Resolve and build dependency wheels in one PR with the dependency bump that triggers the build#23063
Resolve and build dependency wheels in one PR with the dependency bump that triggers the build#23063
Conversation
When integrations-core triggers agent CI builds, pass PACKAGE_BASE_URL
pointing to dev storage. This prepares for lockfiles switching to
${PACKAGE_BASE_URL}/... format so PR-triggered builds use dev wheels.
No-op today since current lockfiles use hardcoded URLs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Support both the legacy hardcoded URL format and the new
\${PACKAGE_BASE_URL}/... template format in lockfile entries.
Resolves \${PACKAGE_BASE_URL} to the stable base URL before
downloading wheels for size calculations.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Wheels are now uploaded to dev/{artifact_type}/{project_name}/ paths
in GCS instead of the unprefixed paths. Lockfile entries are templated
with \${PACKAGE_BASE_URL} so pip resolves the URL at install time using
either the dev or stable base URL depending on the environment.
Also fix brittle index extraction in generate_artifact_listings and
list_wheels_with_prefix to use split('/')[-1] and split('/')[-2]
instead of hardcoded indices.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Lockfiles now use \${PACKAGE_BASE_URL}/... template entries instead of
hardcoded URLs. Update url_to_blob_path to extract the relative path
from \${PACKAGE_BASE_URL}/... entries, then prepend dev/ when looking up
blobs in GCS and stable/ for the promotion destination.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Instead of creating a separate PR with updated lockfiles, the publish job now commits them directly to the PR branch. This collapses the two-PR dependency update workflow into a single PR. - Trigger: pull_request only (remove push and workflow_dispatch) - Permission: contents: write (needed for git push) - Token: GitHub App token checked out before checkout so push works - Replace peter-evans/create-pull-request with a git commit + push step Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
promote-gate.yaml runs on every PR push to master/7.*.*. If dependency files (agent_requirements.in or .deps/resolved/) changed, it sets the promote-wheels commit status to pending, blocking merge. Otherwise it sets it to success (no promotion needed). promote-wheels.yaml is triggered via workflow_dispatch (by ddev promote). It checks out the PR branch at the given SHA, runs .builders/promote.py to copy wheels from dev/ to stable/ in GCS, then sets the promote-wheels commit status to success and posts a comment on the PR. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
test_upload.py: update all blob path assertions to use dev/ prefix
and all lockfile URL assertions to use \${PACKAGE_BASE_URL} format.
Update generate_artifact_listings assertions to use dev/-prefixed paths.
test_promote.py (new): test lockfile parsing, url_to_blob_path,
collect_relative_paths, GCS copy with correct dev/stable paths,
idempotency, and failure on missing source blobs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
This PR does not modify any files shipped with the agent. To help streamline the release process, please consider adding the |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 14bd37bd66
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| - name: Check if dependency files changed | ||
| id: deps-changed | ||
| run: | | ||
| CHANGED=$(git diff --name-only origin/${{ github.base_ref }}...${{ github.sha }} -- \ |
There was a problem hiding this comment.
The git diff command relies on origin/${{ github.base_ref }}, but this workflow uses actions/checkout with its default shallow fetch (single triggering commit), so the base branch ref is not guaranteed to exist locally. In that state this step fails with fatal: bad revision ..., and the workflow never sets the promote-wheels commit status. Add fetch-depth: 0 (or diff against explicit SHAs from the event payload) before running this command.
Useful? React with 👍 / 👎.
| name: Publish artifacts and update lockfiles via PR | ||
| if: needs.check-should-run.outputs.should_run_build == 'true' && (github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && (github.ref_name == github.event.repository.default_branch || startsWith(github.ref_name, '7.')))) | ||
| name: Publish artifacts and commit lockfiles to branch | ||
| if: needs.check-should-run.outputs.should_run_build == 'true' && github.event_name == 'pull_request' |
There was a problem hiding this comment.
This job now runs for all pull_request events, but later steps require write-capable secrets/tokens and push back to the PR branch. For fork-based PRs, those secrets are unavailable and the head branch is not in the base repository, so dependency-update PRs from forks will fail in publish even when builds succeed. Gate this job to non-fork PRs (or add a fork-safe fallback) to avoid breaking external contribution flows.
Useful? React with 👍 / 👎.
Codecov Report❌ Patch coverage is Additional details and impacted files🚀 New features to boost your workflow:
|
1 participant
What does this PR do?
Motivation
We're fed up with having to make 2 PRs every time we resolve dependencies!
Review checklist (to be filled by reviewers)
qa/skip-qalabel if the PR doesn't need to be tested during QA.backport/<branch-name>label to the PR and it will automatically open a backport PR once this one is merged