|
| 1 | +name: "Java Codegen Check" |
| 2 | + |
| 3 | +on: |
| 4 | + push: |
| 5 | + branches: |
| 6 | + - main |
| 7 | + paths: |
| 8 | + - 'java/scripts/codegen/**' |
| 9 | + - 'java/src/generated/**' |
| 10 | + - '.github/workflows/java-codegen-check.yml' |
| 11 | + pull_request: |
| 12 | + paths: |
| 13 | + - 'java/scripts/codegen/**' |
| 14 | + - 'java/src/generated/**' |
| 15 | + - '.github/workflows/java-codegen-check.yml' |
| 16 | + workflow_dispatch: |
| 17 | + |
| 18 | +# Permissions: contents: write and pull-requests: write are needed to push |
| 19 | +# regenerated files back to PR branches. actions: write is needed to trigger |
| 20 | +# the agentic fix workflow via gh workflow run. |
| 21 | +# |
| 22 | +# Dependabot PR caveat: Workflows triggered by pull_request from Dependabot |
| 23 | +# run with a read-only GITHUB_TOKEN regardless of declared permissions. |
| 24 | +# The push step uses continue-on-error to handle this gracefully — if the |
| 25 | +# push fails (Dependabot), the agentic fix workflow will handle pushing |
| 26 | +# via its own push-to-pull-request-branch safe-output. |
| 27 | +permissions: |
| 28 | + contents: write |
| 29 | + pull-requests: write |
| 30 | + actions: write |
| 31 | + |
| 32 | +jobs: |
| 33 | + check: |
| 34 | + name: "Verify Java generated files are up-to-date" |
| 35 | + runs-on: ubuntu-latest |
| 36 | + steps: |
| 37 | + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
| 38 | + with: |
| 39 | + ref: ${{ github.event.pull_request.head.sha || github.sha }} |
| 40 | + # For PRs, check out the PR head so we can push back to it |
| 41 | + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} |
| 42 | + |
| 43 | + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 |
| 44 | + with: |
| 45 | + node-version: 22 |
| 46 | + |
| 47 | + - name: Install codegen dependencies |
| 48 | + working-directory: ./java/scripts/codegen |
| 49 | + run: npm ci |
| 50 | + |
| 51 | + - name: Run codegen |
| 52 | + working-directory: ./java/scripts/codegen |
| 53 | + run: npx tsx java.ts |
| 54 | + |
| 55 | + - name: Check for uncommitted changes |
| 56 | + id: check-changes |
| 57 | + run: | |
| 58 | + if [ -n "$(git status --porcelain)" ]; then |
| 59 | + echo "changed=true" >> "$GITHUB_OUTPUT" |
| 60 | + echo "Generated files are out of date." |
| 61 | + git diff --stat |
| 62 | + else |
| 63 | + echo "changed=false" >> "$GITHUB_OUTPUT" |
| 64 | + echo "✅ Generated files are up-to-date" |
| 65 | + fi |
| 66 | +
|
| 67 | + # --- On push to main: fail if generated files are stale (existing behavior) --- |
| 68 | + - name: Fail on stale generated files (push to main) |
| 69 | + if: steps.check-changes.outputs.changed == 'true' && github.event_name != 'pull_request' |
| 70 | + run: | |
| 71 | + echo "::error::Generated files are out of date. Run 'cd java/scripts/codegen && npx tsx java.ts' and commit the changes." |
| 72 | + git diff |
| 73 | + exit 1 |
| 74 | +
|
| 75 | + # --- On PR: commit regenerated files back and verify build --- |
| 76 | + - name: Commit and push regenerated files to PR branch |
| 77 | + id: push-regen |
| 78 | + if: steps.check-changes.outputs.changed == 'true' && github.event_name == 'pull_request' |
| 79 | + continue-on-error: true |
| 80 | + env: |
| 81 | + GH_TOKEN: ${{ github.token }} |
| 82 | + HEAD_REF: ${{ github.head_ref }} |
| 83 | + run: | |
| 84 | + git config user.name "github-actions[bot]" |
| 85 | + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" |
| 86 | + git add -A |
| 87 | + git commit -m "Regenerate Java codegen output |
| 88 | +
|
| 89 | + Auto-committed by java-codegen-check workflow." |
| 90 | + git push origin "HEAD:$HEAD_REF" |
| 91 | +
|
| 92 | + - name: Fail if regenerated files could not be pushed |
| 93 | + if: steps.push-regen.outcome == 'failure' |
| 94 | + run: | |
| 95 | + echo "::error::Could not push regenerated files to the PR branch. This is expected for Dependabot PRs (read-only token) and fork PRs." |
| 96 | + echo "To fix: check out this PR branch locally, run 'cd java/scripts/codegen && npx tsx java.ts', commit, and push." |
| 97 | + exit 1 |
| 98 | +
|
| 99 | + - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 |
| 100 | + if: steps.push-regen.outcome == 'success' |
| 101 | + with: |
| 102 | + java-version: "17" |
| 103 | + distribution: "microsoft" |
| 104 | + cache: "maven" |
| 105 | + |
| 106 | + - name: Run mvn verify |
| 107 | + id: mvn-verify |
| 108 | + if: steps.push-regen.outcome == 'success' |
| 109 | + continue-on-error: true |
| 110 | + working-directory: ./java |
| 111 | + env: |
| 112 | + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} |
| 113 | + run: | |
| 114 | + set -o pipefail |
| 115 | + mvn verify 2>&1 | tee /tmp/mvn-verify-output.txt |
| 116 | + echo "exit_code=$?" >> "$GITHUB_OUTPUT" |
| 117 | +
|
| 118 | + - name: Capture error summary |
| 119 | + id: error-summary |
| 120 | + if: steps.mvn-verify.outcome == 'failure' |
| 121 | + run: | |
| 122 | + SUMMARY=$(tail -80 /tmp/mvn-verify-output.txt) |
| 123 | + echo "$SUMMARY" > /tmp/error-summary.txt |
| 124 | + echo "has_errors=true" >> "$GITHUB_OUTPUT" |
| 125 | +
|
| 126 | + - name: Trigger agentic fix workflow |
| 127 | + id: trigger-fix |
| 128 | + if: steps.error-summary.outputs.has_errors == 'true' && steps.push-regen.outcome == 'success' |
| 129 | + env: |
| 130 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 131 | + PR_NUMBER: ${{ github.event.pull_request.number }} |
| 132 | + BRANCH: ${{ github.head_ref }} |
| 133 | + run: | |
| 134 | + ERROR_SUMMARY=$(cat /tmp/error-summary.txt) |
| 135 | +
|
| 136 | + # Ensure PR has dependencies label (required by java-codegen-fix safe-output) |
| 137 | + gh pr edit "$PR_NUMBER" --add-label dependencies |
| 138 | +
|
| 139 | + gh workflow run java-codegen-fix.lock.yml \ |
| 140 | + -f branch="$BRANCH" \ |
| 141 | + -f pr_number="$PR_NUMBER" \ |
| 142 | + -f error_summary="$ERROR_SUMMARY" |
| 143 | + echo "Triggered java-codegen-fix workflow on branch $BRANCH for PR #$PR_NUMBER" |
| 144 | +
|
| 145 | + - name: Wait for agentic fix to complete |
| 146 | + if: steps.trigger-fix.outcome == 'success' |
| 147 | + env: |
| 148 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 149 | + BRANCH: ${{ github.head_ref }} |
| 150 | + run: | |
| 151 | + echo "Waiting for agentic fix workflow to start..." |
| 152 | + sleep 30 |
| 153 | +
|
| 154 | + for i in $(seq 1 60); do |
| 155 | + RUN_ID=$(gh run list \ |
| 156 | + --workflow=java-codegen-fix.lock.yml \ |
| 157 | + --branch="$BRANCH" \ |
| 158 | + --limit=1 \ |
| 159 | + --json databaseId,status \ |
| 160 | + --jq '.[0].databaseId') |
| 161 | +
|
| 162 | + STATUS=$(gh run list \ |
| 163 | + --workflow=java-codegen-fix.lock.yml \ |
| 164 | + --branch="$BRANCH" \ |
| 165 | + --limit=1 \ |
| 166 | + --json databaseId,status \ |
| 167 | + --jq '.[0].status') |
| 168 | +
|
| 169 | + if [ "$STATUS" = "completed" ]; then |
| 170 | + echo "Agentic fix workflow run $RUN_ID completed." |
| 171 | + CONCLUSION=$(gh run view "$RUN_ID" --json conclusion --jq .conclusion) |
| 172 | + echo "Conclusion: $CONCLUSION" |
| 173 | + break |
| 174 | + fi |
| 175 | +
|
| 176 | + echo "Run $RUN_ID status: $STATUS (attempt $i/60)" |
| 177 | + sleep 30 |
| 178 | + done |
| 179 | +
|
| 180 | + if [ "$STATUS" != "completed" ]; then |
| 181 | + echo "::warning::Agentic fix workflow did not complete within 30 minutes." |
| 182 | + fi |
| 183 | +
|
| 184 | + - name: Fetch latest changes after agentic fix |
| 185 | + if: steps.trigger-fix.outcome == 'success' |
| 186 | + env: |
| 187 | + HEAD_REF: ${{ github.head_ref }} |
| 188 | + run: | |
| 189 | + git fetch origin "$HEAD_REF" |
| 190 | + git reset --hard "origin/$HEAD_REF" |
| 191 | +
|
| 192 | + - name: Final mvn verify after agentic fix |
| 193 | + if: steps.trigger-fix.outcome == 'success' |
| 194 | + working-directory: ./java |
| 195 | + env: |
| 196 | + COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} |
| 197 | + run: mvn verify |
0 commit comments