From f984cb46e5b15d2bf63f1138b1695cb33268b914 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Contreras=20Guill=C3=A9n?= Date: Mon, 15 Jun 2026 22:55:49 +0200 Subject: [PATCH] ci: drop vestigial sibling vendoring; harden Java deploy; fix Python SDK version drift MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Follow-up CI/CD cleanup after pyfly + fireflyframework-agentic became git dependencies (pinned tags in [tool.uv.sources]). An audit of all three flydocs workflows surfaced dead code and two latent issues. Vendoring removal (no behaviour change — uv already fetched both deps from git in every prior build; the path-rewrite sed had silently no-op'd since the switch to git sources): * pr-gate.yaml: remove the "Check out sibling firefly framework repos" + "Repoint uv path sources" steps from lint/typecheck/unit/docling-tests, and the clone + build-contexts from docker-build. Drop the misleading PYFLY_REF/AGENTIC_REF env (they pointed at "main" while pyproject pins tags). * docker-publish.yaml: remove the ./vendor clone + build-contexts + the PYFLY_REF/AGENTIC_REF env + the unused tag_suffix workflow input. * Dockerfile: remove the COPY --from=pyfly / --from=fireflyframework-agentic staging and the path-rewrite sed; uv sync now fetches both from git (git + network already available in the builder stage). Update the header. * pyproject.toml: refresh the now-stale [tool.uv.sources] + [tool.ruff] comments. publish-sdks.yaml: tighten the Java deploy idempotency grep. The previous pattern matched a bare "conflict", which could swallow unrelated deploy failures (auth, network, corrupt artifact). Now matches only the specific HTTP-409 "already published" wagon errors. Python SDK version drift: pyproject.toml (26.6.0) and _version.py (26.6.2) disagreed, so a source build reported mismatched wheel-metadata vs __version__. Align both to the service version 26.6.12. --- .github/workflows/docker-publish.yaml | 26 +------- .github/workflows/pr-gate.yaml | 81 ++----------------------- .github/workflows/publish-sdks.yaml | 8 ++- Dockerfile | 33 +++------- pyproject.toml | 13 ++-- sdks/python/pyproject.toml | 2 +- sdks/python/src/flydocs_sdk/_version.py | 2 +- sdks/python/uv.lock | 2 +- 8 files changed, 33 insertions(+), 134 deletions(-) diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml index 858f3d1..f00d2a5 100644 --- a/.github/workflows/docker-publish.yaml +++ b/.github/workflows/docker-publish.yaml @@ -13,10 +13,9 @@ # GHCR rejects upper-case namespaces -- ``firefly-operationOS`` # → ``firefly-operationos``). # -# The Dockerfile uses BuildKit named contexts for the pyfly + -# fireflyframework-agentic sibling repos. We clone them into ./vendor/ -# and pass them via ``build-contexts:`` so the same Dockerfile works -# both locally (siblings on disk) and in CI. +# pyfly + fireflyframework-agentic are git dependencies (pinned tags in +# pyproject.toml's [tool.uv.sources]); the Dockerfile's ``uv sync`` fetches +# them straight from GitHub, so no sibling checkout / build-context is needed. name: Docker publish (multi-arch) @@ -34,11 +33,6 @@ on: - "docs/**" - ".github/**" workflow_dispatch: - inputs: - tag_suffix: - description: "Optional extra tag (will be sanitised)." - required: false - default: "" permissions: contents: read @@ -58,8 +52,6 @@ concurrency: env: REGISTRY: ghcr.io - PYFLY_REF: main - AGENTIC_REF: main jobs: publish: @@ -116,15 +108,6 @@ jobs: name="${GITHUB_REPOSITORY##*/}" echo "image=${{ env.REGISTRY }}/${owner}/${name}" >> "$GITHUB_OUTPUT" - - name: Check out sibling firefly framework repos - run: | - git clone --depth=1 --branch "$PYFLY_REF" \ - https://github.com/fireflyframework/fireflyframework-pyfly.git \ - ./vendor/pyfly - git clone --depth=1 --branch "$AGENTIC_REF" \ - https://github.com/fireflyframework/fireflyframework-agentic.git \ - ./vendor/fireflyframework-agentic - - uses: docker/setup-qemu-action@v3 with: platforms: ${{ matrix.platforms }} @@ -182,9 +165,6 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | WITH_DOCLING=${{ matrix.with_docling }} - build-contexts: | - pyfly=./vendor/pyfly - fireflyframework-agentic=./vendor/fireflyframework-agentic cache-from: type=gha,scope=${{ matrix.variant }} cache-to: type=gha,mode=max,scope=${{ matrix.variant }} diff --git a/.github/workflows/pr-gate.yaml b/.github/workflows/pr-gate.yaml index 08f1a9b..6901266 100644 --- a/.github/workflows/pr-gate.yaml +++ b/.github/workflows/pr-gate.yaml @@ -8,9 +8,10 @@ # 4. docker-build: single-arch Docker build smoke (no push). Multi-arch # push lives in docker-publish.yaml. # -# The Dockerfile uses BuildKit named contexts for the sibling pyfly + -# fireflyframework-agentic checkouts. The matrix below clones those -# repos into ./vendor/ and points buildx at them via --build-context. +# pyfly + fireflyframework-agentic are consumed as git dependencies +# (pinned tags in pyproject.toml's [tool.uv.sources]), so ``uv sync`` and +# the Docker build resolve them straight from GitHub -- no sibling +# checkout / BuildKit context is needed. name: PR gate @@ -33,10 +34,6 @@ concurrency: env: PYTHON_VERSION: "3.13" - # Pin pyfly + agentic to a matching git ref. When the framework - # repos publish releases we'll switch to ``pip install ...`` here. - PYFLY_REF: main - AGENTIC_REF: main jobs: lint: @@ -50,20 +47,6 @@ jobs: - uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION }} - - name: Check out sibling firefly framework repos - run: | - git clone --depth=1 --branch "$PYFLY_REF" \ - https://github.com/fireflyframework/fireflyframework-pyfly.git \ - ./vendor/pyfly - git clone --depth=1 --branch "$AGENTIC_REF" \ - https://github.com/fireflyframework/fireflyframework-agentic.git \ - ./vendor/fireflyframework-agentic - - name: Repoint uv path sources at ./vendor - run: | - sed -i \ - -e 's|path = "\.\./\.\./fireflyframework/fireflyframework-pyfly"|path = "./vendor/pyfly"|' \ - -e 's|path = "\.\./\.\./fireflyframework/fireflyframework-agentic"|path = "./vendor/fireflyframework-agentic"|' \ - pyproject.toml - name: uv sync (dev) run: uv sync --extra dev - name: ruff check @@ -83,20 +66,6 @@ jobs: - uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION }} - - name: Check out sibling firefly framework repos - run: | - git clone --depth=1 --branch "$PYFLY_REF" \ - https://github.com/fireflyframework/fireflyframework-pyfly.git \ - ./vendor/pyfly - git clone --depth=1 --branch "$AGENTIC_REF" \ - https://github.com/fireflyframework/fireflyframework-agentic.git \ - ./vendor/fireflyframework-agentic - - name: Repoint uv path sources at ./vendor - run: | - sed -i \ - -e 's|path = "\.\./\.\./fireflyframework/fireflyframework-pyfly"|path = "./vendor/pyfly"|' \ - -e 's|path = "\.\./\.\./fireflyframework/fireflyframework-agentic"|path = "./vendor/fireflyframework-agentic"|' \ - pyproject.toml - name: uv sync (dev) run: uv sync --extra dev - name: pyright @@ -113,20 +82,6 @@ jobs: - uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION }} - - name: Check out sibling firefly framework repos - run: | - git clone --depth=1 --branch "$PYFLY_REF" \ - https://github.com/fireflyframework/fireflyframework-pyfly.git \ - ./vendor/pyfly - git clone --depth=1 --branch "$AGENTIC_REF" \ - https://github.com/fireflyframework/fireflyframework-agentic.git \ - ./vendor/fireflyframework-agentic - - name: Repoint uv path sources at ./vendor - run: | - sed -i \ - -e 's|path = "\.\./\.\./fireflyframework/fireflyframework-pyfly"|path = "./vendor/pyfly"|' \ - -e 's|path = "\.\./\.\./fireflyframework/fireflyframework-agentic"|path = "./vendor/fireflyframework-agentic"|' \ - pyproject.toml - name: uv sync (dev) run: uv sync --extra dev - name: pytest tests/unit @@ -161,20 +116,6 @@ jobs: - uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION }} - - name: Check out sibling firefly framework repos - run: | - git clone --depth=1 --branch "$PYFLY_REF" \ - https://github.com/fireflyframework/fireflyframework-pyfly.git \ - ./vendor/pyfly - git clone --depth=1 --branch "$AGENTIC_REF" \ - https://github.com/fireflyframework/fireflyframework-agentic.git \ - ./vendor/fireflyframework-agentic - - name: Repoint uv path sources at ./vendor - run: | - sed -i \ - -e 's|path = "\.\./\.\./fireflyframework/fireflyframework-pyfly"|path = "./vendor/pyfly"|' \ - -e 's|path = "\.\./\.\./fireflyframework/fireflyframework-agentic"|path = "./vendor/fireflyframework-agentic"|' \ - pyproject.toml - name: Cache Docling / RapidOCR model weights # The first run downloads ~50 MB of weights from modelscope + # hugging-face; cache them so subsequent runs are seconds. @@ -235,14 +176,6 @@ jobs: haskell: true large-packages: false swap-storage: false - - name: Check out sibling firefly framework repos - run: | - git clone --depth=1 --branch "$PYFLY_REF" \ - https://github.com/fireflyframework/fireflyframework-pyfly.git \ - ./vendor/pyfly - git clone --depth=1 --branch "$AGENTIC_REF" \ - https://github.com/fireflyframework/fireflyframework-agentic.git \ - ./vendor/fireflyframework-agentic - uses: docker/setup-buildx-action@v3 - name: docker buildx build (linux/amd64, load) uses: docker/build-push-action@v6 @@ -255,16 +188,12 @@ jobs: platforms: linux/amd64 build-args: | WITH_DOCLING=${{ matrix.variant == 'docling' && 'true' || 'false' }} - build-contexts: | - pyfly=./vendor/pyfly - fireflyframework-agentic=./vendor/fireflyframework-agentic cache-from: type=gha,scope=${{ matrix.variant }} cache-to: type=gha,mode=max,scope=${{ matrix.variant }} # -------------------------------------------------------------------- # SDK gates — fast, isolated. Neither SDK depends on the sibling - # ``pyfly`` / ``agentic`` checkouts, so they don't need the vendor - # clone the service lanes do. + # ``pyfly`` / ``agentic`` git deps, so they build standalone. # -------------------------------------------------------------------- sdk-python: diff --git a/.github/workflows/publish-sdks.yaml b/.github/workflows/publish-sdks.yaml index 9f84438..262170f 100644 --- a/.github/workflows/publish-sdks.yaml +++ b/.github/workflows/publish-sdks.yaml @@ -109,7 +109,13 @@ jobs: if mvn -B -ntp deploy 2>&1 | tee /tmp/mvn-deploy.log; then exit 0 fi - if grep -qiE "status code: 409|409 conflict|already exist|conflict" /tmp/mvn-deploy.log; then + # mvn failed: only swallow a genuine "this version is already + # published" 409 from GitHub Packages. The patterns are specific to + # the HTTP-409 wagon error (``return code is 409`` / ``status code: + # 409`` / ``received status code 409``) plus the "already exists" + # phrasing — a bare ``conflict`` match would mask unrelated failures + # (auth, network, corrupt artifact), so it is intentionally excluded. + if grep -qiE "status code: 409|return code is 409|received status code 409|409 conflict|already exists" /tmp/mvn-deploy.log; then echo "::warning::Java SDK version already published to GitHub Packages — idempotent re-run, treating as success." exit 0 fi diff --git a/Dockerfile b/Dockerfile index 429f097..21e7978 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,16 +16,14 @@ # # Multi-stage Docker build for flydocs. # -# Sibling-path deps (pyfly, fireflyframework-agentic) are passed in as -# named BuildKit contexts so the build context stays scoped to this -# directory. +# pyfly + fireflyframework-agentic are consumed as git dependencies +# (pinned tags in pyproject.toml's [tool.uv.sources]), so ``uv sync`` +# resolves them straight from GitHub at build time. The build therefore +# needs network access + git (both provided in the builder stage) but no +# sibling checkout on disk and no BuildKit named contexts. # # Usage: -# docker buildx build \ -# --build-context pyfly=../../fireflyframework/fireflyframework-pyfly \ -# --build-context fireflyframework-agentic=../../fireflyframework/fireflyframework-agentic \ -# --tag flydocs:latest \ -# . +# docker buildx build --tag flydocs:latest . # # See docker-compose.yml for the canonical invocation. @@ -55,29 +53,16 @@ RUN apt-get update \ ENV UV_PROJECT_ENVIRONMENT=/app/.venv \ UV_LINK_MODE=copy -# Stage sibling sources (only what uv needs to install the editable wheel). -COPY --from=pyfly /pyproject.toml /build/pyfly/pyproject.toml -COPY --from=pyfly /README.md /build/pyfly/README.md -COPY --from=pyfly /src /build/pyfly/src - -COPY --from=fireflyframework-agentic /pyproject.toml /build/fireflyframework-agentic/pyproject.toml -COPY --from=fireflyframework-agentic /README.md /build/fireflyframework-agentic/README.md -COPY --from=fireflyframework-agentic /LICENSE /build/fireflyframework-agentic/LICENSE -COPY --from=fireflyframework-agentic /fireflyframework_agentic /build/fireflyframework-agentic/fireflyframework_agentic - # Stage the project manifests for layer caching. README.md is required by # hatchling because pyproject.toml declares ``readme = "README.md"``. +# pyfly + fireflyframework-agentic are git sources in pyproject.toml +# (pinned tags), so the ``uv sync`` calls below fetch them from GitHub -- +# no sibling sources are staged into the image. WORKDIR /app COPY pyproject.toml /app/pyproject.toml COPY README.md /app/README.md COPY uv.lock* /app/ -# Rewrite path-source entries so uv resolves siblings inside the container. -RUN sed -i \ - -e 's|path = "\.\./\.\./fireflyframework/fireflyframework-pyfly"|path = "/build/pyfly"|' \ - -e 's|path = "\.\./\.\./fireflyframework/fireflyframework-agentic"|path = "/build/fireflyframework-agentic"|' \ - /app/pyproject.toml - # Compose the optional-extras list once so both ``uv sync`` calls stay # in lock-step. Docling adds PyTorch + Hugging Face models; everything # else is in the default deps already. diff --git a/pyproject.toml b/pyproject.toml index a864ea1..277e740 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -127,10 +127,9 @@ override-dependencies = [ [tool.uv.sources] # Sibling-repo sources. Both frameworks are consumed from their published git -# tags so a fresh clone / CI build resolves them without a sibling path. The -# (vestigial) ./vendor clone + Dockerfile BuildKit context for pyfly are now -# no-ops — the path-rewrite sed no longer matches a git source — exactly as for -# agentic; they can be removed in a later cleanup. +# tags so a fresh clone, the CI lanes, and the Docker build all resolve them +# straight from GitHub without a sibling path or vendored checkout. Bump the +# pinned tag here to upgrade either framework. pyfly = { git = "https://github.com/fireflyframework/fireflyframework-pyfly.git", tag = "v26.06.105" } fireflyframework-agentic = { git = "https://github.com/fireflyframework/fireflyframework-agentic.git", tag = "v26.05.30" } @@ -150,9 +149,9 @@ addopts = "-v --tb=short -m 'not llm'" [tool.ruff] target-version = "py313" line-length = 110 -# CI clones the sibling firefly framework repos into ``./vendor/`` so -# the Dockerfile's BuildKit contexts resolve identically in local -# checkouts and in GitHub Actions. We don't lint third-party code on +# ``vendor`` stays excluded as a defensive measure: a developer may +# locally clone the sibling firefly framework repos there when building +# against an unreleased pyfly/agentic. We don't lint third-party code on # its way through our pipeline -- they have their own ruff config. # # ``scripts/`` is one-off operational tooling (live smoke runners, diff --git a/sdks/python/pyproject.toml b/sdks/python/pyproject.toml index 3716697..2d5693f 100644 --- a/sdks/python/pyproject.toml +++ b/sdks/python/pyproject.toml @@ -3,7 +3,7 @@ name = "flydocs-sdk" # CalVer YY.MM.PP — bumped to match the service's release tag. Note that # PEP 440 normalises ``26.05.01`` -> ``26.5.1`` in the built wheel # filename; the git tag and Java artifact stay in the full zero-padded form. -version = "26.6.0" +version = "26.6.12" description = "Official Python SDK for flydocs — pure-multimodal Intelligent Document Processing. Sync + async clients, typed RFC 7807 errors, and an HMAC webhook verifier." readme = "README.md" requires-python = ">=3.11" diff --git a/sdks/python/src/flydocs_sdk/_version.py b/sdks/python/src/flydocs_sdk/_version.py index 763b3e5..0426600 100644 --- a/sdks/python/src/flydocs_sdk/_version.py +++ b/sdks/python/src/flydocs_sdk/_version.py @@ -32,4 +32,4 @@ imports and so the build pipeline can read it without parsing TOML. """ -__version__ = "26.6.2" +__version__ = "26.6.12" diff --git a/sdks/python/uv.lock b/sdks/python/uv.lock index 6d97f9a..a808d31 100644 --- a/sdks/python/uv.lock +++ b/sdks/python/uv.lock @@ -44,7 +44,7 @@ wheels = [ [[package]] name = "flydocs-sdk" -version = "26.6.0" +version = "26.6.12" source = { editable = "." } dependencies = [ { name = "httpx" },