mirror of
https://github.com/crewAIInc/crewAI.git
synced 2026-04-12 14:02:47 +00:00
fdb9b6f090
* fix: bump litellm to >=1.83.0 to address CVE-2026-35030 Bump litellm from <=1.82.6 to >=1.83.0 to fix JWT auth bypass via OIDC cache key collision (CVE-2026-35030). Also widen devtools openai pin from ~=1.83.0 to >=1.83.0,<3 to resolve the version conflict (litellm 1.83.0 requires openai>=2.8.0). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: resolve mypy errors from litellm bump - Remove unused type: ignore[import-untyped] on instructor import - Remove all unused type: ignore[union-attr] comments (litellm types fixed) - Add hasattr guard for tool_call.function — new litellm adds ChatCompletionMessageCustomToolCall to the union which lacks .function * fix: tighten litellm pin to ~=1.83.0 (patch-only bumps) >=1.83.0,<2 is too wide — litellm has had breaking changes between minors. ~=1.83.0 means >=1.83.0,<1.84.0 — gets CVE patches but won't pull in breaking minor releases. * ci: bump uv from 0.8.4 to 0.11.3 * fix: resolve mypy errors in openai completion from 2.x type changes Use isinstance checks with concrete openai response types instead of string comparisons for proper type narrowing. Update code interpreter handling for outputs/OutputImage API changes in openai 2.x. * fix: pre-cache tiktoken encoding before VCR intercepts requests --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Alex <alex@crewai.com> Co-authored-by: Greyson LaLonde <greyson@crewai.com>
127 lines
3.5 KiB
YAML
127 lines
3.5 KiB
YAML
name: Nightly Canary Release
|
|
|
|
on:
|
|
schedule:
|
|
- cron: '0 6 * * *' # daily at 6am UTC
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
check:
|
|
name: Check for new commits
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
outputs:
|
|
has_changes: ${{ steps.check.outputs.has_changes }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Check for commits in last 24h
|
|
id: check
|
|
run: |
|
|
RECENT=$(git log --since="24 hours ago" --oneline | head -1)
|
|
if [ -n "$RECENT" ]; then
|
|
echo "has_changes=true" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "has_changes=false" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
build:
|
|
name: Build nightly packages
|
|
needs: check
|
|
if: needs.check.outputs.has_changes == 'true' || github.event_name == 'workflow_dispatch'
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.12"
|
|
|
|
- name: Install uv
|
|
uses: astral-sh/setup-uv@v4
|
|
|
|
- name: Stamp nightly versions
|
|
run: |
|
|
DATE=$(date +%Y%m%d)
|
|
for init_file in \
|
|
lib/crewai/src/crewai/__init__.py \
|
|
lib/crewai-tools/src/crewai_tools/__init__.py \
|
|
lib/crewai-files/src/crewai_files/__init__.py; do
|
|
CURRENT=$(python -c "
|
|
import re
|
|
text = open('$init_file').read()
|
|
print(re.search(r'__version__\s*=\s*\"(.*?)\"\s*$', text, re.MULTILINE).group(1))
|
|
")
|
|
NIGHTLY="${CURRENT}.dev${DATE}"
|
|
sed -i "s/__version__ = .*/__version__ = \"${NIGHTLY}\"/" "$init_file"
|
|
echo "$init_file: $CURRENT -> $NIGHTLY"
|
|
done
|
|
|
|
# Update cross-package dependency pins to nightly versions
|
|
sed -i "s/\"crewai-tools==[^\"]*\"/\"crewai-tools==${NIGHTLY}\"/" lib/crewai/pyproject.toml
|
|
sed -i "s/\"crewai==[^\"]*\"/\"crewai==${NIGHTLY}\"/" lib/crewai-tools/pyproject.toml
|
|
echo "Updated cross-package dependency pins to ${NIGHTLY}"
|
|
|
|
- name: Build packages
|
|
run: |
|
|
uv build --all-packages
|
|
rm dist/.gitignore
|
|
|
|
- name: Upload artifacts
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: dist
|
|
path: dist/
|
|
|
|
publish:
|
|
name: Publish nightly to PyPI
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
environment:
|
|
name: pypi
|
|
url: https://pypi.org/p/crewai
|
|
permissions:
|
|
id-token: write
|
|
contents: read
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Install uv
|
|
uses: astral-sh/setup-uv@v6
|
|
with:
|
|
version: "0.11.3"
|
|
python-version: "3.12"
|
|
enable-cache: false
|
|
|
|
- name: Download artifacts
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: dist
|
|
path: dist
|
|
|
|
- name: Publish to PyPI
|
|
env:
|
|
UV_PUBLISH_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
|
|
run: |
|
|
failed=0
|
|
for package in dist/*; do
|
|
if [[ "$package" == *"crewai_devtools"* ]]; then
|
|
echo "Skipping private package: $package"
|
|
continue
|
|
fi
|
|
echo "Publishing $package"
|
|
if ! uv publish "$package"; then
|
|
echo "Failed to publish $package"
|
|
failed=1
|
|
fi
|
|
done
|
|
if [ $failed -eq 1 ]; then
|
|
echo "Some packages failed to publish"
|
|
exit 1
|
|
fi |