Skip to content

chore(nightly-dependency-updates): track openai-agents-v2 and threading in dep allowlist#779

Open
liustve wants to merge 11 commits into
aws-observability:mainfrom
liustve:nightly-bot-track-openai-agents
Open

chore(nightly-dependency-updates): track openai-agents-v2 and threading in dep allowlist#779
liustve wants to merge 11 commits into
aws-observability:mainfrom
liustve:nightly-bot-track-openai-agents

Conversation

@liustve

@liustve liustve commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Summary

Two packages weren't being bumped by the nightly dependency bot:

  • opentelemetry-instrumentation-openai-agents-v2 — has independent versioning from upstream opentelemetry-python / opentelemetry-python-contrib, so the bot left it pinned to whatever was committed to main.
  • opentelemetry-instrumentation-threading — was missing from the bot's contrib allowlist entirely. This caused Nightly dependency update: OpenTelemetry 1.42.1/0.63b1 #762 to fail CI: every other contrib instrumentation was bumped to 0.63b1 while threading stayed at 0.61b0, and threading transitively pins opentelemetry-instrumentation==0.61b0, conflicting with the ==0.63b1 pin everywhere else.

Changes:

  • Add opentelemetry-instrumentation-threading to CONTRIB_DEPS in scripts/update_dependencies.py
  • Add opentelemetry-instrumentation-openai-agents-v2 to a new INDEPENDENT_DEPS list (renamed from AWS_DEPS since it now covers more than AWS-owned packages)
  • Wire the new env var (OPENTELEMETRY_INSTRUMENTATION_OPENAI_AGENTS_V2_VERSION) through scripts/get_upstream_versions.py and the nightly workflow
  • Surface the new pin in the auto-generated PR description

Extracted from #762 so the version-bump PR doesn't carry tooling changes.

Test plan

  • Manually run the nightly workflow via `workflow_dispatch` and verify the resulting PR includes both threading and openai-agents-v2 lines
  • Confirm the bot picks up the latest version from PyPI for openai-agents-v2

@liustve liustve requested a review from a team as a code owner June 15, 2026 23:46
@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Claude finished @liustve's task in 3m 41s —— View job


Review

  • Read prior reviews to dedupe (none found)
  • Read PR diff
  • Inspect changed files
  • Post review feedback

Findings

The change is small and the rename AWS_DEPSINDEPENDENT_DEPS is a good clarification — the existing list was already mixed in spirit (opentelemetry-propagator-aws-xray is AWS-named but also independently versioned), and the new generic name makes future additions easier.

A few observations, none blocking:

  1. scripts/update_dependencies.py:143-161 — adding a 3rd independent package now touches 8 places (both INDEPENDENT_DEPS lists, an env-var read, the missing-check, the dict, the workflow env: block, the workflow outputs: block, and the PR body line). get_upstream_versions.py already iterates INDEPENDENT_DEPS and derives env names from the dep name. update_dependencies.py could mirror that pattern so adding a 4th package only needs a single list update in each script:

    independent_versions = {}
    missing = []
    for dep in INDEPENDENT_DEPS:
        env_name = dep.replace("-", "_").upper() + "_VERSION"
        version = os.environ.get(env_name)
        if not version:
            missing.append(env_name)
        independent_versions[dep] = version
    
    if missing:
        print(f"Error: missing required env vars: {', '.join(missing)}")
        sys.exit(1)

    Bonus: the error message would name which variable is missing, instead of the current generic "independent dependency versions required".

  2. scripts/get_upstream_versions.py:59-61 — fail-fast behavior is now broader in scope. A transient pip index versions failure for any single independent package aborts the entire nightly run, blocking core OTel python/contrib updates too. Pre-existing for the two AWS packages, but the new package is much newer (v2-prefixed) and presumably less stable on PyPI. Your own test plan flags this. Worth deciding whether to soft-fail (skip just the unreachable package and continue) vs. keep current strictness — either is defensible but the choice should be deliberate.

  3. scripts/update_dependencies.py:179 (pre-existing, not introduced here) — the success message only mentions Python/Contrib versions, not the independent ones. Minor.

Nothing security-sensitive; no test coverage exists for these scripts (also pre-existing).

The openai-agents-v2 package has independent versioning from upstream
opentelemetry-python and contrib, so the nightly bot was leaving it stuck
at whatever was committed to main. Add it to the independently-versioned
list so it gets bumped automatically alongside the AWS-owned packages.

Renamed AWS_DEPS -> INDEPENDENT_DEPS to reflect the broader scope.
@liustve liustve force-pushed the nightly-bot-track-openai-agents branch from 0eabe80 to 637cb41 Compare June 15, 2026 23:52
@liustve liustve changed the title chore(nightly): track opentelemetry-instrumentation-openai-agents-v2 chore(nightly): track openai-agents-v2 and threading in dep allowlist Jun 15, 2026
@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Claude finished @liustve's task in 3m 30s —— View job


Review (sync update)

  • Read prior reviews to dedupe
  • Read PR diff
  • Inspect changed files
  • Post review feedback

The prior review covered the main observations (refactor opportunity at update_dependencies.py:143-161, fail-fast scope at get_upstream_versions.py:59-61, success message). All three are still applicable and unaddressed in the latest sync — not re-posting.

One new finding from this sync that the previous pass didn't flag:

  • scripts/update_dependencies.py:66 — undocumented scope creep. This PR also adds opentelemetry-instrumentation-threading to CONTRIB_DEPS, but the PR description only mentions the openai-agents-v2 plumbing and the rename. This is a real behavior change: prior to this PR the nightly run was leaving any opentelemetry-instrumentation-threading == X.Y.Z pin alone; after this PR it will be rewritten to the contrib version on every nightly run. Two questions for the author:
    1. Is that intentional? If yes, please call it out in the PR description (and ideally in a separate commit, since it's unrelated to the openai-agents-v2 wiring).
    2. If yes, are there other contrib-versioned instrumentations missing from this list that should be added in the same pass? Adding one but not auditing the full set risks the same issue resurfacing for the next package.

Nothing else security-sensitive; no test coverage exists for these scripts (pre-existing).

@liustve liustve added the skip changelog doesn't need a CHANGELOG entry label Jun 15, 2026
@liustve liustve changed the title chore(nightly): track openai-agents-v2 and threading in dep allowlist chore(nightly-depedency-updates): track openai-agents-v2 and threading in dep allowlist Jun 15, 2026
@liustve liustve changed the title chore(nightly-depedency-updates): track openai-agents-v2 and threading in dep allowlist chore(nightly-dependency-updates): track openai-agents-v2 and threading in dep allowlist Jun 15, 2026
ezhang6811
ezhang6811 previously approved these changes Jun 15, 2026
@liustve liustve enabled auto-merge (squash) June 16, 2026 00:05
vastin
vastin previously approved these changes Jun 16, 2026
@liustve liustve dismissed stale reviews from vastin and ezhang6811 via 5f15d58 June 16, 2026 00:10
@liustve liustve force-pushed the nightly-bot-track-openai-agents branch from 5f15d58 to 637cb41 Compare June 16, 2026 00:13
@aws-observability aws-observability deleted a comment from github-actions Bot Jun 16, 2026
@aws-observability aws-observability deleted a comment from github-actions Bot Jun 16, 2026
@aws-observability aws-observability deleted a comment from github-actions Bot Jun 16, 2026
@aws-observability aws-observability deleted a comment from github-actions Bot Jun 16, 2026
@aws-observability aws-observability deleted a comment from github-actions Bot Jun 16, 2026
@aws-observability aws-observability deleted a comment from github-actions Bot Jun 16, 2026
@aws-observability aws-observability deleted a comment from github-actions Bot Jun 16, 2026
@github-actions

github-actions Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Claude finished @liustve's task in 1m 7s —— View job


Review (sync update)

  • Read prior reviews to dedupe
  • Read PR diff (gh pr diff 779)
  • Compare to prior findings
  • Post review feedback

No new findings on this sync. The diff is unchanged since the last two review passes, and the four prior findings (refactor at update_dependencies.py:143-161, fail-fast scope at get_upstream_versions.py:59-61, success message at update_dependencies.py:179, and undocumented threading scope creep at update_dependencies.py:66) are all still applicable and unaddressed. Not re-posting — the originals are still on the PR.
· Branch: nightly-bot-track-openai-agents

@github-actions

github-actions Bot commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Claude finished @liustve's task in 37s —— View job


Review (sync update)

  • Read prior reviews to dedupe
  • Read PR diff (gh pr diff 779)
  • Compare to prior findings
  • Post review feedback

No new findings on this sync. The diff is identical to the previous review pass, and the four prior findings (refactor at update_dependencies.py:143-161, fail-fast scope at get_upstream_versions.py:59-61, success message at update_dependencies.py:179, and undocumented threading scope creep at update_dependencies.py:66) are all still applicable and unaddressed. Not re-posting — the originals are still on the PR.
· Branch: nightly-bot-track-openai-agents

@github-actions

github-actions Bot commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Claude finished @liustve's task in 40s —— View job


Review (sync update)

  • Read prior reviews to dedupe
  • Read PR diff (gh pr diff 779)
  • Compare to prior findings
  • Post review feedback

No new findings on this sync. The diff is unchanged since the previous review passes, and the four prior findings (refactor at update_dependencies.py:143-161, fail-fast scope at get_upstream_versions.py:59-61, success message at update_dependencies.py:179, and undocumented threading scope creep at update_dependencies.py:66) are all still applicable and unaddressed. Not re-posting — the originals are still on the PR.

Branch: nightly-bot-track-openai-agents ·

@github-actions

github-actions Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Claude finished @liustve's task in 26s —— View job


Review (sync update)

  • Read prior reviews to dedupe
  • Read PR diff (gh pr diff 779)
  • Compare to prior findings
  • Post review feedback

No new findings on this sync. The diff is unchanged since the previous review passes, and the four prior findings (refactor at update_dependencies.py:143-161, fail-fast scope at get_upstream_versions.py:59-61, success message at update_dependencies.py:179, and undocumented threading scope creep at update_dependencies.py:66) are all still applicable and unaddressed. Not re-posting — the originals are still on the PR.

Branch: nightly-bot-track-openai-agents ·

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Claude finished @liustve's task in 28s —— View job


Review (sync update)

  • Read prior reviews to dedupe
  • Read PR diff (gh pr diff 779)
  • Compare to prior findings
  • Post review feedback

No new findings on this sync. The diff is unchanged since the previous review passes, and the four prior findings (refactor at update_dependencies.py:143-161, fail-fast scope at get_upstream_versions.py:59-61, success message at update_dependencies.py:179, and undocumented threading scope creep at update_dependencies.py:66) are all still applicable and unaddressed. Not re-posting — the originals are still on the PR.

Branch: nightly-bot-track-openai-agents ·

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

skip changelog doesn't need a CHANGELOG entry

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants