mirror of
https://github.com/microsoft/agent-framework.git
synced 2026-06-16 21:04:09 +08:00
50fdcbaf57
* chore(python): improve dependency range automation - tighten dependency bounds and coding standards guidance\n- add dependency range validation workflow, reporting, and issue automation\n- update related tests and dependency pins for compatibility Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * updated text and pyarrow * new lock * fixed workflow * updated deps * fix tiktoken * chore(python): refine dependency validation workflows Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(python): add high-level dependency validation comments Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * WIP * added additional comments and excludes * added dev dependency handling and workflow and updates to package ranges * added readme and simplified commands * fix markers * chore(python): address dependency review feedback Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Tighten dependency bounds, remove stale overrides, restore Python 3.10 support - Apply dependency bound policy across all packages: stable >=1.0 deps use >=floor,<next_major; pre-1.0/prerelease deps use validated hard-bounded ranges - Remove stale root tool.uv.override-dependencies (uvicorn, websockets, grpcio) - Lower github_copilot requires-python to >=3.10 with github-copilot-sdk gated behind python_version >= 3.11 marker; import raises ImportError on 3.10 - Skip github_copilot pyright/mypy/test tasks on Python <3.11 - Use version-conditional pyrightconfig for samples on Python 3.10 - Add compatibility fix in core responses client for older openai typed dicts - Normalize uv.lock prerelease mode and refresh dev dependencies - Update CODING_STANDARD.md, DEV_SETUP.md, and package management skill docs Closes #902 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * small tweaks * add note in workflow * fix workflows and several versions * fix duplicate --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
96 lines
4.6 KiB
Markdown
96 lines
4.6 KiB
Markdown
# Dependency Scripts
|
|
|
|
This folder contains the Python workspace tooling for dependency maintenance:
|
|
|
|
- validating runtime dependency lower and upper bounds
|
|
- refreshing exact dev dependency pins
|
|
- writing dependency validation reports for local runs and workflows
|
|
|
|
Run the commands below from the `python/` directory.
|
|
|
|
## Files in this folder
|
|
|
|
- `validate_dependency_bounds.py`
|
|
- Main entrypoint for dependency-bound workflows.
|
|
- Supports `test`, `lower`, `upper`, and `both` modes.
|
|
- `test` runs workspace-wide smoke validation at the lower and upper ends of the currently allowed ranges.
|
|
- `lower`, `upper`, and `both` dispatch to the lower/upper optimizer implementations for one package.
|
|
|
|
- `upgrade_dev_dependencies.py`
|
|
- Refreshes exact dev dependency pins across the root `pyproject.toml` and package `pyproject.toml` files.
|
|
- Reuses the same version-selection logic as the upper-bound tooling so direct dev-tooling refreshes and dependency-range expansion stay consistent.
|
|
|
|
- `_dependency_bounds_lower_impl.py`
|
|
- Package-scoped lower-bound optimizer.
|
|
- Tries older dependency versions within the currently allowed line and keeps the oldest passing lower bound.
|
|
- Writes `dependency-lower-bound-results.json` in this folder by default.
|
|
|
|
- `_dependency_bounds_upper_impl.py`
|
|
- Package-scoped upper-bound optimizer.
|
|
- Tries newer dependency versions within candidate lines and keeps the newest passing upper bound.
|
|
- Also contains shared parsing/rewrite helpers reused by `upgrade_dev_dependencies.py`.
|
|
- Writes `dependency-range-results.json` in this folder by default.
|
|
|
|
- `_dependency_bounds_runtime.py`
|
|
- Shared helper used by the validators to build isolated `uv run` commands.
|
|
- Reattaches the repo-wide toolchain (`ruff`, `pyright`, `pytest`, `poethepoet`, and related helpers) inside temporary environments so package tasks behave the same way they do in the workspace.
|
|
|
|
|
|
## Common entrypoints
|
|
|
|
### Poe tasks
|
|
|
|
These are the normal user-facing entrypoints:
|
|
|
|
```bash
|
|
uv run poe upgrade-dev-dependency-pins
|
|
uv run poe upgrade-dev-dependencies
|
|
uv run poe validate-dependency-bounds-test
|
|
uv run poe validate-dependency-bounds-test --project <workspace-package-name>
|
|
uv run poe validate-dependency-bounds-project --mode both --project <workspace-package-name> --dependency "<dependency-name>"
|
|
```
|
|
|
|
- `upgrade-dev-dependency-pins` only refreshes exact dev pins in `pyproject.toml` files.
|
|
- `upgrade-dev-dependencies` refreshes dev pins (using task above), runs `uv lock --upgrade`, reinstalls from the frozen lockfile, then runs `check`, `typing`, and `test`.
|
|
- `validate-dependency-bounds-test` runs the repo-wide lower/upper smoke gate.
|
|
- `validate-dependency-bounds-project` is the single package-scoped task; use `--mode lower`, `--mode upper`, or `--mode both` for the target package/dependency pair. Its `--project` argument defaults to `*`, and `--dependency` is optional, so automation can also use it for repo-wide upper-bound runs.
|
|
|
|
### GitHub Actions workflows
|
|
|
|
These workflows call the Poe tasks:
|
|
|
|
- `.github/workflows/python-dependency-range-validation.yml`
|
|
- Trigger: `workflow_dispatch`
|
|
- Runs `uv run poe validate-dependency-bounds-project --mode upper --project "*"`
|
|
- Uploads `python/scripts/dependencies/dependency-range-results.json`
|
|
- Creates issues for failing candidate versions and opens/updates a PR for passing range updates
|
|
|
|
- `.github/workflows/python-dev-dependency-upgrade.yml`
|
|
- Trigger: `workflow_dispatch`
|
|
- Runs `uv run poe upgrade-dev-dependencies`
|
|
- Commits any resulting `pyproject.toml` / `uv.lock` changes and opens/updates a PR
|
|
|
|
### Direct module execution
|
|
|
|
These are useful for debugging or targeted manual runs:
|
|
|
|
```bash
|
|
python -m scripts.dependencies.upgrade_dev_dependencies --dry-run --version-source lock
|
|
python -m scripts.dependencies.validate_dependency_bounds --mode test --package packages/core --dry-run
|
|
python -m scripts.dependencies.validate_dependency_bounds --mode both --package packages/core --dependencies openai --dry-run
|
|
python -m scripts.dependencies._dependency_bounds_lower_impl --packages packages/core --dependencies openai --dry-run
|
|
python -m scripts.dependencies._dependency_bounds_upper_impl --packages packages/core --dependencies openai --dry-run
|
|
```
|
|
|
|
Use the direct lower/upper implementation modules mainly for debugging or development of the optimizers themselves. For normal usage, prefer the Poe tasks or `validate_dependency_bounds.py`.
|
|
|
|
## Generated report files
|
|
|
|
The validators write JSON reports into this folder:
|
|
|
|
- `dependency-bounds-test-results.json`
|
|
- `dependency-lower-bound-results.json`
|
|
- `dependency-range-results.json`
|
|
|
|
These report files are ignored by git.
|