Add auto deps version update workflow

[vankichi]

Description

SSIA

Related Issue

Versions

• Vald Version: v1.7.13
• Go Version: v1.23.2
• Rust Version: v1.81.0
• Docker Version: v27.3.1
• Kubernetes Version: v1.31.1
• Helm Version: v3.16.2
• NGT Version: v2.2.4
• Faiss Version: v1.9.0

Checklist

• I have read the CONTRIBUTING document and completed our CLA agreement.
• I have checked open Pull Requests for the similar feature or fixes?

Special notes for your reviewer

Summary by CodeRabbit

• New Features

  • Enhanced GitHub Actions workflow for updating dependencies with a broader scope and more descriptive naming.
  • Introduced new commands for managing dependencies and improving code quality, including formatting and linting enhancements.
  • Added automated update targets for the buf and usearch tools.

• Chores

  • Updated the Makefile to streamline dependency management and installation procedures, ensuring better organization and usability.

[coderabbitai]

Warning

Rate limit exceeded

@vankichi has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 18 minutes and 40 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Files that changed from the base of the PR and between e90a426 and f00d518.

📝 Walkthrough

📝 Walkthrough

📝 Walkthrough

📝 Walkthrough

📝 Walkthrough

Walkthrough

The changes involve modifications to the GitHub Actions workflow in .github/workflows/update-deps.yaml for updating dependencies, including a name change and a series of new commands replacing the previous single command. The Makefile has also been updated with new variables for managing various dependencies and enhancements to existing targets for formatting and linting. Additionally, new targets have been introduced in Makefile.d/dependencies.mk for updating specific tools. These updates aim to improve the overall dependency management and code quality processes within the project.

Changes

File	Change Summary
.github/workflows/update-deps.yaml	Workflow name changed, multiple commands added for dependency updates, a new step added, and PR title/body updated.
Makefile	New variable added for managing example Go project dependencies, updates to format and lint targets for improved code quality.
Makefile.d/dependencies.mk	New targets added for update/buf and update/usearch to automate tool updates.

Possibly related PRs

• Add workflow to update actions #2498: Introduces a workflow for updating Action dependencies, related to the main PR's workflow for updating dependencies.
• Update Actions dependency #2623: Updates Actions dependencies, aligning with the main PR's focus on automating dependency updates.
• Update Actions dependency #2629: Similar to Update Actions dependency #2623, updates Actions dependencies, reinforcing the connection to the main PR's changes regarding dependency management.
• Update Actions dependency #2677: Updates various Actions dependencies, which is directly relevant to the main PR's modifications in the workflow for updating dependencies.
• Update Actions dependency #2706: Automates the update of Actions dependencies, which is a core aspect of the main PR's modifications to the dependency management workflow.

Suggested labels

type/feature, priority/medium, size/M

Suggested reviewers

• hlts2

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[cloudflare-workers-and-pages]

Deploying vald with    Cloudflare Pages

Latest commit:	f00d518
Status:	✅  Deploy successful!
Preview URL:	https://d84b31fd.vald.pages.dev
Branch Preview URL:	https://ci-makefile-github-add-auto.vald.pages.dev

View logs

[vdaas-ci]

[CHATOPS:HELP] ChatOps commands.

• 🙆‍♀️ /approve - approve
• 🍱 /format - format codes and add licenses
• ✅ /gen-test - generate test codes
• 🏷️ /label - add labels
• 🔚 2️⃣ 🔚 /label actions/e2e-deploy - run E2E deploy & integration test

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (5)

.github/workflows/update-deps.yaml (3)

22-26: LGTM: Context logging job is well-structured.

The dump-contexts-to-log job is correctly set up and uses the latest version of actions/checkout, which is good practice. The custom action for dumping context can be valuable for debugging.

Consider adding a comment explaining the purpose of the dump-contexts-to-log job and what kind of information it logs. This would improve the workflow's self-documentation.

---

27-40: LGTM: Job setup and Git configuration are well-implemented.

The update-version job is correctly configured with appropriate Git and GPG settings. Using a custom token and signing commits with GPG are good security practices.

Consider using GitHub's built-in ${{ github.workspace }} context variable instead of ${GITHUB_WORKSPACE} in the Git config command for consistency and to ensure it's always correctly expanded:

git config --global --add safe.directory "${{ github.workspace }}"

🧰 Tools

🪛 actionlint

34-34: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

53-64: LGTM: PR creation is well-configured.

The PR creation step is correctly implemented and includes all necessary details. Using a conditional check and a separate token for PR creation are good practices.

Consider adding more details to the PR body, such as a list of updated dependencies or a link to the workflow run. This can be achieved by using the diff_output suggested in the previous comment:

body: |
  Automated pull request to update Dependencies.

  ### Changes:
  ```diff
  ${{ steps.check_diff.outputs.diff_output }}

[Workflow run](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})

This will provide more context in the PR, making it easier for reviewers to understand the changes.

</blockquote></details>
<details>
<summary>Makefile.d/dependencies.mk (2)</summary><blockquote>

`156-160`: **LGTM: New `update/buf` target added correctly**

The new target for updating the buf version is implemented consistently with other similar targets in the file. It correctly fetches the latest release version from GitHub and writes it to the appropriate version file.



Consider adding error handling to the curl command, similar to other targets in this file. For example:

```diff
 update/buf:
-	curl -fsSL https://api.github.com/repos/bufbuild/buf/releases/latest | grep -Po '"tag_name": "\K.*?(?=")' > $(ROOTDIR)/versions/BUF_VERSION
+	@{ \
+		RESULT=$$(curl -fsSL https://api.github.com/repos/bufbuild/buf/releases/latest | grep -Po '"tag_name": "\K.*?(?=")'); \
+		if [ -n "$$RESULT" ]; then \
+			echo $$RESULT > $(ROOTDIR)/versions/BUF_VERSION; \
+		else \
+			echo "No version found for buf" >&2; \
+			exit 1; \
+		fi \
+	}

This change would make the target more robust and consistent with other targets in the file.

---

201-205: LGTM: New update/usearch target added correctly

The new target for updating the usearch version is implemented consistently with other similar targets in the file. It correctly fetches the latest release version from GitHub and writes it to the appropriate version file.

Consider adding error handling to the curl command, similar to other targets in this file. For example:

 update/usearch:
-	curl -fsSL https://api.github.com/repos/unum-cloud/usearch/releases/latest | grep -Po '"tag_name": "\K.*?(?=")' | sed 's/v//g' > $(ROOTDIR)/versions/USEARCH_VERSION
+	@{ \
+		RESULT=$$(curl -fsSL https://api.github.com/repos/unum-cloud/usearch/releases/latest | grep -Po '"tag_name": "\K.*?(?=")' | sed 's/v//g'); \
+		if [ -n "$$RESULT" ]; then \
+			echo $$RESULT > $(ROOTDIR)/versions/USEARCH_VERSION; \
+		else \
+			echo "No version found for usearch" >&2; \
+			exit 1; \
+		fi \
+	}

This change would make the target more robust and consistent with other targets in the file.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 0a8b332 and f038302.

📒 Files selected for processing (2)

• .github/workflows/update-deps.yaml (1 hunks)
• Makefile.d/dependencies.mk (4 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/update-deps.yaml

34-34: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

46-46: shellcheck reported issue in this script: SC2086:info:5:31: Double quote to prevent globbing and word splitting

(shellcheck)

🔇 Additional comments (4)

.github/workflows/update-deps.yaml (2)

16-20: LGTM: Workflow name and triggers are well-defined.

The workflow name clearly describes its purpose, and the trigger configuration allows for both manual and automated execution. The daily schedule ensures regular dependency checks, which is a good practice for maintaining up-to-date dependencies.

---

1-64: Overall assessment: Well-implemented workflow with room for minor improvements.

This GitHub Actions workflow for updating dependencies is well-structured and achieves its purpose effectively. It includes necessary steps such as checking out the repository, updating dependencies, checking for changes, and creating a pull request when needed. The use of GPG signing and a separate token for PR creation are good security practices.

The suggested improvements throughout the review are mainly focused on:

1. Enhancing readability and self-documentation
2. Addressing potential shell scripting issues
3. Providing more context in the created pull requests

These changes will make the workflow more robust and easier to maintain in the long run. Great job on implementing this automated dependency update process!

🧰 Tools

🪛 actionlint

34-34: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

46-46: shellcheck reported issue in this script: SC2086:info:5:31: Double quote to prevent globbing and word splitting

(shellcheck)

Makefile.d/dependencies.mk (2)

20-20: LGTM: New dependencies added correctly

The update/buf and update/usearch targets have been appropriately added to the update/libs target. They are placed in alphabetical order, maintaining the existing structure of the file.

Also applies to: 42-42

---

Line range hint 1-305: Overall assessment: Changes are well-implemented and consistent

The additions to the Makefile.d/dependencies.mk file effectively introduce support for updating two new dependencies: buf and usearch. The implementation is consistent with existing targets in the file, maintaining the overall structure and purpose of the Makefile.

The suggested improvements for error handling in both new targets would further enhance the robustness of the update process, aligning them more closely with some of the more comprehensive targets in the file.

These changes contribute positively to the project's dependency management capabilities.

[coderabbitai]

Actionable comments posted: 3

🧹 Outside diff range and nitpick comments (2)

Makefile.d/dependencies.mk (2)

156-160: Consider adding error handling for API failures

The implementation follows the established pattern and correctly fetches the buf version. However, like other targets, it might benefit from error handling for API failures.

Consider wrapping the command in a bash block with error handling:

-update/buf:
-	curl -fsSL https://api.github.com/repos/bufbuild/buf/releases/latest | grep -Po '"tag_name": "\K.*?(?=")' > $(ROOTDIR)/versions/BUF_VERSION
+update/buf:
+	@{ \
+		RESULT=$$(curl -fsSL https://api.github.com/repos/bufbuild/buf/releases/latest | grep -Po '"tag_name": "\K.*?(?=")'); \
+		if [ -n "$$RESULT" ]; then \
+			echo $$RESULT > $(ROOTDIR)/versions/BUF_VERSION; \
+		else \
+			echo "Failed to fetch buf version" >&2; \
+			exit 1; \
+		fi \
+	}

---

201-205: Consider adding error handling for API failures

The implementation follows the established pattern and correctly fetches the usearch version. However, like other targets, it might benefit from error handling for API failures.

Consider wrapping the command in a bash block with error handling:

-update/usearch:
-	curl -fsSL https://api.github.com/repos/unum-cloud/usearch/releases/latest | grep -Po '"tag_name": "\K.*?(?=")' | sed 's/v//g' > $(ROOTDIR)/versions/USEARCH_VERSION
+update/usearch:
+	@{ \
+		RESULT=$$(curl -fsSL https://api.github.com/repos/unum-cloud/usearch/releases/latest | grep -Po '"tag_name": "\K.*?(?=")' | sed 's/v//g'); \
+		if [ -n "$$RESULT" ]; then \
+			echo $$RESULT > $(ROOTDIR)/versions/USEARCH_VERSION; \
+		else \
+			echo "Failed to fetch usearch version" >&2; \
+			exit 1; \
+		fi \
+	}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between c11da8f and e90a426.

📒 Files selected for processing (3)

• .github/workflows/update-deps.yaml (4 hunks)
• Makefile (1 hunks)
• Makefile.d/dependencies.mk (4 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/update-deps.yaml

67-67: shellcheck reported issue in this script: SC1046:error:2:1: Couldn't find 'fi' for this 'if'

(shellcheck)

---

67-67: shellcheck reported issue in this script: SC1073:error:2:1: Couldn't parse this if expression. Fix to allow more checks

(shellcheck)

---

67-67: shellcheck reported issue in this script: SC1047:error:8:1: Expected 'fi' matching previously mentioned 'if'

(shellcheck)

---

67-67: shellcheck reported issue in this script: SC1072:error:8:1: Expected 'fi'. Fix any mentioned problems and try again

(shellcheck)

---

86-86: property "labels" is not defined in object type {conclusion: string; outcome: string; outputs: {string => string}}

(expression)

🔇 Additional comments (4)

.github/workflows/update-deps.yaml (1)

Line range hint 55-63: Previous review comment about shell scripting issues is still applicable.

🧰 Tools

🪛 actionlint

57-57: shellcheck reported issue in this script: SC2086:info:5:31: Double quote to prevent globbing and word splitting

(shellcheck)

Makefile.d/dependencies.mk (2)

20-20: LGTM: New dependencies properly integrated

The additions of buf and usearch to the update/libs target are well-organized and maintain the alphabetical ordering of dependencies.

Also applies to: 42-42

---

20-20: Verify integration with update workflow

Please ensure that the version files (BUF_VERSION and USEARCH_VERSION) are properly integrated into the update workflow and that the workflow is configured to handle these new dependencies.

Also applies to: 42-42, 156-160, 201-205

✅ Verification successful

Let me gather more information by checking the workflow files and Makefile structure more thoroughly.

This will help us understand:

1. If the update workflow exists and its configuration
2. The complete structure of the dependencies.mk file
3. The presence and location of version files
4. The overall workflow setup for dependency updates

---

Let me check the workflow configuration to verify the integration of the new dependencies.

---

Based on the analysis of the dependencies.mk and update-deps.yaml, I can verify the integration:

Dependencies are properly integrated

The new dependencies (buf and usearch) are correctly integrated into the update workflow through:

1. The update/libs target in dependencies.mk includes both update/buf and update/usearch
2. The update-deps.yaml workflow runs make update which executes all update targets including the new ones
3. The version files (BUF_VERSION and USEARCH_VERSION) are properly managed through their respective update targets

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify that the version files are referenced in the workflow
# and that the workflow is configured to handle these new dependencies

echo "Checking for version files usage in workflows..."
rg -l "BUF_VERSION|USEARCH_VERSION" .github/workflows/

echo "Checking for update workflow configuration..."
rg -l "buf|usearch" .github/workflows/update-deps.yaml

Length of output: 321

---

Script:

#!/bin/bash
# Check if update-deps.yaml exists and examine its content
echo "Checking if update-deps.yaml exists..."
fd -t f "update-deps.yaml" .github/workflows/

echo "\nChecking all workflow files for update-related tasks..."
fd -t f . .github/workflows/ -x cat {}

echo "\nExamining Makefile structure for update targets..."
cat Makefile.d/dependencies.mk

echo "\nChecking for version files..."
fd -g "*VERSION*" .

Length of output: 231318

---

Script:

#!/bin/bash
# Check update-deps.yaml workflow for buf and usearch integration
echo "Checking update-deps workflow..."
cat .github/workflows/update-deps.yaml

echo "\nChecking if version files are referenced in workflow paths..."
rg "versions/(BUF|USEARCH)_VERSION" .github/workflows/update-deps.yaml

Length of output: 3387

Makefile (1)

508-508: LGTM! Verify the go/example/deps target implementation.

The addition of go/example/deps to the update target is a good improvement to ensure example code dependencies are also updated.

Let's verify the target implementation:

✅ Verification successful

Let me gather more information about the target implementation and its dependencies.

---

Based on the gathered information, I can now generate the final response:

Target implementation verified and working as expected

The go/example/deps target is properly implemented in Makefile.d/dependencies.mk and:

• Correctly manages dependencies for Go example code in example/client/
• Handles cleanup of vendor directories and Go module files
• Updates Go version in the module file
• Runs go mod tidy in the example client directory
• Affects existing Go files: main.go, agent/main.go, and mirror/main.go

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if the go/example/deps target is properly defined

# Test: Search for the target definition
rg -A 5 '(^|\s)go/example/deps:'

Length of output: 401

---

Script:

#!/bin/bash
# Check the complete implementation of go/example/deps target and related targets
rg -A 10 '(^|\s)go/example/deps:' Makefile.d/dependencies.mk

# Check if there are any example Go files that would be affected
fd -e go . example/

# Check if there's a go.mod file in the example directory
fd go.mod example/

Length of output: 725