feat: implement LLM cost savings in CI

[aaronsteers]

feat: implement LLM cost savings in CI

Summary

This PR implements LLM cost savings in CI by refactoring GitHub Actions workflows to add targeted evaluation triggers and reduce unnecessary LLM API usage. The main changes include:

• Split eval runs into specialized workflows with targeted triggers instead of running on every PR commit
• Added keyword-based triggering that checks commit messages for [llm], [agent], or [eval] to conditionally run expensive eval steps on PR synchronize events
• Implemented concurrency control to prevent duplicate eval runs
• Suppressed verbose logging (httpx INFO logs) while adding selective debug logging (OPENAI_AGENTS_LOG: info)
• Removed redundant workflows (build-connector-test.yml) and consolidated documentation
• Maintained unconditional eval runs for ready_for_review and reopened events to ensure proper quality gates

The core optimization is that for PR synchronize events (new commits), expensive eval steps are only executed when commit messages contain LLM-related keywords, significantly reducing API costs for routine code changes.

Review & Testing Checklist for Human

⚠️ High Risk - Manual Testing Required (4 items)

• Test keyword detection logic: Create a test PR with commit messages containing [llm], [agent], or [eval] and verify that eval steps run on synchronize events. Then test with commits without keywords to confirm skipping works.
• Verify unconditional eval execution: Test that eval jobs still run properly for ready_for_review and reopened PR events (without keyword requirements).
• Test step-level conditional logic: Check CI logs to ensure the conditional logic steps.check-commits.outputs.found == 'true' works correctly and doesn't have edge cases where steps are unexpectedly skipped or run.
• Validate workflow migration: Confirm that moving the eval job from ci-tests.yml to the new ci-run-evals.yml doesn't break existing processes or expectations.

Notes

• The keyword detection uses git log -1 --pretty=%B to check only the latest commit message (per feedback)
• All CI checks are passing, but GitHub Actions workflow changes are inherently difficult to test locally
• This addresses issue Implement LLM cost savings in CI #124 for LLM cost savings in CI
• Session: https://app.devin.ai/sessions/b5fc7e4ebac942838afb06b8d200083f | Requested by: @aaronsteers

Summary by CodeRabbit

• Documentation

  • Added a single unified PR welcome with testing guidance, maintainer commands, evaluation info, and resources.
  • Removed separate community and internal welcome messages.

• Chores

  • Simplified PR welcome automation to always use the unified template.
  • Added a CI workflow to run evals and renamed the standard evals workflow.
  • Removed a duplicate eval job and a legacy connector build test workflow.
  • Converted the manual connector build to an input-driven single path with updated permissions and env.

Important

Auto-merge enabled.

This PR is set to merge automatically when all requirements are met.

[devin-ai-integration]

Original prompt from AJ Steers

@Devin - Can you tackle this? <https://github.com/airbytehq/connector-builder-mcp/issues/124>
Thread URL: https://airbytehq-team.slack.com/archives/D089P0UPVT4/p1760121279635469?thread_ts=1760121279.635469

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[github-actions]

👋 Welcome to the Airbyte Connector Builder MCP!

Thank you for your contribution! We're excited to have you in the Airbyte community.

Testing This Branch via MCP

To test the changes in this specific branch with an MCP client like Claude Desktop, use the following configuration:

{
  "mcpServers": {
    "connector-builder-mcp-dev": {
      "command": "uvx",
      "args": ["--from", "git+https://github.com/airbytehq/connector-builder-mcp.git@devin/1760122951-llm-cost-savings-ci", "connector-builder-mcp"]
    }
  }
}

Testing This Branch via CLI

You can test this version of the MCP Server using the following CLI snippet:

# Run the CLI from this branch:
uvx 'git+https://github.com/airbytehq/connector-builder-mcp.git@devin/1760122951-llm-cost-savings-ci#egg=airbyte-connector-builder-mcp' --help

PR Slash Commands

Airbyte Maintainers can execute the following slash commands on your PR:

• /autofix - Fixes most formatting and linting issues
• /run-evals - Runs AI builder evaluations
• /poe <command> - Runs any poe command in the uv virtual environment
• /test - Runs the test suite

AI Builder Evaluations

AI builder evaluations run automatically under the following conditions:

• When a PR is marked as "ready for review"
• When a PR is reopened
• When the PR title contains [llm], [agent], or [eval]
• When manually triggered via the /run-evals slash command

Evaluations also run on a schedule (Mon/Wed/Fri at midnight UTC) and can be manually triggered via workflow dispatch.

Helpful Resources

• Contributing Guidelines
• Airbyte Slack

If you have any questions, feel free to ask in the PR comments or join our Slack community.

📝 Edit this welcome message.

[coderabbitai]

📝 Walkthrough

Walkthrough

Consolidates PR welcome messaging into a single .github/pr-welcome.md, updates the welcome workflow to use it, adds a gated ci-run-evals.yml workflow, removes duplicate/legacy eval and build workflows and welcome files, and refactors the build-connector-command workflow to a dispatch-driven single-connector run.

Changes

Cohort / File(s)	Summary of Changes
Unified PR welcome .github/pr-welcome.md, .../.github/workflows/welcome-message.yml	Added .github/pr-welcome.md and changed welcome-message.yml to always load that fixed template path (removed fork-based branching).
Removed legacy welcome files .github/pr-welcome-community.md, .github/pr-welcome-internal.md	Deleted the community and internal variant welcome documents.
Evals CI: new gated workflow .github/workflows/ci-run-evals.yml	Added a gated "CI Run Evals" workflow with path/title gating, concurrency cancellation, single job to run evals for one connector, env/API key configuration, and a 30-minute timeout.
Evals CI: removed job from main CI .github/workflows/ci-tests.yml	Removed the "Run Evals (Single Connector)" job from the existing CI workflow.
Workflow display name update .github/workflows/run-standard-evals.yml	Renamed workflow display name from Run Evals to Run Standard Evals (no trigger/logic changes).
Removed connector build test workflow .github/workflows/build-connector-test.yml	Deleted the agent-based "Test Connector Build" workflow (matrixed connectors and build steps).
Build connector command refactor .github/workflows/build-connector-command.yml	Converted to workflow_dispatch with a connector input (default source-jsonplaceholder), added pull-requests: write permission, removed matrix strategy, simplified job to run poe evals run --connector ${{ inputs.connector }}, and added PHOENIX-related env/secrets.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor Dev as Developer
    participant GH as GitHub
    participant EvalsWF as "CI Run Evals\n(.github/workflows/ci-run-evals.yml)"
    participant Runner as Runner (ubuntu-latest)
    participant UV as uv/poe

    Dev->>GH: Push to main or open PR (ready_for_review, reopened, synchronize) or commit with keywords
    GH->>EvalsWF: Trigger workflow (path/title gating)
    note right of EvalsWF #E6F0FF: Concurrency group cancels prior runs
    EvalsWF->>Runner: Start job (checkout, setup uv, setup Python)
    Runner->>UV: Install deps
    Runner->>UV: Run evals (poe evals run --connector ...)
    UV-->>Runner: Evals result (<=30m timeout)
    Runner-->>GH: Job status

Loading

sequenceDiagram
    autonumber
    participant GH as GitHub
    participant WelcomeWF as "Welcome Message WF\n(.github/workflows/welcome-message.yml)"
    participant Template as ".github/pr-welcome.md"

    GH->>WelcomeWF: PR opened / synchronized
    WelcomeWF->>Template: Load fixed template path
    Template-->>WelcomeWF: Template content
    WelcomeWF-->>GH: Post unified welcome message

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• chore(evals): restructure YAML to use input/expected top-level keys #116 — Overlaps with CI eval/job changes (removal/relocation of the single-connector eval job).

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly summarizes the primary change—implementing LLM cost savings in CI—without extraneous detail or vague wording, making the enhancement immediately clear to anyone reviewing the PR history.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch devin/1760122951-llm-cost-savings-ci

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8438dfb and 3dc3651.

📒 Files selected for processing (2)

• .github/pr-welcome.md (1 hunks)
• .github/workflows/ci-run-evals.yml (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• .github/pr-welcome.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Pytest (Fast)

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

PyTest Results (Fast)

0 tests  ±0   0 ✅ ±0   0s ⏱️ ±0s
0 suites ±0   0 💤 ±0 
0 files   ±0   0 ❌ ±0 

Results for commit 62f43f9. ± Comparison against base commit 73c617d.

♻️ This comment has been updated with latest results.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

.github/workflows/run-standard-evals.yml (3)

23-37: Set explicit GITHUB_TOKEN permissions for commenting

If the action posts PR comments, default token may be read-only for forks. Add minimal perms:

 name: Run Standard Evals
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write

Confirm this workflow needs to write PR comments; if not, drop issues/pull-requests scopes.

---

14-22: Consider adding concurrency to prevent overlapping scheduled/manual runs

To cancel prior in‑progress runs of this workflow on same ref:

 on:
   workflow_dispatch:
@@
   schedule:
     - cron: '0 0 * * 1,3,5'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true

---

25-36: Action tags verified; consider SHA pinning

All referenced action versions exist (actions/[email protected], actions/checkout@v5, aaronsteers/poe-command-processor@v1). For supply-chain stability, consider pinning to specific commit SHAs.

.github/workflows/ci-run-evals.yml (1)

23-56: Add explicit permissions if evals post PR comments

If the eval process writes to PRs/issues, set minimal token scopes.

 name: CI Run Evals
@@
 on:
@@
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write

If no commenting occurs, keep contents: read only.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cfc0d97 and 8df00be.

📒 Files selected for processing (5)

• .github/pr-welcome.md (1 hunks)
• .github/workflows/build-connector-test.yml (0 hunks)
• .github/workflows/ci-run-evals.yml (1 hunks)
• .github/workflows/ci-tests.yml (0 hunks)
• .github/workflows/run-standard-evals.yml (1 hunks)

💤 Files with no reviewable changes (2)

• .github/workflows/ci-tests.yml
• .github/workflows/build-connector-test.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/pr-welcome.md

🔇 Additional comments (5)

.github/workflows/run-standard-evals.yml (1)

1-1: Rename looks good

Consistent with new CI split.

.github/workflows/ci-run-evals.yml (4)

26-36: PR gating logic matches requirements (case-sensitive keywords on synchronize)

contains() is case-sensitive; only lowercase “[llm]”, “[agent]”, “[eval]” will match. ready_for_review/reopened run regardless of title, as intended.

Confirm lowercase-only tags are the policy (e.g., “[LLM]” will not trigger).

---

19-22: Concurrency group aligns with objectives

This will cancel in-progress runs per branch/PR. Good.

---

39-47: Verify Action versions and pin SHAs if necessary

• actions/checkout@v5 and actions/setup-python@v6 are published majors (require Runner v2.327.1+)
• Confirm astral-sh/[email protected] exists or pin to a specific commit SHA for immutability

---

3-18: Slash commands handled by separate dispatch workflow
ci-run-evals.yml rightly runs only on push and pull_request; slash commands are picked up by .github/workflows/slash-command-dispatch.yml (on issue_comment created) and routed via aaronsteers/poe-command-processor to run-standard-evals.yml.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

.github/workflows/ci-run-evals.yml (1)

38-38: Job-level timeout is correctly applied (prior feedback addressed).

timeout-minutes: 30 at the job level is the right place; step-level timeouts are ignored.

🧹 Nitpick comments (5)

.github/workflows/ci-run-evals.yml (5)

13-17: Add PR ‘edited’ event so title keyword changes can trigger runs.

Currently, editing a PR title to add “[llm]”, “[agent]”, or “[eval]” won’t trigger this workflow. Include the edited action.

 on:
   pull_request:
     types:
       - ready_for_review
       - reopened
       - synchronize
+      - edited

---

26-37: Gate PR runs from forks to avoid secret-related failures; also handle ‘edited’ keyword runs.

Forked PRs can’t access repo secrets; this job will fail or waste CI minutes. Add a fork guard and support title-edited keyword runs directly in the job IF.

     if: |
-      github.event_name == 'push' ||
-      (github.event_name == 'pull_request' && (
-        github.event.action == 'ready_for_review' ||
-        github.event.action == 'reopened' ||
-        (github.event.action == 'synchronize' && (
-          contains(github.event.pull_request.title, '[llm]') ||
-          contains(github.event.pull_request.title, '[agent]') ||
-          contains(github.event.pull_request.title, '[eval]')
-        ))
-      ))
+      github.event_name == 'push' ||
+      (
+        github.event_name == 'pull_request' &&
+        !github.event.pull_request.head.repo.fork &&
+        (
+          github.event.action == 'ready_for_review' ||
+          github.event.action == 'reopened' ||
+          (github.event.action == 'edited' && (
+            contains(github.event.pull_request.title, '[llm]') ||
+            contains(github.event.pull_request.title, '[agent]') ||
+            contains(github.event.pull_request.title, '[eval]')
+          )) ||
+          (github.event.action == 'synchronize' && (
+            contains(github.event.pull_request.title, '[llm]') ||
+            contains(github.event.pull_request.title, '[agent]') ||
+            contains(github.event.pull_request.title, '[eval]')
+          ))
+        )
+      )

Optional (for further savings): also skip drafts on synchronize by adding && !github.event.pull_request.draft to that branch.

---

23-37: Harden token permissions (least privilege).

Explicitly set minimal permissions for the job.

 jobs:
   run-evals:
     name: Run Evals (Single Connector)
+    permissions:
+      contents: read
     runs-on: ubuntu-latest

---

49-49: Use the lockfile strictly in CI.

Add --frozen to ensure deps match uv.lock and avoid accidental resolution.

-      - name: Install dependencies
-        run: uv sync --all-extras
+      - name: Install dependencies
+        run: uv sync --all-extras --frozen

---

50-57: Optional guard at step-level if you don’t add the fork check.

If you choose not to gate forks at the job IF, at least guard the eval step to skip cleanly without secrets.

       - name: Run Evals
+        if: ${{ secrets.OPENAI_API_KEY != '' }}
         env:
           OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           OPENAI_AGENTS_LOG: info
           HTTPX_LOG_LEVEL: warning
           PHOENIX_API_KEY: ${{ secrets.AIRBYTE_CI_TESTING_PHOENIX_API_KEY }}
           PHOENIX_COLLECTOR_ENDPOINT: ${{ vars.AIRBYTE_CI_TESTING_PHOENIX_COLLECTOR_ENDPOINT }}
         run: uv run poe evals run --connector source-jsonplaceholder

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8df00be and 9b5d30b.

📒 Files selected for processing (1)

• .github/workflows/ci-run-evals.yml (1 hunks)

🔇 Additional comments (3)

.github/workflows/ci-run-evals.yml (3)

19-22: Concurrency group is correctly scoped and cancels duplicates.

Using ${{ github.workflow }}-${{ github.ref }} will cancel prior in-flight runs per workflow and ref (PR/main). Good.

---

26-36: Confirm commit-text gating requirement
This workflow currently only matches keywords in the PR title (on synchronize); no commit-message trigger is implemented. If commit-text matching is still required per the linked issue, add a precheck job to read commit messages via the API and gate this job accordingly.

---

1-3: Confirm external triggers in other workflows

• run-standard-evals.yml defines the Mon/Wed/Fri cron and workflow_dispatch.
• I didn’t find a /run-evals slash command in slash-command-dispatch.yml—please confirm it’s defined elsewhere or add it.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/build-connector-command.yml (1)

12-57: Connector input ignored

We expose an inputs.connector but the command still hardcodes source-jsonplaceholder, so every run ignores the provided connector name. Wire the input through:

-          command: poe evals run --connector source-jsonplaceholder
+          command: poe evals run --connector ${{ inputs.connector }}

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 13ff2b9 and 8bc9854.

📒 Files selected for processing (3)

• .github/pr-welcome.md (1 hunks)
• .github/workflows/build-connector-command.yml (3 hunks)
• .github/workflows/ci-run-evals.yml (1 hunks)

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-10-10T17:09:05.957Z

Learnt from: aaronsteers
PR: airbytehq/connector-builder-mcp#116
File: .github/workflows/ci-tests.yml:110-113
Timestamp: 2025-10-10T17:09:05.957Z
Learning: The connector-builder-mcp repository at airbytehq/connector-builder-mcp is a private/internal repository that does not accept external contributions or forks.

Applied to files:

• .github/pr-welcome.md

📚 Learning: 2025-10-10T17:09:02.099Z

Learnt from: aaronsteers
PR: airbytehq/connector-builder-mcp#116
File: .github/workflows/ci-tests.yml:110-113
Timestamp: 2025-10-10T17:09:02.099Z
Learning: The connector-builder-mcp repository (airbytehq/connector-builder-mcp) is an internal/private repository that doesn't accept external contributions, so there are no forked PRs to consider in workflow configurations.

Applied to files:

• .github/pr-welcome.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Run Evals (Single Connector)
• GitHub Check: Pytest (Fast)

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f649424 and 3975e5c.

📒 Files selected for processing (1)

• .github/workflows/ci-run-evals.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Pytest (Fast)

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/build-connector-command.yml (1)

30-30: Scope concurrency by connector to avoid canceling parallel builds

Current group uses only workflow and ref, so two dispatches on the same branch for different connectors will cancel each other. Include the connector in the group key.

Example:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}-${{ inputs.connector }}
  cancel-in-progress: true

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3975e5c and 8438dfb.

📒 Files selected for processing (1)

• .github/workflows/build-connector-command.yml (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Pytest (Fast)

🔇 Additional comments (1)

.github/workflows/build-connector-command.yml (1)

47-51: Secrets/vars propagation looks correct; verify no accidental logging

Using secrets for OPENAI_API_KEY and PHOENIX_API_KEY is good; endpoint via vars is fine if non-sensitive. Ensure the action doesn’t echo these envs at info/debug levels.

Can you confirm aaronsteers/poe-command-processor@v1 does not print env values and that PHOENIX_COLLECTOR_ENDPOINT is not sensitive? If unsure, I can suggest a redaction step or env whitelist for logs.

[aaronsteers]

/autofix

Auto-Fix Job Info

This job attempts to auto-fix any linting or formating issues. If any fixes are made,
those changes will be automatically committed and pushed back to the PR.

Note: This job can only be run by maintainers. On PRs from forks, this command requires
that the PR author has enabled the Allow edits from maintainers option.

PR auto-fix job started... Check job output.

🟦 Job completed successfully (no changes).