fix: post leaderboard validation comments via workflow_run for fork PRs

[jwm4]

Summary

• Fork PRs get a scoped-down GITHUB_TOKEN that lacks write permissions, so the inline github-script comment step in the leaderboard validation always returns 403.
• Split the comment posting into a separate workflow_run-triggered workflow (leaderboard-comment.yml) that runs in the upstream repo context with elevated permissions.
• Follows the same pattern already used by coverage-comment.yml.
• The validate job now saves results as an artifact; the new workflow downloads it and posts/updates the PR comment.

Fixes the comment-posting failure seen on #424 and #448.

Test plan

• Verify this PR's CI passes
• After merge, trigger a leaderboard submission from a fork and confirm the validation comment appears on the PR
• Verify the comment updates (not duplicates) on subsequent pushes

Generated with assistance from Claude Code by Bill Murdock.

Summary by CodeRabbit

• Chores
  • Added automated workflow to post and update leaderboard validation comments on pull requests, displaying claimed score, verified score, and calculated difference
  • Updated leaderboard validation workflow to persist results via artifacts for inter-workflow communication

[github-actions]

📈 Test Coverage Report

Branch	Coverage
This PR	73.7%
Main	73.7%
Diff	✅ +0%

---

Coverage calculated from unit tests only

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 43b39f9f-7caa-4d27-89e5-ac31c3930710

📥 Commits

Reviewing files that changed from the base of the PR and between d87c848 and 308afc4.

📒 Files selected for processing (2)

• .github/workflows/leaderboard-comment.yml
• .github/workflows/leaderboard.yml

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

---

📝 Walkthrough

Walkthrough

The PR decouples leaderboard validation from PR commenting by introducing a two-workflow system. The upstream leaderboard.yml workflow now saves validation results as a JSON artifact instead of posting comments directly. A new leaderboard-comment.yml workflow consumes that artifact via workflow_run trigger to post or update PR comments, enabling asynchronous validation result delivery and simplifying PR comment lifecycle management.

Changes

Leaderboard Validation Artifact and Comment Workflow

Layer / File(s)	Summary
Artifact persistence in leaderboard workflow .github/workflows/leaderboard.yml	Score validation logic for PR submissions remains in place; the job now saves validation metadata (claimed/actual scores, research versions, PR number) to /tmp/validation-data/validation.json and uploads it as the leaderboard-validation artifact with 1-day retention instead of posting a comment directly.
Comment posting via artifact consumer .github/workflows/leaderboard-comment.yml	New workflow triggered on Leaderboard Management completion; resolves the PR number from the workflow_run context (handling fork branches), downloads the leaderboard-validation artifact, parses validation results, computes a pass/fail status (diff ≤ 2.0 points), and posts or updates an existing "Leaderboard Validation" PR comment with claimed score, verified score, and absolute diff rounded to 1 decimal.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/leaderboard-submitter-access-check

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch fix/leaderboard-submitter-access-check

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🎉 This PR is included in version 2.39.3 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀