mirror of
https://github.com/tiennm99/litellm.git
synced 2026-06-17 22:48:35 +00:00
Yuneng Jiang
e0e0c5e293
Add persist-credentials: false to check-schema-sync (read-only, no push needed). Explicitly set persist-credentials: true on sync-schema (required for git push). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
74 lines
2.9 KiB
YAML
74 lines
2.9 KiB
YAML
name: Sync schema.prisma copies
|
|
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- 'schema.prisma'
|
|
|
|
# Scoped to ONLY the permissions needed:
|
|
# - contents:write to push the sync commit to the PR branch
|
|
# - pull-requests:read is implicit (needed to check out the PR)
|
|
permissions:
|
|
contents: write
|
|
|
|
jobs:
|
|
sync:
|
|
name: Copy root schema to proxy and proxy-extras
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 5
|
|
# Only run on PRs from branches in THIS repo (not forks).
|
|
# Fork PRs cannot push back to the head branch with GITHUB_TOKEN,
|
|
# and pull_request events from forks have read-only tokens anyway.
|
|
# Also reject PRs from branches named after protected branches to
|
|
# prevent pushing directly to main/master.
|
|
if: >-
|
|
github.event.pull_request.head.repo.full_name == github.repository
|
|
&& github.head_ref != 'main'
|
|
&& github.head_ref != 'master'
|
|
steps:
|
|
- name: Checkout PR branch by SHA
|
|
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
|
|
with:
|
|
# Use the merge commit SHA for safety — github.head_ref is an
|
|
# attacker-controlled string (the branch name) and could contain
|
|
# unusual characters that cause unexpected git behavior.
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: true # needed for git push
|
|
|
|
- name: Reject symlinked schema files
|
|
run: |
|
|
for f in schema.prisma litellm/proxy/schema.prisma litellm-proxy-extras/litellm_proxy_extras/schema.prisma; do
|
|
if [ -L "$f" ]; then
|
|
echo "::error file=$f::$f is a symlink, which is not allowed"
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
- name: Copy root schema to other locations
|
|
run: |
|
|
cp schema.prisma litellm/proxy/schema.prisma
|
|
cp schema.prisma litellm-proxy-extras/litellm_proxy_extras/schema.prisma
|
|
|
|
- name: Check for changes
|
|
id: diff
|
|
run: |
|
|
if git diff --quiet -- litellm/proxy/schema.prisma litellm-proxy-extras/litellm_proxy_extras/schema.prisma; then
|
|
echo "changed=false" >> "$GITHUB_OUTPUT"
|
|
echo "Schemas already in sync. Nothing to do."
|
|
else
|
|
echo "changed=true" >> "$GITHUB_OUTPUT"
|
|
echo "Schema copies need updating."
|
|
fi
|
|
|
|
- name: Commit synced schemas
|
|
if: steps.diff.outputs.changed == 'true'
|
|
run: |
|
|
# Push to the PR's head branch (need the branch name for git push).
|
|
# We checked out by SHA above for safety, so configure the push target explicitly.
|
|
git config user.name "github-actions[bot]"
|
|
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
|
git checkout -B "$GITHUB_HEAD_REF"
|
|
git add -- litellm/proxy/schema.prisma litellm-proxy-extras/litellm_proxy_extras/schema.prisma
|
|
git commit -m "chore: sync schema.prisma copies from root"
|
|
git push origin "HEAD:$GITHUB_HEAD_REF"
|