diff --git a/.github/workflows/benchmarks.yml b/.github/workflows/benchmarks.yml index 7c99ee0..0e267f5 100644 --- a/.github/workflows/benchmarks.yml +++ b/.github/workflows/benchmarks.yml @@ -29,7 +29,7 @@ jobs: if: contains(github.event.pull_request.labels.*.name, 'benchmark') runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 - name: Install uv uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 @@ -58,7 +58,7 @@ jobs: - name: Upload benchmark results if: always() - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: benchmark-results path: benchmark-results.json diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f89ae41..8688ee4 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -87,8 +87,8 @@ jobs: name: Dependency advisory audit (pip-audit) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 - - uses: actions/setup-python@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: "3.12" - name: Install uv diff --git a/.github/workflows/docs-backfill.yaml b/.github/workflows/docs-backfill.yaml index 8506439..077d8e0 100644 --- a/.github/workflows/docs-backfill.yaml +++ b/.github/workflows/docs-backfill.yaml @@ -37,7 +37,6 @@ on: permissions: contents: write - id-token: write pages: write # Share the same concurrency group as the real docs pipeline so a backfill @@ -65,7 +64,7 @@ jobs: echo "Backfilling docs for release tag: ${RELEASE_TAG}" - name: Checkout (full history for mike + git-revision-date plugins) - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: fetch-depth: 0 ref: master diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml index d30bce3..5e7c204 100644 --- a/.github/workflows/documentation.yaml +++ b/.github/workflows/documentation.yaml @@ -88,7 +88,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout (full history for mike + git-revision-date plugins) - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: fetch-depth: 0 @@ -125,7 +125,7 @@ jobs: pages: write steps: - name: Checkout (full history for mike + git-revision-date plugins) - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: fetch-depth: 0 @@ -177,7 +177,7 @@ jobs: pages: write steps: - name: Checkout (full history for mike + git-revision-date plugins) - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: fetch-depth: 0 ref: master @@ -187,7 +187,7 @@ jobs: # PEP-440 pyproject version, which loses the canonical tag form). Pull it # so the deploy script can label the frozen snapshot and pick the channel. - name: Download release-tag artifact from the release run - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: release-tag path: release-tag-artifact @@ -273,7 +273,7 @@ jobs: echo "Manual republish: target=${TARGET}, release_tag=${RELEASE_TAG_INPUT:-(n/a)}" - name: Checkout (full history for mike + git-revision-date plugins) - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: fetch-depth: 0 ref: master diff --git a/.github/workflows/native-core-build.yml b/.github/workflows/native-core-build.yml index 241250d..4f80e74 100644 --- a/.github/workflows/native-core-build.yml +++ b/.github/workflows/native-core-build.yml @@ -24,10 +24,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: "3.13" diff --git a/.github/workflows/native-pin-consistency.yml b/.github/workflows/native-pin-consistency.yml index 6c77e27..f9fe02f 100644 --- a/.github/workflows/native-pin-consistency.yml +++ b/.github/workflows/native-pin-consistency.yml @@ -20,7 +20,7 @@ jobs: name: aa-* crates share one git rev runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 - name: Assert all agent-assembly git deps share one rev run: | manifest="native/aa-ffi-python/Cargo.toml" diff --git a/.github/workflows/release-python-conversion-test.yml b/.github/workflows/release-python-conversion-test.yml index 63470d7..b301fca 100644 --- a/.github/workflows/release-python-conversion-test.yml +++ b/.github/workflows/release-python-conversion-test.yml @@ -42,7 +42,7 @@ jobs: name: Run tag → PEP 440 fixture suite runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 - name: Lint conversion + test scripts run: | shellcheck .github/scripts/tag-to-pep440.sh diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml index 2140f22..0ce774f 100644 --- a/.github/workflows/release-python.yml +++ b/.github/workflows/release-python.yml @@ -65,7 +65,7 @@ jobs: # and its inverse (.github/scripts/pep440-to-tag.sh). Those scripts # are the single source of truth for the conversion, shared with the # AAASM-2863 / AAASM-2956 unit tests. - - uses: actions/checkout@v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 - id: r env: EVENT_NAME: ${{ github.event_name }} @@ -157,8 +157,8 @@ jobs: needs: resolve runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 - - uses: actions/setup-python@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install uv @@ -172,7 +172,7 @@ jobs: # JSON BOM of every installed distribution. run: uvx --from cyclonedx-bom==7.3.0 cyclonedx-py environment .venv --output-format JSON --output-file sbom.cdx.json - name: Upload SBOM artifact - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: sbom path: sbom.cdx.json @@ -183,8 +183,8 @@ jobs: needs: resolve runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 - - uses: actions/setup-python@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: ${{ env.PYTHON_VERSION }} - name: Pin aa-ffi git deps to released core (binary_source_tag) @@ -206,7 +206,7 @@ jobs: command: sdist args: --out dist - name: Upload sdist artifact - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: wheels-sdist path: dist/*.tar.gz @@ -216,8 +216,8 @@ jobs: needs: resolve runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 - - uses: actions/setup-python@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: ${{ env.PYTHON_VERSION }} - name: Stage aasm sidecar binary @@ -287,7 +287,7 @@ jobs: unzip -o /tmp/protoc.zip -d /usr/local >/dev/null protoc --version - name: Upload wheel artifact - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: wheels-linux-x86_64 path: dist/*.whl @@ -297,8 +297,8 @@ jobs: needs: resolve runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 - - uses: actions/setup-python@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: ${{ env.PYTHON_VERSION }} - name: Stage aasm sidecar binary @@ -358,7 +358,7 @@ jobs: unzip -o /tmp/protoc.zip -d /usr/local >/dev/null protoc --version - name: Upload wheel artifact - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: wheels-linux-aarch64 path: dist/*.whl @@ -368,8 +368,8 @@ jobs: needs: resolve runs-on: macos-14 # Apple silicon runner steps: - - uses: actions/checkout@v7 - - uses: actions/setup-python@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: ${{ env.PYTHON_VERSION }} - name: Stage aasm sidecar binary @@ -412,7 +412,7 @@ jobs: command: build args: --release --out dist --interpreter ${{ env.PYTHON_VERSION }} - name: Upload wheel artifact - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: wheels-macos-arm64 path: dist/*.whl @@ -422,8 +422,8 @@ jobs: needs: resolve runs-on: macos-15-intel # Intel runner (macos-13 sunset 2025-09-19) steps: - - uses: actions/checkout@v7 - - uses: actions/setup-python@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: python-version: ${{ env.PYTHON_VERSION }} - name: Stage aasm sidecar binary @@ -466,7 +466,7 @@ jobs: command: build args: --release --out dist --interpreter ${{ env.PYTHON_VERSION }} - name: Upload wheel artifact - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: wheels-macos-x86_64 path: dist/*.whl @@ -492,7 +492,7 @@ jobs: id-token: write # OIDC token for Trusted Publisher steps: - name: Download all build artifacts - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: pattern: wheels-* path: dist @@ -529,11 +529,11 @@ jobs: permissions: contents: write # create the git tag + GitHub Release steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 - name: Download CycloneDX SBOM # AAASM-3615: pull the SBOM built by the `sbom` job so it can be # attached to the Release below. - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: sbom - name: Create tag and GitHub Release @@ -613,7 +613,7 @@ jobs: printf '%s\n' "${RELEASE_TAG}" > release-tag.txt echo "Recorded release tag: ${RELEASE_TAG}" - name: Upload release-tag artifact - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: release-tag path: release-tag.txt diff --git a/.github/workflows/rw_build_and_test.yaml b/.github/workflows/rw_build_and_test.yaml index 15899b2..ed09670 100644 --- a/.github/workflows/rw_build_and_test.yaml +++ b/.github/workflows/rw_build_and_test.yaml @@ -65,28 +65,6 @@ jobs: secrets: e2e_test_api_token: ${{ secrets.e2e_test_api_token }} - # Contract test not implemented yet - # run_contract-test: - # # name: Run all contract test items - # uses: Chisanan232/GitHub-Action_Reusable_Workflows-Python/.github/workflows/rw_uv_run_test.yaml@master - # with: - # test_type: contract-test - # test_folder: './test/contract' - # install_dependency_with_group: 'dev' - # python-versions: '["3.13"]' - # operating-systems: '["ubuntu-latest", "ubuntu-22.04", "macos-latest", "macos-14"]' - - # CI script test not implemented yet - # run_script-test: - # # name: Run all contract test items - # uses: Chisanan232/GitHub-Action_Reusable_Workflows-Python/.github/workflows/rw_uv_run_test.yaml@master - # with: - # test_type: ci-script-test - # test_folder: './test/ci_script' - # install_dependency_with_group: 'dev' - # python-versions: '["3.13"]' - # operating-systems: '["ubuntu-latest", "ubuntu-22.04", "macos-latest", "macos-14"]' - unit-test_codecov: # name: For unit test, organize and generate the testing report and upload it to Codecov if: ${{ @@ -123,19 +101,6 @@ jobs: test_type: e2e-test source_folder: agent_assembly - # Contract test not implemented yet - # contract-test_codecov: - # # name: For end-to-end test, organize and generate the testing report and upload it to Codecov - # if: ${{ - # contains(fromJSON('["pull_request","workflow_dispatch","schedule"]'), github.event_name) || - # (github.event_name == 'push' && github.ref_name == 'master') - # }} - # needs: run_contract-test - # uses: Chisanan232/GitHub-Action_Reusable_Workflows-Python/.github/workflows/rw_organize_test_cov_reports.yaml@master - # with: - # test_type: contract-test - # source_folder: src - all_test_not_e2e_test_codecov: # name: Organize and generate the testing report and upload it to Codecov if: ${{ diff --git a/.github/workflows/rw_run_all_test_and_record.yaml b/.github/workflows/rw_run_all_test_and_record.yaml index 4704c98..3a24a36 100644 --- a/.github/workflows/rw_run_all_test_and_record.yaml +++ b/.github/workflows/rw_run_all_test_and_record.yaml @@ -166,13 +166,13 @@ jobs: needs: build-and-test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: # Required by SonarCloud to correctly compute PR/new-code deltas. fetch-depth: 0 - name: Download all-test coverage XML report - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: all-test_coverage_xml_report path: ./ diff --git a/.github/workflows/type-check.yml b/.github/workflows/type-check.yml index db55ed9..da48b84 100644 --- a/.github/workflows/type-check.yml +++ b/.github/workflows/type-check.yml @@ -49,7 +49,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 - name: Install uv uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 @@ -133,7 +133,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v7 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 - name: Install uv uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 diff --git a/pyproject.toml b/pyproject.toml index a13539a..7d5004a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -45,8 +45,8 @@ all = ["agent-assembly[runtime]"] aasm = "agent_assembly.cli.main:main" [project.urls] -Homepage = "https://github.com/agent-assembly/python-sdk" -Repository = "https://github.com/agent-assembly/python-sdk" +Homepage = "https://github.com/AI-agent-assembly/python-sdk" +Repository = "https://github.com/AI-agent-assembly/python-sdk" [dependency-groups] dev = [