From 188a56af5c18d7c1e127b99ced130c328d24bf15 Mon Sep 17 00:00:00 2001 From: Ashwin Bharambe Date: Fri, 3 Oct 2025 12:04:02 -0700 Subject: [PATCH] fix: merge workflows to avoid GITHUB_TOKEN limitation --- .github/workflows/README.md | 3 +- .github/workflows/precommit-execute.yml | 179 ------------------------ .github/workflows/precommit-trigger.yml | 157 ++++++++++++++++++--- 3 files changed, 135 insertions(+), 204 deletions(-) delete mode 100644 .github/workflows/precommit-execute.yml diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 5f5ce550c..29acdce59 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -12,8 +12,7 @@ Llama Stack uses GitHub Actions for Continuous Integration (CI). Below is a tabl | Integration Tests (Replay) | [integration-tests.yml](integration-tests.yml) | Run the integration test suites from tests/integration in replay mode | | Vector IO Integration Tests | [integration-vector-io-tests.yml](integration-vector-io-tests.yml) | Run the integration test suite with various VectorIO providers | | Pre-commit | [pre-commit.yml](pre-commit.yml) | Run pre-commit checks | -| Pre-commit Bot - Execute | [precommit-execute.yml](precommit-execute.yml) | Pre-commit bot execution for PR | -| Pre-commit Bot - Trigger | [precommit-trigger.yml](precommit-trigger.yml) | Pre-commit bot trigger | +| Pre-commit Bot | [precommit-trigger.yml](precommit-trigger.yml) | Pre-commit bot for PR | | Test Llama Stack Build | [providers-build.yml](providers-build.yml) | Test llama stack build | | Python Package Build Test | [python-build-test.yml](python-build-test.yml) | Test building the llama-stack PyPI project | | Integration Tests (Record) | [record-integration-tests.yml](record-integration-tests.yml) | Run the integration test suite from tests/integration | diff --git a/.github/workflows/precommit-execute.yml b/.github/workflows/precommit-execute.yml deleted file mode 100644 index 72480a024..000000000 --- a/.github/workflows/precommit-execute.yml +++ /dev/null @@ -1,179 +0,0 @@ -name: Pre-commit Bot - Execute - -run-name: Pre-commit bot execution for PR #${{ inputs.pr_number }} - -on: - workflow_dispatch: - inputs: - pr_number: - description: 'Pull request number' - required: true - type: string - pr_head_ref: - description: 'PR head ref' - required: true - type: string - pr_head_sha: - description: 'PR head SHA' - required: true - type: string - pr_head_repo: - description: 'PR head repository' - required: true - type: string - pr_base_ref: - description: 'PR base ref' - required: true - type: string - -jobs: - pre-commit: - runs-on: ubuntu-latest - permissions: - contents: write - pull-requests: write - - steps: - - name: Comment starting - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: ${{ inputs.pr_number }}, - body: `ā³ Running pre-commit hooks on PR #${{ inputs.pr_number }}...` - }); - - - name: Determine checkout strategy - id: checkout_strategy - run: | - # Check if this is a fork PR - if [[ "${{ inputs.pr_head_repo }}" != "${{ github.repository }}" ]]; then - echo "is_fork=true" >> $GITHUB_OUTPUT - echo "This is a fork PR from ${{ inputs.pr_head_repo }}" - else - echo "is_fork=false" >> $GITHUB_OUTPUT - echo "This is a same-repo PR" - fi - - - name: Checkout PR branch (same-repo) - if: steps.checkout_strategy.outputs.is_fork == 'false' - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - ref: ${{ inputs.pr_head_ref }} - fetch-depth: 0 - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Checkout PR branch (fork) - if: steps.checkout_strategy.outputs.is_fork == 'true' - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - repository: ${{ inputs.pr_head_repo }} - ref: ${{ inputs.pr_head_ref }} - fetch-depth: 0 - # For forks, we need a token with write access to push - # This will only work if the fork has granted workflow permissions - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Verify checkout - run: | - echo "Current SHA: $(git rev-parse HEAD)" - echo "Expected SHA: ${{ inputs.pr_head_sha }}" - if [[ "$(git rev-parse HEAD)" != "${{ inputs.pr_head_sha }}" ]]; then - echo "::error::Checked out SHA does not match expected SHA" - exit 1 - fi - - - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 - with: - python-version: '3.12' - cache: pip - cache-dependency-path: | - **/requirements*.txt - .pre-commit-config.yaml - - - name: Set up Node.js - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 - with: - node-version: '20' - cache: 'npm' - cache-dependency-path: 'llama_stack/ui/' - - - name: Install npm dependencies - run: npm ci - working-directory: llama_stack/ui - - - name: Run pre-commit - id: precommit - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 - continue-on-error: true - env: - SKIP: no-commit-to-branch - RUFF_OUTPUT_FORMAT: github - - - name: Check for changes - id: changes - run: | - if ! git diff --exit-code || [ -n "$(git ls-files --others --exclude-standard)" ]; then - echo "has_changes=true" >> $GITHUB_OUTPUT - echo "Changes detected after pre-commit" - else - echo "has_changes=false" >> $GITHUB_OUTPUT - echo "No changes after pre-commit" - fi - - - name: Commit and push changes - if: steps.changes.outputs.has_changes == 'true' - run: | - git config --local user.email "github-actions[bot]@users.noreply.github.com" - git config --local user.name "github-actions[bot]" - - git add -A - git commit -m "style: apply pre-commit fixes - - šŸ¤– Applied by @github-actions bot via pre-commit workflow" - - # Push changes - git push origin HEAD:${{ inputs.pr_head_ref }} - - - name: Comment success with changes - if: steps.changes.outputs.has_changes == 'true' - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: ${{ inputs.pr_number }}, - body: `āœ… Pre-commit hooks completed successfully!\n\nšŸ”§ Changes have been committed and pushed to the PR branch.` - }); - - - name: Comment success without changes - if: steps.changes.outputs.has_changes == 'false' && steps.precommit.outcome == 'success' - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: ${{ inputs.pr_number }}, - body: `āœ… Pre-commit hooks passed!\n\nāœØ No changes needed - your code is already formatted correctly.` - }); - - - name: Comment failure - if: failure() - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: ${{ inputs.pr_number }}, - body: `āŒ Pre-commit workflow failed!\n\nPlease check the [workflow logs](https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}) for details.` - }); diff --git a/.github/workflows/precommit-trigger.yml b/.github/workflows/precommit-trigger.yml index b643bf535..9abe4a9fd 100644 --- a/.github/workflows/precommit-trigger.yml +++ b/.github/workflows/precommit-trigger.yml @@ -1,22 +1,22 @@ -name: Pre-commit Bot - Trigger +name: Pre-commit Bot -run-name: Pre-commit bot trigger +run-name: Pre-commit bot for PR #${{ github.event.issue.number }} on: issue_comment: types: [created] jobs: - trigger: + pre-commit: # Only run on pull request comments if: github.event.issue.pull_request && contains(github.event.comment.body, '@github-actions run precommit') runs-on: ubuntu-latest permissions: - contents: read + contents: write pull-requests: write steps: - - name: Check comment author + - name: Check comment author and get PR details id: check_author uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: @@ -67,12 +67,13 @@ jobs: return; } - // Save PR info for the execution workflow + // Save PR info for later steps core.setOutput('pr_number', context.issue.number); core.setOutput('pr_head_ref', pr.data.head.ref); core.setOutput('pr_head_sha', pr.data.head.sha); core.setOutput('pr_head_repo', pr.data.head.repo.full_name); core.setOutput('pr_base_ref', pr.data.base.ref); + core.setOutput('is_fork', pr.data.head.repo.full_name !== context.payload.repository.full_name); core.setOutput('authorized', 'true'); - name: React to comment @@ -88,29 +89,139 @@ jobs: content: 'rocket' }); - - name: Trigger execution workflow + - name: Comment starting if: steps.check_author.outputs.authorized == 'true' uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | - await github.rest.actions.createWorkflowDispatch({ - owner: context.repo.owner, - repo: context.repo.repo, - workflow_id: 'precommit-execute.yml', - ref: context.payload.repository.default_branch, - inputs: { - pr_number: '${{ steps.check_author.outputs.pr_number }}', - pr_head_ref: '${{ steps.check_author.outputs.pr_head_ref }}', - pr_head_sha: '${{ steps.check_author.outputs.pr_head_sha }}', - pr_head_repo: '${{ steps.check_author.outputs.pr_head_repo }}', - pr_base_ref: '${{ steps.check_author.outputs.pr_base_ref }}' - } - }); - await github.rest.issues.createComment({ owner: context.repo.owner, repo: context.repo.repo, - issue_number: context.issue.number, - body: `šŸš€ Pre-commit workflow triggered! Check the [Actions tab](https://github.com/${context.repo.owner}/${context.repo.repo}/actions/workflows/precommit-execute.yml) for progress.` + issue_number: ${{ steps.check_author.outputs.pr_number }}, + body: `ā³ Running pre-commit hooks on PR #${{ steps.check_author.outputs.pr_number }}...` + }); + + - name: Checkout PR branch (same-repo) + if: steps.check_author.outputs.authorized == 'true' && steps.check_author.outputs.is_fork == 'false' + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + ref: ${{ steps.check_author.outputs.pr_head_ref }} + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Checkout PR branch (fork) + if: steps.check_author.outputs.authorized == 'true' && steps.check_author.outputs.is_fork == 'true' + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + repository: ${{ steps.check_author.outputs.pr_head_repo }} + ref: ${{ steps.check_author.outputs.pr_head_ref }} + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Verify checkout + if: steps.check_author.outputs.authorized == 'true' + run: | + echo "Current SHA: $(git rev-parse HEAD)" + echo "Expected SHA: ${{ steps.check_author.outputs.pr_head_sha }}" + if [[ "$(git rev-parse HEAD)" != "${{ steps.check_author.outputs.pr_head_sha }}" ]]; then + echo "::error::Checked out SHA does not match expected SHA" + exit 1 + fi + + - name: Set up Python + if: steps.check_author.outputs.authorized == 'true' + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + with: + python-version: '3.12' + cache: pip + cache-dependency-path: | + **/requirements*.txt + .pre-commit-config.yaml + + - name: Set up Node.js + if: steps.check_author.outputs.authorized == 'true' + uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 + with: + node-version: '20' + cache: 'npm' + cache-dependency-path: 'llama_stack/ui/' + + - name: Install npm dependencies + if: steps.check_author.outputs.authorized == 'true' + run: npm ci + working-directory: llama_stack/ui + + - name: Run pre-commit + if: steps.check_author.outputs.authorized == 'true' + id: precommit + uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 + continue-on-error: true + env: + SKIP: no-commit-to-branch + RUFF_OUTPUT_FORMAT: github + + - name: Check for changes + if: steps.check_author.outputs.authorized == 'true' + id: changes + run: | + if ! git diff --exit-code || [ -n "$(git ls-files --others --exclude-standard)" ]; then + echo "has_changes=true" >> $GITHUB_OUTPUT + echo "Changes detected after pre-commit" + else + echo "has_changes=false" >> $GITHUB_OUTPUT + echo "No changes after pre-commit" + fi + + - name: Commit and push changes + if: steps.check_author.outputs.authorized == 'true' && steps.changes.outputs.has_changes == 'true' + run: | + git config --local user.email "github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" + + git add -A + git commit -m "style: apply pre-commit fixes + + šŸ¤– Applied by @github-actions bot via pre-commit workflow" + + # Push changes + git push origin HEAD:${{ steps.check_author.outputs.pr_head_ref }} + + - name: Comment success with changes + if: steps.check_author.outputs.authorized == 'true' && steps.changes.outputs.has_changes == 'true' + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: ${{ steps.check_author.outputs.pr_number }}, + body: `āœ… Pre-commit hooks completed successfully!\n\nšŸ”§ Changes have been committed and pushed to the PR branch.` + }); + + - name: Comment success without changes + if: steps.check_author.outputs.authorized == 'true' && steps.changes.outputs.has_changes == 'false' && steps.precommit.outcome == 'success' + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: ${{ steps.check_author.outputs.pr_number }}, + body: `āœ… Pre-commit hooks passed!\n\nāœØ No changes needed - your code is already formatted correctly.` + }); + + - name: Comment failure + if: failure() + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: ${{ steps.check_author.outputs.pr_number }}, + body: `āŒ Pre-commit workflow failed!\n\nPlease check the [workflow logs](https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}) for details.` });