From d92eaaf61ba99d7a06f0473a46c2f8bda9a7b2de Mon Sep 17 00:00:00 2001
From: Tamay Eser Uysal <tamayeseruysal@gmail.com>
Date: Wed, 8 Apr 2026 18:52:32 +0200
Subject: [PATCH 1/7] ci: comment performance regression results on pull
 requests

Post benchmark comparison as a Markdown table comment on PRs,
referencing the commit hash. Updates the same comment on subsequent
pushes instead of creating duplicates.
---
 .github/workflows/performance.yml | 32 +++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml
index ffeee069..039bf2aa 100644
--- a/.github/workflows/performance.yml
+++ b/.github/workflows/performance.yml
@@ -50,6 +50,8 @@ jobs:
   compare:
     needs: benchmark
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
     steps:
       - uses: actions/checkout@v4
       - uses: actions/download-artifact@v4
@@ -60,7 +62,33 @@ jobs:
         with:
           name: branch-results
           path: /tmp/branch
-      - run: |
+      - name: Compare benchmarks
+        id: compare
+        continue-on-error: true
+        run: |
+          set -o pipefail
           node scripts/compare-benchmarks.mjs \
             /tmp/main/main-results.json \
-            /tmp/branch/branch-results.json
+            /tmp/branch/branch-results.json | tee /tmp/perf-report.md
+      - name: Comment on PR
+        if: github.event_name == 'pull_request'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs')
+            const report = fs.readFileSync('/tmp/perf-report.md', 'utf8')
+            const marker = '<!-- perf-regression -->'
+            const body = `${marker}\n${report}\n\n_Commit: ${{ github.sha }}_`
+            const { owner, repo } = context.repo
+            const issue_number = context.issue.number
+            const { data: comments } = await github.rest.issues.listComments({ owner, repo, issue_number })
+            const existing = comments.find(c => c.body.includes(marker))
+            const params = { owner, repo, body }
+            if (existing) {
+              await github.rest.issues.updateComment({ ...params, comment_id: existing.id })
+            } else {
+              await github.rest.issues.createComment({ ...params, issue_number })
+            }
+      - name: Fail on regression
+        if: steps.compare.outcome == 'failure'
+        run: exit 1

From 52253567ceb5fd2cbb01ae7983d0361ade8cfb05 Mon Sep 17 00:00:00 2001
From: Tamay Eser Uysal <tamayeseruysal@gmail.com>
Date: Wed, 8 Apr 2026 19:08:40 +0200
Subject: [PATCH 2/7] ci: bump actions/github-script to v8 (Node 24 native)

---
 .github/workflows/performance.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml
index 039bf2aa..5ed5f24a 100644
--- a/.github/workflows/performance.yml
+++ b/.github/workflows/performance.yml
@@ -72,7 +72,7 @@ jobs:
             /tmp/branch/branch-results.json | tee /tmp/perf-report.md
       - name: Comment on PR
         if: github.event_name == 'pull_request'
-        uses: actions/github-script@v7
+        uses: actions/github-script@v8
         with:
           script: |
             const fs = require('fs')

From 2933975d6eddad0d09995cafed1c5b5dab874e6c Mon Sep 17 00:00:00 2001
From: Tamay Eser Uysal <tamayeseruysal@gmail.com>
Date: Wed, 8 Apr 2026 19:08:50 +0200
Subject: [PATCH 3/7] ci: bump actions/download-artifact to v8

---
 .github/workflows/performance.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml
index 5ed5f24a..1a92abf0 100644
--- a/.github/workflows/performance.yml
+++ b/.github/workflows/performance.yml
@@ -54,11 +54,11 @@ jobs:
       pull-requests: write
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v8
         with:
           name: main-results
           path: /tmp/main
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v8
         with:
           name: branch-results
           path: /tmp/branch

From 3ac492220d21b97fbbfd7d7b75c3c7f72d48de8d Mon Sep 17 00:00:00 2001
From: Tamay Eser Uysal <tamayeseruysal@gmail.com>
Date: Wed, 8 Apr 2026 19:09:01 +0200
Subject: [PATCH 4/7] ci: guard PR comment against empty performance report

---
 .github/workflows/performance.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml
index 1a92abf0..d2d596b3 100644
--- a/.github/workflows/performance.yml
+++ b/.github/workflows/performance.yml
@@ -76,7 +76,12 @@ jobs:
         with:
           script: |
             const fs = require('fs')
-            const report = fs.readFileSync('/tmp/perf-report.md', 'utf8')
+            const path = '/tmp/perf-report.md'
+            if (!fs.existsSync(path) || fs.statSync(path).size === 0) {
+              core.warning('No performance report generated — skipping PR comment')
+              return
+            }
+            const report = fs.readFileSync(path, 'utf8')
             const marker = '<!-- perf-regression -->'
             const body = `${marker}\n${report}\n\n_Commit: ${{ github.sha }}_`
             const { owner, repo } = context.repo

From 32b79b046a3e3ed84d159f92637988acee8bbb11 Mon Sep 17 00:00:00 2001
From: Tamay Eser Uysal <tamayeseruysal@gmail.com>
Date: Wed, 8 Apr 2026 19:09:12 +0200
Subject: [PATCH 5/7] ci: scope push trigger to main branch only

---
 .github/workflows/performance.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml
index d2d596b3..205c856b 100644
--- a/.github/workflows/performance.yml
+++ b/.github/workflows/performance.yml
@@ -2,6 +2,7 @@ name: Performance
 
 on:
   push:
+    branches: [main]
   pull_request:
     branches: [main]
   workflow_dispatch:

From 27b94cba1c92bd799c35b906bf8e1210fffc0b8c Mon Sep 17 00:00:00 2001
From: Tamay Eser Uysal <tamayeseruysal@gmail.com>
Date: Thu, 9 Apr 2026 00:16:26 +0200
Subject: [PATCH 6/7] ci: bump actions/upload-artifact to v8 (match
 download-artifact)

---
 .github/workflows/performance.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml
index 205c856b..9e98550d 100644
--- a/.github/workflows/performance.yml
+++ b/.github/workflows/performance.yml
@@ -39,11 +39,11 @@ jobs:
       - run: npm run benchmark:record:simulation
       - run: cp benchmark-history/benchmark-simulation.latest.json /tmp/branch-results.json
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v8
         with:
           name: main-results
           path: /tmp/main-results.json
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v8
         with:
           name: branch-results
           path: /tmp/branch-results.json

From 8f440450f4ec814d9be6180ccbc7e0f38954af38 Mon Sep 17 00:00:00 2001
From: Tamay Eser Uysal <tamayeseruysal@gmail.com>
Date: Thu, 9 Apr 2026 00:17:50 +0200
Subject: [PATCH 7/7] ci: add contents:read permission to compare job

Job-level permissions replace all defaults. Without contents:read,
actions/checkout fails and the compare script never runs.
---
 .github/workflows/performance.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml
index 9e98550d..fabb6cb6 100644
--- a/.github/workflows/performance.yml
+++ b/.github/workflows/performance.yml
@@ -52,6 +52,7 @@ jobs:
     needs: benchmark
     runs-on: ubuntu-latest
     permissions:
+      contents: read
       pull-requests: write
     steps:
       - uses: actions/checkout@v4