diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index fd899ece4ee..7895401e5fe 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -73,7 +73,7 @@ jobs: # cheapest path to coverage on every PR that touches docker code. # --------------------------------------------------------------------- - name: Install uv (for docker tests) - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # 8.2.0 - name: Set up Python 3.11 (for docker tests) run: uv python install 3.11 @@ -194,7 +194,7 @@ jobs: cache-to: type=registry,ref=ghcr.io/nousresearch/hermes-agent:buildcache-arm64,mode=max - name: Install uv for docker tests - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # 8.2.0 - name: Set up Python 3.11 for docker tests run: uv python install 3.11 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 95627e7fdeb..1ce25460e3d 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -37,7 +37,7 @@ jobs: fetch-depth: 0 # need full history for merge-base + worktree - name: Install uv - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # 8.2.0 - name: Install ruff + ty uses: ./.github/actions/retry @@ -164,7 +164,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install uv - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # 8.2.0 - name: Install ruff uses: ./.github/actions/retry diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c2dc9de9cf3..0f339747d16 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -70,7 +70,7 @@ jobs: rg --version - name: Install uv - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # 8.2.0 with: # Persist uv's download/wheel cache (~/.cache/uv) across runs. # Keyed on the dependency manifests, so the cache is reused until @@ -194,7 +194,7 @@ jobs: rg --version - name: Install uv - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # 8.2.0 with: # Persist uv's download/wheel cache (~/.cache/uv) across runs. # Keyed on the dependency manifests, so the cache is reused until diff --git a/.github/workflows/upload_to_pypi.yml b/.github/workflows/upload_to_pypi.yml index 9d1806d6f72..52129deea21 100644 --- a/.github/workflows/upload_to_pypi.yml +++ b/.github/workflows/upload_to_pypi.yml @@ -5,11 +5,11 @@ name: Publish to PyPI on: push: tags: - - 'v20*' # CalVer tags: v2026.5.15, v2026.5.15.2, etc. + - "v20*" # CalVer tags: v2026.5.15, v2026.5.15.2, etc. workflow_dispatch: inputs: confirm_tag: - description: 'Tag to publish (e.g. v2026.5.15). Must already exist.' + description: "Tag to publish (e.g. v2026.5.15). Must already exist." required: true type: string @@ -27,7 +27,7 @@ jobs: name: Build distribution 📦 runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false # On workflow_dispatch, check out the confirmed tag. @@ -43,17 +43,17 @@ jobs: fi - name: Set up Python - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: - python-version: '3.13' + python-version: "3.13" - name: Install uv - uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # 8.2.0 - name: Set up Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: - node-version: '22' + node-version: "22" - name: Build web dashboard run: cd web && npm ci && npm run build @@ -81,7 +81,7 @@ jobs: run: uv build --sdist --wheel - name: Upload distribution artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: python-package-distributions path: dist/ @@ -94,17 +94,17 @@ jobs: name: pypi url: https://pypi.org/p/hermes-agent permissions: - id-token: write # OIDC trusted publishing + id-token: write # OIDC trusted publishing steps: - name: Download distribution artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: python-package-distributions path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 with: skip-existing: true @@ -116,12 +116,12 @@ jobs: needs: publish runs-on: ubuntu-latest permissions: - contents: write # attach assets to the existing release - id-token: write # sigstore signing + contents: write # attach assets to the existing release + id-token: write # sigstore signing steps: - name: Download distribution artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: python-package-distributions path: dist/ @@ -145,7 +145,7 @@ jobs: - name: Sign with Sigstore if: env.skip_sign != 'true' - uses: sigstore/gh-action-sigstore-python@04cffa1d795717b140764e8b640de88853c92acc # v3.3.0 + uses: sigstore/gh-action-sigstore-python@04cffa1d795717b140764e8b640de88853c92acc # v3.3.0 with: inputs: >- ./dist/*.tar.gz diff --git a/.github/workflows/uv-lockfile-check.yml b/.github/workflows/uv-lockfile-check.yml index eabfb8d6eab..8a7f52e899a 100644 --- a/.github/workflows/uv-lockfile-check.yml +++ b/.github/workflows/uv-lockfile-check.yml @@ -63,7 +63,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install uv - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # 8.2.0 # `uv lock --check` re-resolves the project from pyproject.toml and # compares the result to uv.lock, exiting non-zero if they disagree.