Add CI enforcement of Chronus change descriptions for SDK packages#45803
Add CI enforcement of Chronus change descriptions for SDK packages#45803
Conversation
Co-authored-by: l0lawrence <100643745+l0lawrence@users.noreply.github.com>
Co-authored-by: l0lawrence <100643745+l0lawrence@users.noreply.github.com>
|
@copilot this should be run for any packages touched that have a pyproject.toml |
… pyproject.toml Co-authored-by: l0lawrence <100643745+l0lawrence@users.noreply.github.com>
Updated the Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
|
@copilot can we try changing something in azure-keyvault-keys and azure-mgmt-eventgrid pkgs to test this ci change |
…erify chronus-verify CI workflow Co-authored-by: l0lawrence <100643745+l0lawrence@users.noreply.github.com>
Added test comments (commit
Both changes are Python source files, which are NOT excluded by chronus's Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
|
@copilot Run npx chronus verify |
Co-authored-by: l0lawrence <100643745+l0lawrence@users.noreply.github.com>
Fixed in commit Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
|
@copilot add documentation under doc/dev that advises on how to use chronus |
The documentation already exists in the repo at |
|
Discussion: How will this interact/impact [auto-prs] for mgmt-* pkgs, do we want this to trigger on them? Should we put in a default chronus entry in the auto-pr as well that says "generation" or uses the commits from the rest-api-specs pr to create the chronus entry? |
| # -------------------------------------------------------------------------- | ||
| # | ||
| # Copyright (c) Microsoft Corporation. All rights reserved. | ||
| # CI test: verifying chronus-verify workflow triggers for mgmt packages |
There was a problem hiding this comment.
these will get removed before merging
l0lawrence
requested review from
a team,
ChenxiJiang333 and
msyyc
as code owners
There was a problem hiding this comment.
Pull request overview
Adds GitHub Actions CI enforcement for Chronus change descriptions by running chronus verify on pull requests that modify files under sdk/*/*/**, leveraging the existing .chronus/config.yaml to decide when a change description is required.
Changes:
- Added a new GitHub Actions workflow to run Chronus verification on relevant PRs.
- Added “CI test” marker comments in one dataplane file and one mgmt file to exercise the workflow trigger.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
.github/workflows/chronus-verify.yml |
New workflow to run Chronus verification on PRs touching SDK package directories. |
sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_sdk_moniker.py |
Adds a CI-test comment intended to trigger the workflow. |
sdk/eventgrid/azure-mgmt-eventgrid/azure/mgmt/eventgrid/_patch.py |
Replaces copyright header line with a CI-test comment to trigger the workflow. |
| paths: | ||
| - "sdk/*/*/**" | ||
|
|
There was a problem hiding this comment.
The PR description says enforcement is scoped to SDK packages that use pyproject.toml / dataplane packages, but this workflow triggers on any changes under sdk///** (including mgmt packages). Either narrow the paths filter (e.g., to pyproject.toml changes) or update the PR description/intent to reflect that mgmt packages will also be subject to Chronus verification (per .chronus/config.yaml’s sdk// package glob).
| # Copyright (c) Microsoft Corporation. | ||
| # Licensed under the MIT License. | ||
| # ------------------------------------ | ||
| # CI test: verifying chronus-verify workflow triggers for dataplane packages |
There was a problem hiding this comment.
Remove this CI-test-only comment. This module is part of the shipped library surface (even if internal), and leaving workflow-validation notes in product code adds long-lived noise and complicates future diffs/blame. Prefer validating the workflow via a PR that only touches workflow/config files (or use workflow_dispatch) rather than adding sentinel edits in SDK source.
| # CI test: verifying chronus-verify workflow triggers for dataplane packages |
| # CI test: verifying chronus-verify workflow triggers for mgmt packages | ||
| # |
There was a problem hiding this comment.
This change removes the file’s copyright header and replaces it with a CI-test note. Please restore the original copyright line (and keep the license header intact) and avoid embedding workflow-validation comments in SDK source files.
| # CI test: verifying chronus-verify workflow triggers for mgmt packages | |
| # | |
| # Copyright (c) Microsoft Corporation. All rights reserved. |
.github/workflows/chronus-verify.yml
Outdated
| - name: Install chronus | ||
| run: npm install -g @chronus/chronus | ||
|
|
||
| - name: Run chronus verify | ||
| run: chronus verify |
There was a problem hiding this comment.
Installing Chronus globally (npm install -g) is more fragile in CI (can fail due to npm global prefix permissions) and makes the executed Chronus version implicit. Prefer invoking Chronus via npx (optionally pinned to a specific version) so the workflow is reproducible and doesn’t depend on global PATH mutations.
| - name: Install chronus | |
| run: npm install -g @chronus/chronus | |
| - name: Run chronus verify | |
| run: chronus verify | |
| - name: Run chronus verify | |
| run: npx -y @chronus/chronus@latest verify |
|
@copilot can we have our gh workflow reference the doc on failure |
Co-authored-by: l0lawrence <100643745+l0lawrence@users.noreply.github.com>
Done in commit
Good question. The Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
| node-version: lts/* | ||
|
|
||
| - name: Run chronus verify | ||
| run: npx -y @chronus/chronus verify |
There was a problem hiding this comment.
You should never just install "latest" of a JS package like this. You should have a package.json that sets your direct deps, then a package-lock.json to set all transitive deps, and only install using "npm ci" in CI.
mikeharder
left a comment
mikeharder
left a comment
There was a problem hiding this comment.
pin version of chronus and all transitive deps
PR for discussion
Currently
npx chronus verifyis only documented as a manual step — there's no CI enforcement. This adds a GitHub Actions workflow that automatically runs the check on any PR modifying files in an SDK package.Changes
.github/workflows/chronus-verify.yml— new workflow triggered on PRs tomainthat touch any file undersdk/*/*/:fetch-depth: 0so Chronus can diff against the base branchnpx -y @chronus/chronus verify(no global install required) against the existing.chronus/config.yaml, which uses its ownchangedFilesfilter to determine whether a changelog entry is requireddoc/dev/changelog_updates.mdwith instructions on how to add a change descriptioncontents: readpermissions (least privilege)The
sdk/*/*/**path filter triggers the workflow for any change to any file inside a package directory (including both dataplane and mgmt-* packages). Chronus uses the existing.chronus/config.yamlconfiguration — which covers allsdk/*/*packages — to decide whether those changes actually require a changelog entry.Original prompt
Summary
Add a GitHub Actions workflow that runs
npx chronus verifyon PRs that modifypyproject.tomlfiles in dataplane SDK packages. This enforces that contributors include a.chronus/changes/entry whenever they change a dataplane package'spyproject.toml.Background
.chronus/config.yamlwithpackages: - path: "sdk/*/*"and achangedFilesfilter trackingsdk/**(with*.tomlfiles not excluded, sopyproject.tomlchanges are already tracked by chronus).doc/dev/changelog_updates.mdtells contributors to runnpx chronus verifymanually before opening a PR, but there is currently no CI enforcement of this.pyproject.toml; mgmt packages (azure-mgmt-*) usesetup.py. So the path filtersdk/*/*/pyproject.tomlnaturally scopes to dataplane packages..github/workflows/directory has workflows for other CI checks as a reference.Task
Create a new file
.github/workflows/chronus-verify.ymlwith the following content:Key details
pathsfiltersdk/*/*/pyproject.tomlensures the job only triggers when apyproject.tomldirectly inside a package directory (e.g.sdk/storage/azure-storage-blob/pyproject.toml) is modified.fetch-depth: 0is required so Chronus can compare the branch againstmainto detect which packages changed.npx chronus verifywill use the existing.chronus/config.yamlat the repo root.The following is the prior conversation context from the user's chat exploration (may be truncated):
User: I want to add a chronus check into ci for dataplane packages with pyproject.toml changes
User: *pyporject.tomls
Assistant: Now I have a solid picture of the repository. Let me look at the existing CI workflow structure and how the
.chronus/config.yamlchangedFilesfilters work to understand what exactly needs to be added.Here's a summary of what I found and what the PR would need to do:
What Needs to Happen
The goal is: when a PR modifies a
pyproject.tomlin a dataplane package (i.e. non-azure-mgmt-*), CI should runnpx chronus verifyto ensure a change description file exists under.chronus/changes/.Key context gathered:
.chronus/config.yaml— already exists with achangedFilesfilter that trackssdk/**changes (excluding.md,.json,.txt,.yml,.yaml, test files, samples, stress). Notably,pyproject.tomlchanges are already tracked by chronus because*.tomlis not excluded.The gap — there is no CI job/step that actually runs
npx chronus verifyon PR. The documentation says contributors should run it manually, but there's no enforcement in.github/workflows/.Dataplane detection — dataplane packages are identified by the absence of
azure-mgmt-(orazure-cognitiveservices-) in the package name. The.chronus/config.yamlpackagesglob (sdk/*/*) covers all packages; the dataplane-only scoping would need to either filter via path or rely on chronus itself (which already ignores mgmt packages if they usesetup.pyinstead ofpyproject.toml).The right place — a new GitHub Actions workflow (
.github/workflows/chronus-verify.yml) that triggers on PRs withpyproject.tomlpath changes undersdk/(excludingazure-mgmt-*) and runsnpx chronus verify.Proposed approach for the PR:
New file:
.github/workflows/chronus-verify.ymlThe path filter
sdk/*/*/pyproject.tomlwill only trigger for directpyproject.tomlchanges in packages, and since dataplane packages are the ones usingpyproject.toml(mgmt packages usesetup.py), this naturally scopes to dataplane packages.Would you like me to open a PR with this change into
Azure/azure-sdk-for-python? I can also adjust the approach if you'd prefer a different trigger (e.g. Azure DevOps pipeline YAML instead of GitHub Actio...This pull request was created from Copilot chat.
🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.