diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 7c9d2bffd..5f5ce550c 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -12,6 +12,8 @@ Llama Stack uses GitHub Actions for Continuous Integration (CI). Below is a tabl | Integration Tests (Replay) | [integration-tests.yml](integration-tests.yml) | Run the integration test suites from tests/integration in replay mode | | Vector IO Integration Tests | [integration-vector-io-tests.yml](integration-vector-io-tests.yml) | Run the integration test suite with various VectorIO providers | | Pre-commit | [pre-commit.yml](pre-commit.yml) | Run pre-commit checks | +| Pre-commit Bot - Execute | [precommit-execute.yml](precommit-execute.yml) | Pre-commit bot execution for PR | +| Pre-commit Bot - Trigger | [precommit-trigger.yml](precommit-trigger.yml) | Pre-commit bot trigger | | Test Llama Stack Build | [providers-build.yml](providers-build.yml) | Test llama stack build | | Python Package Build Test | [python-build-test.yml](python-build-test.yml) | Test building the llama-stack PyPI project | | Integration Tests (Record) | [record-integration-tests.yml](record-integration-tests.yml) | Run the integration test suite from tests/integration | diff --git a/.github/workflows/precommit-execute.yml b/.github/workflows/precommit-execute.yml new file mode 100644 index 000000000..d04645bae --- /dev/null +++ b/.github/workflows/precommit-execute.yml @@ -0,0 +1,179 @@ +name: Pre-commit Bot - Execute + +run-name: Pre-commit bot execution for PR #${{ inputs.pr_number }} + +on: + workflow_dispatch: + inputs: + pr_number: + description: 'Pull request number' + required: true + type: string + pr_head_ref: + description: 'PR head ref' + required: true + type: string + pr_head_sha: + description: 'PR head SHA' + required: true + type: string + pr_head_repo: + description: 'PR head repository' + required: true + type: string + pr_base_ref: + description: 'PR base ref' + required: true + type: string + +jobs: + pre-commit: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + + steps: + - name: Comment starting + uses: actions/github-script@b72609b8d3f6598eef55e8f8010b7cba8b9ff9c5 # v7.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: ${{ inputs.pr_number }}, + body: `ā³ Running pre-commit hooks on PR #${{ inputs.pr_number }}...` + }); + + - name: Determine checkout strategy + id: checkout_strategy + run: | + # Check if this is a fork PR + if [[ "${{ inputs.pr_head_repo }}" != "${{ github.repository }}" ]]; then + echo "is_fork=true" >> $GITHUB_OUTPUT + echo "This is a fork PR from ${{ inputs.pr_head_repo }}" + else + echo "is_fork=false" >> $GITHUB_OUTPUT + echo "This is a same-repo PR" + fi + + - name: Checkout PR branch (same-repo) + if: steps.checkout_strategy.outputs.is_fork == 'false' + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + ref: ${{ inputs.pr_head_ref }} + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Checkout PR branch (fork) + if: steps.checkout_strategy.outputs.is_fork == 'true' + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + repository: ${{ inputs.pr_head_repo }} + ref: ${{ inputs.pr_head_ref }} + fetch-depth: 0 + # For forks, we need a token with write access to push + # This will only work if the fork has granted workflow permissions + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Verify checkout + run: | + echo "Current SHA: $(git rev-parse HEAD)" + echo "Expected SHA: ${{ inputs.pr_head_sha }}" + if [[ "$(git rev-parse HEAD)" != "${{ inputs.pr_head_sha }}" ]]; then + echo "::error::Checked out SHA does not match expected SHA" + exit 1 + fi + + - name: Set up Python + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + with: + python-version: '3.12' + cache: pip + cache-dependency-path: | + **/requirements*.txt + .pre-commit-config.yaml + + - name: Set up Node.js + uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 + with: + node-version: '20' + cache: 'npm' + cache-dependency-path: 'llama_stack/ui/' + + - name: Install npm dependencies + run: npm ci + working-directory: llama_stack/ui + + - name: Run pre-commit + id: precommit + uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 + continue-on-error: true + env: + SKIP: no-commit-to-branch + RUFF_OUTPUT_FORMAT: github + + - name: Check for changes + id: changes + run: | + if ! git diff --exit-code || [ -n "$(git ls-files --others --exclude-standard)" ]; then + echo "has_changes=true" >> $GITHUB_OUTPUT + echo "Changes detected after pre-commit" + else + echo "has_changes=false" >> $GITHUB_OUTPUT + echo "No changes after pre-commit" + fi + + - name: Commit and push changes + if: steps.changes.outputs.has_changes == 'true' + run: | + git config --local user.email "github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" + + git add -A + git commit -m "style: apply pre-commit fixes + + šŸ¤– Applied by @github-actions bot via pre-commit workflow" + + # Push changes + git push origin HEAD:${{ inputs.pr_head_ref }} + + - name: Comment success with changes + if: steps.changes.outputs.has_changes == 'true' + uses: actions/github-script@b72609b8d3f6598eef55e8f8010b7cba8b9ff9c5 # v7.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: ${{ inputs.pr_number }}, + body: `āœ… Pre-commit hooks completed successfully!\n\nšŸ”§ Changes have been committed and pushed to the PR branch.` + }); + + - name: Comment success without changes + if: steps.changes.outputs.has_changes == 'false' && steps.precommit.outcome == 'success' + uses: actions/github-script@b72609b8d3f6598eef55e8f8010b7cba8b9ff9c5 # v7.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: ${{ inputs.pr_number }}, + body: `āœ… Pre-commit hooks passed!\n\nāœØ No changes needed - your code is already formatted correctly.` + }); + + - name: Comment failure + if: failure() + uses: actions/github-script@b72609b8d3f6598eef55e8f8010b7cba8b9ff9c5 # v7.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: ${{ inputs.pr_number }}, + body: `āŒ Pre-commit workflow failed!\n\nPlease check the [workflow logs](https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}) for details.` + }); diff --git a/.github/workflows/precommit-trigger.yml b/.github/workflows/precommit-trigger.yml new file mode 100644 index 000000000..7064545c5 --- /dev/null +++ b/.github/workflows/precommit-trigger.yml @@ -0,0 +1,116 @@ +name: Pre-commit Bot - Trigger + +run-name: Pre-commit bot trigger + +on: + issue_comment: + types: [created] + +jobs: + trigger: + # Only run on pull request comments + if: github.event.issue.pull_request && contains(github.event.comment.body, '@github-actions run precommit') + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + + steps: + - name: Check comment author + id: check_author + uses: actions/github-script@b72609b8d3f6598eef55e8f8010b7cba8b9ff9c5 # v7.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + // Get PR details + const pr = await github.rest.pulls.get({ + owner: context.repo.owner, + repo: context.repo.repo, + pull_number: context.issue.number + }); + + // Check if commenter has write access or is the PR author + const commenter = context.payload.comment.user.login; + const prAuthor = pr.data.user.login; + + let hasPermission = false; + + // Check if commenter is PR author + if (commenter === prAuthor) { + hasPermission = true; + console.log(`Comment author ${commenter} is the PR author`); + } else { + // Check if commenter has write/admin access + try { + const permission = await github.rest.repos.getCollaboratorPermissionLevel({ + owner: context.repo.owner, + repo: context.repo.repo, + username: commenter + }); + + const level = permission.data.permission; + hasPermission = ['write', 'admin', 'maintain'].includes(level); + console.log(`Comment author ${commenter} has permission: ${level}`); + } catch (error) { + console.log(`Could not check permissions for ${commenter}: ${error.message}`); + } + } + + if (!hasPermission) { + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + body: `āŒ @${commenter} You don't have permission to trigger pre-commit. Only PR authors or repository collaborators can run this command.` + }); + core.setFailed(`User ${commenter} does not have permission`); + return; + } + + // Save PR info for the execution workflow + core.setOutput('pr_number', context.issue.number); + core.setOutput('pr_head_ref', pr.data.head.ref); + core.setOutput('pr_head_sha', pr.data.head.sha); + core.setOutput('pr_head_repo', pr.data.head.repo.full_name); + core.setOutput('pr_base_ref', pr.data.base.ref); + core.setOutput('authorized', 'true'); + + - name: React to comment + if: steps.check_author.outputs.authorized == 'true' + uses: actions/github-script@b72609b8d3f6598eef55e8f8010b7cba8b9ff9c5 # v7.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + await github.rest.reactions.createForIssueComment({ + owner: context.repo.owner, + repo: context.repo.repo, + comment_id: context.payload.comment.id, + content: 'rocket' + }); + + - name: Trigger execution workflow + if: steps.check_author.outputs.authorized == 'true' + uses: actions/github-script@b72609b8d3f6598eef55e8f8010b7cba8b9ff9c5 # v7.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + await github.rest.actions.createWorkflowDispatch({ + owner: context.repo.owner, + repo: context.repo.repo, + workflow_id: 'precommit-execute.yml', + ref: context.payload.repository.default_branch, + inputs: { + pr_number: '${{ steps.check_author.outputs.pr_number }}', + pr_head_ref: '${{ steps.check_author.outputs.pr_head_ref }}', + pr_head_sha: '${{ steps.check_author.outputs.pr_head_sha }}', + pr_head_repo: '${{ steps.check_author.outputs.pr_head_repo }}', + pr_base_ref: '${{ steps.check_author.outputs.pr_base_ref }}' + } + }); + + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + body: `šŸš€ Pre-commit workflow triggered! Check the [Actions tab](https://github.com/${context.repo.owner}/${context.repo.repo}/actions/workflows/precommit-execute.yml) for progress.` + }); diff --git a/docs/static/img/llama-stack.png b/docs/static/img/llama-stack.png index 5f68c18a8..69c0a54bb 100644 Binary files a/docs/static/img/llama-stack.png and b/docs/static/img/llama-stack.png differ