Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add auto deps version update workflow #2707

Merged
merged 6 commits into from
Oct 24, 2024

Conversation

vankichi
Copy link
Contributor

@vankichi vankichi commented Oct 18, 2024

Description

SSIA

Related Issue

Versions

  • Vald Version: v1.7.13
  • Go Version: v1.23.2
  • Rust Version: v1.81.0
  • Docker Version: v27.3.1
  • Kubernetes Version: v1.31.1
  • Helm Version: v3.16.2
  • NGT Version: v2.2.4
  • Faiss Version: v1.9.0

Checklist

Special notes for your reviewer

Summary by CodeRabbit

  • New Features

    • Enhanced GitHub Actions workflow for updating dependencies with a broader scope and more descriptive naming.
    • Introduced new commands for managing dependencies and improving code quality, including formatting and linting enhancements.
    • Added automated update targets for the buf and usearch tools.
  • Chores

    • Updated the Makefile to streamline dependency management and installation procedures, ensuring better organization and usability.

Copy link
Contributor

coderabbitai bot commented Oct 18, 2024

Warning

Rate limit exceeded

@vankichi has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 18 minutes and 40 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Files that changed from the base of the PR and between e90a426 and f00d518.

📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough

Walkthrough

The changes involve modifications to the GitHub Actions workflow in .github/workflows/update-deps.yaml for updating dependencies, including a name change and a series of new commands replacing the previous single command. The Makefile has also been updated with new variables for managing various dependencies and enhancements to existing targets for formatting and linting. Additionally, new targets have been introduced in Makefile.d/dependencies.mk for updating specific tools. These updates aim to improve the overall dependency management and code quality processes within the project.

Changes

File Change Summary
.github/workflows/update-deps.yaml Workflow name changed, multiple commands added for dependency updates, a new step added, and PR title/body updated.
Makefile New variable added for managing example Go project dependencies, updates to format and lint targets for improved code quality.
Makefile.d/dependencies.mk New targets added for update/buf and update/usearch to automate tool updates.

Possibly related PRs

Suggested labels

type/feature, priority/medium, size/M

Suggested reviewers

  • hlts2

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@vankichi vankichi requested review from a team, kpango and datelier and removed request for a team October 18, 2024 08:21
Copy link

cloudflare-workers-and-pages bot commented Oct 18, 2024

Deploying vald with  Cloudflare Pages  Cloudflare Pages

Latest commit: f00d518
Status: ✅  Deploy successful!
Preview URL: https://d84b31fd.vald.pages.dev
Branch Preview URL: https://ci-makefile-github-add-auto.vald.pages.dev

View logs

@vdaas-ci
Copy link
Collaborator

[CHATOPS:HELP] ChatOps commands.

  • 🙆‍♀️ /approve - approve
  • 🍱 /format - format codes and add licenses
  • /gen-test - generate test codes
  • 🏷️ /label - add labels
  • 🔚 2️⃣ 🔚 /label actions/e2e-deploy - run E2E deploy & integration test

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (5)
.github/workflows/update-deps.yaml (3)

22-26: LGTM: Context logging job is well-structured.

The dump-contexts-to-log job is correctly set up and uses the latest version of actions/checkout, which is good practice. The custom action for dumping context can be valuable for debugging.

Consider adding a comment explaining the purpose of the dump-contexts-to-log job and what kind of information it logs. This would improve the workflow's self-documentation.


27-40: LGTM: Job setup and Git configuration are well-implemented.

The update-version job is correctly configured with appropriate Git and GPG settings. Using a custom token and signing commits with GPG are good security practices.

Consider using GitHub's built-in ${{ github.workspace }} context variable instead of ${GITHUB_WORKSPACE} in the Git config command for consistency and to ensure it's always correctly expanded:

git config --global --add safe.directory "${{ github.workspace }}"
🧰 Tools
🪛 actionlint

34-34: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)


53-64: LGTM: PR creation is well-configured.

The PR creation step is correctly implemented and includes all necessary details. Using a conditional check and a separate token for PR creation are good practices.

Consider adding more details to the PR body, such as a list of updated dependencies or a link to the workflow run. This can be achieved by using the diff_output suggested in the previous comment:

body: |
  Automated pull request to update Dependencies.

  ### Changes:
  ```diff
  ${{ steps.check_diff.outputs.diff_output }}

[Workflow run](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})


This will provide more context in the PR, making it easier for reviewers to understand the changes.

</blockquote></details>
<details>
<summary>Makefile.d/dependencies.mk (2)</summary><blockquote>

`156-160`: **LGTM: New `update/buf` target added correctly**

The new target for updating the buf version is implemented consistently with other similar targets in the file. It correctly fetches the latest release version from GitHub and writes it to the appropriate version file.



Consider adding error handling to the curl command, similar to other targets in this file. For example:

```diff
 update/buf:
-	curl -fsSL https://api.github.com/repos/bufbuild/buf/releases/latest | grep -Po '"tag_name": "\K.*?(?=")' > $(ROOTDIR)/versions/BUF_VERSION
+	@{ \
+		RESULT=$$(curl -fsSL https://api.github.com/repos/bufbuild/buf/releases/latest | grep -Po '"tag_name": "\K.*?(?=")'); \
+		if [ -n "$$RESULT" ]; then \
+			echo $$RESULT > $(ROOTDIR)/versions/BUF_VERSION; \
+		else \
+			echo "No version found for buf" >&2; \
+			exit 1; \
+		fi \
+	}

This change would make the target more robust and consistent with other targets in the file.


201-205: LGTM: New update/usearch target added correctly

The new target for updating the usearch version is implemented consistently with other similar targets in the file. It correctly fetches the latest release version from GitHub and writes it to the appropriate version file.

Consider adding error handling to the curl command, similar to other targets in this file. For example:

 update/usearch:
-	curl -fsSL https://api.github.com/repos/unum-cloud/usearch/releases/latest | grep -Po '"tag_name": "\K.*?(?=")' | sed 's/v//g' > $(ROOTDIR)/versions/USEARCH_VERSION
+	@{ \
+		RESULT=$$(curl -fsSL https://api.github.com/repos/unum-cloud/usearch/releases/latest | grep -Po '"tag_name": "\K.*?(?=")' | sed 's/v//g'); \
+		if [ -n "$$RESULT" ]; then \
+			echo $$RESULT > $(ROOTDIR)/versions/USEARCH_VERSION; \
+		else \
+			echo "No version found for usearch" >&2; \
+			exit 1; \
+		fi \
+	}

This change would make the target more robust and consistent with other targets in the file.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 0a8b332 and f038302.

📒 Files selected for processing (2)
  • .github/workflows/update-deps.yaml (1 hunks)
  • Makefile.d/dependencies.mk (4 hunks)
🧰 Additional context used
🪛 actionlint
.github/workflows/update-deps.yaml

34-34: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)


46-46: shellcheck reported issue in this script: SC2086:info:5:31: Double quote to prevent globbing and word splitting

(shellcheck)

🔇 Additional comments (4)
.github/workflows/update-deps.yaml (2)

16-20: LGTM: Workflow name and triggers are well-defined.

The workflow name clearly describes its purpose, and the trigger configuration allows for both manual and automated execution. The daily schedule ensures regular dependency checks, which is a good practice for maintaining up-to-date dependencies.


1-64: Overall assessment: Well-implemented workflow with room for minor improvements.

This GitHub Actions workflow for updating dependencies is well-structured and achieves its purpose effectively. It includes necessary steps such as checking out the repository, updating dependencies, checking for changes, and creating a pull request when needed. The use of GPG signing and a separate token for PR creation are good security practices.

The suggested improvements throughout the review are mainly focused on:

  1. Enhancing readability and self-documentation
  2. Addressing potential shell scripting issues
  3. Providing more context in the created pull requests

These changes will make the workflow more robust and easier to maintain in the long run. Great job on implementing this automated dependency update process!

🧰 Tools
🪛 actionlint

34-34: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)


46-46: shellcheck reported issue in this script: SC2086:info:5:31: Double quote to prevent globbing and word splitting

(shellcheck)

Makefile.d/dependencies.mk (2)

20-20: LGTM: New dependencies added correctly

The update/buf and update/usearch targets have been appropriately added to the update/libs target. They are placed in alphabetical order, maintaining the existing structure of the file.

Also applies to: 42-42


Line range hint 1-305: Overall assessment: Changes are well-implemented and consistent

The additions to the Makefile.d/dependencies.mk file effectively introduce support for updating two new dependencies: buf and usearch. The implementation is consistent with existing targets in the file, maintaining the overall structure and purpose of the Makefile.

The suggested improvements for error handling in both new targets would further enhance the robustness of the update process, aligning them more closely with some of the more comprehensive targets in the file.

These changes contribute positively to the project's dependency management capabilities.

.github/workflows/update-deps.yaml Outdated Show resolved Hide resolved
coderabbitai[bot]
coderabbitai bot previously approved these changes Oct 18, 2024
coderabbitai[bot]
coderabbitai bot previously approved these changes Oct 21, 2024
coderabbitai[bot]
coderabbitai bot previously approved these changes Oct 21, 2024
@vankichi vankichi force-pushed the ci/makefile-github/add-auto-dependencies-update branch 3 times, most recently from 95d3fcd to aa86724 Compare October 22, 2024 06:38
kpango
kpango previously approved these changes Oct 24, 2024
@vankichi vankichi requested a review from kmrmt October 24, 2024 04:32
kpango
kpango previously approved these changes Oct 24, 2024
Signed-off-by: vankichi <kyukawa315@gmail.com>
@vankichi vankichi force-pushed the ci/makefile-github/add-auto-dependencies-update branch from b25a165 to f00d518 Compare October 24, 2024 06:34
@vankichi vankichi merged commit 5be4d7e into main Oct 24, 2024
123 of 124 checks passed
@vankichi vankichi deleted the ci/makefile-github/add-auto-dependencies-update branch October 24, 2024 06:40
vdaas-ci pushed a commit that referenced this pull request Oct 24, 2024
* 💚 Add auto deps version update workflow

Signed-off-by: vankichi <kyukawa315@gmail.com>

* 💚 Update make commands

Signed-off-by: vankichi <kyukawa315@gmail.com>

* 💚 Fix

Signed-off-by: vankichi <kyukawa315@gmail.com>

* 💚 Add make permission

Signed-off-by: vankichi <kyukawa315@gmail.com>

* 💚 Add labels

Signed-off-by: vankichi <kyukawa315@gmail.com>

* 💚 Fix

Signed-off-by: vankichi <kyukawa315@gmail.com>

---------

Signed-off-by: vankichi <kyukawa315@gmail.com>
vankichi added a commit that referenced this pull request Oct 25, 2024
* 💚 Add auto deps version update workflow



* 💚 Update make commands



* 💚 Fix



* 💚 Add make permission



* 💚 Add labels



* 💚 Fix



---------

Signed-off-by: vankichi <kyukawa315@gmail.com>
Co-authored-by: Kiichiro YUKAWA <kyukawa315@gmail.com>
takuyaymd pushed a commit to takuyaymd/vald that referenced this pull request Dec 2, 2024
* 💚 Add auto deps version update workflow

Signed-off-by: vankichi <kyukawa315@gmail.com>

* 💚 Update make commands

Signed-off-by: vankichi <kyukawa315@gmail.com>

* 💚 Fix

Signed-off-by: vankichi <kyukawa315@gmail.com>

* 💚 Add make permission

Signed-off-by: vankichi <kyukawa315@gmail.com>

* 💚 Add labels

Signed-off-by: vankichi <kyukawa315@gmail.com>

* 💚 Fix

Signed-off-by: vankichi <kyukawa315@gmail.com>

---------

Signed-off-by: vankichi <kyukawa315@gmail.com>
takuyaymd pushed a commit to takuyaymd/vald that referenced this pull request Dec 2, 2024
* 💚 Add auto deps version update workflow

Signed-off-by: vankichi <kyukawa315@gmail.com>

* 💚 Update make commands

Signed-off-by: vankichi <kyukawa315@gmail.com>

* 💚 Fix

Signed-off-by: vankichi <kyukawa315@gmail.com>

* 💚 Add make permission

Signed-off-by: vankichi <kyukawa315@gmail.com>

* 💚 Add labels

Signed-off-by: vankichi <kyukawa315@gmail.com>

* 💚 Fix

Signed-off-by: vankichi <kyukawa315@gmail.com>

---------

Signed-off-by: vankichi <kyukawa315@gmail.com>
This was referenced Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants