Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 12 additions & 12 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@ jobs:
name: Lint (ruff)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- uses: actions/checkout@v7
- uses: actions/setup-python@v6
with:
python-version: "3.12"
# Pin ruff so local pre-commit, nox, and CI agree on formatting (no version drift).
Expand All @@ -36,8 +36,8 @@ jobs:
os: [ubuntu-latest, windows-latest, macos-latest]
python-version: ["3.11", "3.12", "3.13"]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- uses: actions/checkout@v7
- uses: actions/setup-python@v6
with:
python-version: ${{ matrix.python-version }}
- name: Install
Expand All @@ -52,8 +52,8 @@ jobs:
runs-on: ubuntu-latest # single, most-stable runner; assertions are median-based
needs: [lint]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- uses: actions/checkout@v7
- uses: actions/setup-python@v6
with:
python-version: "3.12"
- run: python -m pip install -e ".[dev]"
Expand All @@ -67,8 +67,8 @@ jobs:
runs-on: ubuntu-latest
needs: [lint, test]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- uses: actions/checkout@v7
- uses: actions/setup-python@v6
with:
python-version: "3.12"
- name: Build sdist + wheel
Expand All @@ -84,7 +84,7 @@ jobs:
python -m venv /tmp/fresh
/tmp/fresh/bin/python -m pip install dist/*.whl
/tmp/fresh/bin/python -c "import tokenhelm; from tokenhelm.adapters import default_adapters; assert [a.provider.value for a in default_adapters()] == ['openai','anthropic','gemini','ollama']; print('OK', tokenhelm.__version__)"
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@v7
with:
name: dist
path: dist/
Expand All @@ -94,13 +94,13 @@ jobs:
runs-on: ubuntu-latest
needs: [build]
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v7
with:
# gitleaks-action scans the PR commit range (<first-commit>^..<head>); a shallow clone
# lacks the first commit's parent, so git fails with "ambiguous argument". Full history
# (fetch-depth: 0) lets the range resolve. Only this job needs it.
fetch-depth: 0
- uses: actions/setup-python@v5
- uses: actions/setup-python@v6
with:
python-version: "3.12"
- name: Dependency vulnerability audit
Expand All @@ -113,6 +113,6 @@ jobs:
# a real CVE in a runtime dependency, so the vulnerability gate is unchanged.
pip-audit --desc --skip-editable # audits runtime deps (PyYAML); skips the local pkg
- name: Secret scan (gitleaks)
uses: gitleaks/gitleaks-action@v2
uses: gitleaks/gitleaks-action@v3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
8 changes: 4 additions & 4 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,18 +28,18 @@ jobs:
matrix:
language: [python]
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v7

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
queries: security-and-quality

- name: Autobuild
uses: github/codeql-action/autobuild@v3
uses: github/codeql-action/autobuild@v4

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@v4
with:
category: "/language:${{ matrix.language }}"
4 changes: 2 additions & 2 deletions .github/workflows/labels.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ jobs:
labeler:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: crazy-max/ghaction-github-labeler@v5
- uses: actions/checkout@v7
- uses: crazy-max/ghaction-github-labeler@v6
with:
yaml-file: .github/labels.yml
skip-delete: true # keep labels not listed here (e.g. GitHub defaults you still use)
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pr-title.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@v5
- uses: amannn/action-semantic-pull-request@v6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release-please.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
release-please:
runs-on: ubuntu-latest
steps:
- uses: googleapis/release-please-action@v4
- uses: googleapis/release-please-action@v5
with:
config-file: release-please-config.json
manifest-file: .release-please-manifest.json
14 changes: 7 additions & 7 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ jobs:
outputs:
prerelease: ${{ steps.classify.outputs.prerelease }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- uses: actions/checkout@v7
- uses: actions/setup-python@v6
with:
python-version: "3.12"
- name: Classify tag
Expand Down Expand Up @@ -50,7 +50,7 @@ jobs:
python -m pip install --upgrade build twine
python -m build
twine check dist/*
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@v7
with:
name: dist
path: dist/
Expand All @@ -66,7 +66,7 @@ jobs:
permissions:
id-token: write # OIDC — Trusted Publishing, no API token needed
steps:
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@v8
with:
name: dist
path: dist/
Expand All @@ -85,7 +85,7 @@ jobs:
permissions:
id-token: write # OIDC — Trusted Publishing, no API token needed
steps:
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@v8
with:
name: dist
path: dist/
Expand All @@ -99,12 +99,12 @@ jobs:
permissions:
contents: write # create the GitHub Release and attach artifacts
steps:
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@v8
with:
name: dist
path: dist/
- name: Create GitHub Release
uses: softprops/action-gh-release@v2
uses: softprops/action-gh-release@v3
with:
files: dist/*
generate_release_notes: true
Expand Down
Loading