airbytehq
diff --git a/‎.github/pr-welcome-community.md‎
Lines changed: 1 addition & 0 deletions b/‎.github/pr-welcome-community.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/pr-welcome-internal.md‎
Lines changed: 1 addition & 0 deletions b/‎.github/pr-welcome-internal.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/prerelease-command.yml‎
Lines changed: 116 additions & 0 deletions b/‎.github/workflows/prerelease-command.yml‎
Lines changed: 116 additions & 0 deletions
diff --git a/‎.github/workflows/publish.yml‎
Lines changed: 4 additions & 2 deletions b/‎.github/workflows/publish.yml‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎.github/workflows/slash_command_dispatch.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/slash_command_dispatch.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎airbyte_cdk/sources/declarative/auth/oauth.py‎
Lines changed: 12 additions & 2 deletions b/‎airbyte_cdk/sources/declarative/auth/oauth.py‎
Lines changed: 12 additions & 2 deletions
diff --git a/‎airbyte_cdk/sources/declarative/declarative_component_schema.yaml‎
Lines changed: 25 additions & 3 deletions b/‎airbyte_cdk/sources/declarative/declarative_component_schema.yaml‎
Lines changed: 25 additions & 3 deletions
diff --git a/‎airbyte_cdk/sources/declarative/models/declarative_component_schema.py‎
Lines changed: 21 additions & 5 deletions b/‎airbyte_cdk/sources/declarative/models/declarative_component_schema.py‎
Lines changed: 21 additions & 5 deletions
@@ -27,5 +27,6 @@ As needed or by request, Airbyte Maintainers can execute the following slash com
 - `/autofix` - Fixes most formatting and linting issues
 - `/poetry-lock` - Updates poetry.lock file
 - `/test` - Runs connector tests with the updated CDK
+- `/prerelease` - Triggers a prerelease publish with default arguments
 
 If you have any questions, feel free to ask in the PR comments or join our [Slack community](https://airbytehq.slack.com/).
@@ -26,6 +26,7 @@ Airbyte Maintainers can execute the following slash commands on your PR:
 - `/autofix` - Fixes most formatting and linting issues
 - `/poetry-lock` - Updates poetry.lock file
 - `/test` - Runs connector tests with the updated CDK
+- `/prerelease` - Triggers a prerelease publish with default arguments
 - `/poe build` - Regenerate git-committed build artifacts, such as the pydantic models which are generated from the manifest JSON schema in YAML.
 - `/poe <command>` - Runs any poe command in the CDK environment
 
 
@@ -0,0 +1,116 @@
+name: On-Demand Prerelease
+
+# Minimal permissions for security (addresses GitHub Advanced Security feedback)
+permissions:
+  contents: read
+  pull-requests: write
+  issues: write
+
+on:
+  workflow_dispatch:
+    inputs:
+      pr:
+        description: "PR Number"
+        type: string
+        required: false
+      comment-id:
+        description: "Comment ID (Optional)"
+        type: string
+        required: false
+
+jobs:
+  prerelease-on-demand:
+    name: Trigger Prerelease Publish
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Authenticate as GitHub App
+        uses: actions/create-github-app-token@v2
+        id: get-app-token
+        with:
+          owner: "airbytehq"
+          repositories: "airbyte-python-cdk"
+          app-id: ${{ secrets.OCTAVIA_BOT_APP_ID }}
+          private-key: ${{ secrets.OCTAVIA_BOT_PRIVATE_KEY }}
+
+      - name: Create URL to the run output
+        id: vars
+        run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> $GITHUB_OUTPUT
+
+      - name: Check that PR number is provided
+        if: github.event.inputs.pr == ''
+        run: |
+          echo "Error: /prerelease command must be invoked on a pull request, not an issue."
+          exit 1
+
+      - name: Get PR info
+        id: pr-info
+        run: |
+          PR_JSON=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.inputs.pr }})
+          HEAD_REF=$(echo "$PR_JSON" | jq -r .head.ref)
+          HEAD_REPO=$(echo "$PR_JSON" | jq -r .head.repo.full_name)
+          echo "head-ref=${HEAD_REF}" >> $GITHUB_OUTPUT
+          echo "head-repo=${HEAD_REPO}" >> $GITHUB_OUTPUT
+          echo "PR branch: ${HEAD_REF} from ${HEAD_REPO}"
+        env:
+          GH_TOKEN: ${{ steps.get-app-token.outputs.token }}
+
+      - name: Check that PR is from this repository (not a fork)
+        if: steps.pr-info.outputs.head-repo != github.repository
+        run: |
+          echo "Error: /prerelease only works for branches in this repository, not forks."
+          echo "PR is from: ${{ steps.pr-info.outputs.head-repo }}"
+          echo "Expected: ${{ github.repository }}"
+          exit 1
+
+      - name: Append comment with job run link
+        if: github.event.inputs.comment-id
+        id: first-comment-action
+        uses: peter-evans/create-or-update-comment@v4
+        with:
+          comment-id: ${{ github.event.inputs.comment-id }}
+          issue-number: ${{ github.event.inputs.pr }}
+          body: |
+            > **Prerelease Job Info**
+            >
+            > This job triggers the publish workflow with default arguments to create a prerelease.
+            >
+            > Prerelease job started... [Check job output.][1]
+
+            [1]: ${{ steps.vars.outputs.run-url }}
+
+      - name: Trigger publish workflow
+        id: trigger-publish
+        uses: the-actions-org/workflow-dispatch@v4
+        with:
+          workflow: publish.yml
+          token: ${{ steps.get-app-token.outputs.token }}
+          ref: ${{ steps.pr-info.outputs.head-ref }}
+          wait-for-completion: true
+          display-workflow-run-url: false
+          inputs: >-
+            {
+              "publish_to_pypi": "true",
+              "publish_to_dockerhub": "true",
+              "publish_manifest_server": "false",
+              "update_connector_builder": "false"
+            }
+
+      - name: Append success comment
+        if: github.event.inputs.comment-id
+        uses: peter-evans/create-or-update-comment@v4
+        with:
+          comment-id: ${{ steps.first-comment-action.outputs.comment-id }}
+          reactions: hooray
+          body: |
+            > ✅ Prerelease workflow triggered successfully.
+            >
+            > View the publish workflow run: ${{ steps.trigger-publish.outputs.workflow-url }}
+
+      - name: Append failure comment
+        if: failure() && github.event.inputs.comment-id
+        uses: peter-evans/create-or-update-comment@v4
+        with:
+          comment-id: ${{ steps.first-comment-action.outputs.comment-id }}
+          reactions: confused
+          body: |
+            > ❌ Failed to trigger prerelease workflow.
@@ -20,8 +20,10 @@ on:
           Note that this workflow is intended for prereleases. For public-facing stable releases,
           please use the GitHub Releases workflow instead:
           https://github.com/airbytehq/airbyte-python-cdk/blob/main/docs/RELEASES.md.
-          For prereleases, please leave the version blank to use the detected version. Alternatively,
-          you can override the dynamic versioning for special use cases.
+          For prereleases, you can use the /prerelease slash command in a PR comment to trigger
+          this workflow with default arguments. Alternatively, you can manually trigger this workflow
+          and leave the version blank to use the detected version, or override the dynamic versioning
+          for special use cases.
         required: false
       publish_to_pypi:
         description: "Publish to PyPI. If true, the workflow will publish to PyPI."
 
@@ -35,6 +35,7 @@ jobs:
             test
             poetry-lock
             poe
+            prerelease
 
           # Notes regarding static-args:
           # - Slash commands can be invoked from both issues and comments.
@@ -63,6 +64,7 @@ jobs:
           - \`/autofix\` - Corrects any linting or formatting issues
           - \`/test\` - Runs the test suite
           - \`/poetry-lock\` - Re-locks dependencies and updates the poetry.lock file
+          - \`/prerelease\` - Triggers a prerelease publish with default arguments
           - \`/help\` - Shows this help message"
 
           if [[ "${{ github.event.comment.body }}" == "/help" ]]; then
 
@@ -5,7 +5,7 @@
 import logging
 from dataclasses import InitVar, dataclass, field
 from datetime import datetime, timedelta
-from typing import Any, List, Mapping, Optional, Union
+from typing import Any, List, Mapping, Optional, Tuple, Union
 
 from airbyte_cdk.sources.declarative.auth.declarative_authenticator import DeclarativeAuthenticator
 from airbyte_cdk.sources.declarative.interpolation.interpolated_boolean import InterpolatedBoolean
@@ -46,6 +46,9 @@ class DeclarativeOauth2Authenticator(AbstractOauth2Authenticator, DeclarativeAut
         refresh_request_headers (Optional[Mapping[str, Any]]): The request headers to send in the refresh request
         grant_type: The grant_type to request for access_token. If set to refresh_token, the refresh_token parameter has to be provided
         message_repository (MessageRepository): the message repository used to emit logs on HTTP requests
+        refresh_token_error_status_codes (Tuple[int, ...]): Status codes to identify refresh token errors in response
+        refresh_token_error_key (str): Key to identify refresh token error in response
+        refresh_token_error_values (Tuple[str, ...]): List of values to check for exception during token refresh process
     """
 
     config: Mapping[str, Any]
@@ -72,9 +75,16 @@ class DeclarativeOauth2Authenticator(AbstractOauth2Authenticator, DeclarativeAut
     message_repository: MessageRepository = NoopMessageRepository()
     profile_assertion: Optional[DeclarativeAuthenticator] = None
     use_profile_assertion: Optional[Union[InterpolatedBoolean, str, bool]] = False
+    refresh_token_error_status_codes: Tuple[int, ...] = ()
+    refresh_token_error_key: str = ""
+    refresh_token_error_values: Tuple[str, ...] = ()
 
     def __post_init__(self, parameters: Mapping[str, Any]) -> None:
-        super().__init__()
+        super().__init__(
+            refresh_token_error_status_codes=self.refresh_token_error_status_codes,
+            refresh_token_error_key=self.refresh_token_error_key,
+            refresh_token_error_values=self.refresh_token_error_values,
+        )
         if self.token_refresh_endpoint is not None:
             self._token_refresh_endpoint: Optional[InterpolatedString] = InterpolatedString.create(
                 self.token_refresh_endpoint, parameters=parameters
 
@@ -1427,6 +1427,28 @@ definitions:
         type: string
         examples:
           - "%Y-%m-%d %H:%M:%S.%f+00:00"
+      refresh_token_error_status_codes:
+        title: Refresh Token Error Status Codes
+        description: Status Codes to Identify refresh token error in response (Refresh Token Error Key and Refresh Token Error Values should be also specified). Responses with one of the error status code and containing an error value will be flagged as a config error
+        type: array
+        items:
+          type: integer
+        examples:
+          - [400, 500]
+      refresh_token_error_key:
+        title: Refresh Token Error Key
+        description: Key to Identify refresh token error in response (Refresh Token Error Status Codes and Refresh Token Error Values should be also specified).
+        type: string
+        examples:
+          - "error"
+      refresh_token_error_values:
+        title: Refresh Token Error Values
+        description: 'List of values to check for exception during token refresh process. Used to check if the error found in the response matches the key from the Refresh Token Error Key field (e.g. response={"error": "invalid_grant"}). Only responses with one of the error status code and containing an error value will be flagged as a config error'
+        type: array
+        items:
+          type: string
+        examples:
+          - ["invalid_grant", "invalid_permissions"]
       refresh_token_updater:
         title: Refresh Token Updater
         description: When the refresh token updater is defined, new refresh tokens, access tokens and the access token expiry date are written back from the authentication response to the config object. This is important if the refresh token can only used once.
@@ -1468,7 +1490,7 @@ definitions:
             examples:
               - ["credentials", "token_expiry_date"]
           refresh_token_error_status_codes:
-            title: Refresh Token Error Status Codes
+            title: (Deprecated - Use the same field on the OAuthAuthenticator level) Refresh Token Error Status Codes
             description: Status Codes to Identify refresh token error in response (Refresh Token Error Key and Refresh Token Error Values should be also specified). Responses with one of the error status code and containing an error value will be flagged as a config error
             type: array
             items:
@@ -1477,14 +1499,14 @@ definitions:
             examples:
               - [400, 500]
           refresh_token_error_key:
-            title: Refresh Token Error Key
+            title: (Deprecated - Use the same field on the OAuthAuthenticator level) Refresh Token Error Key
             description: Key to Identify refresh token error in response (Refresh Token Error Status Codes and Refresh Token Error Values should be also specified).
             type: string
             default: ""
             examples:
               - "error"
           refresh_token_error_values:
-            title: Refresh Token Error Values
+            title: (Deprecated - Use the same field on the OAuthAuthenticator level) Refresh Token Error Values
             description: 'List of values to check for exception during token refresh process. Used to check if the error found in the response matches the key from the Refresh Token Error Key field (e.g. response={"error": "invalid_grant"}). Only responses with one of the error status code and containing an error value will be flagged as a config error'
             type: array
             items:
 
@@ -1,5 +1,3 @@
-# Copyright (c) 2025 Airbyte, Inc., all rights reserved.
-
 # generated by datamodel-codegen:
 #   filename:  declarative_component_schema.yaml
 
@@ -426,19 +424,19 @@ class RefreshTokenUpdater(BaseModel):
         [],
         description="Status Codes to Identify refresh token error in response (Refresh Token Error Key and Refresh Token Error Values should be also specified). Responses with one of the error status code and containing an error value will be flagged as a config error",
         examples=[[400, 500]],
-        title="Refresh Token Error Status Codes",
+        title="(Deprecated - Use the same field on the OAuthAuthenticator level) Refresh Token Error Status Codes",
     )
     refresh_token_error_key: Optional[str] = Field(
         "",
         description="Key to Identify refresh token error in response (Refresh Token Error Status Codes and Refresh Token Error Values should be also specified).",
         examples=["error"],
-        title="Refresh Token Error Key",
+        title="(Deprecated - Use the same field on the OAuthAuthenticator level) Refresh Token Error Key",
     )
     refresh_token_error_values: Optional[List[str]] = Field(
         [],
         description='List of values to check for exception during token refresh process. Used to check if the error found in the response matches the key from the Refresh Token Error Key field (e.g. response={"error": "invalid_grant"}). Only responses with one of the error status code and containing an error value will be flagged as a config error',
         examples=[["invalid_grant", "invalid_permissions"]],
-        title="Refresh Token Error Values",
+        title="(Deprecated - Use the same field on the OAuthAuthenticator level) Refresh Token Error Values",
     )
 
 
@@ -1900,6 +1898,24 @@ class OAuthAuthenticator(BaseModel):
         examples=["%Y-%m-%d %H:%M:%S.%f+00:00"],
         title="Token Expiry Date Format",
     )
+    refresh_token_error_status_codes: Optional[List[int]] = Field(
+        None,
+        description="Status Codes to Identify refresh token error in response (Refresh Token Error Key and Refresh Token Error Values should be also specified). Responses with one of the error status code and containing an error value will be flagged as a config error",
+        examples=[[400, 500]],
+        title="Refresh Token Error Status Codes",
+    )
+    refresh_token_error_key: Optional[str] = Field(
+        None,
+        description="Key to Identify refresh token error in response (Refresh Token Error Status Codes and Refresh Token Error Values should be also specified).",
+        examples=["error"],
+        title="Refresh Token Error Key",
+    )
+    refresh_token_error_values: Optional[List[str]] = Field(
+        None,
+        description='List of values to check for exception during token refresh process. Used to check if the error found in the response matches the key from the Refresh Token Error Key field (e.g. response={"error": "invalid_grant"}). Only responses with one of the error status code and containing an error value will be flagged as a config error',
+        examples=[["invalid_grant", "invalid_permissions"]],
+        title="Refresh Token Error Values",
+    )
     refresh_token_updater: Optional[RefreshTokenUpdater] = Field(
         None,
         description="When the refresh token updater is defined, new refresh tokens, access tokens and the access token expiry date are written back from the authentication response to the config object. This is important if the refresh token can only used once.",