Scope SDK batch generation + add spec-changes manifest#35
Conversation
Phase 2 of scoped SDK generation. LOCAL scope only — the oagen/oagen-emitters version bump and real workflow_dispatch/push verification are deferred CI steps the maintainer runs after publish. - Sever the push-to-main fan-out from generate-prs.yml; it is now workflow_dispatch-only, with new `services` (CSV, optional) and `batch_id` (required) inputs. - Forward `--services` through scripts/sdk-generate.sh to `oagen generate` (full generation when absent); CSV spaces are stripped before threading. - Extract the branch/commit/push/PR logic into scripts/open-batch-pr.mjs: deterministic oagen/batch-<id> branch, force-push idempotence (NFR-2.2), no-op/empty-diff skip (FR-2.7), per-entry + catch-all commits, and create-or-reuse PR with `--dry-run` gating only the gh mutations. - Add scripts/build-spec-changes.mjs + .github/workflows/spec-changes.yml: on a spec merge, record a per-commit .spec-changes/<sha>.json of changed post-mount services (mapped via the imported policy mountRules, with IR-based model/enum ownership) and hasBreaking. The manifest lives at the repo root so its commit re-triggers neither spec-changes.yml nor release.yml. - Add node:test suites (28 tests) + a captured oagen-diff fixture, and a `test` npm script (node --test scripts/__tests__/*.spec.mjs). Review: 1 cycle, PASS (0 critical/high). 3 medium + 2 low findings addressed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The SDK automation bot needs a clean breaking/non-breaking signal to act on, and the only machine-readable source today is the PR comment body, which is fragile to scrape. A dedicated sdk-compat commit status encodes compatibility directly, kept separate from the build/test job conclusion so the two signals don't get conflated.
Greptile SummaryThis PR scopes SDK batch generation to changed services (instead of fanning out over everything on push-to-main), extracts branch/commit/push/PR logic into a tested Node script (
Confidence Score: 5/5Safe to merge; the changes are well-scoped workflow orchestration with no irreversible side-effects and a solid test suite covering the critical paths. The core logic lives in two well-tested Node scripts (28 tests, local bare-repo integration). The workflows use standard GitHub Actions patterns, the HMAC signing is correct, and the fork-PR guard in validate-sdks.yml properly addresses the statuses:write limitation. The only two findings are minor style/hygiene items — direct input interpolation in one run step and a missing --base flag — neither of which affects correctness in the current deployment context. .github/workflows/generate-prs.yml — the Create batch PR step interpolates inputs.batch_id and inputs.services directly into the shell script, unlike the guarded env-var pattern used in the adjacent Generate SDK step. Important Files Changed
|
Address two Greptile findings on PR #35: - spec-changes.yml: enable `-e` in the diff/parse step so a failing `oagen parse` aborts with a clear error instead of silently writing an empty IR file (which surfaced downstream as a cryptic JSON parse error). The `oagen diff` line stays exit-code-2 tolerant via its errexit-safe `|| DIFF_EXIT=$?` suffix. - validate-sdks.yml: skip the `sdk-compat` commit-status step for fork PRs, whose read-only `github.token` would 403 on the statuses write and fail an otherwise-green job. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ommitting it Don't accumulate .spec-changes/<sha>.json artifacts in this repo. The spec-changes workflow now POSTs the computed manifest to the SDK bot (HMAC-signed with SPEC_CHANGES_SECRET), which stores it in D1 and owns retention. build-spec-changes.mjs already writes to stdout when --output is omitted, so the script is unchanged; only the workflow rewires. - spec-changes.yml: run build-spec-changes.mjs → stdout → HMAC-sign → curl POST $SDK_BOT_URL/internal/spec-changes (3 retries, skip when no services changed). Drops contents:write + the App token (no commit). - Remove the .spec-changes/ directory + README (no committed artifacts). Requires a SPEC_CHANGES_SECRET Actions secret (shared with the bot). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Summary
batch_id(required) +services(CSV, optional) inputs, so SDK regeneration targets changed services instead of fanning out over everything on push-to-main.scripts/open-batch-pr.mjs: deterministicoagen/batch-<id>branch, force-push idempotence, empty-diff skip, per-entry + catch-all commits, create-or-reuse PR with--dry-rungating theghmutations.--servicesthroughscripts/sdk-generate.shtooagen generate(full generation when the flag is absent).scripts/build-spec-changes.mjs+.github/workflows/spec-changes.yml: on a spec merge, record.spec-changes/<sha>.jsonof changed post-mount services (+hasBreaking) at the repo root, so the manifest commit re-triggers neither spec-changes.yml nor release.yml.sdk-compatcommit status on PRs so the automation bot reads a clean breaking/non-breaking signal instead of scraping the PR comment.testnpm script.Test plan
npm testpasses (28 node:test cases)batch_id+servicesCSV; confirm only listed services regenerate intooagen/batch-<id>.spec-changes/<sha>.jsonis written and does not re-trigger spec-changes.yml or release.ymlsdk-compatstatus reports failure (success when non-breaking)