Files
agent-framework/.github/workflows/python-code-quality.yml
T
Roger Barreto 01a3c5be8a ci: pin third-party GitHub Actions to commit SHAs (#5972)
Replaces every floating tag in our workflow and composite action files
with an immutable 40-character commit SHA, keeping the original `# vX`
comment so Dependabot can still propose version bumps. 186 occurrences
across 25 workflows and 2 composite actions.

Also widens the github-actions Dependabot entry to use the plural
`directories` key with `/.github/actions/*` so composite actions under
`.github/actions/<name>/action.yml` are kept up to date. Previously
Dependabot only scanned `.github/workflows` and the repo-root
`action.yml`, leaving our `python-setup` and `sample-validation-setup`
composite actions unmaintained.
2026-05-20 22:10:32 +00:00

142 lines
3.9 KiB
YAML

name: Python - Code Quality
on:
merge_group:
workflow_dispatch:
pull_request:
branches: ["main"]
paths:
- "python/**"
env:
# Configure a constant location for the uv cache
UV_CACHE_DIR: /tmp/.uv-cache
jobs:
pre-commit-hooks:
name: Pre-commit Hooks
if: "!cancelled()"
strategy:
fail-fast: false
matrix:
python-version: ["3.11"]
runs-on: ubuntu-latest
continue-on-error: true
defaults:
run:
working-directory: ./python
env:
UV_PYTHON: ${{ matrix.python-version }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
- name: Set up python and install the project
id: python-setup
uses: ./.github/actions/python-setup
with:
python-version: ${{ matrix.python-version }}
os: ${{ runner.os }}
env:
UV_CACHE_DIR: /tmp/.uv-cache
- uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
with:
path: ~/.cache/prek
key: prek|${{ matrix.python-version }}|${{ hashFiles('python/.pre-commit-config.yaml') }}
- uses: j178/prek-action@0bb87d7f00b0c99306c8bcb8b8beba1eb581c037 # v1
name: Run Pre-commit Hooks (excluding poe-check)
env:
SKIP: poe-check
with:
extra-args: --cd python --all-files
package-checks:
name: Package Checks
if: "!cancelled()"
strategy:
fail-fast: false
matrix:
python-version: ["3.11"]
runs-on: ubuntu-latest
continue-on-error: true
defaults:
run:
working-directory: ./python
env:
UV_PYTHON: ${{ matrix.python-version }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
- name: Set up python and install the project
id: python-setup
uses: ./.github/actions/python-setup
with:
python-version: ${{ matrix.python-version }}
os: ${{ runner.os }}
env:
UV_CACHE_DIR: /tmp/.uv-cache
- name: Run syntax and pyright across packages
run: uv run poe check-packages
samples-markdown:
name: Samples & Markdown
if: "!cancelled()"
strategy:
fail-fast: false
matrix:
python-version: ["3.11"]
runs-on: ubuntu-latest
continue-on-error: true
defaults:
run:
working-directory: ./python
env:
UV_PYTHON: ${{ matrix.python-version }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
- name: Set up python and install the project
id: python-setup
uses: ./.github/actions/python-setup
with:
python-version: ${{ matrix.python-version }}
os: ${{ runner.os }}
env:
UV_CACHE_DIR: /tmp/.uv-cache
- name: Run samples checks
run: uv run poe check -S
- name: Run markdown code lint
run: uv run poe markdown-code-lint
mypy:
name: Mypy Checks
if: "!cancelled()"
strategy:
fail-fast: false
matrix:
python-version: ["3.11"]
runs-on: ubuntu-latest
continue-on-error: true
defaults:
run:
working-directory: ./python
env:
UV_PYTHON: ${{ matrix.python-version }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
- name: Set up python and install the project
id: python-setup
uses: ./.github/actions/python-setup
with:
python-version: ${{ matrix.python-version }}
os: ${{ runner.os }}
env:
UV_CACHE_DIR: /tmp/.uv-cache
- name: Run Mypy
env:
GITHUB_BASE_REF: ${{ github.event.pull_request.base.ref || github.base_ref || 'main' }}
run: uv run python scripts/workspace_poe_tasks.py ci-mypy