fix: connector builder cdk bump workflow

[dbgold17]

Since @pedroslopez changed how we build and deploy connector builder using the airbyte/manifest-server image, the process of updating the CDK version used by Builder in OSS and Cloud has become much simpler and this workflow that creates a PR automatically to update Builder to the latest CDK version needed to be altered.

I tested this out by manually running this workflow (generating a pre-release CDK version).

Here's the PR that was created: https://github.com/airbytehq/airbyte-platform-internal/pull/18058/files

Summary by CodeRabbit

• Chores
  • Updated CI job dependencies and simplified the publish workflow orchestration.
  • Removed an external Python setup step from the job to streamline execution.
  • Replaced a retry-based multi-step updater with a single in-repo substitution that updates the manifest server image and API build references and persists the new version, while keeping automated PR creation.

[github-actions]

👋 Greetings, Airbyte Team Member!

Here are some helpful tips and reminders for your convenience.

Testing This CDK Version

You can test this version of the CDK using the following:

# Run the CLI from this branch:
uvx 'git+https://github.com/airbytehq/airbyte-python-cdk.git@dbgold17/update-cdk-bump-in-builder-workflow#egg=airbyte-python-cdk[dev]' --help

# Update a connector to use the CDK from this branch ref:
cd airbyte-integrations/connectors/source-example
poe use-cdk-branch dbgold17/update-cdk-bump-in-builder-workflow

Helpful Resources

• CDK API Reference

PR Slash Commands

Airbyte Maintainers can execute the following slash commands on your PR:

• /autofix - Fixes most formatting and linting issues
• /poetry-lock - Updates poetry.lock file
• /test - Runs connector tests with the updated CDK
• /poe build - Regenerate git-committed build artifacts, such as the pydantic models which are generated from the manifest JSON schema in YAML.
• /poe <command> - Runs any poe command in the CDK environment

📝 Edit this welcome message.

[Copilot]

Pull Request Overview

This PR simplifies the connector builder CDK bump workflow by switching from manually updating CDK dependencies in multiple files to just updating the manifest-server Docker image tag. The change reflects the new deployment architecture where the airbyte/manifest-server image already includes the CDK version.

• Removed dependency on publish_cdk and publish_sdm jobs, replacing with publish_manifest_server
• Simplified the update process to only modify the manifest-server tag in Helm values file
• Eliminated Python setup, retry logic, and manual dependency compilation steps

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

Updated .github/workflows/publish.yml: the update-connector-builder job now needs publish_manifest_server (replacing publish_cdk/publish_sdm), removed Python/setup and retry-based CDK update steps, and added a single in-repo run step that updates manifest-server image tag, build.gradle.kts CDK reference, and writes CDK_VERSION, then creates a PR.

Changes

Cohort / File(s)

Summary

Publish workflow \.github/workflows/publish.yml

Updated update-connector-builder job needs to publish_manifest_server (removed publish_cdk, publish_sdm); removed actions/setup-python@v5 and the retry-based multi-step CDK/version update; added a single run step that substitutes VERSION into oss/charts/v2/airbyte/values.yaml (manifestServer image tag), updates oss/airbyte-api/manifest-server-api/build.gradle.kts CDK reference, writes oss/airbyte-connector-builder-resources/CDK_VERSION, then creates a PR.

Sequence Diagram(s)

sequenceDiagram
    participant Publish as publish_manifest_server
    participant Updater as update-connector-builder
    participant Repo as repo (values.yaml / build.gradle.kts / CDK_VERSION)
    participant GH as GitHub (PR)

    rect rgb(235,245,255)
    Publish->>Updater: completes → triggers job
    end

    rect rgb(245,255,235)
    Updater->>Repo: substitute VERSION into values.yaml\nupdate build.gradle.kts CDK reference\nwrite CDK_VERSION file
    Updater->>GH: create PR with in-repo edits
    GH-->>Updater: PR created
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Check needs change for ordering/conditional impacts.
• Verify the run-step's substitutions/paths (oss/charts/v2/airbyte/values.yaml, oss/airbyte-api/manifest-server-api/build.gradle.kts, oss/airbyte-connector-builder-resources/CDK_VERSION) and that the VERSION source is correct.
• Confirm removing actions/setup-python and the retry logic preserves required env and resiliency—wdyt?

Possibly related PRs

• ci: create unified cdk, sdm, and builder publish flow #107 — updates the same update-connector-builder job to change dependencies and replace retry-based updates with an in-repo run step.
• feat: add manifest-server references to auto platform CDK version bump #731 — propagates new CDK version into oss/charts/.../values.yaml and oss/airbyte-api/.../build.gradle.kts, matching the updated run-step targets.
• CI: move SDM image publish to dedicated step #83 — modifies CI publish workflows related to SDM/publish job dependencies which intersect with this job's dependency changes.

Suggested labels

ci

Suggested reviewers

• pedroslopez
• aaronsteers

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The PR title "fix: connector builder cdk bump workflow" directly and accurately describes the main change in the pull request. The changeset modifies the GitHub Actions workflow that automatically updates the Connector Builder to the latest CDK version, specifically refactoring it to work with the new manifest-server-based deployment approach. The title is concise, uses standard "fix:" conventions, and clearly communicates the scope (connector builder cdk bump workflow) without vague language or unnecessary detail. A developer reviewing the commit history would immediately understand this addresses an issue with the workflow's CDK version update process.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dbgold17/update-cdk-bump-in-builder-workflow

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/publish.yml (1)

370-380: Consider escaping version strings in sed regex for robustness.

The sed pattern tag: ${PREVIOUS_VERSION} doesn't escape special regex characters. Semantic versions like 1.0.0 contain dots (.), which are regex metacharacters matching any character. While unlikely to cause issues in a well-formatted YAML file, this could theoretically match unintended patterns.

Wdyt about using a safer sed pattern, either by escaping the version or using a different delimiter?

Here's a more robust approach:

# Escape special characters for sed
PREV_ESCAPED=$(printf '%s\n' "${PREVIOUS_VERSION}" | sed -e 's/[\/&]/\\&/g')
NEW_ESCAPED=$(printf '%s\n' "${VERSION}" | sed -e 's/[\/&]/\\&/g')
sed -i "s|tag: ${PREV_ESCAPED}|tag: ${NEW_ESCAPED}|g" "oss/charts/v2/airbyte/values.yaml"

Or using a different delimiter to reduce escaping needs:

sed -i "s|tag: ${PREVIOUS_VERSION}|tag: ${VERSION}|g" "oss/charts/v2/airbyte/values.yaml"

(Note: Using | as delimiter still requires escaping | in the version if it appears, but | is much less common in version strings than /.)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c0ae1c0 and eb6f9e4.

📒 Files selected for processing (1)

• .github/workflows/publish.yml (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: Publish Manifest Server to DockerHub
• GitHub Check: Publish SDM to DockerHub
• GitHub Check: Publish CDK version to PyPI
• GitHub Check: SDM Docker Image Build
• GitHub Check: Manifest Server Docker Image Build
• GitHub Check: Pytest (Fast)
• GitHub Check: Analyze (python)

🔇 Additional comments (2)

.github/workflows/publish.yml (2)

343-345: Job dependency refactoring aligns with simplified architecture. ✓

Shifting from publish_cdk and publish_sdm to publish_manifest_server makes sense—since manifest-server now includes the CDK, this reduces complexity and removes unnecessary dependencies. Nice simplification!

---

346-354: Verify VERSION is set for manual workflow_dispatch triggers.

Looking at the condition, when triggered via workflow_dispatch with update_connector_builder == 'true', there's no guarantee that VERSION is populated. If both the auto-detected and user-input versions are empty, VERSION becomes an empty string (see line 82), which would result in invalid YAML (tag: with no value).

Can you confirm that the version is always expected to be set in practice, or should we add a validation check to fail fast if VERSION is empty?

[github-actions]

PyTest Results (Fast)

3 817 tests  ±0   3 805 ✅ ±0   6m 36s ⏱️ +7s
    1 suites ±0      12 💤 ±0 
    1 files   ±0       0 ❌ ±0 

Results for commit 8af70b1. ± Comparison against base commit c0ae1c0.

♻️ This comment has been updated with latest results.

[dbgold17]

turns out using yq to modify the values.yaml file creates a messy diff in the resulting PR because it attempts to do a bunch of reformatting of the yaml file: https://github.com/airbytehq/airbyte-platform-internal/pull/18058/commits/9c21f5b6972f1114d0791413d9c53008b2a14cb2

I'm opting to use sed instead even if less optimized for the task. The PR should always have a human reviewer anyway to catch mistakes.

[pedroslopez]