Skip to content

fix(ci): make i18n translation job manual + provider-selectable#77

Open
pacphi wants to merge 1 commit into
mainfrom
fix/i18n-translation-api-job
Open

fix(ci): make i18n translation job manual + provider-selectable#77
pacphi wants to merge 1 commit into
mainfrom
fix/i18n-translation-api-job

Conversation

@pacphi

@pacphi pacphi commented Jul 2, 2026

Copy link
Copy Markdown
Owner

Problem

The Test Translation API Integration job (i18n-validation.yml) failed on every push to mainrun 28552356309. It invoked ampel-i18n translate without the required --lang argument, exiting with code 2 (the following required arguments were not provided: --lang).

The job was also structurally dead beyond that error:

  • the translate step had no id, so the create-pull-request gate on steps.translate.outputs.changed could never fire;
  • --dry-run never wrote files, so there was nothing to PR anyway;
  • translate handles one locale per call, but there are 26 target locales.

Change

Reworked it into a manually-triggered, provider-selectable translation run:

  • Trigger: switched to workflow_dispatch with a provider choice input (deepl | google | openai | systran, default deepl). The job no longer runs on push, so it can't red-X merges to main.
  • Provider swapping: injects only the selected provider's secret into its matching *_API_KEY env var. The fallback router initializes whichever key is present, so exposing exactly one pins translation to the chosen provider — no --provider flag spelling to get wrong.
  • Fail fast: clear error if the chosen provider's secret is unset, naming which secret to add.
  • Actually functional: builds the binary once, translates every locale directory (English source excluded → 26 targets) via translate --lang <lang>, records changed locales from git status --porcelain as step outputs (changed, languages), and gates one consolidated PR on them. PR body reports which provider produced the updates.

Notes / follow-ups

  • Secrets: the provider you dispatch with needs its secret configured (Settings → Secrets → Actions): DEEPL_API_KEY / GOOGLE_API_KEY / OPENAI_API_KEY / SYSTRAN_API_KEY.
  • The two validate-* jobs (no if: gate) will also run on manual dispatch as harmless pre-flight validation; PR-only jobs stay skipped.

How to run

Actions tab → I18n ValidationRun workflow → pick a provider. Or:

gh workflow run i18n-validation.yml -f provider=openai

All run-step inputs are trusted (locale names from the filesystem, secrets via env:) — no workflow-injection surface.

The 'Test Translation API Integration' job invoked 'ampel-i18n translate'
without the required --lang argument, so it exited with code 2 on every
push to main. The job was also structurally dead: the translate step had
no id, so the create-pull-request gate on steps.translate.outputs.changed
never fired, and --dry-run never wrote files to PR.

Rework it into a manually-triggered, provider-selectable translation run:
- switch the trigger to workflow_dispatch with a 'provider' choice input
  (deepl | google | openai | systran); the job no longer runs on push
- inject ONLY the selected provider's secret into its matching *_API_KEY
  env var, so the fallback router pins translation to that provider
- fail fast with a clear message if the chosen provider's secret is unset
- build the binary once, then translate every locale directory (English
  source excluded -> 26 targets) via 'translate --lang <lang>'
- record changed locales from git porcelain output as step outputs
  (changed, languages) and gate the consolidated PR on them
- make the PR body report which provider produced the updates

All run-step inputs are trusted (locale names from the filesystem,
secrets via env), so there is no workflow-injection surface.
@pacphi

pacphi commented Jul 2, 2026

Copy link
Copy Markdown
Owner Author

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

📊 Coverage Report

Component Coverage Status
Backend N/A%
Frontend N/A%
Overall N/A%

Coverage Thresholds

  • 🟢 Green: ≥ 80% (target)
  • 🟡 Yellow: 60-79% (acceptable)
  • 🔴 Red: < 60% (needs improvement)

Coverage reports generated by CI workflow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant