From 16641ffa10b1f93ed7cdf3e0f209aef71c4a0b8f Mon Sep 17 00:00:00 2001 From: jzhaoqwa <52220743+zhaoqizqwang@users.noreply.github.com> Date: Tue, 9 Dec 2025 15:34:35 -0800 Subject: [PATCH 1/3] Update PR check workflow file Update workflow file as Github default branch controls all the workflows in other branchs now --- ...bmodule-codebuild-ci.yml => pr-checks.yml} | 65 +++++++++++++++++-- 1 file changed, 60 insertions(+), 5 deletions(-) rename .github/workflows/{submodule-codebuild-ci.yml => pr-checks.yml} (72%) diff --git a/.github/workflows/submodule-codebuild-ci.yml b/.github/workflows/pr-checks.yml similarity index 72% rename from .github/workflows/submodule-codebuild-ci.yml rename to .github/workflows/pr-checks.yml index 2ccc769839..5bcffb6031 100644 --- a/.github/workflows/submodule-codebuild-ci.yml +++ b/.github/workflows/pr-checks.yml @@ -3,11 +3,6 @@ on: pull_request_target: branches: - "master*" - paths: - - 'sagemaker-train/**' - - 'sagemaker-serve/**' - - 'sagemaker-mlops/**' - - 'sagemaker-core/**' concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.head_ref }} @@ -50,6 +45,7 @@ jobs: detect-changes: runs-on: ubuntu-latest needs: [wait-for-approval] + if: github.event.pull_request.base.ref != 'master-v2' outputs: submodules: ${{ steps.check-changes.outputs.submodules }} steps: @@ -126,6 +122,23 @@ jobs: project-name: ${{ github.event.repository.name }}-ci-${{ matrix.submodule }}-codestyle-doc-tests source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' + codestyle-doc-tests-v2: + runs-on: ubuntu-latest + needs: [wait-for-approval] + if: github.event.pull_request.base.ref == 'master-v2' + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} + aws-region: us-west-2 + role-duration-seconds: 10800 + - name: Run Codestyle & Doc Tests + uses: aws-actions/aws-codebuild-run-build@v1 + with: + project-name: ${{ github.event.repository.name }}-ci-codestyle-doc-tests + source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' + unit-tests: runs-on: ubuntu-latest needs: [detect-changes] @@ -148,6 +161,31 @@ jobs: project-name: ${{ github.event.repository.name }}-ci-${{ matrix.submodule }}-unit-tests source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' + unit-tests-v2: + runs-on: ubuntu-latest + needs: [wait-for-approval] + if: github.event.pull_request.base.ref == 'master-v2' + strategy: + fail-fast: false + matrix: + python-version: ["py39","py310","py311","py312"] + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} + aws-region: us-west-2 + role-duration-seconds: 10800 + - name: Run Unit Tests + uses: aws-actions/aws-codebuild-run-build@v1 + with: + project-name: ${{ github.event.repository.name }}-ci-unit-tests + source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' + env-vars-for-codebuild: | + PY_VERSION + env: + PY_VERSION: ${{ matrix.python-version }} + integ-tests: runs-on: ubuntu-latest needs: [detect-changes] @@ -169,3 +207,20 @@ jobs: with: project-name: ${{ github.event.repository.name }}-ci-${{ matrix.submodule }}-integ-tests source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' + + integ-tests-v2: + runs-on: ubuntu-latest + needs: [wait-for-approval] + if: github.event.pull_request.base.ref == 'master-v2' + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} + aws-region: us-west-2 + role-duration-seconds: 10800 + - name: Run Integ Tests + uses: aws-actions/aws-codebuild-run-build@v1 + with: + project-name: ${{ github.event.repository.name }}-ci-integ-tests + source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' From 324d6dc80bbd7d0eb00e3892122784c30d426eaf Mon Sep 17 00:00:00 2001 From: jzhaoqwa <52220743+zhaoqizqwang@users.noreply.github.com> Date: Tue, 9 Dec 2025 17:02:29 -0800 Subject: [PATCH 2/3] Separate PR check workflow file --- .github/workflows/pr-checks-master-v2.yml | 97 +++++++++++++++++++ .../{pr-checks.yml => pr-checks-master.yml} | 78 +++------------ 2 files changed, 108 insertions(+), 67 deletions(-) create mode 100644 .github/workflows/pr-checks-master-v2.yml rename .github/workflows/{pr-checks.yml => pr-checks-master.yml} (68%) diff --git a/.github/workflows/pr-checks-master-v2.yml b/.github/workflows/pr-checks-master-v2.yml new file mode 100644 index 0000000000..2004af5ea5 --- /dev/null +++ b/.github/workflows/pr-checks-master-v2.yml @@ -0,0 +1,97 @@ +name: Sagemaker PR Checks (Master-v2) +on: + pull_request_target: + branches: + - "master-v2" + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.head_ref }} + cancel-in-progress: true + +permissions: + id-token: write + +jobs: + collab-check: + runs-on: ubuntu-latest + outputs: + approval-env: ${{ steps.collab-check.outputs.result }} + steps: + - name: Collaborator Check + uses: actions/github-script@v7 + id: collab-check + with: + github-token: ${{ secrets.COLLAB_CHECK_TOKEN }} + result-encoding: string + script: | + try { + const res = await github.rest.repos.checkCollaborator({ + owner: context.repo.owner, + repo: context.repo.repo, + username: "${{ github.event.pull_request.user.login }}", + }); + console.log("Verifed ${{ github.event.pull_request.user.login }} is a repo collaborator. Auto Approving PR Checks.") + return res.status == "204" ? "auto-approve" : "manual-approval" + } catch (error) { + console.log("${{ github.event.pull_request.user.login }} is not a collaborator. Requiring Manual Approval to run PR Checks.") + return "manual-approval" + } + wait-for-approval: + runs-on: ubuntu-latest + needs: [collab-check] + environment: ${{ needs.collab-check.outputs.approval-env }} + steps: + - run: echo "Workflow Approved! Starting PR Checks." + codestyle-doc-tests: + runs-on: ubuntu-latest + needs: [wait-for-approval] + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} + aws-region: us-west-2 + role-duration-seconds: 10800 + - name: Run Codestyle & Doc Tests + uses: aws-actions/aws-codebuild-run-build@v1 + with: + project-name: ${{ github.event.repository.name }}-ci-codestyle-doc-tests + source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' + unit-tests: + runs-on: ubuntu-latest + needs: [wait-for-approval] + strategy: + fail-fast: false + matrix: + python-version: ["py39","py310","py311","py312"] + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} + aws-region: us-west-2 + role-duration-seconds: 10800 + - name: Run Unit Tests + uses: aws-actions/aws-codebuild-run-build@v1 + with: + project-name: ${{ github.event.repository.name }}-ci-unit-tests + source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' + env-vars-for-codebuild: | + PY_VERSION + env: + PY_VERSION: ${{ matrix.python-version }} + integ-tests: + runs-on: ubuntu-latest + needs: [wait-for-approval] + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} + aws-region: us-west-2 + role-duration-seconds: 10800 + - name: Run Integ Tests + uses: aws-actions/aws-codebuild-run-build@v1 + with: + project-name: ${{ github.event.repository.name }}-ci-integ-tests + source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks-master.yml similarity index 68% rename from .github/workflows/pr-checks.yml rename to .github/workflows/pr-checks-master.yml index 5bcffb6031..12ed361742 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks-master.yml @@ -1,8 +1,13 @@ -name: Sagemaker PR Checks +name: Sagemaker PR Checks (Master) on: pull_request_target: branches: - - "master*" + - "master" + paths: + - 'sagemaker-train/**' + - 'sagemaker-serve/**' + - 'sagemaker-mlops/**' + - 'sagemaker-core/**' concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.head_ref }} @@ -45,26 +50,24 @@ jobs: detect-changes: runs-on: ubuntu-latest needs: [wait-for-approval] - if: github.event.pull_request.base.ref != 'master-v2' outputs: submodules: ${{ steps.check-changes.outputs.submodules }} steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - token: ${{ secrets.GH_PAT }} # or use appropriate token - ref: ${{ github.event.pull_request.base.ref }} # Target branch (master-v3) + token: ${{ secrets.GH_PAT }} + ref: ${{ github.event.pull_request.base.ref }} - name: Detect Changes id: check-changes run: | - set -e # Exit on error + set -e - # Debug information echo "Target Branch: ${{ github.event.pull_request.base.ref }}" echo "Current Target SHA: $(git rev-parse HEAD)" echo "PR Number: ${{ github.event.pull_request.number }}" echo "PR Latest SHA: ${{ github.event.pull_request.head.sha }}" - # Fetch PR without creating a branch + git fetch origin pull/${{ github.event.pull_request.number }}/head CHANGES=$(git diff --name-only HEAD FETCH_HEAD) @@ -122,23 +125,6 @@ jobs: project-name: ${{ github.event.repository.name }}-ci-${{ matrix.submodule }}-codestyle-doc-tests source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' - codestyle-doc-tests-v2: - runs-on: ubuntu-latest - needs: [wait-for-approval] - if: github.event.pull_request.base.ref == 'master-v2' - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} - aws-region: us-west-2 - role-duration-seconds: 10800 - - name: Run Codestyle & Doc Tests - uses: aws-actions/aws-codebuild-run-build@v1 - with: - project-name: ${{ github.event.repository.name }}-ci-codestyle-doc-tests - source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' - unit-tests: runs-on: ubuntu-latest needs: [detect-changes] @@ -161,31 +147,6 @@ jobs: project-name: ${{ github.event.repository.name }}-ci-${{ matrix.submodule }}-unit-tests source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' - unit-tests-v2: - runs-on: ubuntu-latest - needs: [wait-for-approval] - if: github.event.pull_request.base.ref == 'master-v2' - strategy: - fail-fast: false - matrix: - python-version: ["py39","py310","py311","py312"] - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} - aws-region: us-west-2 - role-duration-seconds: 10800 - - name: Run Unit Tests - uses: aws-actions/aws-codebuild-run-build@v1 - with: - project-name: ${{ github.event.repository.name }}-ci-unit-tests - source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' - env-vars-for-codebuild: | - PY_VERSION - env: - PY_VERSION: ${{ matrix.python-version }} - integ-tests: runs-on: ubuntu-latest needs: [detect-changes] @@ -207,20 +168,3 @@ jobs: with: project-name: ${{ github.event.repository.name }}-ci-${{ matrix.submodule }}-integ-tests source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' - - integ-tests-v2: - runs-on: ubuntu-latest - needs: [wait-for-approval] - if: github.event.pull_request.base.ref == 'master-v2' - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} - aws-region: us-west-2 - role-duration-seconds: 10800 - - name: Run Integ Tests - uses: aws-actions/aws-codebuild-run-build@v1 - with: - project-name: ${{ github.event.repository.name }}-ci-integ-tests - source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' From 1f9a4dd8b794589ef6278447ed6b41c0454d755e Mon Sep 17 00:00:00 2001 From: jzhaoqwa <52220743+zhaoqizqwang@users.noreply.github.com> Date: Tue, 9 Dec 2025 17:06:31 -0800 Subject: [PATCH 3/3] remove old pr check file --- .github/workflows/pr-checks.yml | 226 -------------------------------- 1 file changed, 226 deletions(-) delete mode 100644 .github/workflows/pr-checks.yml diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml deleted file mode 100644 index 5bcffb6031..0000000000 --- a/.github/workflows/pr-checks.yml +++ /dev/null @@ -1,226 +0,0 @@ -name: Sagemaker PR Checks -on: - pull_request_target: - branches: - - "master*" - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.head_ref }} - cancel-in-progress: true - -permissions: - id-token: write - -jobs: - collab-check: - runs-on: ubuntu-latest - outputs: - approval-env: ${{ steps.collab-check.outputs.result }} - steps: - - name: Collaborator Check - uses: actions/github-script@v7 - id: collab-check - with: - github-token: ${{ secrets.COLLAB_CHECK_TOKEN }} - result-encoding: string - script: | - try { - const res = await github.rest.repos.checkCollaborator({ - owner: context.repo.owner, - repo: context.repo.repo, - username: "${{ github.event.pull_request.user.login }}", - }); - console.log("Verifed ${{ github.event.pull_request.user.login }} is a repo collaborator. Auto Approving PR Checks.") - return res.status == "204" ? "auto-approve" : "manual-approval" - } catch (error) { - console.log("${{ github.event.pull_request.user.login }} is not a collaborator. Requiring Manual Approval to run PR Checks.") - return "manual-approval" - } - wait-for-approval: - runs-on: ubuntu-latest - needs: [ collab-check ] - environment: ${{ needs.collab-check.outputs.approval-env }} - steps: - - run: echo "Workflow Approved! Starting PR Checks." - detect-changes: - runs-on: ubuntu-latest - needs: [wait-for-approval] - if: github.event.pull_request.base.ref != 'master-v2' - outputs: - submodules: ${{ steps.check-changes.outputs.submodules }} - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.GH_PAT }} # or use appropriate token - ref: ${{ github.event.pull_request.base.ref }} # Target branch (master-v3) - - name: Detect Changes - id: check-changes - run: | - set -e # Exit on error - - # Debug information - echo "Target Branch: ${{ github.event.pull_request.base.ref }}" - echo "Current Target SHA: $(git rev-parse HEAD)" - echo "PR Number: ${{ github.event.pull_request.number }}" - echo "PR Latest SHA: ${{ github.event.pull_request.head.sha }}" - # Fetch PR without creating a branch - git fetch origin pull/${{ github.event.pull_request.number }}/head - CHANGES=$(git diff --name-only HEAD FETCH_HEAD) - - echo "Changed files:" - echo "$CHANGES" - - SUBMODULES=[] - - if echo "$CHANGES" | grep -q "^sagemaker-train/"; then - SUBMODULES='["sagemaker-train"]' - fi - if echo "$CHANGES" | grep -q "^sagemaker-serve/"; then - if [ "$SUBMODULES" = '[]' ]; then - SUBMODULES='["sagemaker-serve"]' - else - SUBMODULES=$(echo $SUBMODULES | sed 's/\]$/,"sagemaker-serve"\]/') - fi - fi - if echo "$CHANGES" | grep -q "^sagemaker-mlops/"; then - if [ "$SUBMODULES" = '[]' ]; then - SUBMODULES='["sagemaker-mlops"]' - else - SUBMODULES=$(echo $SUBMODULES | sed 's/\]$/,"sagemaker-mlops"\]/') - fi - fi - if echo "$CHANGES" | grep -q "^sagemaker-core/"; then - if [ "$SUBMODULES" = '[]' ]; then - SUBMODULES='["sagemaker-core"]' - else - SUBMODULES=$(echo $SUBMODULES | sed 's/\]$/,"sagemaker-core"\]/') - fi - fi - echo "Final SUBMODULES: $SUBMODULES" - echo "submodules=$SUBMODULES" >> $GITHUB_OUTPUT - - codestyle-doc-tests: - runs-on: ubuntu-latest - needs: [detect-changes] - if: needs.detect-changes.outputs.submodules != '[]' - strategy: - fail-fast: false - matrix: - submodule: ${{ fromJson(needs.detect-changes.outputs.submodules) }} - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} - aws-region: us-west-2 - role-duration-seconds: 10800 - - - name: Run CodeBuild for ${{ matrix.submodule }} - uses: aws-actions/aws-codebuild-run-build@v1 - with: - project-name: ${{ github.event.repository.name }}-ci-${{ matrix.submodule }}-codestyle-doc-tests - source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' - - codestyle-doc-tests-v2: - runs-on: ubuntu-latest - needs: [wait-for-approval] - if: github.event.pull_request.base.ref == 'master-v2' - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} - aws-region: us-west-2 - role-duration-seconds: 10800 - - name: Run Codestyle & Doc Tests - uses: aws-actions/aws-codebuild-run-build@v1 - with: - project-name: ${{ github.event.repository.name }}-ci-codestyle-doc-tests - source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' - - unit-tests: - runs-on: ubuntu-latest - needs: [detect-changes] - if: needs.detect-changes.outputs.submodules != '[]' - strategy: - fail-fast: false - matrix: - submodule: ${{ fromJson(needs.detect-changes.outputs.submodules) }} - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} - aws-region: us-west-2 - role-duration-seconds: 10800 - - - name: Run Unit Tests for ${{ matrix.submodule }} - uses: aws-actions/aws-codebuild-run-build@v1 - with: - project-name: ${{ github.event.repository.name }}-ci-${{ matrix.submodule }}-unit-tests - source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' - - unit-tests-v2: - runs-on: ubuntu-latest - needs: [wait-for-approval] - if: github.event.pull_request.base.ref == 'master-v2' - strategy: - fail-fast: false - matrix: - python-version: ["py39","py310","py311","py312"] - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} - aws-region: us-west-2 - role-duration-seconds: 10800 - - name: Run Unit Tests - uses: aws-actions/aws-codebuild-run-build@v1 - with: - project-name: ${{ github.event.repository.name }}-ci-unit-tests - source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' - env-vars-for-codebuild: | - PY_VERSION - env: - PY_VERSION: ${{ matrix.python-version }} - - integ-tests: - runs-on: ubuntu-latest - needs: [detect-changes] - if: needs.detect-changes.outputs.submodules != '[]' - strategy: - fail-fast: false - matrix: - submodule: ${{ fromJson(needs.detect-changes.outputs.submodules) }} - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} - aws-region: us-west-2 - role-duration-seconds: 10800 - - - name: Run Integ Tests for ${{ matrix.submodule }} - uses: aws-actions/aws-codebuild-run-build@v1 - with: - project-name: ${{ github.event.repository.name }}-ci-${{ matrix.submodule }}-integ-tests - source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}' - - integ-tests-v2: - runs-on: ubuntu-latest - needs: [wait-for-approval] - if: github.event.pull_request.base.ref == 'master-v2' - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} - aws-region: us-west-2 - role-duration-seconds: 10800 - - name: Run Integ Tests - uses: aws-actions/aws-codebuild-run-build@v1 - with: - project-name: ${{ github.event.repository.name }}-ci-integ-tests - source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}'