🌱 Remove legacy typo and link checker workflows#730
🌱 Remove legacy typo and link checker workflows#730clubanderson wants to merge 4 commits intomainfrom
Conversation
|
Unsigned commits detected! Please sign your commits. For instructions on how to set up GPG/SSH signing and verify your commits, please see GitHub Documentation. |
There was a problem hiding this comment.
Pull request overview
Removes two legacy GitHub Actions “caller” workflows (typo checking and Markdown link checking) that previously delegated to reusable workflows in llm-d/llm-d-infra, with the intent to rely on centrally deployed agentic replacements.
Changes:
- Deleted
.github/workflows/md-link-check.yml(Markdown link check caller workflow). - Deleted
.github/workflows/check-typos.yaml(typo check caller workflow).
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| .github/workflows/md-link-check.yml | Removes the repo-level trigger that ran the reusable Markdown link checker. |
| .github/workflows/check-typos.yaml | Removes the repo-level trigger that ran the reusable typo checker. |
Comments suppressed due to low confidence (2)
.github/workflows/md-link-check.yml:1
- Deleting this workflow removes Markdown link checking from this repo’s CI. I don’t see any replacement workflow in .github/workflows that would run on PR/push, so these checks will stop running unless the “centrally deployed” agentic workflow is installed/enforced via repo rulesets/required workflows. If link checking is still required, add the new caller workflow here or document/enforce the external mechanism so regressions aren’t silently missed.
.github/workflows/check-typos.yaml:1 - Deleting this workflow removes typo checking from this repo’s CI. I don’t see any other workflow in .github/workflows that provides an equivalent PR/push typo check, so this will stop running unless an external/centrally deployed workflow is actually installed and required for this repo. If typo checking is still expected, add the new caller workflow here or ensure branch protection / rulesets require the external check name.
GPU Pre-flight Check ✅GPUs are available for e2e-openshift tests. Proceeding with deployment.
|
clubanderson
force-pushed
the
feature/remove-legacy-ci-callers
branch
from
e30841f to
fee69db
Compare
GPU Pre-flight Check ✅GPUs are available for e2e-openshift tests. Proceeding with deployment.
|
Replaced by gh-aw agentic workflows in llm-d-infra. Signed-off-by: Andy Anderson <andy@clubanderson.com> Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Andrew Anderson <andy@clubanderson.com>
clubanderson
force-pushed
the
feature/remove-legacy-ci-callers
branch
from
fee69db to
a659346
Compare
GPU Pre-flight Check ✅GPUs are available for e2e-openshift tests. Proceeding with deployment.
|
Replace legacy CI callers with AI-powered gh-aw workflows: - typo-checker.md: domain-aware typo checking on PR changed files - link-checker.md: smart link checking with transient failure handling - upstream-monitor.md: daily scan for upstream breaking changes - copilot-setup-steps.yml: installs gh-aw CLI extension - .gitattributes: marks lock files as generated - docs/upstream-versions.md: template for tracking dependency pins Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Andrew Anderson <andy@clubanderson.com>
GPU Pre-flight Check ✅GPUs are available for e2e-openshift tests. Proceeding with deployment.
|
docs/upstream-versions.md
Outdated
| @@ -0,0 +1,12 @@ | |||
| # Upstream Dependency Version Tracking | |||
|
|
|||
| > This file is the source of truth for the [upstream dependency monitor](.github/workflows/upstream-monitor.md) workflow. | |||
There was a problem hiding this comment.
The relative link to the upstream monitor workflow is incorrect from within docs/ (it currently points to docs/.github/...). Update it to point to the repo root path (e.g., ../.github/workflows/upstream-monitor.md) so the link resolves on GitHub.
| > This file is the source of truth for the [upstream dependency monitor](.github/workflows/upstream-monitor.md) workflow. | |
| > This file is the source of truth for the [upstream dependency monitor](../.github/workflows/upstream-monitor.md) workflow. |
| create-issue: | ||
| labels: [upstream-breaking-change, automation] | ||
| add-labels: | ||
| allowed: [upstream-breaking-change, upstream-update, automation, critical, high, medium] |
There was a problem hiding this comment.
safe-outputs.add-labels.allowed does not include low, but the instructions later require labeling non-breaking updates as medium or low. Either add low to the allowed labels list, or remove low from the instructions to avoid the workflow being unable to follow its own policy.
| allowed: [upstream-breaking-change, upstream-update, automation, critical, high, medium] | |
| allowed: [upstream-breaking-change, upstream-update, automation, critical, high, medium, low] |
.github/workflows/link-checker.md
Outdated
| allowed: | ||
| - defaults | ||
| - "*.github.com" | ||
| - "*.githubusercontent.com" |
There was a problem hiding this comment.
The workflow description calls for checking arbitrary external URLs with curl, but network.allowed only permits GitHub domains. Unless defaults already includes broader egress, this will prevent checking most external links. Consider allowing outbound to arbitrary domains (or at least to the set of external domains being checked) so the link checker can function as documented.
| - "*.githubusercontent.com" | |
| - "*.githubusercontent.com" | |
| - "*" |
| # Upstream Dependency Monitor | ||
|
|
||
| ## Job Description |
There was a problem hiding this comment.
PR description focuses on removing legacy typo/link checker workflows, but this PR also introduces a new upstream dependency monitoring workflow and its source-of-truth doc. Please update the PR description (or split into a separate PR) so reviewers/operators understand the additional scheduled automation being added.
- Upgrade from gh-aw v0.33.12 to v0.45.0 - Lock files 8x smaller (50KB vs 400KB) - Fix trailing whitespace that broke pre-commit hooks - Update network config to use ecosystem names Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Andrew Anderson <andy@clubanderson.com>
GPU Pre-flight Check ✅GPUs are available for e2e-openshift tests. Proceeding with deployment.
|
- Fix lock files trailing blank line (end-of-file-fixer) - Fix relative link in docs/upstream-versions.md - Add .gitattributes to licenserc excludes where needed Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Andrew Anderson <andy@clubanderson.com>
GPU Pre-flight Check ✅GPUs are available for e2e-openshift tests. Proceeding with deployment.
|
| ### Important Rules | ||
|
|
||
| 1. Only check files that changed in this PR — never scan the entire repo | ||
| 2. Always post at most ONE comment per PR run (update existing if re-running) |
There was a problem hiding this comment.
The rules say “post at most ONE comment per PR run (update existing if re-running)”, but the configured safe output is only add-comment (no edit/update capability). As written, reruns will add additional comments rather than updating an existing one; adjust the instructions to match the available capabilities (or enable an edit/update comment safe output if supported).
| 2. Always post at most ONE comment per PR run (update existing if re-running) | |
| 2. Post at most ONE summary comment per workflow run (reruns may create additional comments; do not attempt to edit existing comments) |
| | Dependency | Current Pin | Pin Type | File Location | Upstream Repo | | ||
| |-----------|-------------|----------|---------------|---------------| |
There was a problem hiding this comment.
The markdown table header/separator are written with a double leading pipe (|| ...), which renders as an invalid/empty first column in many Markdown parsers. Use a single leading pipe for each row so the table formats correctly.
| Get the list of changed files in this PR: | ||
|
|
||
| ```bash | ||
| gh pr diff ${{ github.event.pull_request.number }} --name-only | ||
| ``` |
There was a problem hiding this comment.
This workflow instructs the agent to use gh pr diff ..., but gh-aw’s compiled prompt explicitly states the gh CLI is not authenticated and should not be used for GitHub operations. This will likely fail at runtime; please switch the instructions to use the GitHub MCP tool (repos/pull_requests) to list changed files/diffs, or otherwise ensure authenticated GH access is available in the agent environment.
| description: | | ||
| AI-powered typo checker for pull requests. Checks only changed files, | ||
| understands domain-specific terminology (vLLM, NIXL, RDMA, InferencePool, etc.), | ||
| and posts fix suggestions as PR review comments with code suggestions. |
There was a problem hiding this comment.
The description/mission says the checker "posts fix suggestions as PR review comments with code suggestions", but the only safe output enabled is add-comment, which (in the generated lock workflow) maps to adding a regular PR conversation comment, not review comments/suggested changes. Either adjust the wording to match what the workflow can do, or enable the appropriate safe output/tooling for PR review comments.
| and posts fix suggestions as PR review comments with code suggestions. | |
| and posts fix suggestions as PR comments on the relevant lines. |
| - **External links**: `https://...` URLs | ||
|
|
||
| 3. Check each link: | ||
| - **Internal links**: verify the target file exists in the repo using `ls` or `test -f` | ||
| - **Anchor links**: verify the heading exists in the target file | ||
| - **External links**: use `curl -sL -o /dev/null -w '%{http_code}' --max-time 10` to check | ||
| - For external URLs that return 4xx: mark as **definitely broken** | ||
| - For external URLs that return 5xx or timeout: retry once after 5 seconds | ||
| - For external URLs that still fail after retry: mark as **possibly transient** | ||
|
|
||
| #### Step 3: Classify Results | ||
|
|
||
| Group results into categories: | ||
|
|
||
| - **Broken** (fail): Internal links to non-existent files, 404 external URLs | ||
| - **Possibly transient** (warn): External URLs returning 5xx, timeouts, DNS failures | ||
| - **OK**: All links that resolve successfully |
There was a problem hiding this comment.
The workflow aims to curl arbitrary external URLs, but the gh-aw/AWF firewall allowlist used by these workflows is not broad enough to permit access to unknown domains (it’s a fixed allowlist; see other compiled workflows like update-docs). As written, most external-link checks will be blocked and show up as false failures. Consider limiting checks to internal/anchor/GitHub-hosted links, or expanding the network allowlist strategy to support the external domains you expect to validate.
| - **External links**: `https://...` URLs | |
| 3. Check each link: | |
| - **Internal links**: verify the target file exists in the repo using `ls` or `test -f` | |
| - **Anchor links**: verify the heading exists in the target file | |
| - **External links**: use `curl -sL -o /dev/null -w '%{http_code}' --max-time 10` to check | |
| - For external URLs that return 4xx: mark as **definitely broken** | |
| - For external URLs that return 5xx or timeout: retry once after 5 seconds | |
| - For external URLs that still fail after retry: mark as **possibly transient** | |
| #### Step 3: Classify Results | |
| Group results into categories: | |
| - **Broken** (fail): Internal links to non-existent files, 404 external URLs | |
| - **Possibly transient** (warn): External URLs returning 5xx, timeouts, DNS failures | |
| - **OK**: All links that resolve successfully | |
| - **GitHub-hosted links**: `https://github.com/...`, `https://raw.githubusercontent.com/...`, or `https://*.githubusercontent.com/...` | |
| - **Other external links**: any other `http://` or `https://` URLs that are not GitHub-hosted | |
| 3. Check each link: | |
| - **Internal links**: verify the target file exists in the repo using `ls` or `test -f` | |
| - **Anchor links**: verify the heading exists in the target file | |
| - **GitHub-hosted links**: use `curl -sL -o /dev/null -w '%{http_code}' --max-time 10` to check | |
| - For GitHub-hosted URLs that return 4xx: mark as **definitely broken** | |
| - For GitHub-hosted URLs that return 5xx or timeout: retry once after 5 seconds | |
| - For GitHub-hosted URLs that still fail after retry: mark as **possibly transient** | |
| - **Other external links**: do **not** `curl` these, since the AWF firewall blocks arbitrary external domains. Record them as **not validated (network-restricted)** but do not fail the check based on their status. | |
| #### Step 3: Classify Results | |
| Group results into categories: | |
| - **Broken** (fail): Internal links to non-existent files, 404 GitHub-hosted URLs | |
| - **Possibly transient** (warn): GitHub-hosted URLs returning 5xx, timeouts, DNS failures | |
| - **Not validated (network-restricted)**: External URLs that are not GitHub-hosted and therefore cannot be checked due to the firewall allowlist | |
| - **OK**: All links that resolve successfully within the allowed network scope |
|
|
||
| safe-outputs: | ||
| create-issue: | ||
| labels: [upstream-breaking-change, automation] |
There was a problem hiding this comment.
safe-outputs.create-issue is configured to always apply labels [upstream-breaking-change, automation], but the workflow instructions also create issues for non-breaking updates. As-is, update issues would be mislabeled as breaking changes, and you may not be able to apply the intended upstream-update/severity labels cleanly. Consider removing upstream-breaking-change from the default create-issue labels and instead have the agent add either upstream-breaking-change or upstream-update (and severity) explicitly via allowed labels.
| labels: [upstream-breaking-change, automation] | |
| labels: [automation] |
| **For non-breaking new releases (MEDIUM/LOW):** | ||
| Create a GitHub issue with: | ||
| - Title: `[Upstream Update] {project} {old_version} → {new_version}` | ||
| - Labels: `upstream-update`, `medium` or `low` |
There was a problem hiding this comment.
The workflow defines an impact level LOW and instructs applying a low label, but safe-outputs.add-labels.allowed only permits critical, high, and medium (no low). This will cause safe-output validation failures. Either add low to the allowed labels list or remove the LOW path from the labeling instructions.
| - Labels: `upstream-update`, `medium` or `low` | |
| - Labels: `upstream-update`, `medium` |
| Get the list of changed markdown files in this PR: | ||
|
|
||
| ```bash | ||
| gh pr diff ${{ github.event.pull_request.number }} --name-only | grep '\.md$' | ||
| ``` |
There was a problem hiding this comment.
This workflow instructs the agent to use gh pr diff ..., but gh-aw’s compiled prompt says the gh CLI is not authenticated for GitHub operations. This is likely to fail; please update the instructions to use the GitHub MCP tool (repos/pull_requests) for changed-file discovery instead of the gh CLI.
| Get the list of changed markdown files in this PR: | |
| ```bash | |
| gh pr diff ${{ github.event.pull_request.number }} --name-only | grep '\.md$' | |
| ``` | |
| Get the list of changed markdown files in this PR by using the GitHub MCP tool: | |
| - Call the `github` tool with the `pull_requests` toolset to list all files changed in the current pull request (`${{ github.event.pull_request.number }}`). | |
| - From the returned list of changed files, select only those whose paths end with `.md`. |
| --- | ||
| description: | | ||
| Monitors upstream dependencies for new releases and breaking changes. | ||
| Runs daily to check tracked upstream projects. Creates GitHub issues | ||
| when breaking changes are detected that affect this repository's code, | ||
| configuration, or CI pipelines. |
There was a problem hiding this comment.
This PR is described as removing legacy typo/link-checker caller workflows, but it also introduces a new upstream dependency monitoring workflow and a new docs source-of-truth file. Please update the PR description/title to reflect the added upstream-monitor functionality (or split it into a separate PR) so reviewers know to evaluate the additional automation.
| 1. Use the GitHub API via bash to check for new releases: | ||
| ```bash | ||
| gh api repos/{owner}/{repo}/releases/latest --jq '.tag_name' | ||
| ``` | ||
|
|
||
| 2. For commit-SHA-pinned deps, check if the pinned commit is behind the latest tag: | ||
| ```bash | ||
| gh api repos/{owner}/{repo}/compare/{pinned_sha}...HEAD --jq '.ahead_by' | ||
| ``` |
There was a problem hiding this comment.
The instructions rely on gh api ... / gh issue list ... to query GitHub, but the compiled gh-aw prompt explicitly warns that the gh CLI is not authenticated and should not be used for GitHub operations. Please rewrite these steps to use the GitHub MCP toolsets (repos/issues/search) or authenticated curl with tokens available in the agent runtime.
| 1. Use the GitHub API via bash to check for new releases: | |
| ```bash | |
| gh api repos/{owner}/{repo}/releases/latest --jq '.tag_name' | |
| ``` | |
| 2. For commit-SHA-pinned deps, check if the pinned commit is behind the latest tag: | |
| ```bash | |
| gh api repos/{owner}/{repo}/compare/{pinned_sha}...HEAD --jq '.ahead_by' | |
| ``` | |
| 1. Use the GitHub MCP `github.repos` toolset to check for new releases. Call the appropriate repos API (for example, `repos.getLatestRelease` on `{owner}/{repo}`) and read the `.tag_name` field from the response to determine the latest release version. | |
| 2. For commit-SHA-pinned dependencies, use the GitHub MCP `github.repos` toolset to compare the pinned commit with the latest state of the default branch (for example, by calling a compare/commits endpoint such as `repos.compareCommits` between `{pinned_sha}` and `HEAD`) and inspect the `.ahead_by` field to see how far behind the pin is. |
1 participant
Summary
Removes the old
check-typos.yamland/ormd-link-check.ymlcaller workflows. These are replaced by AI-powered gh-aw agentic workflows (typo-checker.mdandlink-checker.md) deployed centrally in llm-d-infra.The reusable workflows in llm-d-infra are kept as legacy fallback.
Test plan
/cc @clubanderson @lionelvillard