ci: add automated SDK definition sync workflow

[devin-ai-integration]

Summary

Adds a GitHub Action workflow that automates the manual make sdk step — downloading the latest OpenAPI specs from public endpoints and regenerating the Python SDK clients.

• Triggers: daily at 08:00 UTC, manual workflow_dispatch, repository_dispatch
• Sandbox spec: raw.githubusercontent.com/blaxel-ai/sandbox/.../openapi.yml (public)
• Controlplane spec: api.blaxel.ai/v0/openapi/controlplane.yml (public)
• No auth tokens needed for downloads; GITHUB_TOKEN only used by peter-evans/create-pull-request for PR creation
• All actions pinned to immutable commit SHAs
• Change detection uses git status --porcelain (catches both tracked and untracked files)
• Runs ruff format + ruff check --fix on generated code

Tracks ENG-2668

Review & Testing Checklist for Human

• After merging, trigger the workflow manually via Actions → "Update SDK definitions" → "Run workflow" to verify the full flow works end-to-end
• Verify the generated PR matches what make sdk produces locally

Notes

• Sister PR for TypeScript SDK: ci: add automated SDK definition sync workflow sdk-typescript#315

Link to Devin session: https://app.devin.ai/sessions/36c5aabea5864aa4a5d5393aedf3d479
Requested by: @Joffref

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR that start with 'DevinAI' or '@devin'.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[mendral-app]

Needs attention — 1 issue in 1 file

git diff --quiet only detects changes to already-tracked files — any net-new generated files from cp -r will be silently ignored, causing the workflow to no-op when it should create a PR.

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.

<assessment>
`git diff --quiet` only detects changes to already-tracked files — any net-new generated files from `cp -r` will be silently ignored, causing the workflow to no-op when it should create a PR.
</assessment>

<file name=".github/workflows/update-sdk-definitions.yaml">
<issue location=".github/workflows/update-sdk-definitions.yaml:78">
`git diff --quiet` only checks tracked files; newly generated files copied in by `cp -r` are untracked and won't be detected, so the workflow silently skips PR creation on first-time additions.
</issue>
</file>

_{Tag @mendral-app with feedback or questions. View session}

[mendral-app]

Needs attention

The P1 bug (git diff --quiet missing untracked files) was correctly addressed with git status --porcelain. The three action pinning comments (checkout, setup-uv, create-pull-request) remain unaddressed — these are still pinned to mutable tags.

_{Tag @mendral-app with feedback or questions. View session}

[Joffref]

DevinAI please update with mendral comments

[mendral-app]

LGTM

All previous comments have been addressed: SHA-pinned actions (964c41e), git status --porcelain for untracked files (c2be321), and cross-repo auth (123acd6) resolved by switching to public endpoints (raw.githubusercontent.com and api.blaxel.ai). No new issues found.

_{Tag @mendral-app with feedback or questions. View session}

[cursor]

🔒 Agentic Security Review
Severity: MEDIUM
The workflow consumes remote OpenAPI definitions directly from mutable endpoints and immediately uses them for code generation (raw.githubusercontent.com/.../refs/heads/main/... here, and api.blaxel.ai in the next regenerate step) before opening an automated PR with write permissions. Because there is no integrity pinning (immutable commit/tag digest or checksum verification), an upstream compromise can inject attacker-controlled schema changes into generated SDK code.

Impact: This creates a supply-chain path where compromised upstream specs can introduce malicious client code into an automated update PR, increasing the chance of trusted-but-poisoned changes being merged.

 

^{Reviewed by Cursor Security Reviewer for commit 123acd6. Configure here.}

[Joffref]

DevinAI can you check cursor?

[devin-ai-integration]

@Joffref Checked the Cursor Security Agent review. It found one MEDIUM severity finding:

OpenAPI specs fetched from mutable endpoints without integrity pinning — raw.githubusercontent.com/.../refs/heads/main/... and api.blaxel.ai could be compromised, injecting malicious schema changes into generated code via automated PRs.

The risk is low since:

1. Both endpoints are controlled by the same org (blaxel-ai)
2. The workflow creates a PR (not direct push), so all changes are reviewable before merge
3. This matches exactly what the existing manual make sdk workflow does

To fully mitigate, you could pin the sandbox URL to a specific commit SHA instead of refs/heads/main, but that would defeat the purpose of automated syncing.