Flexion - Custom Implementations Tracker#14
Draft
lgarceau768 wants to merge 776 commits into
Draft
Conversation
lgarceau768
changed the title
* chore: add changelog entry for v0.8.13 * changelog: task management, admin model deletion * changelog: emoji, shortcode, input * changelog: swipe-to-reply mobile gesture * changelog: emoji, recently-used, picker * changelog: files, chat-input, attachments * changelog: terminal session tracking, task list visibility * changelog: move terminal session tracking to Added section * changelog: performance, shared chat deletion * changelog: user activity tracking, shared chat deletion optimizations * changelog: add Russian translation entry * changelog: MCP tool server timeout configuration * changelog: image viewer memory optimization * changelog: error message persistence during streaming * changelog: codespan, animation, streaming * changelog: streaming, performance, yield * changelog: text, animation, streaming * changelog: websearch, settings, fix * changelog: automation, scheduling, workflows * changelog: automations, permissions, access * changelog: automations, editor, logs * changelog: german, completion, tokens * changelog: streaming, entities, defaults * changelog: pyodide, cache, prompt * changelog: details, expansion, settings * changelog: unread, sidebar, automations * changelog: oauth, gravatar, prompts * changelog: wake-lock, writing, retrieval * changelog: mcp, sidebar, usage * changelog: oauth, citations, sidebar * changelog: oauth, cookies, tools * changelog: translations, tamil, localization * changelog: tasks, fallback, stability * changelog: title, query, performance * changelog: sidebar, archived, menu * changelog: input, drafts, uploads * changelog: notes, permissions, security * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog date * reorder changelog entries * restore changelog ordering * restore changelog * changelog updates * adjust changelog ordering * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * Update CHANGELOG.md * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * Update CHANGELOG.md * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog * changelog
Applies all Flexion-specific changes from flex (v0.8.0 base) onto upstream v0.8.10. Includes Google Cloud Identity OAuth group-based roles, provider model icons, FlexChat branding, custom functions, and documentation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds a model helper tooltip/modal with two paths for model discovery: - Query with an assisted prompt to get model suggestions based on use case - Browse by common use cases for model inspiration Also fixes security issue with dedented else statements in oauth.py and enhances the model suggestion prompt. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
- Import STATIC_DIR explicitly in models.py (no longer a global in v0.9.5) - Make model_recommendation_template async to match prompt_template() which became async in v0.9.5; add await at call site in tasks.py Both issues found and verified via local Docker test against deployed BAG.
…EXION.md Replace stub 'Keeping Up with Upstream' section with full runbook covering: - Manual rebase process (safety prep, conflict resolution, verification, merge) - Automated CI sync pipeline (upstream-sync.yml workflow usage, secrets setup) - Conflict type reference table (binary/lock/flexion-unique/shared strategies) - Flexion customization inventory with conflict risk ratings
…ker build - models.py: FileResponse was used at line 599 but never imported, causing NameError -> 500 on every model profile image request in production - Dockerfile: OrbStack injects IPv6 CIDR ranges (e.g. fd07:b51a:cc66::/64) into no_proxy which httpx cannot parse as URL patterns, breaking the sentence-transformers model download step during docker build
…ery-access@flexion.us
These five workflows were inherited from upstream open-webui/open-webui and were not producing artifacts on flex (none of them triggered on the flex branch). Renaming to .disabled mirrors the existing convention (codespell.disabled, lint-*.disabled) and keeps the diff vs upstream minimal while remaining reversible. - build-release.yml — upstream release pipeline, not relevant - docker-build.yaml — publishes to ghcr.io, replaced by publish-flex-image - format-backend.yaml — autoformat, not part of flex CI - format-build-frontend.yaml — autoformat, not part of flex CI - release-pypi.yml — upstream PyPI release, not relevant
Manual workflow (workflow_dispatch only) that builds the Flexion-customized Docker image for linux/arm64 and pushes it to AWS ECR under the chosen environment's repository (open-webui-dev or open-webui-prod) with the caller-supplied version tag. Design notes: - ARM-native runner (ubuntu-24.04-arm) matches the Fargate ARM deploy target — no QEMU overhead. - Only linux/arm64 is built. Multi-arch would double build time for no current benefit; can be extended later if x86 deploys are needed. - AWS auth via OIDC: assumes GitHubActionsOpenWebUIDev for environment=dev and GitHubActionsOpenWebUIProd for environment=prod. The prod role's trust policy was extended in flexion/flexion-open-webui-infra#461 to accept tokens from this repo's flex branch. - Tag overwrite guard: refuses to push if the tag already exists in ECR. Prevents accidental republishes that would mask source-of-truth provenance. Operator must delete the existing tag manually to retag. - ECR tag = upstream release tag verbatim (e.g. v0.9.5, not v9.5) — the 0. prefix is preserved end-to-end through to the CDK pin in the infra repo.
chore(ci): disable inherited upstream workflows, add publish-flex-image
PR B of the flex-CI-setup plan. Adds .github/workflows/upstream-sync.yml
and rewrites README_FLEXION.md Option A to match the actually-shipped
behavior (no Bedrock).
The workflow:
- workflow_dispatch only, inputs: dry_run (default true) and target_ref
(default refs/heads/main → upstream/main)
- Detects drift via `git rev-list flex..upstream/main`
- On dry_run, reports drift count and exits
- On real run, creates upstream-sync/YYYYMMDD-HHMMSS, rebases, applies
per-file rules:
* *.png|*.ico|*.wasm → --ours
* package-lock.json|uv.lock → --theirs
* functions/**|static/static/providers/**|README_FLEXION.md → --ours
* everything else → conflict markers stay in the committed content
- Accumulates a conflict-resolution log as markdown
- Opens a PR (draft if manual review is needed, ready otherwise) with
the log + HITL checklist + list of files containing markers
Uses SYNC_PAT for both checkout and push because GITHUB_TOKEN can't push
branches that touch .github/workflows/.
No Bedrock or other LLM dependencies. Future upgrade path: insert an
LLM-assisted resolver as a step BEFORE the "leave markers" fallback,
without changing surrounding plumbing.
Replaces the "rebase against upstream/main HEAD" model with a daily
schedule that watches for new upstream v*.*.* release tags. On no-new-
release days, the workflow exits cleanly without opening a PR.
Why: upstream's main branch evolves with every commit, but flex tracks
releases (v0.9.5, etc.). Syncing against main HEAD would create churn
from every upstream commit; syncing against release tags matches how the
ECR tagging and CDK pinning already work.
Changes:
- Triggers: on.schedule (daily 09:00 UTC) + on.workflow_dispatch
- workflow_dispatch inputs replaced:
- dry_run (boolean) → removed
- target_ref (string, default refs/heads/main) → removed
- target_tag (string, optional) → new; blank = auto-detect latest v*.*.*
- force (boolean, default false) → new; bypass "already on target" check
- Detection:
- target tag: explicit input, or `git tag -l 'v[0-9]*.[0-9]*.[0-9]*'
--sort=-version:refname | head -n 1` (pre-releases excluded)
- current base: `git describe --tags --abbrev=0 flex`
- Safety: refuses to sync backward (target older than base) without force
- Concurrency group "upstream-sync", no cancel-in-progress
- Throwaway branch name now includes the target tag for traceability
- PR body now references "Publish flex image to ECR" as the followup step
Also rewrites README_FLEXION.md Option A to describe the new model.
feat(ci): add upstream-sync workflow with deterministic conflict rules
GitHub Actions will force the Node.js 24 runtime as the default on
2026-06-02 and remove Node.js 20 on 2026-09-16. The smoke runs of
publish-flex-image both surfaced deprecation warnings for the previous
versions. Node.js 24 has been the active LTS since October 2025, so
this bumps to majors that declare `using: node24` in action.yml.
Bumps:
actions/checkout v5 → v6
aws-actions/configure-aws-credentials v4 → v6
docker/setup-buildx-action v3 → v4
docker/build-push-action v5 → v7
aws-actions/amazon-ecr-login stays at v2 (v2.1.5 already on node24)
Breaking-change review:
- configure-aws-credentials v5 cleaned up boolean-input handling; we
pass only strings (role-to-assume, aws-region), unaffected.
- configure-aws-credentials v6 is a Node 24 migration only.
- build-push-action v6 enables build summaries by default (we accept
this side effect; opt-out via DOCKER_BUILD_SUMMARY=false if needed).
- build-push-action v7 is a Node 24 migration plus removal of deprecated
envs we don't use (DOCKER_BUILD_NO_SUMMARY, DOCKER_BUILD_EXPORT_RETENTION_DAYS).
- actions/checkout v6, docker/setup-buildx-action v4: Node 24 only.
chore(ci): bump actions to latest majors (Node 24 LTS)
The Upstream Sync workflow has failed every scheduled run since it was added — actions/checkout fails at fetch with "could not read Username for 'https://github.com': terminal prompts disabled", indicating SYNC_PAT is set but invalid (likely expired, revoked, or lacking required scopes). The job only needs to (a) push a throwaway branch to this repo and (b) open a PR. Both are already granted by the workflow's existing permissions block (contents: write, pull-requests: write), which the built-in GITHUB_TOKEN honors. The push doesn't need to trigger downstream workflows, so GITHUB_TOKEN's recursive-trigger restriction doesn't apply here. Removes the need to manage a rotating PAT.
fix(ci): use GITHUB_TOKEN instead of SYNC_PAT for upstream-sync
After fixing the auth issue (#29), the workflow failed at the next step with: ! [rejected] v0.6.40 -> v0.6.40 (would clobber existing tag) This fork carries legacy tags inherited from when it was created. At least one of them (v0.6.40) points to a different commit than upstream's tag of the same name, so `git fetch --tags` refuses the overwrite by default. We always want upstream's tag values when resolving the sync target, so `--force` is the right behavior. `--prune` is kept but does NOT prune tags (no --prune-tags), so any flex-only tags are safe.
fix(ci): force-fetch upstream tags in Upstream Sync
Upstream Open WebUI only allows OPENAI_API_CONFIGS to be set via the
admin UI (writes to the persistent-config DB). For IaC-driven
deployments running with ENABLE_PERSISTENT_CONFIG=false, that means
per-connection settings like prefix_id can't be expressed in env vars,
which forces drift between the deployment manifest and the runtime
config.
Mirror the existing TERMINAL_PROXY_HEADERS pattern: try to parse
$OPENAI_API_CONFIGS as JSON and pass the resulting dict as the
PersistentConfig env_value. Empty, unset, or malformed input falls
back to {} so startup never fails on a bad env var.
Upstream rejected this approach (PR open-webui#16562 closed, issue open-webui#19017 closed
NOT_PLANNED) so this lives in the flex fork permanently.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is to track the custom implementations developers have made to OWUI.
This PR can remain open
Google Oauth Groups Access Control: #13
Flexion Custom Functions (Gemini Support Pipe): #15 (soon to be added)
FlexChat Rebrand: #19 (soon to be added)
Flexion Specific Readme: #17 (soon to be added)