jd-opensource · yq33victor · Nov 6, 2025 · Nov 6, 2025 · Nov 6, 2025 · yq33victor
diff --git a/.github/workflows/build_x86_64_mlu.yaml b/.github/workflows/build_x86_64_mlu.yaml
@@ -18,8 +18,6 @@ on:
     branches: [main]
     types: [opened, synchronize, reopened]
     paths-ignore:
-      - '.github/**'
-      - 'cibuild/**'
       - 'cmake/**'
       - 'docs/**'
       - 'third_party/**'
@@ -36,7 +34,66 @@ concurrency:
   cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }}
 
 jobs:
+  check-approval-if-needed:
+    if: ${{ github.event_name == 'pull_request' }}
+    runs-on: [self-hosted]
+    outputs:
+      requires_approval: ${{ steps.check_sensitive.outputs.requires_approval }}
+      approved: ${{ steps.check_approved.outputs.approved }}
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Ensure we can compare commits
+
+      - name: Check if sensitive files were changed
+        id: check_sensitive
+        run: |
+          sensitive_files=(
+            ".github/**.yaml"
+            "cibuild/**.sh"
+            "setup.py"
+          )
+          shopt -s globstar nullglob
+          changed_files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }})
+          requires_approval="false"
+          #for file in "${sensitive_files[@]}"; do
+          #  if echo "$changed_files" | grep -Fxq "$file"; then
+          #    requires_approval="true"
+          #    break
+          #  fi
+          #done
+          while IFS= read -r changed_file; do
+            [[ -z "$changed_file" ]] && continue
+            for pattern in "${sensitive_files[@]}"; do
+              if [[ "$changed_file" == $pattern ]]; then
+                requires_approval="true"
+                break 2
+              fi
+          done
+          done < <(git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}")
+
+          echo "requires_approval=$requires_approval" >> $GITHUB_OUTPUT
+
+      - name: Check PR approvals
+        id: check_approved
+        if: ${{ steps.check_sensitive.outputs.requires_approval == 'true' }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          pr_number=${{ github.event.pull_request.number }}
+          response=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" \
+            -H "Accept: application/vnd.github.v3+json" \
+            "https://api.github.com/repos/${{ github.repository }}/pulls/$pr_number/reviews")
+
+          if echo "$response" | jq -e '.[] | select(.state == "APPROVED")' > /dev/null; then
+            echo "approved=true" >> $GITHUB_OUTPUT
+          else
+            echo "approved=false" >> $GITHUB_OUTPUT
+          fi
+
   build:
+    needs: check-approval-if-needed
     if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'push' || github.event_name == 'pull_request' }}
     runs-on: [self-hosted]
     steps:

diff --git a/.github/workflows/build_x86_64_npu.yaml b/.github/workflows/build_x86_64_npu.yaml
@@ -17,9 +17,9 @@ on:
   pull_request:
     branches: [main]
     types: [opened, synchronize, reopened]
+  pull_request_review:
+    types: [submitted]
     paths-ignore:
-      - '.github/**'
-      - 'cibuild/**'
       - 'cmake/**'
       - 'docs/**'
       - 'third_party/**'
@@ -36,8 +36,142 @@ concurrency:
   cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }}
 
 jobs:
+  determine-target:
+    runs-on: [self-hosted]
+    outputs:
+      should_run: ${{ steps.decide.outputs.should_run }}
+      pr_number: ${{ steps.set_vars.outputs.pr_number }}
+      head_sha: ${{ steps.set_vars.outputs.head_sha }}
+    steps:
+      - name: Set variables based on event
+        id: set_vars
+        run: |
+          if [ "${{ github.event_name }}" == "pull_request_review" ]; then
+            echo "pr_number=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
+            echo "head_sha=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT
+          elif [ "${{ github.event_name }}" == "pull_request" ]; then
+            echo "pr_number=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
+            echo "head_sha=${{ github.sha }}" >> $GITHUB_OUTPUT
+          else
+            echo "pr_number=" >> $GITHUB_OUTPUT
+            echo "head_sha=${{ github.sha }}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Decide whether to run build
+        id: decide
+        run: |
+          event="${{ github.event_name }}"
+          if [[ "$event" == "workflow_dispatch" || "$event" == "push" ]]; then
+            echo "should_run=true" >> $GITHUB_OUTPUT
+          elif [[ "$event" == "pull_request" ]]; then
+            echo "should_run=true" >> $GITHUB_OUTPUT
+          elif [[ "$event" == "pull_request_review" ]]; then
+            if [[ "${{ github.event.review.state }}" == "approved" ]]; then
+              echo "should_run=true" >> $GITHUB_OUTPUT
+            else
+              echo "should_run=false" >> $GITHUB_OUTPUT
+            fi
+          else
+            echo "should_run=false" >> $GITHUB_OUTPUT
+          fi
+
+  check-sensitive-and-approval:
+    #if: ${{ github.event_name == 'pull_request' }}
+    needs: determine-target
+    if: >
+      needs.determine-target.outputs.should_run == 'true' &&
+      (github.event_name == 'pull_request' || github.event_name == 'pull_request_review')
+    runs-on: [self-hosted]
+    outputs:
+      #requires_approval: ${{ steps.check_sensitive.outputs.requires_approval }}
+      #approved: ${{ steps.check_approved.outputs.approved }}
+      can_proceed: ${{ steps.check.outputs.can_proceed }}
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Ensure we can compare commits
+
+      - name: Install jq
+        run: yum install -y jq
+
+      - name: Check if sensitive files were changed
+        id: check_sensitive
+        run: |
+          sensitive_files=(
+            ".github/**.yaml"
+            "cibuild/**.sh"
+            "setup.py"
+          )
+          changed_files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }})
+          echo "=======================> changed_files: $changed_files"
+          requires_approval="false"
+          #for file in "${sensitive_files[@]}"; do
+          #  if echo "$changed_files" | grep -Fxq "$file"; then
+          #    echo "======================> requires_approval=true"
+          #    requires_approval="true"
+          #    break
+          #  fi
+          #done
+          while IFS= read -r changed_file; do
+            [[ -z "$changed_file" ]] && continue
+            echo "=========================> start -z changed_file"
+            for pattern in "${sensitive_files[@]}"; do
+              echo "=========================> start cmp: $changed_file"
+              if [[ "$changed_file" == $pattern ]]; then
+                echo "====================> changed_file == pattern: $changed_file"
+                requires_approval="true"
+                break 2
+              fi
+          done
+          done < <(git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}")
+
+          echo "=======================> requires_approval = $requires_approval"
+          echo "requires_approval=$requires_approval" >> $GITHUB_OUTPUT
+
+      - name: Check PR approvals
+        id: check_approved
+        if: ${{ github.event_name == 'pull_request' && steps.check_sensitive.outputs.requires_approval == 'true' }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          pr_number=${{ github.event.pull_request.number }}
+          response=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" \
+            -H "Accept: application/vnd.github.v3+json" \
+            "https://api.github.com/repos/${{ github.repository }}/pulls/$pr_number/reviews")
+
+          if echo "$response" | jq -e '.[] | select(.state == "APPROVED")' > /dev/null; then
+            echo "approved=true" >> $GITHUB_OUTPUT
+          else
+            echo "approved=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Final decision
+        id: check
+        run: |
+          if [ "${{ github.event_name }}" == "pull_request_review" ]; then
+            echo "can_proceed=true" >> $GITHUB_OUTPUT
+            #if [ "${{ steps.check_sensitive.outputs.requires_approval }}" == "true" ]; then
+            #  echo "can_proceed=true" >> $GITHUB_OUTPUT
+            #else
+            #  echo "can_proceed=true" >> $GITHUB_OUTPUT
+            #fi
+          else
+            if [ "${{ steps.check_sensitive.outputs.requires_approval }}" != "true" ]; then
+              echo "can_proceed=true" >> $GITHUB_OUTPUT
+            elif [ "${{ steps.check_approved.outputs.approved }}" == "true" ]; then
+              echo "can_proceed=true" >> $GITHUB_OUTPUT
+            else
+              echo "can_proceed=false" >> $GITHUB_OUTPUT
+            fi
+          fi
+
   build:
-    if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'push' || github.event_name == 'pull_request' }}
+    needs: [determine-target, check-sensitive-and-approval]
+    #if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'push' || github.event_name == 'pull_request' }}
+    if: >
+      (github.event_name == 'workflow_dispatch' || github.event_name == 'push') ||
+      (needs.check-sensitive-and-approval.outputs.can_proceed == 'true')
     runs-on: [self-hosted]
     steps:
     - name: Checkout Code

diff --git a/xllm/api_service/chat_service_impl.cpp b/xllm/api_service/chat_service_impl.cpp
@@ -54,6 +54,9 @@ ToolCallResult process_tool_calls(std::string text,
                                   google::protobuf::Arena* arena = nullptr) {
   ToolCallResult result;
 
+  /// --------------
+  LOG(ERROR) << "====================== test =======================";
+
   function_call::FunctionCallParser parser(tools, parser_format);
 
   if (!parser.has_tool_call(text)) {