mirror of
https://github.com/crewAIInc/crewAI.git
synced 2026-07-01 05:08:12 +00:00
Some checks failed
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
Check Documentation Broken Links / Check broken links (push) Has been cancelled
Nightly Canary Release / Check for new commits (push) Has been cancelled
Nightly Canary Release / Build nightly packages (push) Has been cancelled
Nightly Canary Release / Publish nightly to PyPI (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
* ci: pin third-party actions to commit SHAs Pin third-party GitHub Actions in workflow files to immutable 40-char commit SHAs per the org security policy. Mutable refs like @v4 can be silently re-pointed by a compromised upstream; SHAs cannot. Trailing version comments let Dependabot/Renovate continue to manage updates. Related to [COR-51](https://linear.app/crewai/issue/COR-51). * ci: disable persist-credentials in pip-audit checkout Address CodeRabbit feedback on PR #5869: the pip-audit workflow is read-only and never needs an authenticated git context, so opt out of persisting the GITHUB_TOKEN in the local git config per the actions/checkout security guidance.
49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
name: Build uv cache
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths:
|
|
- "uv.lock"
|
|
- "pyproject.toml"
|
|
schedule:
|
|
- cron: "0 0 */5 * *" # Run every 5 days at midnight UTC to prevent cache expiration
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
build-cache:
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
python-version: ["3.10", "3.11", "3.12", "3.13"]
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
|
|
|
|
- name: Install uv
|
|
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
|
|
with:
|
|
version: "0.11.3"
|
|
python-version: ${{ matrix.python-version }}
|
|
enable-cache: false
|
|
|
|
- name: Install dependencies and populate cache
|
|
run: |
|
|
echo "Building global UV cache for Python ${{ matrix.python-version }}..."
|
|
uv sync --all-groups --all-extras --no-install-project
|
|
echo "Cache populated successfully"
|
|
|
|
- name: Save uv caches
|
|
uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
|
|
with:
|
|
path: |
|
|
~/.cache/uv
|
|
~/.local/share/uv
|
|
.venv
|
|
key: uv-main-py${{ matrix.python-version }}-${{ hashFiles('uv.lock') }}
|