Skip to content

ci: add weekly automated codegen workflow#228

Merged
JoshMock merged 3 commits into
mainfrom
feat/weekly-codegen-automation
May 14, 2026
Merged

ci: add weekly automated codegen workflow#228
JoshMock merged 3 commits into
mainfrom
feat/weekly-codegen-automation

Conversation

@flobernd
Copy link
Copy Markdown
Member

@flobernd flobernd commented Apr 23, 2026
edited
Loading

Summary

  • Adds .github/workflows/codegen.yml, a weekly (cron: 0 7 * * 1) + workflow_dispatch workflow that regenerates the auto-generated ES, Cloud and Kibana API bindings from elastic/elastic-client-generator-js and opens a PR via peter-evans/create-pull-request when the diff is non-empty. Node 24, Actions pinned by SHA + version comment to match the repo's existing style.
  • The generator repo is private, so the workflow fetches an ephemeral GitHub token via Vault OIDC (elastic/ci-gh-actions/fetch-github-token) and reuses it for both the clone and the PR creation — using a non-Actions identity for the PR also means downstream CI (e.g. ci.yml) fires on the weekly PR.
  • Adds three npm scripts (codegen:es, codegen:cloud, codegen:kibana) that wrap a small orchestrator at scripts/codegen.mjs. The script clones the generator, installs its deps, runs npm run zod / npm run cli-es / npm run cli-cloud / npx tsx cli/kibana/index.ts, and copies outputs into src/es/apis/, src/es/apis/schemas/, src/cloud/apis/ and src/kb/apis/. After ES and Kibana it also rebuilds the lazy-loader manifests via scripts/build-api-manifest.mjs and scripts/build-kb-manifest.mts. The hand-written src/es/apis.ts and src/kb/apis.ts lazy loaders are intentionally not overwritten. No new runtime or dev dependencies — only Node, git and npm from the environment.
  • Fixes scripts/build-kb-manifest.mts: it imported the dead allKbApis symbol (removed by the lazy-load refactor in perf(kb): lazy-load KB schemas per namespace/endpoint (#251) #266) and now loads each src/kb/apis/*.ts directly. As a side-effect this picks up one endpoint (post-saved-objects-resolve-import-errors) that was missing from src/kb/api-manifest.ts.
  • Documents the local flow in CONTRIBUTING.md under a "Regenerating API bindings" subsection (mentions CODEGEN_GENERATOR_DIR for reusing a checkout).

Refs: #79

@flobernd flobernd requested review from JoshMock and MattDevy April 23, 2026 08:41
@flobernd flobernd force-pushed the feat/weekly-codegen-automation branch from 12ad2ce to 6dd1bca Compare April 23, 2026 08:42
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 23, 2026
edited
Loading

MegaLinter analysis: Success

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 1 0 0 0.05s
✅ COPYPASTE jscpd yes no no 7.18s
✅ REPOSITORY gitleaks yes no no 56.46s
✅ REPOSITORY git_diff yes no no 0.66s
✅ REPOSITORY secretlint yes no no 29.66s
✅ REPOSITORY trivy yes no no 20.08s
✅ TYPESCRIPT eslint 1 0 0 5.05s
✅ YAML yamllint 1 0 0 0.79s

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

MattDevy
MattDevy reviewed Apr 23, 2026
View reviewed changes
Comment thread .github/workflows/codegen.yml Outdated
MattDevy
MattDevy reviewed Apr 23, 2026
View reviewed changes
Comment thread .github/workflows/codegen.yml Outdated
MattDevy
MattDevy reviewed Apr 23, 2026
View reviewed changes
Comment thread .github/workflows/codegen.yml
flobernd added 2 commits May 13, 2026 10:39
@flobernd
ci: add weekly automated codegen workflow
28bd452 
Adds .github/workflows/codegen.yml which runs every Monday at 07:00 UTC
(and on workflow_dispatch) to regenerate the auto-generated ES and Cloud
API bindings from elastic/elastic-client-generator-js. When the diff is
non-empty it opens a PR via peter-evans/create-pull-request.

Introduces two package.json scripts, codegen:es and codegen:cloud, which
wrap a small orchestrator (scripts/codegen.mjs) that clones the generator,
runs its zod / cli-es / cli-cloud targets, and copies the outputs into
src/es/apis, src/es/apis/schemas and src/cloud/apis. The orchestrator is
a plain Node script with no new runtime or dev dependencies.

Refs: #79
@flobernd
ci(codegen): use a Vault-issued ephemeral token
2ca1614 
Switch from `secrets.CODEGEN_PR_TOKEN || secrets.GITHUB_TOKEN` to a
GitHub App token issued via Vault OIDC, used both to clone the (private)
elastic/elastic-client-generator-js repo and to open the codegen PR.

The backing token policy is registered in elastic/catalog-info under
resources/github-token-policies/token-policy-elastic-cli-codegen.yaml
and scopes the token to contents:write + pull_requests:write on
elastic/cli and elastic/elastic-client-generator-js. The clone step
injects the token via a one-shot `git -c http...extraheader` so it
never appears on the command line, and the extraheader is unset on the
cloned repo immediately afterwards.

Workflow-level permissions are tightened to `contents: read` +
`id-token: write`; all write surface now lives on the ephemeral token.
@flobernd flobernd force-pushed the feat/weekly-codegen-automation branch from 48a0e0f to 0b49250 Compare May 13, 2026 08:59
@flobernd
ci(codegen): wire codegen:kibana and adapt for lazy-loaded apis.ts
48c532d 
- Add `codegen:kibana` target invoking `npx tsx cli/kibana/index.ts` and
  copying `output/kibana/apis/*.ts` into `src/kb/apis/`. The hand-written
  lazy loader at `src/kb/apis.ts` is intentionally not overwritten.
- Run `scripts/build-api-manifest.mjs` after ES codegen and
  `scripts/build-kb-manifest.mts` after Kibana codegen so the per-endpoint
  manifests stay in sync with the generated namespace files.
- Stop copying `output/es/index.ts` over `src/es/apis.ts` (it became a
  hand-written lazy loader in #218).
- Fix `build-kb-manifest.mts` to load definitions directly from each
  `src/kb/apis/*.ts` file (the previous `allKbApis` import was dead since
  the lazy-loader refactor in #266). Manifest regen also picks up the one
  endpoint that had been missing as a result.
- Workflow: append the kibana step, expand diff-detection and `add-paths`
  to include `src/kb`, refresh the PR body to list the kibana outputs.
- CONTRIBUTING: document the new target.

Refs: #79
@flobernd flobernd force-pushed the feat/weekly-codegen-automation branch from 0b49250 to 48c532d Compare May 13, 2026 09:03
@flobernd flobernd requested a review from MattDevy May 13, 2026 09:28
JoshMock
JoshMock approved these changes May 14, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@JoshMock JoshMock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Let's give it a try this coming Monday and see what it does.

One other thing we could add (later) is an automatic linter --fix run. Adding that step leads to less noise from codegen PRs, just in case the generator is using inconsistent whitespace or generating extremely long one-liners.

@JoshMock JoshMock merged commit 3757bf2 into main May 14, 2026
19 checks passed
@JoshMock JoshMock deleted the feat/weekly-codegen-automation branch May 14, 2026 19:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JoshMock JoshMock JoshMock approved these changes

@MattDevy MattDevy Awaiting requested review from MattDevy

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@flobernd @JoshMock @MattDevy