Siddharth Balyan 6bdad1f3b2 ci: add PyPI publish workflow (salvaged from #25901) (#26148) ... * ci(pypi): add publish workflow for automated PyPI releases Triggered by CalVer tag pushes from scripts/release.py (v20* pattern). Three jobs: build (uv build) → publish (OIDC trusted publishing) → sign (Sigstore + attach to existing GitHub Release). - workflow_dispatch as manual escape hatch - skip-existing for safe re-runs - Graceful skip when GitHub Release not found (sign job) - Top-level permissions: contents: read (CodeQL compliant) Requires one-time setup: PyPI trusted publisher + GitHub pypi environment. Co-authored-by: dmahan93 <44207705+dmahan93@users.noreply.github.com> * fix(release): address review findings - Stage acp_registry/agent.json in version bump commit (was silently left unstaged) - Add missing return when no previous tags found without --first-release - Fix get_pr_number return type annotation (str -> str | None) - Prefer uv build over python -m build (matches CI workflow), with fallback - Use unit separator (%x1f) in git log format to handle | in author names - Add explicit encoding='utf-8' to .release_notes.md write Workflow hardening: - Gracefully skip signing when GitHub Release not found (env var gate instead of exit 1, so PyPI publish still shows green) * fix(ci): harden PyPI workflow — SHA-pin actions, guard workflow_dispatch, explicit build flags - Pin all actions to commit SHAs (supply-chain hardening for id-token:write) - workflow_dispatch now requires confirm_tag input + checks out that tag - Both uv build paths explicitly pass --sdist --wheel --------- Co-authored-by: dmahan93 <44207705+dmahan93@users.noreply.github.com>		2026-05-15 13:21:48 +05:30
..
lib	feat: lazy bootstrap node	2026-04-16 10:47:37 -05:00
whatsapp-bridge	feat(whatsapp): surface quoted reply metadata	2026-05-13 23:11:20 -07:00
benchmark_browser_eval.py	perf(browser): route browser_console eval through supervisor's persistent CDP WS (180x faster) (#23226)	2026-05-10 07:37:55 -07:00
build_model_catalog.py	codebase: add encoding='utf-8' to all bare open() calls (PLW1514)	2026-05-08 14:27:40 -07:00
build_skills_index.py	chore: ruff auto-fix PLR6201 — tuple → set in membership tests (#23937)	2026-05-11 11:13:25 -07:00
check-windows-footguns.py	feat(cross-platform): psutil for PID/process management + Windows footgun checker	2026-05-08 14:27:40 -07:00
contributor_audit.py	codebase: add encoding='utf-8' to all bare open() calls (PLW1514)	2026-05-08 14:27:40 -07:00
discord-voice-doctor.py	codebase: add encoding='utf-8' to all bare open() calls (PLW1514)	2026-05-08 14:27:40 -07:00
hermes-gateway	fix: prevent systemd restart storm on gateway connection failure	2026-03-21 09:26:39 -07:00
install.cmd	feat: Windows native support via Git Bash	2026-03-02 22:03:29 -08:00
install.ps1	chore: remove Atropos RL environments and tinker-atropos integration (#26106)	2026-05-15 10:36:38 +05:30
install.sh	chore: remove Atropos RL environments and tinker-atropos integration (#26106)	2026-05-15 10:36:38 +05:30
install_psutil_android.py	fix(install): also patch psutil on Termux fresh-install path	2026-05-09 17:53:15 -07:00
keystroke_diagnostic.py	docs: add Windows-Specific Quirks section to hermes-agent skill + keystroke diagnostic	2026-05-08 14:27:40 -07:00
kill_modal.sh	refactor: replace swe-rex with native Modal SDK for Modal backend (#3538)	2026-03-28 11:21:44 -07:00
lint_diff.py	feat(ci): add typecheck (warnings only in CI)	2026-05-06 10:58:12 -04:00
profile-tui.py	Merge remote-tracking branch 'origin/main' into fix/bundle-size	2026-05-11 16:01:04 -04:00
release.py	ci: add PyPI publish workflow (salvaged from #25901) (#26148)	2026-05-15 13:21:48 +05:30
run_tests.sh	test(conftest): plug every gateway-kill leak path (#23486)	2026-05-10 18:55:28 -07:00
sample_and_compress.py	refactor: codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821)	2026-04-07 10:25:31 -07:00
setup_open_webui.sh	docs: add Open WebUI bootstrap script	2026-05-05 14:12:09 -07:00