ci: move lance dependency bump flow into skill

Author: Xuanwo

.agents/skills/README.md

@@ -0,0 +1,7 @@
+# Agent Skills
+
+This directory contains repo-scoped code agent skills for the lance-duckdb project.
+
+Each skill is a folder that contains a required `SKILL.md` and optional bundled resources.
+
+Codex discovers skills from `.agents/skills` in the current working directory and parent directories.

.agents/skills/lance-duckdb-update-lance-dependency/SKILL.md

@@ -0,0 +1,87 @@
+---
+name: lance-duckdb-update-lance-dependency
+description: Update lance-duckdb to a specific Lance release or tag. Use when bumping Lance Rust dependencies in the lance-duckdb repository, including Cargo.toml, Cargo.lock, validation, branch creation, commit, push, and PR creation when requested.
+---
+
+# lance-duckdb Update Lance Dependency
+
+## Scope
+
+Use this skill in the `lance-format/lance-duckdb` repository when updating Lance Rust dependencies to a specific Lance version or tag.
+
+Inputs can be a version (`7.2.0-beta.1`), a tag (`v7.2.0-beta.1`), a tag ref (`refs/tags/v7.2.0-beta.1`), or `latest`.
+
+## Workflow
+
+1. Confirm the worktree status with `git status --short`.
+2. Resolve the target Lance version:
+
+   - If the input is `latest`, empty, or omitted, run:
+
+     ```bash
+     python3 ci/check_lance_release.py
+     ```
+
+     Parse the JSON output. If `needs_update` is not `true`, stop without creating a PR. Otherwise use `latest_tag`.
+
+   - If the input is explicit, use it directly.
+
+3. Compute update metadata without changing files:
+
+   ```bash
+   python3 ci/update_lance_dependency.py "$TAG_OR_VERSION" --metadata-only
+   ```
+
+   Before making changes, check for an existing open PR with the emitted `pr_title`:
+
+   ```bash
+   gh pr list --search "\"$PR_TITLE\" in:title" --state open --limit 1 --json number,url,title
+   ```
+
+   If a matching open PR exists, stop and report it instead of creating a duplicate.
+
+4. Run the deterministic update entrypoint:
+
+   ```bash
+   python3 ci/update_lance_dependency.py "$TAG_OR_VERSION"
+   ```
+
+   This updates the direct Lance Rust crate versions in `Cargo.toml`, removes repository-local Lance `[patch.crates-io]` entries if present, refreshes `Cargo.lock` with precise Cargo updates, and prints JSON metadata containing `branch_name`, `commit_message`, and `pr_title`.
+
+5. Run validation:
+
+   ```bash
+   cargo fmt --all
+   cargo check --manifest-path Cargo.toml
+   cargo clippy --manifest-path Cargo.toml --all-targets
+   ```
+
+   If Cargo reports incompatible Arrow/DataFusion requirements, inspect the target Lance release requirements and update the pinned Arrow/DataFusion versions in `Cargo.toml`, then rerun `python3 ci/update_lance_dependency.py "$TAG_OR_VERSION"` and the validation commands. Fix real diagnostics and rerun validation until it succeeds.
+
+6. Inspect `git status --short` and `git diff` to ensure only the Lance dependency update and required compatibility fixes are present.
+
+7. If the task only asks to prepare local changes, stop here and report the changed files and validation result.
+
+8. If the task asks to publish the update, create a branch using the printed `branch_name`, stage all relevant files, and commit using the printed `commit_message`. Do not amend or rewrite existing commits.
+
+9. Push to `origin`. Before creating the PR, check that the current token has push permission:
+
+   ```bash
+   gh api repos/lance-format/lance-duckdb --jq .permissions.push
+   ```
+
+   If the remote branch already exists for the same generated branch name, delete the remote ref with `gh api -X DELETE repos/lance-format/lance-duckdb/git/refs/heads/$BRANCH_NAME`, then push. Do not force-push.
+
+10. Create a PR targeting `main` with the printed `pr_title`. If there is no PR template, keep the body to two or three concise sentences: state the Lance dependency bump, note any required compatibility fixes, and link the triggering Lance tag or release.
+
+11. Read back the remote PR title after creation. If it is not a Conventional Commit title, fix it immediately.
+
+## GitHub Actions
+
+This workflow is intentionally manual. When this skill is used from GitHub Actions, `TAG`, `GH_TOKEN`, and `GITHUB_TOKEN` may already be set. Resolve `latest` first when `TAG` is empty. Once an explicit tag or version is known, use:
+
+```bash
+python3 ci/update_lance_dependency.py "$TAG" --github-output "$GITHUB_OUTPUT"
+```
+
+Then use the emitted `branch_name`, `commit_message`, and `pr_title` values for branch, commit, and PR creation.

.github/workflows/codex-update-lance-dependency.yml

@@ -13,17 +13,12 @@
 name: Codex Update Lance Dependency
 
 on:
-  workflow_call:
-    inputs:
-      tag:
-        description: "Tag name from Lance (e.g., v2.0.0)"
-        required: true
-        type: string
   workflow_dispatch:
     inputs:
       tag:
-        description: "Tag name from Lance (e.g., v2.0.0)"
-        required: true
+        description: "Tag name from Lance. Leave empty to use the latest Lance release that needs an update."
+        required: false
+        default: ""
         type: string
 
 permissions:
@@ -37,7 +32,7 @@ jobs:
     steps:
       - name: Show inputs
         run: |
-          echo "tag = ${{ inputs.tag }}"
+          echo "tag = ${{ inputs.tag || 'latest' }}"
 
       - name: Checkout Repo
         uses: actions/checkout@v5
@@ -63,18 +58,6 @@ jobs:
         with:
           components: rustfmt, clippy
 
-      - name: Validate stable release tag
-        env:
-          TAG: ${{ inputs.tag }}
-        run: |
-          set -euo pipefail
-          VERSION="${TAG#refs/tags/}"
-          VERSION="${VERSION#v}"
-          if ! [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-            echo "Only stable Lance versions are allowed (got: ${TAG})" >&2
-            exit 1
-          fi
-
       - name: Configure git user
         run: |
           git config user.name "lance-community"
@@ -88,46 +71,21 @@ jobs:
           OPENAI_API_KEY: ${{ secrets.CODEX_TOKEN }}
         run: |
           set -euo pipefail
-          VERSION="${TAG#refs/tags/}"
-          VERSION="${VERSION#v}"
-          BRANCH_NAME="codex/update-lance-${VERSION//[^a-zA-Z0-9]/-}"
+          TARGET_TAG="${TAG:-latest}"
 
           cat <<EOF >/tmp/codex-prompt.txt
           You are running inside the lance-duckdb repository on a GitHub Actions runner.
-          Update the Lance Rust dependencies to version ${VERSION} (semver format) and prepare a pull request for maintainers to review.
 
-          Follow these steps exactly:
-          1. Update versions in Cargo.toml:
-             - In the [dependencies] section, update the versions for these crates to "${VERSION}":
-               lance, lance-arrow, lance-core, lance-index, lance-linalg, lance-namespace, lance-namespace-impls, lance-table.
-             - Keep existing features/flags unchanged.
-             - Do not add or keep a [patch.crates-io] section for Lance crates; dependencies must come from crates.io stable releases only.
-          2. Update Cargo.lock to match the new versions.
-             - Prefer precise updates like:
-               cargo update -p lance --precise ${VERSION}
-               cargo update -p lance-arrow --precise ${VERSION}
-               ... (repeat for each of the crates above)
-             - If Cargo complains about incompatible Arrow/DataFusion versions, update the pinned Arrow/DataFusion versions in Cargo.toml to match the Lance ${VERSION} dependency requirements, then update Cargo.lock again.
-          3. Run these checks:
-             - cargo fmt --all
-             - cargo check --manifest-path Cargo.toml
-             - cargo clippy --manifest-path Cargo.toml --all-targets
-          4. Inspect "git status --short" and "git diff" to confirm the dependency update and any required fixes.
-          5. Create and switch to a new branch named "${BRANCH_NAME}" (replace any duplicated hyphens if necessary).
-          6. Stage all relevant files with "git add -A". Commit using the message "chore: update lance dependency to v${VERSION}".
-          7. Push the branch to origin. If the remote branch already exists, delete it first with "gh api -X DELETE repos/lance-format/lance-duckdb/git/refs/heads/${BRANCH_NAME}" then push with "git push origin ${BRANCH_NAME}". Do NOT use "git push --force" or "git push -f".
-          8. env "GH_TOKEN" is available; use "gh" tools for GitHub operations like creating pull requests.
-          9. Create a pull request targeting "main" with title "chore: update lance dependency to v${VERSION}".
-             - First, write the PR body to /tmp/pr-body.md using a heredoc (cat <<'EOF' > /tmp/pr-body.md).
-             - The body should summarize the dependency bump, key resolver changes (if any), the commands run in step 3, and link the triggering tag (${TAG}).
-             - Then run "gh pr create --body-file /tmp/pr-body.md".
-          10. Display the PR URL, "git status --short", and a concise summary of the commands run and their results.
+          Use \$lance-duckdb-update-lance-dependency with target "${TARGET_TAG}".
 
           Constraints:
-          - Use bash commands.
-          - Do not merge the PR.
-          - If any command fails, diagnose and fix the issue instead of aborting.
-          - For compatibility issues, consult lance-format/lance at tag v${VERSION} for the expected Rust dependency versions.
+          - Use env "GH_TOKEN" for GitHub operations.
+          - Do not merge the pull request.
+          - Do not force-push.
+          - Do not create a duplicate pull request if an open PR already exists for the target Lance version.
+          - If any command fails, diagnose and fix the root cause instead of aborting.
+          - For compatibility issues, consult lance-format/lance at the target tag for the expected Rust dependency versions.
+          - After creating the PR, display the PR URL, "git status --short", and a concise summary of the commands run and their results.
           EOF
 
           printenv OPENAI_API_KEY | codex login --with-api-key

.github/workflows/lance-release-timer.yml

@@ -174,12 +174,13 @@ See the SQL reference for full parameter documentation: [docs/sql.md#search](doc
 
 Issues and PRs are welcome. High-impact areas include pushdown, parallelism/performance, type coverage, and better diagnostics.
 
-### Automation: Lance dependency bumps
+### Manual Lance dependency bumps
 
-This repository includes a GitHub Actions workflow pair that opens a PR when a newer tag is detected in `lance-format/lance`:
+This repository includes a manual GitHub Actions workflow for preparing Lance dependency bump PRs:
 
-- `.github/workflows/lance-release-timer.yml`: polls for a newer Lance tag and triggers the Codex workflow.
-- `.github/workflows/codex-update-lance-dependency.yml`: uses Codex CLI to update `Cargo.toml` / `Cargo.lock`, run basic Rust checks, and open a PR.
+- `.github/workflows/codex-update-lance-dependency.yml`: manually runs Codex CLI with the repo-scoped `$lance-duckdb-update-lance-dependency` skill.
+- `.agents/skills/lance-duckdb-update-lance-dependency/SKILL.md`: defines the shared workflow for latest-release resolution, duplicate PR handling, dependency updates, validation, and PR creation.
+- `ci/update_lance_dependency.py`: provides the deterministic dependency update and metadata entrypoint used by the skill.
 
 Required repository secrets: