Skip to content

ci: add SDK breaking change detection workflow #17075

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weโ€™ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Nov 3, 2025
Merged

ci: add SDK breaking change detection workflow #17075

Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
5ee5a4f
ci: add SDK breaking change detection workflow
addisonbeck Oct 28, 2025
75fb34d
review: add input validation for client payload fields
addisonbeck Oct 30, 2025
4618cb5
review: update action versions to match repository standards
addisonbeck Oct 30, 2025
f8ecf13
review: add timeout to type checking command for faster failure detecโ€ฆ
addisonbeck Oct 30, 2025
8c14709
review: use CLIENT_LABEL environment variable in logging and output
addisonbeck Oct 30, 2025
15b7c30
review: add retry logic for npm ci command to handle network issues
addisonbeck Oct 30, 2025
dbdfb51
review: improve shell script variable quoting for better practices
addisonbeck Oct 30, 2025
775ad3e
review: add back logging out of Azure
addisonbeck Oct 30, 2025
1e2b98b
review: adjust logic of retries for npm ci
addisonbeck Oct 30, 2025
750237d
review: quote some strings
addisonbeck Oct 30, 2025
6b2d10d
review: add error catching around npm i
addisonbeck Oct 30, 2025
6ae3017
review: remove unnecessary cleanup step
addisonbeck Oct 31, 2025
218dab6
review: use npm link and bitwarden/gh-actions/download-artifacts
addisonbeck Oct 31, 2025
cbc33b4
review: add underscores to job level env vars
addisonbeck Oct 31, 2025
999a4d0
:art: fix artipacked zizmor issue and improved actionlint formatting
mandreko-bitwarden Oct 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
167 changes: 167 additions & 0 deletions .github/workflows/sdk-breaking-change-check.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,167 @@
# This workflow runs TypeScript compatibility checks when the SDK is updated.
# Triggered automatically by the SDK repository via repository_dispatch when SDK PRs are created/updated.
name: SDK Breaking Change Check
run-name: "SDK breaking change check (${{ github.event.client_payload.sdk_version }})"
on:
repository_dispatch:
types: [sdk-breaking-change-check]

permissions:
contents: read
actions: read
id-token: write

jobs:
type-check:
name: TypeScript compatibility check
runs-on: ubuntu-24.04
timeout-minutes: 15
env:
_SOURCE_REPO: ${{ github.event.client_payload.source_repo }}
_SDK_VERSION: ${{ github.event.client_payload.sdk_version }}
_ARTIFACTS_RUN_ID: ${{ github.event.client_payload.artifacts_info.run_id }}
_ARTIFACT_NAME: ${{ github.event.client_payload.artifacts_info.artifact_name }}
_CLIENT_LABEL: ${{ github.event.client_payload.client_label }}

steps:
- name: Log in to Azure
uses: bitwarden/gh-actions/azure-login@main
with:
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
client_id: ${{ secrets.AZURE_CLIENT_ID }}
- name: Get Azure Key Vault secrets
id: get-kv-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: gh-org-bitwarden
secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"

- name: Generate GH App token
uses: actions/create-github-app-token@30bf6253fa41bdc8d1501d202ad15287582246b4 # v2.0.3
id: app-token
with:
app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main
- name: Validate inputs
run: |
echo "๐Ÿ” Validating required client_payload fields..."

if [ -z "${_SOURCE_REPO}" ] || [ -z "${_SDK_VERSION}" ] || [ -z "${_ARTIFACTS_RUN_ID}" ] || [ -z "${_ARTIFACT_NAME}" ]; then
echo "::error::Missing required client_payload fields"
echo "SOURCE_REPO: ${_SOURCE_REPO}"
echo "SDK_VERSION: ${_SDK_VERSION}"
echo "ARTIFACTS_RUN_ID: ${_ARTIFACTS_RUN_ID}"
echo "ARTIFACT_NAME: ${_ARTIFACT_NAME}"
echo "CLIENT_LABEL: ${_CLIENT_LABEL}"
exit 1
fi

echo "โœ… All required payload fields are present"
- name: Check out clients repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false

- name: Get Node Version
id: retrieve-node-version
run: |
NODE_NVMRC=$(cat .nvmrc)
NODE_VERSION=${NODE_NVMRC/v/''}
echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"

- name: Set up Node
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
with:
cache: 'npm'
cache-dependency-path: '**/package-lock.json'
node-version: ${{ steps.retrieve-node-version.outputs.node_version }}

- name: Install Node dependencies
run: |
echo "๐Ÿ“ฆ Installing Node dependencies with retry logic..."

RETRY_COUNT=0
MAX_RETRIES=3
while [ ${RETRY_COUNT} -lt ${MAX_RETRIES} ]; do
RETRY_COUNT=$((RETRY_COUNT + 1))
echo "๐Ÿ”„ npm ci attempt ${RETRY_COUNT} of ${MAX_RETRIES}..."

if npm ci; then
echo "โœ… npm ci successful"
break
else
echo "โŒ npm ci attempt ${RETRY_COUNT} failed"
[ ${RETRY_COUNT} -lt ${MAX_RETRIES} ] && sleep 5
fi
done

if [ ${RETRY_COUNT} -eq ${MAX_RETRIES} ]; then
echo "::error::npm ci failed after ${MAX_RETRIES} attempts"
exit 1
fi

- name: Download SDK artifacts
uses: bitwarden/gh-actions/download-artifacts@main
with:
github_token: ${{ steps.app-token.outputs.token }}
workflow: build-wasm-internal.yml
workflow_conclusion: success
run_id: ${{ env._ARTIFACTS_RUN_ID }}
artifacts: ${{ env._ARTIFACT_NAME }}
repo: ${{ env._SOURCE_REPO }}
path: ./sdk-internal
if_no_artifact_found: fail

- name: Override SDK using npm link
working-directory: ./
run: |
echo "๐Ÿ”ง Setting up SDK override using npm link..."
echo "๐Ÿ“Š SDK Version: ${_SDK_VERSION}"
echo "๐Ÿ“ฆ Artifact Source: ${_SOURCE_REPO} run ${_ARTIFACTS_RUN_ID}"

echo "๐Ÿ“‹ SDK package contents:"
ls -la ./sdk-internal/

echo "๐Ÿ”— Creating npm link to SDK package..."
if ! npm link ./sdk-internal; then
echo "::error::Failed to link SDK package"
exit 1
fi

- name: Run TypeScript compatibility check
run: |

echo "๐Ÿ” Running TypeScript type checking for ${_CLIENT_LABEL} client with SDK version: ${_SDK_VERSION}"
echo "๐ŸŽฏ Type checking command: npm run test:types"

# Add GitHub Step Summary output
{
echo "## ๐Ÿ“Š TypeScript Compatibility Check (${_CLIENT_LABEL})"
echo "- **Client**: ${_CLIENT_LABEL}"
echo "- **SDK Version**: ${_SDK_VERSION}"
echo "- **Source Repository**: ${_SOURCE_REPO}"
echo "- **Artifacts Run ID**: ${_ARTIFACTS_RUN_ID}"
echo ""
} >> "$GITHUB_STEP_SUMMARY"


TYPE_CHECK_START=$(date +%s)

# Run type check with timeout - exit code determines gh run watch result
if timeout 10m npm run test:types; then
TYPE_CHECK_END=$(date +%s)
TYPE_CHECK_DURATION=$((TYPE_CHECK_END - TYPE_CHECK_START))
echo "โœ… TypeScript compilation successful for ${_CLIENT_LABEL} client (${TYPE_CHECK_DURATION}s)"
echo "โœ… **Result**: TypeScript compilation successful" >> "$GITHUB_STEP_SUMMARY"
echo "No breaking changes detected in ${_CLIENT_LABEL} client for SDK version ${_SDK_VERSION}" >> "$GITHUB_STEP_SUMMARY"
else
TYPE_CHECK_END=$(date +%s)
TYPE_CHECK_DURATION=$((TYPE_CHECK_END - TYPE_CHECK_START))
echo "โŒ TypeScript compilation failed for ${_CLIENT_LABEL} client after ${TYPE_CHECK_DURATION}s - breaking changes detected"
echo "โŒ **Result**: TypeScript compilation failed" >> "$GITHUB_STEP_SUMMARY"
echo "Breaking changes detected in ${_CLIENT_LABEL} client for SDK version ${_SDK_VERSION}" >> "$GITHUB_STEP_SUMMARY"
exit 1
fi
Loading