mirror of
https://github.com/crewAIInc/crewAI.git
synced 2026-07-01 13:18:10 +00:00
Some checks failed
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Vulnerability Scan / pip-audit (push) Has been cancelled
Check Documentation Broken Links / Check broken links (push) Has been cancelled
Nightly Canary Release / Check for new commits (push) Has been cancelled
Nightly Canary Release / Build nightly packages (push) Has been cancelled
Nightly Canary Release / Publish nightly to PyPI (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
* ci: pin third-party actions to commit SHAs Pin third-party GitHub Actions in workflow files to immutable 40-char commit SHAs per the org security policy. Mutable refs like @v4 can be silently re-pointed by a compromised upstream; SHAs cannot. Trailing version comments let Dependabot/Renovate continue to manage updates. Related to [COR-51](https://linear.app/crewai/issue/COR-51). * ci: disable persist-credentials in pip-audit checkout Address CodeRabbit feedback on PR #5869: the pip-audit workflow is read-only and never needs an authenticated git context, so opt out of persisting the GITHUB_TOKEN in the local git config per the actions/checkout security guidance.
65 lines
1.9 KiB
YAML
65 lines
1.9 KiB
YAML
name: Generate Tool Specifications
|
|
|
|
on:
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
paths:
|
|
- 'lib/crewai-tools/src/crewai_tools/**'
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
generate-specs:
|
|
if: github.event_name == 'workflow_dispatch' || github.event.pull_request.head.repo.full_name == github.repository
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
PYTHONUNBUFFERED: 1
|
|
|
|
steps:
|
|
- name: Generate GitHub App token
|
|
id: app-token
|
|
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
|
|
with:
|
|
app-id: ${{ secrets.CREWAI_TOOL_SPECS_APP_ID }}
|
|
private-key: ${{ secrets.CREWAI_TOOL_SPECS_PRIVATE_KEY }}
|
|
|
|
- name: Checkout code
|
|
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
|
|
with:
|
|
ref: ${{ github.head_ref }}
|
|
token: ${{ steps.app-token.outputs.token }}
|
|
|
|
- name: Install uv
|
|
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
|
|
with:
|
|
version: "0.11.3"
|
|
python-version: "3.12"
|
|
enable-cache: true
|
|
|
|
- name: Install the project
|
|
working-directory: lib/crewai-tools
|
|
run: uv sync --dev --all-extras
|
|
|
|
- name: Generate tool specifications
|
|
working-directory: lib/crewai-tools
|
|
run: uv run python src/crewai_tools/generate_tool_specs.py
|
|
|
|
- name: Check for changes and commit
|
|
run: |
|
|
git config user.name "github-actions[bot]"
|
|
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
|
|
|
git add lib/crewai-tools/tool.specs.json
|
|
|
|
if git diff --quiet --staged; then
|
|
echo "No changes detected in tool.specs.json"
|
|
else
|
|
echo "Changes detected in tool.specs.json, committing..."
|
|
git commit -m "chore: update tool specifications"
|
|
git push
|
|
fi
|