chore: migrate CI workflows to uv and update dev tooling (#3426)

chore(dev): update tooling & CI workflows - Upgrade ruff, mypy (strict), pre-commit; add hooks, stubs, config consolidation - Add bandit to dev deps and update uv.lock - Enhance ruff rules (modern Python style, B006 for mutable defaults) - Update workflows to use uv, matrix strategy, and changed-file type checking - Include tests in type checking; fix job names and add summary job for branch protection
2025-12-15 20:08:29 +00:00 · 2025-09-02 12:35:02 -04:00
parent dada9f140f
commit 92d71f7f06
8 changed files with 272 additions and 208 deletions
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -15,8 +15,19 @@ jobs:
      - name: Fetch Target Branch
        run: git fetch origin $TARGET_BRANCH --depth=1

-      - name: Install Ruff
-        run: pip install ruff
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
+        with:
+          enable-cache: true
+          cache-dependency-glob: |
+            **/pyproject.toml
+            **/uv.lock
+
+      - name: Set up Python
+        run: uv python install 3.11
+
+      - name: Install dependencies
+        run: uv sync --dev --no-install-project

      - name: Get Changed Python Files
        id: changed-files
@@ -33,4 +44,4 @@ jobs:
          echo "${{ steps.changed-files.outputs.files }}" \
            | tr ' ' '\n' \
            | grep -v 'src/crewai/cli/templates/' \
-            | xargs -I{} ruff check "{}"
+            | xargs -I{} uv run ruff check "{}"
--- a/.github/workflows/security-checker.yml
+++ b/.github/workflows/security-checker.yml
@@ -10,14 +10,20 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@v4

-      - name: Set up Python
-        uses: actions/setup-python@v5
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
        with:
-          python-version: "3.11.9"
+          enable-cache: true
+          cache-dependency-glob: |
+            **/pyproject.toml
+            **/uv.lock
+
+      - name: Set up Python
+        run: uv python install 3.11

      - name: Install dependencies
-        run: pip install bandit
+        run: uv sync --dev --no-install-project

      - name: Run Bandit
-        run: bandit -c pyproject.toml -r src/ -ll
+        run: uv run bandit -c pyproject.toml -r src/ -ll

--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -24,7 +24,7 @@ jobs:
        uses: actions/checkout@v4

      - name: Install uv
-        uses: astral-sh/setup-uv@v3
+        uses: astral-sh/setup-uv@v6
        with:
          enable-cache: true
          cache-dependency-glob: |
--- a/.github/workflows/type-checker.yml
+++ b/.github/workflows/type-checker.yml
@@ -6,21 +6,78 @@ permissions:
  contents: write

 jobs:
-  type-checker:
+  type-checker-matrix:
+    name: type-checker (${{ matrix.python-version }})
    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ['3.10', '3.11', '3.12', '3.13']

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
-
-      - name: Setup Python
-        uses: actions/setup-python@v5
        with:
-          python-version: "3.11.9"
+          fetch-depth: 0  # Fetch all history for proper diff

-      - name: Install Requirements
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
+        with:
+          enable-cache: true
+          cache-dependency-glob: |
+            **/pyproject.toml
+            **/uv.lock
+
+      - name: Set up Python ${{ matrix.python-version }}
+        run: uv python install ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: uv sync --dev --no-install-project
+
+      - name: Get changed Python files
+        id: changed-files
        run: |
-          pip install mypy
+          # Get the list of changed Python files compared to the base branch
+          echo "Fetching changed files..."
+          git diff --name-only --diff-filter=ACMRT origin/${{ github.base_ref }}...HEAD -- '*.py' > changed_files.txt
+          
+          # Filter for files in src/ and tests/ directories
+          grep -E "^(src/|tests/)" changed_files.txt > filtered_changed_files.txt || true
+          
+          # Check if there are any changed files
+          if [ -s filtered_changed_files.txt ]; then
+            echo "Changed Python files in src/ and tests/:"
+            cat filtered_changed_files.txt
+            echo "has_changes=true" >> $GITHUB_OUTPUT
+            # Convert newlines to spaces for mypy command
+            echo "files=$(cat filtered_changed_files.txt | tr '\n' ' ')" >> $GITHUB_OUTPUT
+          else
+            echo "No Python files changed in src/ or tests/"
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+          fi

-      - name: Run type checks
-        run: mypy src
+      - name: Run type checks on changed files
+        if: steps.changed-files.outputs.has_changes == 'true'
+        run: |
+          echo "Running mypy on changed files with Python ${{ matrix.python-version }}..."
+          uv run mypy ${{ steps.changed-files.outputs.files }}
+
+      - name: No files to check
+        if: steps.changed-files.outputs.has_changes == 'false'
+        run: echo "No Python files in src/ or tests/ were modified - skipping type checks"
+
+  # Summary job to provide single status for branch protection
+  type-checker:
+    name: type-checker
+    runs-on: ubuntu-latest
+    needs: type-checker-matrix
+    if: always()
+    steps:
+      - name: Check matrix results
+        run: |
+          if [ "${{ needs.type-checker-matrix.result }}" == "success" ] || [ "${{ needs.type-checker-matrix.result }}" == "skipped" ]; then
+            echo "✅ All type checks passed"
+          else
+            echo "❌ Type checks failed"
+            exit 1
+          fi