Skip to content

Replace Integration Data Updater agentic workflow with deterministic scripts#1351

Open
IEvangelist wants to merge 3 commits into
mainfrom
dapine/deterministic-integration-updater
Open

Replace Integration Data Updater agentic workflow with deterministic scripts#1351
IEvangelist wants to merge 3 commits into
mainfrom
dapine/deterministic-integration-updater

Conversation

@IEvangelist

Copy link
Copy Markdown
Member

Summary

Replaces the gh aw Integration Data Updater agentic workflow with a deterministic script + a thin, standard GitHub Actions workflow. Every step the agent performed was already deterministic, so this removes Copilot inference cost and the 20‑minute agent‑step cap that truncated API‑reference regeneration on catch‑up runs (see run 29047474199, which timed out at 20m after the auth fix in #1342 let it run).

What changed

  • New: src/frontend/scripts/update-integration-data.ps1 — an OS/CI‑aware PowerShell orchestrator that:
    1. runs pnpm update:all,
    2. detects integration package version changes (compares committed aspire-integrations.json vs. the freshly generated one by titleversion; metadata‑only changes do not trigger regen),
    3. conditionally regenerates the C# API JSON (generate-package-json.ps1), the TypeScript API JSON (pnpm update:ts-api), and the chained twoslash aspire.d.ts bundle,
    4. verifies the working tree only contains allowed data paths,
    5. captures icon‑resolution warnings and a file‑count summary, and emits the PR title/body + GITHUB_OUTPUT.
      Reproducible locally: pwsh src/frontend/scripts/update-integration-data.ps1 (add -SkipRegen for a fast data‑only run).
  • New: .github/workflows/update-integration-data.yml — schedule + workflow_dispatch, timeout-minutes: 45. Sets up .NET / Aspire CLI / pnpm / Node, runs the orchestrator, and — only when data changed — commits only the allowed generated files and opens a PR through the Aspire bot GitHub App, superseding prior open automation PRs. Mirrors the existing update-release-branch.yml app‑token pattern.
  • Removed: .github/workflows/update-integration-data.md and its generated .lock.yml.
  • Updated: the update-integrations skill automation note to describe the deterministic flow.

Behavior notes

  • Hard‑fails (red check, no PR) on: update:all failure, TS API regen failure, or any out‑of‑scope diff — so problems surface as CI rather than being silently "handled."
  • Per‑package pkgs/ generation failures (common for meta‑packages) are tolerated and reported in the PR body, matching prior behavior.
  • Allowed data paths only: aspire-integrations.json, github-stats.json, samples.json, assets/samples/**, data/pkgs/**, data/ts-modules/**, data/twoslash/aspire.d.ts. Never workflow files, manifests, source, or docs (integration-docs.json reconciliation stays with the manual skill).

Validation

  • PowerShell AST parse: clean (pwsh 7.6).
  • Workflow YAML: parses; 12 steps as expected.
  • Version‑map parse verified against the real aspire-integrations.json (164/164 entries mapped); allowed‑path matcher unit‑checked (correctly excludes integration-docs.json, package.json, docs).
  • Not run end‑to‑end locally (network + would mutate data); recommend a workflow_dispatch on this branch to smoke‑test in CI before merge.

Co-authored-by: Copilot App 223556219+Copilot@users.noreply.github.com

…scripts

The gh-aw agentic Integration Data Updater spent Copilot inference on work that is entirely deterministic, and its 20-minute agent-step cap truncated the API-reference regeneration on catch-up runs.

Replace it with an OS/CI-aware pwsh orchestrator (src/frontend/scripts/update-integration-data.ps1) that runs pnpm update:all, detects package version changes, conditionally regenerates the C#/TS API reference JSON and twoslash bundle, verifies the diff is well-scoped, and emits a PR title/body. A thin standard workflow (.github/workflows/update-integration-data.yml) runs it and opens a PR via the Aspire bot GitHub App, mirroring update-release-branch.yml.

Removes update-integration-data.md and its generated .lock.yml; updates the update-integrations skill automation note.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings July 10, 2026 14:25

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR replaces the previous gh aw agentic “Integration Data Updater” automation with a deterministic PowerShell orchestrator and a standard GitHub Actions workflow that runs it, aiming to remove inference cost/limits while preserving the same update + conditional regen behavior.

Changes:

  • Add src/frontend/scripts/update-integration-data.ps1 to run pnpm update:all, detect integration version changes, conditionally regenerate C#/TS API data + twoslash bundle, and emit workflow outputs.
  • Add .github/workflows/update-integration-data.yml to run on schedule/dispatch, commit only allowed generated files, open a PR via the Aspire bot GitHub App, and supersede older automation PRs.
  • Remove the prior agentic workflow sources (.md + compiled .lock.yml) and update the update-integrations skill note to reflect the new deterministic flow.

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
src/frontend/scripts/update-integration-data.ps1 New deterministic orchestrator for data refresh + conditional API/twoslash regeneration + scope enforcement + PR metadata outputs.
.github/workflows/update-integration-data.yml New scheduled/dispatch workflow to run the orchestrator, commit allowed outputs, and open/supersede PRs via GitHub App token.
.github/workflows/update-integration-data.md Removes the prior agentic workflow definition.
.github/workflows/update-integration-data.lock.yml Removes the compiled gh-aw lock workflow.
.agents/skills/update-integrations/SKILL.md Updates the skill’s automation note to reference the new deterministic workflow/script.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/frontend/scripts/update-integration-data.ps1
Comment thread src/frontend/scripts/update-integration-data.ps1 Outdated
Comment thread src/frontend/scripts/update-integration-data.ps1 Outdated
- Invoke-Git: emit git output as flat strings to the pipeline and normalize
  stderr ErrorRecords to their message text, instead of 
eturn , @()
  which wrapped output in a confusing nested array.
- Change gate: check the FULL working tree (git status --porcelain) so an
  out-of-scope-only change still reaches the Phase 4 scope check and fails
  loudly instead of silently exiting 0.
- PR date: use UTC + InvariantCulture ([DateTime]::UtcNow) so the PR title
  matches the UTC branch name and UTC schedules regardless of runner locale.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
@aspire-repo-bot

Copy link
Copy Markdown
Contributor

Frontend HTML artifact ready

The latest frontend build uploaded the frontend-dist artifact for PR #1351. Use the VS Code button below to open this PR with GitHub Artifacts Explorer and browse the built HTML locally.

VS Code: Open PR #1351 artifacts

This comment updates automatically when a new frontend build artifact is uploaded.

Instead of creating a new timestamped branch and a brand-new PR on every run
(and closing the previous day's PR), reuse a single long-lived branch
chore/update-integration-data:

- Force-push one fresh commit with the latest data on top of the newest main
  each run, so an unreviewed PR is refreshed in place rather than piling up a
  new PR per day. The single rebased snapshot also keeps the PR conflict-free.
- Reuse the existing open PR when present (gh pr edit) so its review threads
  and history carry over; only open a new PR when none exists.
- Still close any stray legacy timestamped automation PRs as a safety net.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
@IEvangelist IEvangelist enabled auto-merge (squash) July 10, 2026 20:15

@radical radical left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[automated] Automated review pass (findings validated with a second model). Three inline notes: one Medium (TS-API partial-failure reporting), one Medium (force-push clobber on the rolling branch), one non-blocking (title-keyed version map + rollout reminder).

}
exit 1
}
$tsApiSummary = 'succeeded'

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[automated] On a partial TS-API regen failure this opens a PR that claims success. generate-ts-api-json.ps1 counts per-package aspire sdk dump/transform failures into $failed and prints Complete: N failed, but it exits 0 (no exit/throw at the end), so update-ts-api.ts only fails on a catastrophic throw — not on individual package failures. So $tsExit is 0 here and we hardcode $tsApiSummary = 'succeeded', then open a PR with stale/missing ts-modules/* and a twoslash bundle rebuilt without them (hover tooltips fall back to any), with nothing red.

Two problems with that:

  • It contradicts the "Hard-fails (red check, no PR) on … TS API regen failure" note in the PR description — that's only true for total failure.
  • It's a reporting regression vs the old body, which had a TS API JSON: S succeeded, F failed line, so a reviewer could see the count.

Suggest parsing the Complete: X succeeded, Y failed line the same way the C# path parses Done! Success:, surfacing Y in the body, and deciding whether Y > 0 should fail the run or just be reported.

git commit \
-m "$PR_TITLE" \
-m "Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>"
git push --force origin "HEAD:refs/heads/$branch"

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[automated] Force-pushing the shared chore/update-integration-data branch every run will clobber any human commits on the open automation PR. The old model opened a fresh PR per run, so that couldn't happen.

The intended safety net looks like the :octocat: auto-merge label, but I don't see any workflow in .github/workflows/ that consumes it — so same-day auto-merge isn't established in-repo, and a maintainer fix pushed onto the PR could be silently overwritten by the next scheduled run.

Worth confirming auto-merge is actually wired up (branch ruleset / external bot), or guarding the force-push when the branch has non-bot commits on top.

foreach ($entry in @($entries)) {
if ($entry.PSObject.Properties.Name -contains 'title' -and
$entry.PSObject.Properties.Name -contains 'version') {
$map[[string]$entry.title] = [string]$entry.version

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[automated] Non-blocking: this keys the version map on title, so two entries sharing a title would collapse (last wins) and a version move could be missed. It's fine today (164/164 entries, no duplicate titles) — just a latent assumption worth a dedup key or an assert.

Unrelated rollout reminder (not about this line): the reuse/stray-close logic in the workflow only matches the chore/update-integration-data branch family, so if any pre-existing agentic automation PR is open at merge time, close it by hand. None is open right now, so no action needed today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants