Skip to content

Release v0.1.2

Release v0.1.2 #23

Workflow file for this run

name: CI
on:
push:
branches: [main, master]
pull_request:
concurrency:
group: ci-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
no-handwritten-model-types:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v6
- name: Resolve pinned intentproof-spec revision
id: spec_pin
run: |
set -euo pipefail
python3 - <<'PY'
import os
import tomllib
from pathlib import Path
c = tomllib.loads(Path("pyproject.toml").read_text(encoding="utf-8"))["tool"]["intentproof"]["spec-commit"]
with open(os.environ["GITHUB_OUTPUT"], "a", encoding="utf-8") as f:
f.write(f"sha={c}\n")
PY
- uses: actions/checkout@v6
with:
repository: IntentProof/intentproof-spec
ref: ${{ steps.spec_pin.outputs.sha }}
fetch-depth: 0
path: intentproof-spec
- name: No handwritten model/types outside generated schema package
env:
INTENTPROOF_SPEC_ROOT: ${{ github.workspace }}/intentproof-spec
run: bash scripts/check-no-handwritten-model-types.sh
hardening:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v6
- name: Resolve pinned intentproof-spec revision
id: spec_pin
run: |
set -euo pipefail
python3 - <<'PY'
import os
import tomllib
from pathlib import Path
c = tomllib.loads(Path("pyproject.toml").read_text(encoding="utf-8"))["tool"]["intentproof"]["spec-commit"]
with open(os.environ["GITHUB_OUTPUT"], "a", encoding="utf-8") as f:
f.write(f"sha={c}\n")
PY
- uses: actions/checkout@v6
with:
repository: IntentProof/intentproof-spec
ref: ${{ steps.spec_pin.outputs.sha }}
fetch-depth: 0
path: intentproof-spec
- uses: actions/setup-node@v6
with:
node-version-file: intentproof-spec/.nvmrc
cache: npm
cache-dependency-path: intentproof-spec/package-lock.json
- name: SDK hardening contract audit (spec-only + drift guards)
run: bash intentproof-spec/scripts/check-sdk-hardening.sh "${{ github.workspace }}"
intentproof-spec:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v6
- name: Resolve pinned intentproof-spec revision
id: spec_pin
run: |
set -euo pipefail
python3 - <<'PY'
import os
import tomllib
from pathlib import Path
c = tomllib.loads(Path("pyproject.toml").read_text(encoding="utf-8"))["tool"]["intentproof"]["spec-commit"]
with open(os.environ["GITHUB_OUTPUT"], "a", encoding="utf-8") as f:
f.write(f"sha={c}\n")
PY
- uses: actions/checkout@v6
with:
repository: IntentProof/intentproof-spec
ref: ${{ steps.spec_pin.outputs.sha }}
fetch-depth: 0
path: intentproof-spec
- uses: actions/setup-node@v6
with:
node-version-file: intentproof-spec/.nvmrc
cache: npm
cache-dependency-path: intentproof-spec/package-lock.json
- name: Canonical spec conformance (pin check + oracle + replay)
env:
INTENTPROOF_SPEC_ROOT: ${{ github.workspace }}/intentproof-spec
INTENTPROOF_SDK_ID: python
INTENTPROOF_REPLAY_VERIFY: "1"
INTENTPROOF_CONFORMANCE_JSON: "1"
run: bash scripts/spec-conformance.sh
- name: Upload conformance report artifact
uses: actions/upload-artifact@v7
with:
name: conformance-report-python
path: intentproof-spec/conformance-report.json
if-no-files-found: error
spec-golden-parity:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v6
- name: Resolve pinned intentproof-spec revision
id: spec_pin
run: |
set -euo pipefail
python3 - <<'PY'
import os
import tomllib
from pathlib import Path
c = tomllib.loads(Path("pyproject.toml").read_text(encoding="utf-8"))["tool"]["intentproof"]["spec-commit"]
with open(os.environ["GITHUB_OUTPUT"], "a", encoding="utf-8") as f:
f.write(f"sha={c}\n")
PY
- uses: actions/checkout@v6
with:
repository: IntentProof/intentproof-spec
ref: ${{ steps.spec_pin.outputs.sha }}
fetch-depth: 0
path: intentproof-spec
- uses: ./.github/actions/setup-python-pip
with:
python-version: "3.13"
check-latest: false
- name: Install project (dev extras)
run: pip install -e ".[dev]"
- name: Golden execution_event JSONL parity (schema + semantics)
env:
INTENTPROOF_SPEC_ROOT: ${{ github.workspace }}/intentproof-spec
run: pytest tests/unit/test_spec_golden_conformance.py -v
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: ./.github/actions/setup-python-pip
with:
python-version: "3.x"
check-latest: true
- name: Install project (dev extras)
run: pip install -e ".[dev]"
- name: pip-audit
run: pip-audit
tox:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- tox-env: static
python-version: "3.x"
check-latest: true
- tox-env: cov
python-version: "3.x"
check-latest: true
- tox-env: py311
python-version: "3.11"
check-latest: false
- tox-env: py312
python-version: "3.12"
check-latest: false
- tox-env: py313
python-version: "3.13"
check-latest: false
- tox-env: py314
python-version: "3.14"
check-latest: false
steps:
- uses: actions/checkout@v6
- name: Resolve pinned intentproof-spec revision
id: spec_pin
run: |
set -euo pipefail
python3 - <<'PY'
import os
import tomllib
from pathlib import Path
c = tomllib.loads(Path("pyproject.toml").read_text(encoding="utf-8"))["tool"]["intentproof"]["spec-commit"]
with open(os.environ["GITHUB_OUTPUT"], "a", encoding="utf-8") as f:
f.write(f"sha={c}\n")
PY
- uses: actions/checkout@v6
with:
repository: IntentProof/intentproof-spec
ref: ${{ steps.spec_pin.outputs.sha }}
fetch-depth: 0
path: intentproof-spec
- uses: ./.github/actions/setup-python-pip
with:
python-version: ${{ matrix.python-version }}
check-latest: ${{ matrix.check-latest }}
- name: Install tox
run: pip install "tox>=4"
- name: Run tox
env:
INTENTPROOF_SPEC_ROOT: ${{ github.workspace }}/intentproof-spec
run: tox run -e ${{ matrix.tox-env }}