chore: generator to sdk sync workflow#709
Conversation
|
Important Review skippedAuto incremental reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
WalkthroughThis pull request introduces a new GitHub Actions workflow that automatically regenerates SDKs whenever generator configuration, scripts, Docker setup, or build targets change. The workflow computes a language/repository matrix, checks out both the generator and target SDK repositories, runs language-specific regeneration via make, detects changes, commits and pushes to a sync branch with signed credentials, and creates or updates pull requests with links to the generator run. ChangesSDK Synchronization Workflow
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Suggested reviewers
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
Adds a GitHub Actions workflow that regenerates each downstream SDK repo when sdk-generator inputs change on main, and opens/updates a “sync with generator” PR in the affected SDK repository when drift is detected.
Changes:
- Introduces
.github/workflows/sync-sdks.yamlto compute an SDK matrix (all on push; selected SDK on manual dispatch). - For each SDK, checks out the SDK repo, runs
make test-client-<lang>, and detects whether regeneration produced changes. - If drift exists, signs and force-pushes a
sync/sdk-generatorbranch and creates/updates a PR (with best-effort labeling/commenting).
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/sync-sdks.yaml:
- Around line 10-14: Add the OpenAPI spec to the push trigger paths so SDK
regeneration runs on spec-only changes: update the workflow's paths list (the
existing "paths:" block containing "config/**", "scripts/**", "docker/**",
"Makefile") to include the OpenAPI spec file
"docs/openapi/openfga.openapiv2.json" (or the containing directory
"docs/openapi/**") so make test-client-* will be triggered when the spec
changes.
- Around line 223-230: The Summary step currently runs under always() and only
checks steps.diff.outputs.dirty, which can print misleading messages after
earlier failures; modify the Summary step (named "Summary") to export the job
status into the run (e.g., add env: JOB_STATUS: ${{ job.status }}) and in the
run script first check if [ "$JOB_STATUS" != "success" ] and if so print a
failure/skip summary (or nothing) and exit non-zero or return, otherwise proceed
to inspect steps.diff.outputs.dirty and print the existing "drift detected" /
"in sync" messages; ensure you reference steps.diff.outputs.dirty unchanged and
only emit the sync messages when JOB_STATUS == "success".
- Around line 15-27: The workflow currently exposes workflow_dispatch with the
sdk input and needs a ref guard so manual runs only act on main; update the
workflow so all jobs that perform the sync (those triggered by
workflow_dispatch) include an if condition checking github.ref ==
'refs/heads/main' (or add a single top-level job that gates execution with if:
github.ref == 'refs/heads/main'), referencing the existing workflow_dispatch
trigger and sdk input, to prevent runs from non-main branches from executing the
sync steps.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 426ddf7c-1fac-49d3-b004-33f8d372d4a3
📒 Files selected for processing (1)
.github/workflows/sync-sdks.yaml
Description
Add SDK sync workflow
Adds
.github/workflows/sync-sdks.yaml, which keeps the SDK repos in sync with the generator. Whenever generator inputs change onmain, each SDK is regenerated and any resulting drift is raised as a PR in the SDK's own repo.Triggers
maintouchingconfig/**,scripts/**,docker/**, orMakefile(workflow files don't trigger it)sdkdropdown (all,js,go,dotnet,python,java)Flow
preparecomputes the SDK matrix (all SDKs on push, the selected one on dispatch)main, then runmake test-client-<lang>sync/sdk-generatorbranch in the SDK repo, and open a PR titledchore(sync): sync with generatorsync-with-generatorlabel for tracking (best-effort)Auth
Uses the same GitHub App (
RELEASER_APP_CLIENT_ID/RELEASER_APP_PRIVATE_KEY) and GPG key (GPG_PRIVATE_KEY/GPG_PASSPHRASE) as release-please, so PRs and commits show up as the releaser bot. The app token is minted per-SDK with access scoped to that repo only, and only after the build, since installation tokens expire after an hour.What problem is being solved?
How is it being solved?
What changes are made to solve it?
References
Review Checklist
mainSummary by CodeRabbit