Skip to content

ci: weekly check to notify when vendored datadogpy is behind PyPI#18420

Closed
vlad-scherbich wants to merge 8 commits into
mainfrom
vlad/ci-check-vendored-datadogpy
Closed

ci: weekly check to notify when vendored datadogpy is behind PyPI#18420
vlad-scherbich wants to merge 8 commits into
mainfrom
vlad/ci-check-vendored-datadogpy

Conversation

@vlad-scherbich

@vlad-scherbich vlad-scherbich commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

Description

Vendored copies of third-party code can drift silently, which is not ideal. This PR adds a scheduled workflow to notify maintainers when datadogpy has a new release, without any manual tracking.

Specifically motivated by the cgroup v2 origin detection work (#18388, #18416) where we also sent fixes upstream (datadogpy#950). When those land in a new release we'll want to re-vendor and drop the local patch notes.

Changes

  • .github/workflows/check-vendor-datadogpy.yml: scheduled workflow (every Monday 09:00 UTC + workflow_dispatch) that:
    • compares the version in ddtrace/vendor/__init__.py against the latest datadog release on PyPI using a proper semver tuple comparison (handles PEP 440 pre-release suffixes like 0.44.1.dev0)
    • opens (or updates) a single GitHub issue labelled vendor-bump when PyPI is strictly ahead, with @DataDog/python-guild mentioned in the body so the team gets notified
    • skips scheduled runs on forks; action SHAs are pinned; checkout runs with persist-credentials: false
  • .github/scripts/check_datadogpy_vendor.py: the version-check logic

Testing

  • CI

Adds a scheduled GitHub Actions workflow (runs every Monday + on demand)
that compares the vendored datadogpy version in ddtrace/vendor/__init__.py
against the latest release on PyPI.

When the two differ the workflow opens (or updates) a GitHub issue labelled
`vendor-bump` describing the gap and linking to the changelog, so the team
knows to evaluate whether a vendor bump is warranted.

Also adds .github/scripts/check_datadogpy_vendor.py which can be run
locally for the same check without needing GitHub Actions.
@datadog-prod-us1-4

This comment has been minimized.

@cit-pr-commenter-54b7da

cit-pr-commenter-54b7da Bot commented Jun 2, 2026

Copy link
Copy Markdown

Codeowners resolved as

.github/workflows/check-vendor-datadogpy.yml                            @DataDog/python-guild @DataDog/apm-core-python

@vlad-scherbich vlad-scherbich added the changelog/no-changelog A changelog entry is not required for this PR. label Jun 2, 2026
@vlad-scherbich vlad-scherbich requested review from a team, Copilot and gyuheon0h June 2, 2026 20:17

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a scheduled GitHub Actions workflow to detect when the repository’s vendored datadogpy (dogstatsd) copy is behind the latest datadog release on PyPI, and opens/updates a tracking issue to prompt a vendor bump.

Changes:

  • Introduces a weekly + manual workflow to compare vendored vs PyPI version and manage a single vendor-bump issue.
  • Adds a Python helper script that fetches the latest PyPI version and parses the vendored version from ddtrace/vendor/__init__.py.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File Description
.github/workflows/check-vendor-datadogpy.yml New scheduled workflow that runs the check and creates/updates a tracking issue.
.github/scripts/check_datadogpy_vendor.py New script that fetches PyPI version + parses vendored version and emits step outputs.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/scripts/check_datadogpy_vendor.py Outdated
Comment thread .github/scripts/check_datadogpy_vendor.py Outdated
Comment thread .github/workflows/check-vendor-datadogpy.yml
Comment thread .github/workflows/check-vendor-datadogpy.yml Outdated
Comment thread .github/workflows/check-vendor-datadogpy.yml Outdated
@vlad-scherbich

Copy link
Copy Markdown
Contributor Author

@codex please review

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

Comment thread .github/scripts/check_datadogpy_vendor.py Outdated
Comment thread .github/workflows/check-vendor-datadogpy.yml

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4da6b97d70

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread .github/scripts/check_datadogpy_vendor.py Outdated
@vlad-scherbich vlad-scherbich marked this pull request as ready for review June 2, 2026 20:44
@vlad-scherbich vlad-scherbich requested review from a team as code owners June 2, 2026 20:44

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0b058f2b2b

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread .github/scripts/check_datadogpy_vendor.py Outdated

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

Comment thread .github/scripts/check_datadogpy_vendor.py Outdated
Comment thread .github/scripts/check_datadogpy_vendor.py Outdated
Comment thread .github/workflows/check-vendor-datadogpy.yml
@vlad-scherbich vlad-scherbich requested a review from Copilot June 2, 2026 20:57

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

@@ -0,0 +1,87 @@
name: Check vendored datadogpy version

# Runs weekly and on demand. Opens (or updates) a GitHub issue when the

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So the job won't fail but an issue will be filed, correct?

Do we check those issues regularly?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So the job won't fail but an issue will be filed, correct?

That's the idea, yes.

Do we check those issues regularly?

I don't believe so, but could be a good addition to the weekly guild agenda. @emmettbutler @brettlangdon for your thoughts on this.

Comment on lines +41 to +49
const title = `chore(vendor): bump vendored datadogpy to ${process.env.LATEST_VERSION}`;
const body = [
`The \`datadog\` package on PyPI has a new release: **${process.env.LATEST_VERSION}**`,
`The version currently vendored in \`ddtrace/vendor/\` is **${process.env.VENDORED_VERSION}**.`,
``,
`cc @DataDog/python-guild`,
``,
`## Next steps`,
`1. Review the [datadogpy changelog](https://github.com/DataDog/datadogpy/blob/master/CHANGELOG.md) for changes in \`datadog/dogstatsd/container.py\` and related files.`,

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW any file change within dogstatsd would warrant an update, there could be bug fixes etc.

@brettlangdon brettlangdon left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should probably have a more structured file to report vendored versions, and then we can systematically check for all vendored dependencies, not just dogstatsd

@vlad-scherbich

Copy link
Copy Markdown
Contributor Author

we should probably have a more structured file to report vendored versions, and then we can systematically check for all vendored dependencies, not just dogstatsd

@brettlangdon 100%, I was thinking along these lines looking forward, as well. Should we let this PR land and see how it works while also developing a generalized solution for everything?

@github-actions github-actions Bot added the stale label Jul 4, 2026
@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

This pull request has been automatically closed after a period of inactivity.
After this much time, it will likely be easier to open a new pull request with the
same changes than to update this one from the base branch. Please comment or reopen
if you think this pull request was closed in error.

@github-actions github-actions Bot closed this Jul 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

changelog/no-changelog A changelog entry is not required for this PR. stale

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants