lancedb/.github/workflows/codex-update-lance-dependency.yml

name: Codex Update Lance Dependency

on:
  workflow_call:
    inputs:
      tag:
        description: "Tag name from Lance"
        required: true
        type: string
  workflow_dispatch:
    inputs:
      tag:
        description: "Tag name from Lance"
        required: true
        type: string

permissions:
  contents: write
  pull-requests: write
  actions: read

jobs:
  update:
    runs-on: ubuntu-latest
    steps:
      - name: Show inputs
        run: |
          echo "tag = ${{ inputs.tag }}"

      - name: Checkout Repo LanceDB
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          persist-credentials: true

      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20

      - name: Install Codex CLI
        run: npm install -g @openai/codex

      - name: Install Rust toolchain
        uses: dtolnay/rust-toolchain@stable
        with:
          toolchain: stable
          components: clippy, rustfmt

      - name: Install system dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y protobuf-compiler libssl-dev

      - name: Install cargo-info
        run: cargo install cargo-info

      - name: Install Python dependencies
        run: python3 -m pip install --upgrade pip packaging

      - name: Configure git user
        run: |
          git config user.name "lancedb automation"
          git config user.email "robot@lancedb.com"

      - name: Run Codex to update Lance dependency
        env:
          TAG: ${{ inputs.tag }}
          GITHUB_TOKEN: ${{ secrets.ROBOT_TOKEN }}
          GH_TOKEN: ${{ secrets.ROBOT_TOKEN }}
          OPENAI_API_KEY: ${{ secrets.CODEX_TOKEN }}
        run: |
          set -euo pipefail
          VERSION="${TAG#refs/tags/}"
          VERSION="${VERSION#v}"
          BRANCH_NAME="codex/update-lance-${VERSION//[^a-zA-Z0-9]/-}"

          # Use "chore" for beta/rc versions, "feat" for stable releases
          if [[ "${VERSION}" == *beta* ]] || [[ "${VERSION}" == *rc* ]]; then
            COMMIT_TYPE="chore"
          else
            COMMIT_TYPE="feat"
          fi

          cat <<EOF >/tmp/codex-prompt.txt
          You are running inside the lancedb repository on a GitHub Actions runner. Update the Lance dependency to version ${VERSION} and prepare a pull request for maintainers to review.

          Follow these steps exactly:
          1. Use script "ci/set_lance_version.py" to update Lance Rust dependencies. The script already refreshes Cargo metadata, so allow it to finish even if it takes time.
          2. Update the Java lance-core dependency version in "java/pom.xml": change the "<lance-core.version>...</lance-core.version>" property to "${VERSION}".
          3. Run "cargo clippy --workspace --tests --all-features -- -D warnings". If diagnostics appear, fix them yourself and rerun clippy until it exits cleanly. Do not skip any warnings.
          4. After clippy succeeds, run "cargo fmt --all" to format the workspace.
          5. Ensure the repository is clean except for intentional changes. Inspect "git status --short" and "git diff" to confirm the dependency update and any required fixes.
          6. Create and switch to a new branch named "${BRANCH_NAME}" (replace any duplicated hyphens if necessary).
          7. Stage all relevant files with "git add -A". Commit using the message "${COMMIT_TYPE}: update lance dependency to v${VERSION}".
          8. Push the branch to origin. If the remote branch already exists, delete it first with "gh api -X DELETE repos/lancedb/lancedb/git/refs/heads/${BRANCH_NAME}" then push with "git push origin ${BRANCH_NAME}". Do NOT use "git push --force" or "git push -f".
          9. env "GH_TOKEN" is available, use "gh" tools for github related operations like creating pull request.
          10. Create a pull request targeting "main" with title "${COMMIT_TYPE}: update lance dependency to v${VERSION}". First, write the PR body to /tmp/pr-body.md using a heredoc (cat <<'EOF' > /tmp/pr-body.md). The body should summarize the dependency bump, clippy/fmt verification, and link the triggering tag (${TAG}). Then run "gh pr create --body-file /tmp/pr-body.md".
          11. After creating the PR, display the PR URL, "git status --short", and a concise summary of the commands run and their results.

          Constraints:
          - Use bash commands; avoid modifying GitHub workflow files other than through the scripted task above.
          - Do not merge the PR.
          - If any command fails, diagnose and fix the issue instead of aborting.
          EOF

          printenv OPENAI_API_KEY | codex login --with-api-key
          codex --config shell_environment_policy.ignore_default_excludes=true exec --dangerously-bypass-approvals-and-sandbox "$(cat /tmp/codex-prompt.txt)"

      - name: Trigger sophon dependency update
        env:
          TAG: ${{ inputs.tag }}
          GH_TOKEN: ${{ secrets.ROBOT_TOKEN }}
        run: |
          set -euo pipefail
          VERSION="${TAG#refs/tags/}"
          VERSION="${VERSION#v}"
          LANCEDB_BRANCH="codex/update-lance-${VERSION//[^a-zA-Z0-9]/-}"

          echo "Triggering sophon workflow with:"
          echo "  lance_ref: ${TAG#refs/tags/}"
          echo "  lancedb_ref: ${LANCEDB_BRANCH}"

          gh workflow run codex-bump-lancedb-lance.yml \
            --repo lancedb/sophon \
            -f lance_ref="${TAG#refs/tags/}" \
            -f lancedb_ref="${LANCEDB_BRANCH}"

      - name: Show latest sophon workflow run
        env:
          GH_TOKEN: ${{ secrets.ROBOT_TOKEN }}
        run: |
          set -euo pipefail
          echo "Latest sophon workflow run:"
          gh run list --repo lancedb/sophon --workflow codex-bump-lancedb-lance.yml --limit 1 --json databaseId,url,displayTitle