ci: bump actions/checkout from 4 to 6#13
Closed
dependabot[bot] wants to merge 2 commits into
Closed
Conversation
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
dependabot
Bot
added
the
dependencies
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/github_actions/actions/checkout-6
branch
from
d784c9d to
24b42fa
Compare
Owner
|
合并到手工 PR:actions/checkout + actions/setup-python 同次升级;dependabot 12/13 互冲,绕过。 |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Wool-xing
pushed a commit
that referenced
this pull request
May 10, 2026
合并 Dependabot 撤销的 2 个 PR: - 手动升 actions/checkout v4→v6(原 PR #13,与 #12 actions/setup-python 冲突, 绕过 dependabot 合并) - actions/setup-python v5→v6 已在 commit 6024104 通过 PR #12 合入 dependabot.yml 加 pytest "9.x" 显式版本封死(含 minor/patch),原 ignore 仅 semver-major 不足以阻止 dependabot 反复开 PR(如 PR #18:8.3.4→9.0.3)。 依据:W3 commit 67a322e 决策——pytest 9.x 插件生态未跟上,CVE-2025-71176 仅本地 DoS,模板仓库可承受。待 Q3 2026 9.x 生态稳定后解锁。
Wool-xing
pushed a commit
that referenced
this pull request
May 17, 2026
…, skip fix, fixture isolation - #9: runtime/self_healing/ (retry.py + locator_store.py) — exponential-backoff retry wrapper for subprocess/LLM errors. scripts.py subprocess.run + direct.py _run_node both use with_retry(). - #10: direct.py executor-level retry — resubmits _run_node up to 2 extra times with 2^attempt backoff on unexpected exceptions. - #11: on_failure=skip nodes now set skipped=True, excluded from failure count. flows.py + direct.py track skipped separately. - #12: 04-配置文件/conftest.py test_data + browser_context session→function scope. test_data uses tmp_path to avoid parallel file collisions. - #13: MAX_FAILURES=3 circuit breaker in flows.py + direct.py. DAG progress logging per node. tasks.py timeout_seconds=3600. 148 tests pass. 9/9 DAG demo ok.
Wool-xing
added a commit
that referenced
this pull request
May 17, 2026
* fix: correct setuptools package discovery for editable install
`where = ["."]` with `include = ["runtime*"]` couldn't find the runtime
package because the runtime directory IS the package root (runtime/__init__.py
is directly in .). Changed where to `[".."]` so setuptools scans the parent
directory and finds `runtime/` as a package.
Before: `pip install -e .` produced empty MAPPING — `import runtime` failed.
After: `import runtime` works, `tagent demo` completes all 4 steps.
* feat: add --version flag to tagent CLI
Users expect `tagent --version` to print version info. Added callback
that prints "Test-Agent Runtime v1.32.0" when --version is passed.
* fix: auto-generate smoke PRD fixture when missing in demo
Previously `tagent demo` step 3 would hard-fail with "fixture missing"
if examples/_smoke_prd.md was deleted from disk. Now it auto-generates
the fixture from an embedded template, showing a warning instead.
This prevents demo breakage when the examples/ directory is accidentally
cleaned or the user runs demo outside the repo root.
* feat: english-ify tagent CLI help text and user-facing output
Converted all CLI command descriptions, option help text, and user-facing
console output from Chinese to English for international accessibility.
Internal code comments, fixture data, and workspace paths unchanged.
* feat: english-ify tagent CLI help text and user-facing output
Convert CLI command descriptions, option help text, and user-facing
console output from Chinese to English. Updated related tests.
Includes: config subcommand help, demo flow output, selftest/doctor
messages, init/export descriptions.
* chore: bump version 1.32.0 → 1.32.1 + fix CONTRIBUTING.md stale 33→32
- 全项目版本号同步至 1.32.1 (17 files)
- CONTRIBUTING.md: 16/33/49 → 16/32/49 (skill 数对齐 pre-commit/CI 实际 -eq 32)
- CHANGELOG 新增 v1.32.1 条目
* fix: security hardening — shell injection, hardcoded creds, API auth, silent failures
CRITICAL fixes:
- backends/local.py: create_subprocess_shell → create_subprocess_exec (CWE-78)
- backends/ssh.py: cat {path} → SFTP read; shlex.quote(cwd/env); known_hosts=()
- config/settings.py: remove default db_url/password creds; api_host→127.0.0.1; add api_auth_token
- api/main.py: bearer auth middleware (gated by TAGENT_API_AUTH_TOKEN); CORS restrict to localhost; file upload max 50MB + extension allowlist
Silent failure fixes:
- api/main.py: except Exception:continue → catch specific + logger.warning (list_history/dashboard); logger.exception in background thread; threading.Lock on _run_results
- api/deps.py: persistence fail → logger.error; status persist DEBUG→WARNING; artifact read fail → [READ_ERROR] marker
- api/parsers.py: PDF/DOCX extract fail → [PARSE_ERROR] marker
- router/retrieval.py: retrieval fail DEBUG→WARNING
- 05-代码示例/api_retry_util.py: bare except pass → logger.debug
.gitignore hardening:
- Add workspace/测试报告/, workspace/feedback/, workspace/自动化脚本/
- Add runtime/workspace/, runtime/web/tsconfig.tsbuildinfo
- Add docs/审查报告/, docs/参考库/, docs/decisions/, archive/
- Remove 4 tracked test report .docx from git
* fix: utils security hardening — owner check, XML escape, WS leak, CI pin
- chaos_helper.py: kill_process psutil absent now raises RuntimeError instead of skipping owner check
- i18n_checker.py: bare except Exception → specific (UnicodeDecodeError, PermissionError, OSError) + logger.warning
- miniprogram_runner.py: WebSocket close wrapped in try/finally to prevent connection leak
- protocol_helper.py: SOAP body_xml escaped with xml.sax.saxutils.escape() to prevent XML injection
- ci.yml: pin ludeeus/action-shellcheck@master → @2.0.0
- install.sh: add security note recommending git clone over curl|bash
* chore: fix pre-commit deprecated default_stages commit → pre-commit
* chore: bump version 1.32.1 → 1.32.2
全项目版本号同步 + CHANGELOG 新增 v1.32.2 安全加固条目
* refactor: _stub_response dispatch table + fuzzer ALL_PAYLOADS hoist + bump 1.32.3
- router/llm_client.py: 77-line if/elif chain → _STUB_TARGETS table (8 entries)
- fuzzer.py: sum(PAYLOAD_LIBRARY.values(), []) hoist to module-level ALL_PAYLOADS
* docs: honesty pass — remove marketing numbers, clarify vision skills, drop internal references
- README: 8640 combos → ~12 CI-validated; 95% aspirational → removed; 32 skills → 30 active + 2 vision
- 00-项目导航: 9x 主宪章 §X → plain descriptions (external contributors don't know charter section numbers)
- ROADMAP: 3x 主宪章 references removed
* refactor: split overlong functions — generate_report (143→30) + mobile_driver (107→55)
- generate_report.py: extract _write_docx_header/_summary/_degraded_warning/_bugs/_performance/_risks helpers
- mobile_driver.py: extract _build_monkey_cmd + _analyze_monkey_log helpers
* chore: bump version 1.32.3 → 1.32.4
Phase 1+2 收尾: 数字诚实化 + 内部引用清理 + 长函数拆分
* refactor: split CLI/main.py (680→39 lines) into 8 command modules
- runtime/cli/_shared.py: kernel, console, helpers, fixtures
- runtime/cli/commands/run.py: run + plan
- runtime/cli/commands/catalog.py: catalog
- runtime/cli/commands/doctor.py: doctor
- runtime/cli/commands/selftest.py: selftest
- runtime/cli/commands/market.py: search + list + install + uninstall + verify
- runtime/cli/commands/demo.py: demo
- runtime/cli/commands/init.py: init
- runtime/cli/commands/export.py: export
Pure mechanical split — no logic changes. 128 tests pass.
* test: add 20 core smoke tests — CLI commands, API auth, build_artifact, catalog
- test_cli_commands.py (5): all 13 commands registered, --version, catalog, doctor, --help
- test_api_auth.py (6): health public, auth middleware blocks/allows, CORS headers
- test_build_artifact.py (4): url/file/text input parsing
- test_catalog.py (5): expert/skill counts and field validation
* chore: bump version 1.32.4 → 1.32.5
CLI split + 20 smoke tests + CHANGELOG
* fix: flaky test_execute_node_allows_production_skill — reset catalog/settings cache per test
conftest _env_isolation now calls get_catalog(refresh=True) + resets settings cache
to prevent cross-test state pollution from modules that create Kernel() at import time.
* fix: on_failure=skip now correctly excludes node from failure count
- tasks.py: skip nodes set summary.skipped=True, no longer counted as failed
- flows.py: track skipped list separately, include in summary.skipped
- direct.py: same skip tracking for direct executor path
* feat: Phase 3 engine hardening — self-healing, retry, circuit breaker, skip fix, fixture isolation
- #9: runtime/self_healing/ (retry.py + locator_store.py) — exponential-backoff
retry wrapper for subprocess/LLM errors. scripts.py subprocess.run + direct.py
_run_node both use with_retry().
- #10: direct.py executor-level retry — resubmits _run_node up to 2 extra times
with 2^attempt backoff on unexpected exceptions.
- #11: on_failure=skip nodes now set skipped=True, excluded from failure count.
flows.py + direct.py track skipped separately.
- #12: 04-配置文件/conftest.py test_data + browser_context session→function scope.
test_data uses tmp_path to avoid parallel file collisions.
- #13: MAX_FAILURES=3 circuit breaker in flows.py + direct.py. DAG progress logging
per node. tasks.py timeout_seconds=3600.
148 tests pass. 9/9 DAG demo ok.
* feat: Phase 4 test intelligence — dashboard, readiness score, flaky trends, impact analysis, traceability
- #14: runtime/observability/dashboard.py — 3-row layout (decision→diagnostic→action)
with MTTD/MTTR, expert heatmap, flaky candidates, env health, action items.
api/main.py /dashboard endpoint rewired to new builder.
- #15: runtime/orchestrator/release_readiness.py — weighted scoring
(smoke×0.4+regression×0.3+perf×0.2+security×0.1→GREEN/YELLOW/RED).
CLI: tagent readiness. Does not modify test_lead.py.
- #16: flaky_detector.py — detect_trends() (P-F-P/F-P-F patterns),
generate_quarantine(), generate_pytest_markers().
- #17: runtime/intelligence/impact_analyzer.py — AST import graph +
git diff → impacted test list. Does not modify regression_scope.py.
- #18: traceability_matrix.py — bidirectional Req↔TC↔Bug matrix
with coverage stats, orphan detection, markdown export.
148 tests pass. 9/9 DAG demo ok.
* feat: Phase 6 developer experience — bootstrap, debug mode, actionable errors, tutorial, shell completion
- #24: tagent bootstrap — one-command check→configure→verify (Python/Git/pip/LLM)
- #25: --debug CLI flag + TAGENT_LOG_LEVEL env + log_level setting
- #26: Actionable error messages — "internal error" now includes run_id + log path + --debug hint.
modal.py "not connected" → "call connect() first"
- #27: docs/tutorial/TUTORIAL.md — 5-step interactive tutorial (10 min)
- #28: tagent --install-completion (shell autocomplete) + --no-color flag
148 tests pass.
* feat: Phase 5 enterprise readiness — RBAC, audit trail, multi-tenant, config validation, lifecycle hooks
- #19: runtime/api/rbac.py — 4-role RBAC (admin/lead/tester/viewer) + require_role()
decorator. Disabled by default (TAGENT_RBAC_ENABLED=0). Does not modify auth middleware.
- #20: runtime/observability/audit.py — JSONL audit log (log_event / query_events).
Thread-safe, append-only.
- #21: runtime/api/tenancy.py — contextvars-based tenant propagation.
Disabled by default. Does not modify DB schema.
- #22: Settings.validate_startup() — checks LLM key, dirs, DB driver.
Wired into tagent doctor.
- #23: runtime/orchestrator/hooks.py — HookRegistry (before/after/on_error).
Integrated into direct.py _run_node(). Hooks never break execution.
148 tests pass.
* feat: Phase 7 methodology — branch coverage, static analysis, portability tests, risk matrix, classification tree
- #29: pyproject.toml --cov-branch enabled
- #30: pyproject.toml pylint + radon config (CC rank=B)
- #31: 7 portability tests (ISO 25010: installability/coexistence/replaceability)
+ @pytest.mark.portability marker
- #32: runtime/intelligence/risk_matrix.py — Bayesian calibrated risk matrix
with mitigation tracking
- #33: classification_tree.py — ISTQB CTM with pairwise generation + constraints
155 tests pass (148 + 7 portability).
* feat: Phase 8 platform — plugin discovery, data synthesis, APM export, journey mapping, multi-region monitor
- #34: runtime/marketplace/discovery.py — importlib.metadata entry_points for
third-party agent/skill/backend registration (group=tagent)
- #35: data_synthesizer.py — PII auto-detection (email/phone/id/ip/credit_card)
+ deterministic masking + random subset extraction
- #36: runtime/observability/apm_export.py — Datadog + Grafana dashboard JSON
export (pass rate, MTTD/MTTR, expert health, flaky candidates)
- #37: runtime/intelligence/journey_mapper.py — failure→business journey impact
mapping (Registration/Login/Payment/Profile/...)
- #38: .github/workflows/synthetic-monitor.yml — scheduled multi-region smoke
test (every 6h, 4 regions)
155 tests pass. 9/9 DAG demo ok.
🎉 38/38 MASTER_PLAN items complete.
* fix: CI utils count 49→52 + remove --cov-branch from default pytest addopts
- .github/workflows/ci.yml: expected utils count updated 49→52
- runtime/pyproject.toml: removed --cov-branch from addopts (requires
pytest-cov which is not installed in CI). Coverage flags should be
passed explicitly: pytest --cov --cov-branch
* fix: CI pytest — add fastapi/python-multipart/httpx/pytest-cov deps, restore --cov-branch
* fix: resolve CodeQL review comments — URL substring sanitization + workflow permissions
---------
Co-authored-by: xiaoxing0135 <706015750@qq.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/checkout from 4 to 6.
Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
de0fac2Fix tag handling: preserve annotations and explicit fetch-tags (#2356)064fe7fAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...8e8c483Clarify v6 README (#2328)033fa0dAdd worktree support for persist-credentials includeIf (#2327)c2d88d3Update all references from v5 and v4 to v6 (#2314)1af3b93update readme/changelog for v6 (#2311)71cf226v6-beta (#2298)069c695Persist creds to a separate file (#2286)ff7abcdUpdate README to include Node.js 24 support details and requirements (#2248)08c6903Prepare v5.0.0 release (#2238)