Skip to content

add workflow to check if lab-sdk version in api and lab-sdk matches#1346

Merged
deep1401 merged 6 commits intomainfrom
add/lab-api-version-check
Feb 18, 2026
Merged

add workflow to check if lab-sdk version in api and lab-sdk matches#1346
deep1401 merged 6 commits intomainfrom
add/lab-api-version-check

Conversation

@deep1401
Copy link
Copy Markdown
Member

@deep1401 deep1401 commented Feb 13, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Added automated checks to verify lab-sdk and API dependency versions remain synchronized.

@deep1401 deep1401 marked this pull request as ready for review February 13, 2026 14:43
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Feb 18, 2026
edited
Loading

📝 Walkthrough

Walkthrough

A GitHub Actions workflow is added to validate that the lab-sdk version consistently matches the transformerlab dependency version specified in the api project configuration by extracting and comparing both versions from their respective pyproject.toml files.

Changes

Cohort / File(s) Summary
GitHub Actions Workflow
.github/workflows/check-lab-sdk-version.yml		 New workflow triggered on pull requests affecting lab-sdk or api pyproject.toml files. Extracts versions from both files, compares lab-sdk version with transformerlab dependency version, and fails if versions mismatch or files are missing.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 Hop hop, versions aligned,
Two projects now entwined!
SDK and API match with care,
GitHub checks beyond compare.

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: adding a workflow to verify that lab-sdk versions match between the api and lab-sdk directories.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch add/lab-api-version-check

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Feb 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (2)
.github/workflows/check-lab-sdk-version.yml (2)

9-12: Add explicit least‑privilege workflow permissions.
Default token permissions can be broader than needed; this workflow only reads the repo.

🔒 Suggested minimal permissions 
 on:
   pull_request:
     paths:
       - "lab-sdk/pyproject.toml"
       - "api/pyproject.toml"

+permissions:
+  contents: read
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/check-lab-sdk-version.yml around lines 9 - 12, The
workflow currently relies on default token permissions; update the workflow to
explicitly grant least-privilege read access by adding a top-level permissions
block (e.g., permissions: contents: read) to the workflow YAML so the
check-version-sync job only has repository read access; locate the jobs:
check-version-sync section and add the permissions key at the workflow root (not
inside the job) to enforce minimal token scope.

31-41: Consider Python TOML parsing for maintainability.
The current awk parsing works correctly for the present file structure; however, using tomllib would make the code more explicit and maintainable. TOML is a structured format best parsed with a dedicated library rather than line-based tools, especially if dependency specifiers or other TOML entries evolve over time.

Optional refactor (explicit TOML parsing) 
       - name: Checkout repository
         uses: actions/checkout@v4

+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
       - name: Compare lab-sdk and API transformerlab versions
         run: |
           set -euo pipefail
@@
-          # Extract version from lab-sdk/pyproject.toml [project] table
-          sdk_version=$(awk -F '"' '/^\s*version\s*=\s*"/ {print $2; exit}' lab-sdk/pyproject.toml)
+          # Extract versions via TOML parsing
+          read -r sdk_version api_version < <(python - <<'PY'
+import re, tomllib
+from pathlib import Path
+
+sdk = tomllib.loads(Path("lab-sdk/pyproject.toml").read_text())
+api = tomllib.loads(Path("api/pyproject.toml").read_text())
+
+sdk_version = sdk["project"]["version"]
+deps = api["project"]["dependencies"]
+
+api_version = None
+for dep in deps:
+    m = re.match(r"^transformerlab(?:\[.*\])?==(.+)$", dep.strip())
+    if m:
+        api_version = m.group(1)
+        break
+
+print(sdk_version, api_version or "")
+PY
+          )
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/check-lab-sdk-version.yml around lines 31 - 41, Replace
the fragile awk-based extraction of SDK and API versions with a short Python
invocation that uses tomllib to parse lab-sdk/pyproject.toml and
api/pyproject.toml and print the needed fields; specifically, stop using the
sdk_version and api_version awk assignments and instead call a python -c snippet
that opens lab-sdk/pyproject.toml, loads tomllib, reads the
["project"]["version"] into stdout (for sdk_version) and similarly reads the
transformerlab dependency from api/pyproject.toml (parsing the
["project"]["dependencies"] list to extract the entry that starts with
"transformerlab==" and emit the version part) so the shell can capture those
values reliably.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/check-lab-sdk-version.yml:
- Around line 9-12: The workflow currently relies on default token permissions;
update the workflow to explicitly grant least-privilege read access by adding a
top-level permissions block (e.g., permissions: contents: read) to the workflow
YAML so the check-version-sync job only has repository read access; locate the
jobs: check-version-sync section and add the permissions key at the workflow
root (not inside the job) to enforce minimal token scope.
- Around line 31-41: Replace the fragile awk-based extraction of SDK and API
versions with a short Python invocation that uses tomllib to parse
lab-sdk/pyproject.toml and api/pyproject.toml and print the needed fields;
specifically, stop using the sdk_version and api_version awk assignments and
instead call a python -c snippet that opens lab-sdk/pyproject.toml, loads
tomllib, reads the ["project"]["version"] into stdout (for sdk_version) and
similarly reads the transformerlab dependency from api/pyproject.toml (parsing
the ["project"]["dependencies"] list to extract the entry that starts with
"transformerlab==" and emit the version part) so the shell can capture those
values reliably.

@deep1401 deep1401 merged commit 77b1304 into main Feb 18, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dadmobile dadmobile dadmobile approved these changes

+1 more reviewer

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

mode:multiuser mode:single-user

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@deep1401 @dadmobile