From 8007374a7ee8ec8f915e7b46d91516e32875d574 Mon Sep 17 00:00:00 2001 From: Juanpe Araque Date: Wed, 26 Nov 2025 18:07:33 +0100 Subject: [PATCH 01/12] Fix build wheels workflow to allow running on dispatch --- .github/workflows/resolve-build-deps.yaml | 95 ++++++++++++----------- 1 file changed, 51 insertions(+), 44 deletions(-) diff --git a/.github/workflows/resolve-build-deps.yaml b/.github/workflows/resolve-build-deps.yaml index 7239d13dfc115..4d422ff337a21 100644 --- a/.github/workflows/resolve-build-deps.yaml +++ b/.github/workflows/resolve-build-deps.yaml @@ -1,6 +1,7 @@ name: Resolve Dependencies and Build Wheels on: + workflow_dispatch: pull_request: branches: - master @@ -26,22 +27,23 @@ env: # https://reproducible-builds.org/specs/source-date-epoch/ SOURCE_DATE_EPOCH: "1580601600" -jobs: +jobs: # measure-disk-usage.yml depends on this workflow being triggered and completed, # so it can wait for the build to calculate dependency sizes. # The 'on' setting ensures it runs, but this job cancels it if no dependency changes are detected. - check-dependency-changes: - name: Check dependency changes + check-should-run: + name: Check if build should run runs-on: ubuntu-22.04 permissions: actions: write outputs: - dependency_changed: ${{ steps.dependency-check.outputs.dependency_changed }} builder_changed: ${{ steps.dependency-check.outputs.builder_changed }} + should_run_build: ${{ steps.dependency-check.outputs.should_run_build }} steps: - name: Define diff commits id: set_sha + if: github.event_name != 'workflow_dispatch' run: | if [ "${{ github.event_name }}" == "pull_request" ]; then PREV_SHA=${{ github.event.pull_request.base.sha }} @@ -59,6 +61,7 @@ jobs: - name: Get changed files id: changed-files + if: github.event_name != 'workflow_dispatch' run: | REPO="${{ github.repository }}" @@ -70,35 +73,39 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Check for dependency changes + - name: Check if build should run id: dependency-check run: | - FILES_CHANGED="${{ steps.changed-files.outputs.files_changed }}" - - cat << EOF > dependency_files.txt - agent_requirements\.in - \.github/workflows/resolve-build-deps\.yaml - \.builders/ - EOF - - cat < builder_files.txt - \.builders/ - EOF - - DEPENDENCY_CHANGED=$( - echo "$FILES_CHANGED" | \ - grep -qf dependency_files.txt \ - && echo "true" || echo "false" - ) - - BUILDER_CHANGED=$( - echo "$FILES_CHANGED" | \ - grep -qf builder_files.txt \ - && echo "true" || echo "false" - ) - + if [ "${{ github.event_name }}" == 'workflow_dispatch' ]; then + BUILDER_CHANGED="false" + SHOULD_RUN_BUILD="true" + else + FILES_CHANGED="${{ steps.changed-files.outputs.files_changed }}" + + cat << EOF > dependency_files.txt + agent_requirements\.in + \.github/workflows/resolve-build-deps\.yaml + \.builders/ + EOF + + cat < builder_files.txt + \.builders/ + EOF + + SHOULD_RUN_BUILD=$( + echo "$FILES_CHANGED" | \ + grep -qf dependency_files.txt \ + && echo "true" || echo "false" + ) + + BUILDER_CHANGED=$( + echo "$FILES_CHANGED" | \ + grep -qf builder_files.txt \ + && echo "true" || echo "false" + ) + fi - echo "dependency_changed=$DEPENDENCY_CHANGED" | tee -a $GITHUB_OUTPUT + echo "should_run_build=$SHOULD_RUN_BUILD" | tee -a $GITHUB_OUTPUT echo "builder_changed=$BUILDER_CHANGED" | tee -a $GITHUB_OUTPUT env: @@ -107,13 +114,13 @@ jobs: test: name: Run tests needs: - - check-dependency-changes - if: needs.check-dependency-changes.outputs.dependency_changed == 'true' + - check-should-run + if: needs.check-should-run.outputs.should_run_build == 'true' runs-on: ubuntu-22.04 steps: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Set up Python ${{ env.PYTHON_VERSION }} + - name: Set up Python ${{ env.PYTHON_VERSION }} uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: ${{ env.PYTHON_VERSION }} @@ -129,8 +136,8 @@ jobs: build: name: Target ${{ matrix.job.image }} on ${{ matrix.job.os }} needs: - - check-dependency-changes - if: needs.check-dependency-changes.outputs.dependency_changed == 'true' + - check-should-run + if: needs.check-should-run.outputs.should_run_build == 'true' runs-on: ${{ matrix.job.os }} strategy: fail-fast: false @@ -172,29 +179,29 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build image and wheels - if: needs.check-dependency-changes.outputs.builder_changed == 'true' + if: needs.check-should-run.outputs.builder_changed == 'true' run: |- python .builders/build.py ${{ matrix.job.image }} --python 3 ${{ env.OUT_DIR }}/py3 - name: Pull image and build wheels - if: needs.check-dependency-changes.outputs.builder_changed == 'false' + if: needs.check-should-run.outputs.builder_changed == 'false' run: |- digest=$(jq -r '.["${{ matrix.job.image }}"]' .deps/image_digests.json) python .builders/build.py ${{ matrix.job.image }} --python 3 ${{ env.OUT_DIR }}/py3 --digest $digest - name: Publish image - if: github.event_name == 'push' && needs.check-dependency-changes.outputs.builder_changed == 'true' + if: github.event_name == 'push' && needs.check-should-run.outputs.builder_changed == 'true' run: ${DOCKER} push ${{ env.BUILDER_IMAGE }} - name: Save new image digest - if: github.event_name == 'push' && needs.check-dependency-changes.outputs.builder_changed == 'true' + if: github.event_name == 'push' && needs.check-should-run.outputs.builder_changed == 'true' run: >- ${DOCKER} inspect --format "{{index .RepoDigests 0}}" ${{ env.BUILDER_IMAGE }} | cut -d '@' -f 2 > ${{ env.OUT_DIR }}/image_digest - name: Persist current image digest - if: github.event_name == 'push' && needs.check-dependency-changes.outputs.builder_changed == 'false' + if: github.event_name == 'push' && needs.check-should-run.outputs.builder_changed == 'false' run: >- jq -r '.["${{ matrix.job.image }}"]' .deps/image_digests.json > ${{ env.OUT_DIR }}/image_digest @@ -208,8 +215,8 @@ jobs: build-macos: name: Target macOS/${{ matrix.job.arch }} on ${{ matrix.job.os }} needs: - - check-dependency-changes - if: needs.check-dependency-changes.outputs.dependency_changed == 'true' + - check-should-run + if: needs.check-should-run.outputs.should_run_build == 'true' runs-on: ${{ matrix.job.os }} strategy: fail-fast: false @@ -282,11 +289,11 @@ jobs: publish: name: Publish artifacts and update lockfiles via PR - if: needs.check-dependency-changes.outputs.dependency_changed == 'true' && (github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && (github.ref_name == github.event.repository.default_branch || startsWith(github.ref_name, '7.')))) + if: needs.check-should-run.outputs.should_run_build == 'true' && (github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && (github.ref_name == github.event.repository.default_branch || startsWith(github.ref_name, '7.')))) needs: - build - build-macos - - check-dependency-changes + - check-should-run runs-on: ubuntu-latest permissions: From 8a11c831da4e14f30ee7bb6a0d36c2d9ca1cab86 Mon Sep 17 00:00:00 2001 From: Juanpe Araque Date: Wed, 26 Nov 2025 18:11:14 +0100 Subject: [PATCH 02/12] Ensure image digest is persisted if we are going to build and lock files --- .github/workflows/resolve-build-deps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/resolve-build-deps.yaml b/.github/workflows/resolve-build-deps.yaml index 4d422ff337a21..a891c222a7a00 100644 --- a/.github/workflows/resolve-build-deps.yaml +++ b/.github/workflows/resolve-build-deps.yaml @@ -201,7 +201,7 @@ jobs: > ${{ env.OUT_DIR }}/image_digest - name: Persist current image digest - if: github.event_name == 'push' && needs.check-should-run.outputs.builder_changed == 'false' + if: needs.check-should-run.outputs.should_run_build == 'true' && needs.check-should-run.outputs.builder_changed == 'false' run: >- jq -r '.["${{ matrix.job.image }}"]' .deps/image_digests.json > ${{ env.OUT_DIR }}/image_digest From d1a4545a598a852f9de18aa1f659495997266deb Mon Sep 17 00:00:00 2001 From: Juanpe Araque Date: Wed, 26 Nov 2025 18:25:13 +0100 Subject: [PATCH 03/12] Unindent EOF --- .github/workflows/resolve-build-deps.yaml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/workflows/resolve-build-deps.yaml b/.github/workflows/resolve-build-deps.yaml index a891c222a7a00..856b993981898 100644 --- a/.github/workflows/resolve-build-deps.yaml +++ b/.github/workflows/resolve-build-deps.yaml @@ -82,15 +82,16 @@ jobs: else FILES_CHANGED="${{ steps.changed-files.outputs.files_changed }}" - cat << EOF > dependency_files.txt - agent_requirements\.in - \.github/workflows/resolve-build-deps\.yaml - \.builders/ - EOF - - cat < builder_files.txt - \.builders/ - EOF + # We use unindented heredocs to avoid issues with YAML/Bash indentation + cat << EOF > dependency_files.txt + agent_requirements\.in + \.github/workflows/resolve-build-deps\.yaml + \.builders/ + EOF + + cat < builder_files.txt + \.builders/ + EOF SHOULD_RUN_BUILD=$( echo "$FILES_CHANGED" | \ From 71154efd1b3624139e7a301bf3cf576bfd1f8f1a Mon Sep 17 00:00:00 2001 From: Juanpe Araque Date: Wed, 26 Nov 2025 19:12:09 +0100 Subject: [PATCH 04/12] Pin krb5 to avoid the failed build --- datadog_checks_base/pyproject.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/datadog_checks_base/pyproject.toml b/datadog_checks_base/pyproject.toml index f7df545e0fa96..595678ccbd2d6 100644 --- a/datadog_checks_base/pyproject.toml +++ b/datadog_checks_base/pyproject.toml @@ -61,6 +61,9 @@ http = [ "pyopenssl==25.1.0", "pysocks==1.7.1", "requests-kerberos==0.15.0", + # Pinned becasue 0.9.0 does not build in py3.13.9 + # Should remove when the build is fixed. + "krb5=0.8.0", "requests-ntlm==1.3.0", "requests-oauthlib==2.0.0", ] From 8e779f069e136d87fd73317c4b10e02a7698c2f0 Mon Sep 17 00:00:00 2001 From: Juanpe Araque Date: Wed, 26 Nov 2025 19:22:47 +0100 Subject: [PATCH 05/12] Revert "Pin krb5 to avoid the failed build" This reverts commit 71154efd1b3624139e7a301bf3cf576bfd1f8f1a. --- datadog_checks_base/pyproject.toml | 3 --- 1 file changed, 3 deletions(-) diff --git a/datadog_checks_base/pyproject.toml b/datadog_checks_base/pyproject.toml index 595678ccbd2d6..f7df545e0fa96 100644 --- a/datadog_checks_base/pyproject.toml +++ b/datadog_checks_base/pyproject.toml @@ -61,9 +61,6 @@ http = [ "pyopenssl==25.1.0", "pysocks==1.7.1", "requests-kerberos==0.15.0", - # Pinned becasue 0.9.0 does not build in py3.13.9 - # Should remove when the build is fixed. - "krb5=0.8.0", "requests-ntlm==1.3.0", "requests-oauthlib==2.0.0", ] From 89ed520a4432ffb69968857fb55cff080e981b54 Mon Sep 17 00:00:00 2001 From: Juanpe Araque Date: Wed, 26 Nov 2025 19:29:17 +0100 Subject: [PATCH 06/12] Try new krb5 pin --- agent_requirements.in | 1 + 1 file changed, 1 insertion(+) diff --git a/agent_requirements.in b/agent_requirements.in index 85e944b3e8db6..5e56c7f018097 100644 --- a/agent_requirements.in +++ b/agent_requirements.in @@ -51,6 +51,7 @@ pywin32==311; sys_platform == 'win32' pyyaml==6.0.2 redis==6.2.0 requests-kerberos==0.15.0 +krb5=0.8.0 requests-ntlm==1.3.0 requests-oauthlib==2.0.0 requests-toolbelt==1.0.0 From 991fac747c9cf09436162c5df66aa7aa39fac20a Mon Sep 17 00:00:00 2001 From: Juanpe Araque Date: Wed, 26 Nov 2025 19:31:34 +0100 Subject: [PATCH 07/12] wip: Work in Progress --- agent_requirements.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent_requirements.in b/agent_requirements.in index 5e56c7f018097..6ef4552c54ecf 100644 --- a/agent_requirements.in +++ b/agent_requirements.in @@ -51,7 +51,7 @@ pywin32==311; sys_platform == 'win32' pyyaml==6.0.2 redis==6.2.0 requests-kerberos==0.15.0 -krb5=0.8.0 +krb5==0.8.0 requests-ntlm==1.3.0 requests-oauthlib==2.0.0 requests-toolbelt==1.0.0 From 02a7347dd1522cb7e0c135d169eaed22653c7858 Mon Sep 17 00:00:00 2001 From: Juanpe Araque Date: Wed, 26 Nov 2025 19:38:14 +0100 Subject: [PATCH 08/12] Add back dependency on dcb alongside requests-kerberos --- datadog_checks_base/pyproject.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/datadog_checks_base/pyproject.toml b/datadog_checks_base/pyproject.toml index f7df545e0fa96..44905d45fc650 100644 --- a/datadog_checks_base/pyproject.toml +++ b/datadog_checks_base/pyproject.toml @@ -61,6 +61,9 @@ http = [ "pyopenssl==25.1.0", "pysocks==1.7.1", "requests-kerberos==0.15.0", + # Added to pin krb5 since version 0.9.0 does not build in py3.13.9 + # Should remove when the build is fixed. + "krb5==0.8.0", "requests-ntlm==1.3.0", "requests-oauthlib==2.0.0", ] From 8bbfabdb2c2a20ecc0c2dd6cc0499ce2656a5c6d Mon Sep 17 00:00:00 2001 From: Juanpe Araque Date: Wed, 26 Nov 2025 19:46:50 +0100 Subject: [PATCH 09/12] Remove pin and opened a separate PR for that --- agent_requirements.in | 1 - datadog_checks_base/pyproject.toml | 3 --- 2 files changed, 4 deletions(-) diff --git a/agent_requirements.in b/agent_requirements.in index 6ef4552c54ecf..85e944b3e8db6 100644 --- a/agent_requirements.in +++ b/agent_requirements.in @@ -51,7 +51,6 @@ pywin32==311; sys_platform == 'win32' pyyaml==6.0.2 redis==6.2.0 requests-kerberos==0.15.0 -krb5==0.8.0 requests-ntlm==1.3.0 requests-oauthlib==2.0.0 requests-toolbelt==1.0.0 diff --git a/datadog_checks_base/pyproject.toml b/datadog_checks_base/pyproject.toml index 44905d45fc650..f7df545e0fa96 100644 --- a/datadog_checks_base/pyproject.toml +++ b/datadog_checks_base/pyproject.toml @@ -61,9 +61,6 @@ http = [ "pyopenssl==25.1.0", "pysocks==1.7.1", "requests-kerberos==0.15.0", - # Added to pin krb5 since version 0.9.0 does not build in py3.13.9 - # Should remove when the build is fixed. - "krb5==0.8.0", "requests-ntlm==1.3.0", "requests-oauthlib==2.0.0", ] From cce5c6b8ab5042c0b9630d7813f3987012381bd0 Mon Sep 17 00:00:00 2001 From: Juanpe Araque Date: Fri, 28 Nov 2025 14:05:15 +0100 Subject: [PATCH 10/12] Remove redundant if condition and chomping pipes --- .github/workflows/resolve-build-deps.yaml | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/.github/workflows/resolve-build-deps.yaml b/.github/workflows/resolve-build-deps.yaml index 856b993981898..764cdc3a33daa 100644 --- a/.github/workflows/resolve-build-deps.yaml +++ b/.github/workflows/resolve-build-deps.yaml @@ -169,8 +169,7 @@ jobs: python-version: ${{ env.PYTHON_VERSION }} - name: Install management dependencies - run: | - pip install -r .builders/deps/host_dependencies.txt + run: pip install -r .builders/deps/host_dependencies.txt - name: Log in to GitHub Packages uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 @@ -181,12 +180,11 @@ jobs: - name: Build image and wheels if: needs.check-should-run.outputs.builder_changed == 'true' - run: |- - python .builders/build.py ${{ matrix.job.image }} --python 3 ${{ env.OUT_DIR }}/py3 + run: python .builders/build.py ${{ matrix.job.image }} --python 3 ${{ env.OUT_DIR }}/py3 - name: Pull image and build wheels if: needs.check-should-run.outputs.builder_changed == 'false' - run: |- + run: | digest=$(jq -r '.["${{ matrix.job.image }}"]' .deps/image_digests.json) python .builders/build.py ${{ matrix.job.image }} --python 3 ${{ env.OUT_DIR }}/py3 --digest $digest @@ -202,7 +200,7 @@ jobs: > ${{ env.OUT_DIR }}/image_digest - name: Persist current image digest - if: needs.check-should-run.outputs.should_run_build == 'true' && needs.check-should-run.outputs.builder_changed == 'false' + if: needs.check-should-run.outputs.builder_changed == 'false' run: >- jq -r '.["${{ matrix.job.image }}"]' .deps/image_digests.json > ${{ env.OUT_DIR }}/image_digest @@ -237,7 +235,7 @@ jobs: steps: - name: Set up environment - run: |- + run: | # We remove everything that comes pre-installed via Homebrew to avoid depending on or shipping stuff that # comes in the runner through Homebrew to better control what might get shipped in the wheels via `delocate` brew remove --force --ignore-dependencies $(brew list --formula) @@ -247,7 +245,7 @@ jobs: env: # Despite the name, this is built for the macOS 11 SDK on arm64 and 10.9+ on intel PYTHON3_DOWNLOAD_URL: "https://www.python.org/ftp/python/3.13.9/python-3.13.9-macos11.pkg" - run: |- + run: | curl "$PYTHON3_DOWNLOAD_URL" -o python3.pkg sudo installer -pkg python3.pkg -target / @@ -263,8 +261,7 @@ jobs: id: cache-builder-root uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: - path: | - ~/builder_root + path: ~/builder_root key: macos-${{ matrix.job.arch }}-deps-builder-root-cache-${{ hashFiles('./.builders/images/macos/*', './.builders/images/*', './.builders/deps/*', './.builders/build.py', './.github/workflows/resolve-build-deps.yml') }} - name: Run the build @@ -272,7 +269,7 @@ jobs: # This sets the minimum macOS version compatible for all built artifacts MACOSX_DEPLOYMENT_TARGET: "11.0" # https://docs.datadoghq.com/agent/supported_platforms/?tab=macos CACHE_HIT: ${{ steps.cache-builder-root.outputs.cache-hit }} - run: |- + run: | # If we hit the cache, we can skip the builder setup if [[ ${CACHE_HIT} == "true" ]]; then ${DD_PYTHON3} .builders/build.py ${{ env.TARGET_NAME }} --builder-root ~/builder_root --python 3 ${{ env.OUT_DIR }}/py3 --skip-setup @@ -336,7 +333,7 @@ jobs: run: python .builders/lock.py targets - name: Clean up repository - run: |- + run: | rm ${{ steps.auth.outputs.credentials_file_path }} rm -rf targets From 5d259a6a270adbd158ca66e6f5489399a5517053 Mon Sep 17 00:00:00 2001 From: Juanpe Araque Date: Tue, 2 Dec 2025 10:00:59 +0100 Subject: [PATCH 11/12] Extract complex logic to separate bash scripts --- .github/workflows/resolve-build-deps.yaml | 55 +++---------------- .../scripts/resolve_deps_check_should_run.sh | 32 +++++++++++ .../resolve_deps_define_diff_commits.sh | 15 +++++ 3 files changed, 54 insertions(+), 48 deletions(-) create mode 100755 .github/workflows/scripts/resolve_deps_check_should_run.sh create mode 100755 .github/workflows/scripts/resolve_deps_define_diff_commits.sh diff --git a/.github/workflows/resolve-build-deps.yaml b/.github/workflows/resolve-build-deps.yaml index 764cdc3a33daa..8f29a723c7968 100644 --- a/.github/workflows/resolve-build-deps.yaml +++ b/.github/workflows/resolve-build-deps.yaml @@ -44,20 +44,11 @@ jobs: - name: Define diff commits id: set_sha if: github.event_name != 'workflow_dispatch' - run: | - if [ "${{ github.event_name }}" == "pull_request" ]; then - PREV_SHA=${{ github.event.pull_request.base.sha }} - CURR_SHA=${{ github.event.pull_request.head.sha }} - else - PREV_SHA=${{ github.event.before }} - CURR_SHA=${{ github.sha }} - fi - - echo "prev_sha=$PREV_SHA" >> $GITHUB_OUTPUT - echo "curr_sha=$CURR_SHA" >> $GITHUB_OUTPUT - - echo "Current SHA: $CURR_SHA" - echo "Previous SHA: $PREV_SHA" + run: ./.github/workflows/scripts/resolve_deps_define_diff_commits.sh + env: + PR_BASE_SHA: ${{ github.event.pull_request.base.sha }} + PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }} + EVENT_BEFORE: ${{ github.event.before }} - name: Get changed files id: changed-files @@ -75,42 +66,10 @@ jobs: - name: Check if build should run id: dependency-check - run: | - if [ "${{ github.event_name }}" == 'workflow_dispatch' ]; then - BUILDER_CHANGED="false" - SHOULD_RUN_BUILD="true" - else - FILES_CHANGED="${{ steps.changed-files.outputs.files_changed }}" - - # We use unindented heredocs to avoid issues with YAML/Bash indentation - cat << EOF > dependency_files.txt - agent_requirements\.in - \.github/workflows/resolve-build-deps\.yaml - \.builders/ - EOF - - cat < builder_files.txt - \.builders/ - EOF - - SHOULD_RUN_BUILD=$( - echo "$FILES_CHANGED" | \ - grep -qf dependency_files.txt \ - && echo "true" || echo "false" - ) - - BUILDER_CHANGED=$( - echo "$FILES_CHANGED" | \ - grep -qf builder_files.txt \ - && echo "true" || echo "false" - ) - fi - - echo "should_run_build=$SHOULD_RUN_BUILD" | tee -a $GITHUB_OUTPUT - echo "builder_changed=$BUILDER_CHANGED" | tee -a $GITHUB_OUTPUT - + run: ./.github/workflows/scripts/resolve_deps_check_should_run.sh env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + FILES_CHANGED: ${{ steps.changed-files.outputs.files_changed }} test: name: Run tests diff --git a/.github/workflows/scripts/resolve_deps_check_should_run.sh b/.github/workflows/scripts/resolve_deps_check_should_run.sh new file mode 100755 index 0000000000000..b036997b869ab --- /dev/null +++ b/.github/workflows/scripts/resolve_deps_check_should_run.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +if [ "$GITHUB_EVENT_NAME" == 'workflow_dispatch' ]; then + builder_changed="false" + should_run_build="true" +else + + cat << EOF > dependency_files.txt +agent_requirements\.in +\.github/workflows/resolve-build-deps\.yaml +\.builders/ +EOF + + cat < builder_files.txt +\.builders/ +EOF + + should_run_build=$( + echo "$FILES_CHANGED" | \ + grep -qf dependency_files.txt \ + && echo "true" || echo "false" + ) + + builder_changed=$( + echo "$FILES_CHANGED" | \ + grep -qf builder_files.txt \ + && echo "true" || echo "false" + ) +fi + +echo "should_run_build=$should_run_build" | tee -a $GITHUB_OUTPUT +echo "builder_changed=$builder_changed" | tee -a $GITHUB_OUTPUT diff --git a/.github/workflows/scripts/resolve_deps_define_diff_commits.sh b/.github/workflows/scripts/resolve_deps_define_diff_commits.sh new file mode 100755 index 0000000000000..2b75dcded1792 --- /dev/null +++ b/.github/workflows/scripts/resolve_deps_define_diff_commits.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then + prev_sha=$PR_BASE_SHA + curr_sha=$PR_HEAD_SHA +else + prev_sha=$EVENT_BEFORE + curr_sha=$GITHUB_SHA +fi + +echo "prev_sha=$prev_sha" >> $GITHUB_OUTPUT +echo "curr_sha=$curr_sha" >> $GITHUB_OUTPUT + +echo "Current SHA: $curr_sha" +echo "Previous SHA: $prev_sha" From 8ae964276bffc61848a3c375f3aca399d984c22b Mon Sep 17 00:00:00 2001 From: Juanpe Araque Date: Tue, 2 Dec 2025 10:04:42 +0100 Subject: [PATCH 12/12] Ensure we checkout the repo to get the scritps --- .github/workflows/resolve-build-deps.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/resolve-build-deps.yaml b/.github/workflows/resolve-build-deps.yaml index 8f29a723c7968..a4acb672b0355 100644 --- a/.github/workflows/resolve-build-deps.yaml +++ b/.github/workflows/resolve-build-deps.yaml @@ -37,14 +37,18 @@ jobs: runs-on: ubuntu-22.04 permissions: actions: write + contents: read outputs: builder_changed: ${{ steps.dependency-check.outputs.builder_changed }} should_run_build: ${{ steps.dependency-check.outputs.should_run_build }} steps: + - name: Checkout code + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Define diff commits id: set_sha if: github.event_name != 'workflow_dispatch' - run: ./.github/workflows/scripts/resolve_deps_define_diff_commits.sh + run: .github/workflows/scripts/resolve_deps_define_diff_commits.sh env: PR_BASE_SHA: ${{ github.event.pull_request.base.sha }} PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }} @@ -66,7 +70,7 @@ jobs: - name: Check if build should run id: dependency-check - run: ./.github/workflows/scripts/resolve_deps_check_should_run.sh + run: .github/workflows/scripts/resolve_deps_check_should_run.sh env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} FILES_CHANGED: ${{ steps.changed-files.outputs.files_changed }} @@ -80,6 +84,7 @@ jobs: steps: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Set up Python ${{ env.PYTHON_VERSION }} uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: