[None][infra] Update CI allowedlist

[yuanjingx87]

Summary by CodeRabbit

• Chores
  • Updated CI/CD workflow authorization to expand the set of approved contributors.

Description

Update CI allowed list

Test Coverage

PR Checklist

Please review the following before submitting your PR:

• PR description clearly explains what and why. If using CodeRabbit's summary, please make sure it makes sense.

• PR Follows TRT-LLM CODING GUIDELINES to the best of your knowledge.

• Test cases are provided for new code paths (see test instructions)

• Any new dependencies have been scanned for license and vulnerabilities

• CODEOWNERS updated if ownership changes

• Documentation updated as needed

• Update tava architecture diagram if there is a significant design change in PR.

• The reviewers assigned automatically/manually are appropriate for the PR.

• Please check this after reviewing the above items as appropriate for this PR.

GitHub Bot Help

To see a list of available CI bot commands, please comment /bot help.

[coderabbitai]

📝 Walkthrough

Walkthrough

Added six new usernames (biswapanda, indrajit96, KrishnanPrash, tmccorm4, tianyuxbear, ziqifan617) to the authorized users allowlist in the Blossom-CI workflow file. These additions expand the set of GitHub actors permitted to trigger or influence CI workflow actions without requiring approval.

Changes

Cohort / File(s)	Summary
Blossom-CI Authorization .github/workflows/blossom-ci.yml	Added six new usernames to the authorized users allowlist across multiple authorization blocks in the CI workflow.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• [None][infra] Update CI allowlist #10936: Modifies the same Blossom-CI workflow authorization allowlist by adding new GitHub usernames.
• [None][infra] Update allowed list 2025.11.06 #8987: Modifies the same Blossom-CI workflow's authorization allowlist by adding usernames to the authorized users array.
• [None][infra] Update allow list 20251030 #8808: Expands the JSON allowlist/authorized users array in the same blossom-ci workflow file.

Suggested reviewers

• zeroepoch
• tburt-nv
• niukuo

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The PR description is minimal and lacks essential details. The 'Description' section only states 'Update CI allowed list' without explaining why these specific users are being added or what authorization changes are being made.	Expand the description section to explain the rationale for adding these users, their roles, and any security or authorization considerations for the CI changes.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title '[None][infra] Update CI allowedlist' clearly and concisely describes the main change—updating the CI authorization allowlist by adding new usernames.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can scan for known vulnerabilities in your dependencies using OSV Scanner.

OSV Scanner will automatically detect and report security vulnerabilities in your project's dependencies. No additional configuration is required.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/blossom-ci.yml (1)

43-377: Consider replacing inline username allowlists with team-based auth

This large hardcoded actor list is brittle for a security gate. Moving authorization to GitHub team/org membership (or a single shared allowlist source) would reduce typo-driven access errors and review overhead.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/blossom-ci.yml around lines 43 - 377, The inline JSON
allowlist created with fromJson([...]) and checked against github.actor is
brittle; replace this hardcoded array with a team/org-based authorization check
by calling the GitHub membership API (or using a maintained reusable allowlist
secret or repo-level team) and validate membership of github.actor against that
team instead of the fromJson list; update the workflow logic where the
fromJson([...]) expression appears to fetch/verify team membership (or reference
a single shared allowlist input/secret) and gate the job on that result.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/blossom-ci.yml:
- Line 259: The allowlist entry "rmccorm4" appears to be a typo and should be
replaced with the intended account "tmccorm4"; locate the privileged auth
allowlist where the string "rmccorm4" is present and update it to "tmccorm4"
(and run any CI/validation that checks usernames) so the correct account
receives authorization.

---

Nitpick comments:
In @.github/workflows/blossom-ci.yml:
- Around line 43-377: The inline JSON allowlist created with fromJson([...]) and
checked against github.actor is brittle; replace this hardcoded array with a
team/org-based authorization check by calling the GitHub membership API (or
using a maintained reusable allowlist secret or repo-level team) and validate
membership of github.actor against that team instead of the fromJson list;
update the workflow logic where the fromJson([...]) expression appears to
fetch/verify team membership (or reference a single shared allowlist
input/secret) and gate the job on that result.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f3813928-04d2-4da8-8d54-5bf98a142946

📥 Commits

Reviewing files that changed from the base of the PR and between 43d3ad8 and 3843be4.

📒 Files selected for processing (1)

• .github/workflows/blossom-ci.yml

[yuanjingx87]

/bot skip --comment "Update CI allowed list"

[tensorrt-cicd]

PR_Github #39486 [ skip ] triggered by Bot. Commit: 76c8d13 Link to invocation

[tensorrt-cicd]

PR_Github #39486 [ skip ] completed with state SUCCESS. Commit: 76c8d13
Skipping testing for commit 76c8d13

Link to invocation