ci: weekly check to notify when vendored datadogpy is behind PyPI#18420
ci: weekly check to notify when vendored datadogpy is behind PyPI#18420vlad-scherbich wants to merge 8 commits into
Conversation
Adds a scheduled GitHub Actions workflow (runs every Monday + on demand) that compares the vendored datadogpy version in ddtrace/vendor/__init__.py against the latest release on PyPI. When the two differ the workflow opens (or updates) a GitHub issue labelled `vendor-bump` describing the gap and linking to the changelog, so the team knows to evaluate whether a vendor bump is warranted. Also adds .github/scripts/check_datadogpy_vendor.py which can be run locally for the same check without needing GitHub Actions.
This comment has been minimized.
This comment has been minimized.
Codeowners resolved as |
There was a problem hiding this comment.
Pull request overview
Adds a scheduled GitHub Actions workflow to detect when the repository’s vendored datadogpy (dogstatsd) copy is behind the latest datadog release on PyPI, and opens/updates a tracking issue to prompt a vendor bump.
Changes:
- Introduces a weekly + manual workflow to compare vendored vs PyPI version and manage a single
vendor-bumpissue. - Adds a Python helper script that fetches the latest PyPI version and parses the vendored version from
ddtrace/vendor/__init__.py.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
.github/workflows/check-vendor-datadogpy.yml |
New scheduled workflow that runs the check and creates/updates a tracking issue. |
.github/scripts/check_datadogpy_vendor.py |
New script that fetches PyPI version + parses vendored version and emits step outputs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@codex please review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4da6b97d70
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
…edential persistence on checkout
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0b058f2b2b
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| @@ -0,0 +1,87 @@ | |||
| name: Check vendored datadogpy version | |||
|
|
|||
| # Runs weekly and on demand. Opens (or updates) a GitHub issue when the | |||
There was a problem hiding this comment.
So the job won't fail but an issue will be filed, correct?
Do we check those issues regularly?
There was a problem hiding this comment.
So the job won't fail but an issue will be filed, correct?
That's the idea, yes.
Do we check those issues regularly?
I don't believe so, but could be a good addition to the weekly guild agenda. @emmettbutler @brettlangdon for your thoughts on this.
| const title = `chore(vendor): bump vendored datadogpy to ${process.env.LATEST_VERSION}`; | ||
| const body = [ | ||
| `The \`datadog\` package on PyPI has a new release: **${process.env.LATEST_VERSION}**`, | ||
| `The version currently vendored in \`ddtrace/vendor/\` is **${process.env.VENDORED_VERSION}**.`, | ||
| ``, | ||
| `cc @DataDog/python-guild`, | ||
| ``, | ||
| `## Next steps`, | ||
| `1. Review the [datadogpy changelog](https://github.com/DataDog/datadogpy/blob/master/CHANGELOG.md) for changes in \`datadog/dogstatsd/container.py\` and related files.`, |
There was a problem hiding this comment.
FWIW any file change within dogstatsd would warrant an update, there could be bug fixes etc.
brettlangdon
left a comment
There was a problem hiding this comment.
we should probably have a more structured file to report vendored versions, and then we can systematically check for all vendored dependencies, not just dogstatsd
@brettlangdon 100%, I was thinking along these lines looking forward, as well. Should we let this PR land and see how it works while also developing a generalized solution for everything? |
|
This pull request has been automatically closed after a period of inactivity. |
Description
Vendored copies of third-party code can drift silently, which is not ideal. This PR adds a scheduled workflow to notify maintainers when
datadogpyhas a new release, without any manual tracking.Specifically motivated by the cgroup v2 origin detection work (#18388, #18416) where we also sent fixes upstream (datadogpy#950). When those land in a new release we'll want to re-vendor and drop the local patch notes.
Changes
.github/workflows/check-vendor-datadogpy.yml: scheduled workflow (every Monday 09:00 UTC +workflow_dispatch) that:ddtrace/vendor/__init__.pyagainst the latestdatadogrelease on PyPI using a proper semver tuple comparison (handles PEP 440 pre-release suffixes like0.44.1.dev0)vendor-bumpwhen PyPI is strictly ahead, with@DataDog/python-guildmentioned in the body so the team gets notifiedpersist-credentials: false.github/scripts/check_datadogpy_vendor.py: the version-check logicTesting