Enable workflow rule for package verification (#3778)

enable workflow rule
2025-05-07 12:51:14 -07:00 · 2025-05-07 12:51:14 -07:00 · 6fc0a6a644
commit 6fc0a6a644
parent b89c75e0d7
5 changed files with 77 additions and 6 deletions
--- a/.github/workflows/check-package-versions.yaml
+++ b/.github/workflows/check-package-versions.yaml
@ -0,0 +1,37 @@
+# This GitHub action is for checking the versions of the packages in the project.
+# Any package that is present in both the `server` and `collector` package.json file
+# is checked to ensure that they are the same version.
+name: Check package versions
+
+concurrency:
+  group: build-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    paths:
+      - "server/package.json"
+      - "collector/package.json"
+
+jobs:
+  run-script:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '18'
+
+      - name: Run verifyPackageVersions.mjs script
+        run: |
+          cd extras/scripts
+          node verifyPackageVersions.mjs
+
+      - name: Fail job on error
+        if: failure()
+        run: exit 1
--- a/collector/package.json
+++ b/collector/package.json
@ -16,7 +16,7 @@
  },
  "dependencies": {
    "@langchain/community": "^0.2.23",
-    "@xenova/transformers": "^2.11.0",
+    "@xenova/transformers": "^2.14.0",
    "bcrypt": "^5.1.0",
    "body-parser": "^1.20.2",
    "cors": "^2.8.5",
--- a/collector/yarn.lock
+++ b/collector/yarn.lock
@ -436,10 +436,10 @@
  dependencies:
    "@types/node" "*"

-"@xenova/transformers@^2.11.0":
-  version "2.17.1"
-  resolved "https://registry.yarnpkg.com/@xenova/transformers/-/transformers-2.17.1.tgz#712f7a72c76c8aa2075749382f83dc7dd4e5a9a5"
-  integrity sha512-zo702tQAFZXhzeD2GCYUNUqeqkoueOdiSbQWa4s0q7ZE4z8WBIwIsMMPGobpgdqjQ2u0Qulo08wuqVEUrBXjkQ==
+"@xenova/transformers@^2.14.0":
+  version "2.17.2"
+  resolved "https://registry.yarnpkg.com/@xenova/transformers/-/transformers-2.17.2.tgz#7448d73b90f67bced66f39fe2dd656adc891fde5"
+  integrity sha512-lZmHqzrVIkSvZdKZEx7IYY51TK0WDrC8eR0c5IMnBsO8di8are1zzw8BlLhyO2TklZKLN5UffNGs1IJwT6oOqQ==
  dependencies:
    "@huggingface/jinja" "^0.2.2"
    onnxruntime-web "1.14.0"
--- a/extras/scripts/verifyPackageVersions.mjs
+++ b/extras/scripts/verifyPackageVersions.mjs
@ -0,0 +1,34 @@
+import serverPackageJson from '../../server/package.json' assert { type: 'json' };
+import collectorPackageJson from '../../collector/package.json' assert { type: 'json' };
+const { dependencies: serverDependencies } = serverPackageJson;
+const { dependencies: collectorDependencies } = collectorPackageJson;
+
+const serverDependenciesKeys = Object.keys(serverDependencies);
+const collectorDependenciesKeys = Object.keys(collectorDependencies);
+const commonDependencies = Array.from(new Set([
+  ...serverDependenciesKeys.filter((key) => collectorDependenciesKeys.includes(key)),
+  ...collectorDependenciesKeys.filter((key) => serverDependenciesKeys.includes(key)),
+]));
+
+const ignores = [
+  "@langchain/community" // We are slowly removing this dependency from the app - its use is not critical
+]
+
+console.log(`${commonDependencies.length} common dependencies found`, commonDependencies);
+console.log(`Verifying (serverVersion == collectorVersion) for each common dependency`);
+
+const failed = [];
+commonDependencies.forEach((dependency) => {
+  console.log(`Verifying ${dependency}: ${serverDependencies[dependency]} == ${collectorDependencies[dependency]}`);
+  if (serverDependencies[dependency] !== collectorDependencies[dependency]) {
+    if (ignores.includes(dependency)) console.log(`${dependency} is in ignore list.`);
+    else failed.push({ dependency, serverVersion: serverDependencies[dependency], collectorVersion: collectorDependencies[dependency] });
+  }
+});
+
+if (failed.length > 0) {
+  console.log(`❌ ${failed.length} dependencies failed to verify`, JSON.stringify(failed, null, 2));
+  throw new Error(`${failed.length} dependencies failed to verify!`);
+}
+
+console.log(`👍 All dependencies match between server and collector!`);
--- a/server/package.json
+++ b/server/package.json
@ -55,7 +55,7 @@
    "graphql": "^16.7.1",
    "joi": "^17.11.0",
    "joi-password-complexity": "^5.2.0",
-    "js-tiktoken": "^1.0.7",
+    "js-tiktoken": "^1.0.8",
    "jsonrepair": "^3.7.0",
    "jsonwebtoken": "^9.0.0",
    "langchain": "0.1.36",