mirror of
https://github.com/meta-llama/llama-stack.git
synced 2025-12-22 10:56:19 +00:00
e710622d4c
# What does this PR do?
Various fixes to integration test recording + stainless calling of
integration tests:
1. only the library client was being run, they all should be
2. the git check grabs diffs like:
M tests/integration/client-typescript/package-lock.json
M tests/integration/client-typescript/package.json
it should not
additionally:
Fixes rebase conflicts when stainless workflow runs integration tests
with
record-if-missing mode on PRs. Previously, the workflow would:
1. Commit all files in tests/integration/ (including non-recordings)
2. Try to rebase and push to 'main' instead of the PR branch
3. Fail with merge conflicts on PR-specific changes
Changes:
- Add pr_head_ref and is_fork_pr parameters flowing through workflow
chain
- Use target-branch input instead of github.ref_name in recording
commits
- Detect and handle fork PRs by skipping push and uploading recordings
as artifacts
- Add 7-day artifact retention for fork PR recordings
- Support both workflow_call and direct pull_request trigger contexts
For same-repo PRs: recordings now commit/push to the PR branch correctly
For fork PRs: recordings upload as downloadable artifacts with
instructions
you can see a failing workflow:
5846590613
with the rebase issues.
---------
Signed-off-by: Charlie Doern <cdoern@redhat.com>
227 lines
9.8 KiB
YAML
227 lines
9.8 KiB
YAML
name: Stainless SDK Builds
|
|
run-name: Build Stainless SDK from OpenAPI spec changes
|
|
|
|
# This workflow uses pull_request_target, which allows it to run on pull requests
|
|
# from forks with access to secrets. This is safe because the workflow definition
|
|
# comes from the base branch (trusted), and the action only reads OpenAPI spec
|
|
# files without executing any code from the PR.
|
|
|
|
on:
|
|
pull_request_target:
|
|
types:
|
|
- opened
|
|
- synchronize
|
|
- reopened
|
|
- closed
|
|
paths:
|
|
- "client-sdks/stainless/**"
|
|
- ".github/workflows/stainless-builds.yml" # this workflow
|
|
workflow_dispatch:
|
|
inputs:
|
|
pr_number:
|
|
description: 'PR number to run Stainless build for'
|
|
required: true
|
|
type: number
|
|
sdk_install_url:
|
|
description: 'Python SDK install URL (optional, for testing specific builds)'
|
|
required: false
|
|
type: string
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || inputs.pr_number || github.run_id }}
|
|
cancel-in-progress: true
|
|
|
|
env:
|
|
# Stainless organization name.
|
|
STAINLESS_ORG: llamastack
|
|
|
|
# Stainless project name.
|
|
STAINLESS_PROJECT: llama-stack-client
|
|
|
|
# Path to your OpenAPI spec.
|
|
OAS_PATH: ./client-sdks/stainless/openapi.yml
|
|
|
|
# Path to your Stainless config. Optional; only provide this if you prefer
|
|
# to maintain the ground truth Stainless config in your own repo.
|
|
CONFIG_PATH: ./client-sdks/stainless/config.yml
|
|
|
|
# When to fail the job based on build conclusion.
|
|
# Options: "never" | "note" | "warning" | "error" | "fatal".
|
|
FAIL_ON: error
|
|
|
|
# In your repo secrets, configure:
|
|
# - STAINLESS_API_KEY: a Stainless API key, which you can generate on the
|
|
# Stainless organization dashboard
|
|
|
|
jobs:
|
|
compute-branch:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
preview_branch: ${{ steps.compute.outputs.preview_branch }}
|
|
base_branch: ${{ steps.compute.outputs.base_branch }}
|
|
merge_branch: ${{ steps.compute.outputs.merge_branch }}
|
|
pr_head_repo: ${{ steps.compute.outputs.pr_head_repo }}
|
|
pr_head_ref: ${{ steps.compute.outputs.pr_head_ref }}
|
|
pr_head_sha: ${{ steps.compute.outputs.pr_head_sha }}
|
|
pr_base_sha: ${{ steps.compute.outputs.pr_base_sha }}
|
|
pr_base_ref: ${{ steps.compute.outputs.pr_base_ref }}
|
|
pr_title: ${{ steps.compute.outputs.pr_title }}
|
|
is_fork_pr: ${{ steps.compute.outputs.is_fork_pr }}
|
|
steps:
|
|
- name: Fetch PR details for workflow_dispatch
|
|
if: github.event_name == 'workflow_dispatch'
|
|
id: fetch-pr
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
run: |
|
|
PR_DATA=$(gh pr view ${{ inputs.pr_number }} --repo ${{ github.repository }} --json headRefName,headRepository,headRefOid,baseRefName,baseRefOid,headRepositoryOwner,title)
|
|
echo "pr_data=$PR_DATA" >> $GITHUB_OUTPUT
|
|
|
|
- name: Compute branch names
|
|
id: compute
|
|
run: |
|
|
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
|
|
# Extract from fetched PR data
|
|
PR_DATA='${{ steps.fetch-pr.outputs.pr_data }}'
|
|
FORK_OWNER=$(echo "$PR_DATA" | jq -r '.headRepositoryOwner.login')
|
|
REPO_NAME=$(echo "$PR_DATA" | jq -r '.headRepository.name')
|
|
HEAD_REPO="${FORK_OWNER}/${REPO_NAME}"
|
|
BRANCH_NAME=$(echo "$PR_DATA" | jq -r '.headRefName')
|
|
HEAD_SHA=$(echo "$PR_DATA" | jq -r '.headRefOid')
|
|
BASE_SHA=$(echo "$PR_DATA" | jq -r '.baseRefOid')
|
|
BASE_REF=$(echo "$PR_DATA" | jq -r '.baseRefName')
|
|
PR_TITLE=$(echo "$PR_DATA" | jq -r '.title')
|
|
else
|
|
# Use pull_request_target event data
|
|
HEAD_REPO="${{ github.event.pull_request.head.repo.full_name }}"
|
|
BRANCH_NAME="${{ github.event.pull_request.head.ref }}"
|
|
FORK_OWNER="${{ github.event.pull_request.head.repo.owner.login }}"
|
|
HEAD_SHA="${{ github.event.pull_request.head.sha }}"
|
|
BASE_SHA="${{ github.event.pull_request.base.sha }}"
|
|
BASE_REF="${{ github.event.pull_request.base.ref }}"
|
|
PR_TITLE="${{ github.event.pull_request.title }}"
|
|
fi
|
|
|
|
BASE_REPO="${{ github.repository }}"
|
|
|
|
if [ "$HEAD_REPO" != "$BASE_REPO" ]; then
|
|
# Fork PR: prefix with fork owner for isolation
|
|
if [ -z "$FORK_OWNER" ]; then
|
|
echo "Error: Fork PR detected but fork owner is empty" >&2
|
|
exit 1
|
|
fi
|
|
PREVIEW_BRANCH="preview/${FORK_OWNER}/${BRANCH_NAME}"
|
|
BASE_BRANCH="preview/base/${FORK_OWNER}/${BRANCH_NAME}"
|
|
IS_FORK_PR="true"
|
|
else
|
|
# Same-repo PR
|
|
PREVIEW_BRANCH="preview/${BRANCH_NAME}"
|
|
BASE_BRANCH="preview/base/${BRANCH_NAME}"
|
|
IS_FORK_PR="false"
|
|
fi
|
|
|
|
echo "preview_branch=${PREVIEW_BRANCH}" >> $GITHUB_OUTPUT
|
|
echo "base_branch=${BASE_BRANCH}" >> $GITHUB_OUTPUT
|
|
echo "merge_branch=${PREVIEW_BRANCH}" >> $GITHUB_OUTPUT
|
|
echo "pr_head_repo=${HEAD_REPO}" >> $GITHUB_OUTPUT
|
|
echo "pr_head_ref=${BRANCH_NAME}" >> $GITHUB_OUTPUT
|
|
echo "pr_head_sha=${HEAD_SHA}" >> $GITHUB_OUTPUT
|
|
echo "pr_base_sha=${BASE_SHA}" >> $GITHUB_OUTPUT
|
|
echo "pr_base_ref=${BASE_REF}" >> $GITHUB_OUTPUT
|
|
echo "pr_title=${PR_TITLE}" >> $GITHUB_OUTPUT
|
|
echo "is_fork_pr=${IS_FORK_PR}" >> $GITHUB_OUTPUT
|
|
|
|
preview:
|
|
needs: compute-branch
|
|
# Skip preview if workflow_dispatch provides sdk_install_url, or if PR is being closed
|
|
if: |
|
|
(github.event_name == 'workflow_dispatch' && inputs.sdk_install_url == '') ||
|
|
(github.event_name == 'pull_request_target' && github.event.action != 'closed')
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
outputs:
|
|
sdk_install_url: ${{ fromJSON(steps.run-preview.outputs.outcomes || '{}').python.install_url || '' }}
|
|
steps:
|
|
# Checkout the PR's code to access the OpenAPI spec and config files.
|
|
# This is necessary to read the spec/config from the PR (including from forks).
|
|
- name: Checkout repository
|
|
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
|
with:
|
|
repository: ${{ needs.compute-branch.outputs.pr_head_repo }}
|
|
ref: ${{ needs.compute-branch.outputs.pr_head_sha }}
|
|
fetch-depth: 2
|
|
|
|
- name: Run preview builds
|
|
id: run-preview
|
|
uses: stainless-api/upload-openapi-spec-action/preview@979824f1ea5f44334940f0768d04642b6cdaa0d1 # 1.8.1
|
|
env:
|
|
PR_NUMBER: ${{ inputs.pr_number || github.event.pull_request.number }}
|
|
with:
|
|
stainless_api_key: ${{ secrets.STAINLESS_API_KEY }}
|
|
org: ${{ env.STAINLESS_ORG }}
|
|
project: ${{ env.STAINLESS_PROJECT }}
|
|
oas_path: ${{ env.OAS_PATH }}
|
|
config_path: ${{ env.CONFIG_PATH }}
|
|
fail_on: ${{ env.FAIL_ON }}
|
|
base_sha: ${{ needs.compute-branch.outputs.pr_base_sha }}
|
|
base_ref: ${{ needs.compute-branch.outputs.pr_base_ref }}
|
|
head_sha: ${{ needs.compute-branch.outputs.pr_head_sha }}
|
|
branch: ${{ needs.compute-branch.outputs.preview_branch }}
|
|
base_branch: ${{ needs.compute-branch.outputs.base_branch }}
|
|
commit_message: ${{ needs.compute-branch.outputs.pr_title }}
|
|
make_comment: true
|
|
|
|
run-integration-tests:
|
|
needs: [compute-branch, preview]
|
|
if: |
|
|
always() &&
|
|
(needs.preview.result == 'success' || needs.preview.result == 'skipped') &&
|
|
(github.event_name == 'workflow_dispatch' || github.event.action != 'closed')
|
|
uses: ./.github/workflows/integration-tests.yml
|
|
with:
|
|
# Use provided sdk_install_url from workflow_dispatch, or from preview build
|
|
sdk_install_url: ${{ inputs.sdk_install_url || needs.preview.outputs.sdk_install_url }}
|
|
matrix_key: 'stainless'
|
|
test-all-client-versions: false
|
|
pr_head_sha: ${{ needs.compute-branch.outputs.pr_head_sha }}
|
|
pr_head_ref: ${{ needs.compute-branch.outputs.pr_head_ref }}
|
|
is_fork_pr: ${{ needs.compute-branch.outputs.is_fork_pr == 'true' }}
|
|
|
|
merge:
|
|
needs: compute-branch
|
|
if: github.event_name == 'pull_request_target' && github.event.action == 'closed' && github.event.pull_request.merged == true
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
steps:
|
|
# Checkout the PR's code to access the OpenAPI spec and config files.
|
|
# This is necessary to read the spec/config from the PR (including from forks).
|
|
- name: Checkout repository
|
|
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
|
with:
|
|
repository: ${{ needs.compute-branch.outputs.pr_head_repo }}
|
|
ref: ${{ needs.compute-branch.outputs.pr_head_sha }}
|
|
fetch-depth: 2
|
|
|
|
# Note that this only merges in changes that happened on the last build on
|
|
# the computed preview branch. It's possible that there are OAS/config
|
|
# changes that haven't been built, if the preview job didn't finish
|
|
# before this step starts. In theory we want to wait for all builds
|
|
# against the preview branch to complete, but assuming that
|
|
# the preview job happens before the PR merge, it should be fine.
|
|
- name: Run merge build
|
|
uses: stainless-api/upload-openapi-spec-action/merge@979824f1ea5f44334940f0768d04642b6cdaa0d1 # 1.8.1
|
|
with:
|
|
stainless_api_key: ${{ secrets.STAINLESS_API_KEY }}
|
|
org: ${{ env.STAINLESS_ORG }}
|
|
project: ${{ env.STAINLESS_PROJECT }}
|
|
oas_path: ${{ env.OAS_PATH }}
|
|
config_path: ${{ env.CONFIG_PATH }}
|
|
fail_on: ${{ env.FAIL_ON }}
|
|
base_sha: ${{ needs.compute-branch.outputs.pr_base_sha }}
|
|
base_ref: ${{ needs.compute-branch.outputs.pr_base_ref }}
|
|
head_sha: ${{ needs.compute-branch.outputs.pr_head_sha }}
|
|
merge_branch: ${{ needs.compute-branch.outputs.merge_branch }}
|