[v2][Feat] Add the check-generate workflow can work in local runner for the PR from fork repo (#6845)

.github/workflows/build-ci-image.yml

@@ -6,25 +6,26 @@ on:
       - main
       - v2
     paths:
-      - 'gen.Dockerfile'
-      - '.github/workflows/build-ci-image.yml'
+      - "gen.Dockerfile"
+      - ".github/workflows/build-ci-image.yml"
   pull_request:
     paths:
-      - 'gen.Dockerfile'
-      - '.github/workflows/build-ci-image.yml'
+      - "gen.Dockerfile"
+      - ".github/workflows/build-ci-image.yml"
   workflow_dispatch:
     inputs:
       force_rebuild:
-        description: 'Force rebuild of the image'
+        description: "Force rebuild of the image"
         required: false
-        default: 'false'
+        default: "false"
 
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}/ci
 
 jobs:
   build:
+    if: github.event.pull_request.head.repo.fork != true # when the pull requests are from fork repository, skip the steps for build new ci image
     runs-on: ubuntu-latest
     permissions:
       contents: read

.github/workflows/check-generate-container.yml

@@ -0,0 +1,119 @@
+name: Check Generated in Container Files
+
+on:
+  workflow_call:
+    inputs:
+      pr_number:
+        required: true
+        type: string
+      base_ref:
+        required: true
+        type: string
+
+jobs:
+  # Check generation in CI image, when the PR is not from fork repo
+  check-generate-container:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      actions: read
+      packages: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Determine Docker image
+        id: docker-image
+        run: |
+          # Check if gen.Dockerfile or build workflow was modified
+          git fetch origin ${{ inputs.base_ref }}
+          if git diff --name-only origin/${{ inputs.base_ref }}...HEAD | grep -E '^(gen\.Dockerfile|Dockerfile\.ci|\.github/workflows/build-ci-image\.yml)$'; then
+            echo "modified=true" >> $GITHUB_OUTPUT
+            echo "image=ghcr.io/flyteorg/flyte/ci:pr-${{ inputs.pr_number}}" >> $GITHUB_OUTPUT
+            echo "📦 gen.Dockerfile modified - will use PR-specific image"
+          else
+            echo "modified=false" >> $GITHUB_OUTPUT
+            echo "image=ghcr.io/flyteorg/flyte/ci:v2" >> $GITHUB_OUTPUT
+            echo "📦 Using default v2 image"
+          fi
+
+      - name: Wait for Docker image build workflow
+        if: steps.docker-image.outputs.modified == 'true'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const maxAttempts = 60; // 20 minutes max
+            const delaySeconds = 20;
+
+            console.log('⏳ Waiting for Docker image build workflow to complete...');
+
+            for (let attempt = 0; attempt < maxAttempts; attempt++) {
+              // Get workflow runs for this PR
+              const { data: runs } = await github.rest.actions.listWorkflowRuns({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                workflow_id: 'build-ci-image.yml',
+                event: 'pull_request',
+                per_page: 10
+              });
+
+              // Find the run for this PR
+              const prRun = runs.workflow_runs.find(run =>
+                run.head_sha === context.payload.pull_request.head.sha
+              );
+
+              if (prRun) {
+                console.log(`Found workflow run: ${prRun.html_url}`);
+                console.log(`Status: ${prRun.status}, Conclusion: ${prRun.conclusion}`);
+
+                if (prRun.status === 'completed') {
+                  if (prRun.conclusion === 'success') {
+                    console.log('✅ Docker image build completed successfully!');
+                    return;
+                  } else {
+                    core.setFailed(`❌ Docker image build failed with conclusion: ${prRun.conclusion}`);
+                    return;
+                  }
+                }
+
+                console.log(`Attempt ${attempt + 1}/${maxAttempts}: Build still running, waiting ${delaySeconds} seconds...`);
+              } else {
+                console.log(`Attempt ${attempt + 1}/${maxAttempts}: Build not started yet, waiting ${delaySeconds} seconds...`);
+              }
+
+              await new Promise(resolve => setTimeout(resolve, delaySeconds * 1000));
+            }
+
+            core.setFailed('❌ Timeout waiting for Docker image build to complete');
+
+      - name: Login to GHCR
+        if: steps.docker-image.outputs.modified == 'true'
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Pull Docker image
+        if: steps.docker-image.outputs.modified == 'true'
+        run: |
+          IMAGE="${{ steps.docker-image.outputs.image }}"
+          echo "📦 Pulling image: $IMAGE"
+          docker pull "$IMAGE"
+
+      - name: Run checks in container
+        run: |
+          IMAGE="${{ steps.docker-image.outputs.image }}"
+          echo "Using image: $IMAGE"
+
+          docker run --rm \
+            -v ${{ github.workspace }}:/workspace \
+            -w /workspace \
+            -e SETUPTOOLS_SCM_PRETEND_VERSION=0.0.0 \
+            -e UV_PROJECT_ENVIRONMENT=/tmp/flyte-venv \
+            "$IMAGE" \
+            bash -c "
+              git config --global --add safe.directory /workspace &&
+              cd gen/python && uv sync --all-groups --frozen && cd ../.. &&
+              make gen-local &&
+              git diff --exit-code || (echo 'Generated files are out of date. Run \`make gen\` and commit changes.' && exit 1) &&
+              make build-crate
+            "

.github/workflows/check-generate-local.yml

@@ -0,0 +1,78 @@
+name: Check Generated Local Files
+
+on:
+  workflow_call:
+
+jobs:
+  # Check generation locally when the PR is from fork repo
+  check-generate-local:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      actions: read
+      packages: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      # for fork PR - get the version of tools from gen.Dockerfile
+      - name: Extract tool versions from gen.Dockerfile
+        id: versions
+        run: |
+          extract() { grep "^ARG ${1}=" gen.Dockerfile | cut -d'=' -f2; }
+          echo "go=$(extract GO_VERSION)" >> $GITHUB_OUTPUT
+          echo "python=$(extract PYTHON_VERSION)" >> $GITHUB_OUTPUT
+          echo "node=$(extract NODE_VERSION)" >> $GITHUB_OUTPUT
+          echo "rust=$(extract RUST_VERSION)" >> $GITHUB_OUTPUT
+          echo "uv=$(extract UV_VERSION)" >> $GITHUB_OUTPUT
+          echo "buf=$(extract BUF_VERSION)" >> $GITHUB_OUTPUT
+          echo "mockery=$(extract MOCKERY_VERSION)" >> $GITHUB_OUTPUT
+
+      # for fork PR - install tools in runner
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ steps.versions.outputs.go }}
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ steps.versions.outputs.python }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ steps.versions.outputs.node }}
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: ${{ steps.versions.outputs.rust }}
+
+      - name: Setup uv
+        uses: astral-sh/setup-uv@v4
+        with:
+          version: ${{ steps.versions.outputs.uv }}
+
+      - name: Install Buf and Mockery
+        run: |
+          BUF_VERSION="${{ steps.versions.outputs.buf }}"
+          curl -fsSL "https://github.com/bufbuild/buf/releases/download/v${BUF_VERSION}/buf-Linux-x86_64.tar.gz" | tar -xzC /tmp
+          sudo mv /tmp/buf/bin/buf /usr/local/bin/buf
+          sudo mv /tmp/buf/bin/protoc-gen-buf-breaking /usr/local/bin/
+          sudo mv /tmp/buf/bin/protoc-gen-buf-lint /usr/local/bin/
+          npm install -g pnpm
+          go install "github.com/vektra/mockery/v2@v${{ steps.versions.outputs.mockery }}"
+
+      # for fork PR - Check make gen locally
+      - name: Run check locally (fork PR)
+        env:
+          SETUPTOOLS_SCM_PRETEND_VERSION: "0.0.0"
+          UV_PROJECT_ENVIRONMENT: /tmp/flyte-venv
+        run: |
+          cd gen/python && uv sync --all-groups --frozen && cd ../..
+          make gen-local
+          git diff --exit-code || (echo 'Generated files are out of date. Run \`make gen\` and commit changes.' && exit 1)
+          make build-crate

.github/workflows/check-generate.yml

@@ -5,110 +5,23 @@ on:
     types: [opened, synchronize, reopened]
 
 jobs:
+  check-generate-container:
+    if: github.event.pull_request.head.repo.fork != true
+    uses: ./.github/workflows/check-generate-container.yml
+    with:
+      pr_number: ${{ github.event.pull_request.number }}
+      base_ref: ${{ github.base_ref }}
+  check-generate-local:
+    if: github.event.pull_request.head.repo.fork == true
+    uses: ./.github/workflows/check-generate-local.yml
   check-generate:
+    needs: [check-generate-container, check-generate-local]
+    if: always()
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      actions: read
-      packages: read
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Determine Docker image
-        id: docker-image
+      - name: Check results
         run: |
-          # Check if gen.Dockerfile or build workflow was modified
-          git fetch origin ${{ github.base_ref }}
-          if git diff --name-only origin/${{ github.base_ref }}...HEAD | grep -E '^(gen\.Dockerfile|Dockerfile\.ci|\.github/workflows/build-ci-image\.yml)$'; then
-            echo "modified=true" >> $GITHUB_OUTPUT
-            echo "image=ghcr.io/flyteorg/flyte/ci:pr-${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
-            echo "📦 gen.Dockerfile modified - will use PR-specific image"
-          else
-            echo "modified=false" >> $GITHUB_OUTPUT
-            echo "image=ghcr.io/flyteorg/flyte/ci:v2" >> $GITHUB_OUTPUT
-            echo "📦 Using default v2 image"
+          if [[ "${{ needs.check-generate-container.result }}" == "failure" ||
+                "${{ needs.check-generate-local.result }}" == "failure" ]]; then
+              exit 1
           fi
-
-      - name: Wait for Docker image build workflow
-        if: steps.docker-image.outputs.modified == 'true'
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const maxAttempts = 60; // 20 minutes max
-            const delaySeconds = 20;
-
-            console.log('⏳ Waiting for Docker image build workflow to complete...');
-
-            for (let attempt = 0; attempt < maxAttempts; attempt++) {
-              // Get workflow runs for this PR
-              const { data: runs } = await github.rest.actions.listWorkflowRuns({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                workflow_id: 'build-ci-image.yml',
-                event: 'pull_request',
-                per_page: 10
-              });
-
-              // Find the run for this PR
-              const prRun = runs.workflow_runs.find(run =>
-                run.head_sha === context.payload.pull_request.head.sha
-              );
-
-              if (prRun) {
-                console.log(`Found workflow run: ${prRun.html_url}`);
-                console.log(`Status: ${prRun.status}, Conclusion: ${prRun.conclusion}`);
-
-                if (prRun.status === 'completed') {
-                  if (prRun.conclusion === 'success') {
-                    console.log('✅ Docker image build completed successfully!');
-                    return;
-                  } else {
-                    core.setFailed(`❌ Docker image build failed with conclusion: ${prRun.conclusion}`);
-                    return;
-                  }
-                }
-
-                console.log(`Attempt ${attempt + 1}/${maxAttempts}: Build still running, waiting ${delaySeconds} seconds...`);
-              } else {
-                console.log(`Attempt ${attempt + 1}/${maxAttempts}: Build not started yet, waiting ${delaySeconds} seconds...`);
-              }
-
-              await new Promise(resolve => setTimeout(resolve, delaySeconds * 1000));
-            }
-
-            core.setFailed('❌ Timeout waiting for Docker image build to complete');
-
-      - name: Login to GHCR
-        if: steps.docker-image.outputs.modified == 'true'
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
-
-      - name: Pull Docker image
-        if: steps.docker-image.outputs.modified == 'true'
-        run: |
-          IMAGE="${{ steps.docker-image.outputs.image }}"
-          echo "📦 Pulling image: $IMAGE"
-          docker pull "$IMAGE"
-
-      - name: Run checks in container
-        run: |
-          IMAGE="${{ steps.docker-image.outputs.image }}"
-          echo "Using image: $IMAGE"
-
-          docker run --rm \
-            -v ${{ github.workspace }}:/workspace \
-            -w /workspace \
-            -e SETUPTOOLS_SCM_PRETEND_VERSION=0.0.0 \
-            -e UV_PROJECT_ENVIRONMENT=/tmp/flyte-venv \
-            "$IMAGE" \
-            bash -c "
-              git config --global --add safe.directory /workspace &&
-              cd gen/python && uv sync --all-groups --frozen && cd ../.. &&
-              make gen-local &&
-              git diff --exit-code -- ':!gen/rust/Cargo.lock' || (echo 'Generated files are out of date. Run \`make gen\` and commit changes.' && exit 1) &&
-              make build-crate
-            "
-
-