer-guide/ci-overview.md: the repository's Markdown documentation convention does not use SPDX headers, and the coding-guideline rule applies to compiled/interpreted OSS source files.

Validation: executable workflow contract test passed, git diff --check passed, and the cross-repository policy contract passed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant