From 165e533a70d4295e7b1ac62900dbad882646f617 Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 13:26:03 -0600 Subject: [PATCH 01/26] fix: bypass error, cuz req's edit was via merge --- .github/workflows/validate-requirements.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/validate-requirements.yml b/.github/workflows/validate-requirements.yml index 420c6133..9f1d8259 100644 --- a/.github/workflows/validate-requirements.yml +++ b/.github/workflows/validate-requirements.yml @@ -22,9 +22,10 @@ jobs: # Check if requirements.txt was modified in last commit if git diff --name-only HEAD~1 HEAD | grep -q "^requirements.txt$"; then if [ "$AUTHOR" != "github-actions[bot]" ]; then - echo "❌ ERROR: You may NOT edit `requirements.txt`" - echo "To pin dependencies, use `poetry add `." - echo "Please remove your changes to requirements.txt, so the robot can maintain it." + echo "::error::You may NOT edit `requirements.txt`" + echo "::notice::To pin dependencies, use 'poetry add '." + echo "::warning::Please remove your changes to requirements.txt, so the robot can maintain it." + echo "To bypass this check (admins only), psh a commit that does not modify 'requirements.txt'." exit 1 fi fi From 171fe24a7c81011a93a0c106dea0de87e4a89845 Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 13:32:34 -0600 Subject: [PATCH 02/26] Revert "fix: bypass error, cuz req's edit was via merge" This reverts commit faeae2218b04de95e7ea84b2f004ac94075a0061. --- .github/workflows/validate-requirements.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/validate-requirements.yml b/.github/workflows/validate-requirements.yml index 9f1d8259..420c6133 100644 --- a/.github/workflows/validate-requirements.yml +++ b/.github/workflows/validate-requirements.yml @@ -22,10 +22,9 @@ jobs: # Check if requirements.txt was modified in last commit if git diff --name-only HEAD~1 HEAD | grep -q "^requirements.txt$"; then if [ "$AUTHOR" != "github-actions[bot]" ]; then - echo "::error::You may NOT edit `requirements.txt`" - echo "::notice::To pin dependencies, use 'poetry add '." - echo "::warning::Please remove your changes to requirements.txt, so the robot can maintain it." - echo "To bypass this check (admins only), psh a commit that does not modify 'requirements.txt'." + echo "❌ ERROR: You may NOT edit `requirements.txt`" + echo "To pin dependencies, use `poetry add `." + echo "Please remove your changes to requirements.txt, so the robot can maintain it." exit 1 fi fi From 18f898aaea5ac404714e9553a4a59ec532573f63 Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 14:40:30 -0600 Subject: [PATCH 03/26] refactor: [AI] compare author of req's change --- .../actions/validate-requirements/action.yml | 31 +++++++ .../actions/validate-requirements/check.sh | 83 +++++++++++++++++++ .../commit-messages/requirements_update.txt | 1 + .github/workflows/requirements-validate.yml | 23 +---- .github/workflows/requirments-sync.yml | 9 +- .github/workflows/validate-requirements.yml | 21 ++--- 6 files changed, 130 insertions(+), 38 deletions(-) create mode 100644 .github/actions/validate-requirements/action.yml create mode 100644 .github/actions/validate-requirements/check.sh create mode 100644 .github/commit-messages/requirements_update.txt diff --git a/.github/actions/validate-requirements/action.yml b/.github/actions/validate-requirements/action.yml new file mode 100644 index 00000000..16f4d659 --- /dev/null +++ b/.github/actions/validate-requirements/action.yml @@ -0,0 +1,31 @@ +name: "Validate requirements" + +description: | + Reject changes to `requirements.txt` unless the latest commit that touched + the file in the compare range was authored by an allowed bot. + +inputs: + allowed_bots: + description: "Comma-separated list of allowed bot author names" + required: false + default: "github-actions[bot],dependabot[bot]" + commit_message_file: + description: "Path to file that contains canonical commit message (exact match)" + required: false + default: ".github/commit-messages/requirements_update.txt" + +runs: + using: "composite" + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Run requirements check + shell: bash + env: + ALLOWED_BOTS: ${{ inputs.allowed_bots }} + COMMIT_MSG_FILE: ${{ inputs.commit_message_file }} + run: | + bash ./.github/actions/validate-requirements/check.sh \ No newline at end of file diff --git a/.github/actions/validate-requirements/check.sh b/.github/actions/validate-requirements/check.sh new file mode 100644 index 00000000..c83f855a --- /dev/null +++ b/.github/actions/validate-requirements/check.sh @@ -0,0 +1,83 @@ +#!/usr/bin/env bash +set -euo pipefail +IFS=$'\n\t' + +ALLOWED_BOTS="${ALLOWED_BOTS:-github-actions[bot],dependabot[bot]}" + +# Determine the comparison range +is_pr=; +if [ "${GITHUB_EVENT_NAME:-}" = "pull_request" ]; then + is_pr=1 +fi +has_base_ref=; +if [ -n "${GITHUB_BASE_REF:-}" ]; then + has_base_ref=1 +fi +origin_base_ref_exists=; +if [ -n "${GITHUB_BASE_REF:-}" ] && git rev-parse --verify "origin/${GITHUB_BASE_REF}" >/dev/null 2>&1; then + origin_base_ref_exists=1 +fi +if [ -n "$is_pr" ] && [ -n "$has_base_ref" ] && [ -n "$origin_base_ref_exists" ]; then + BASE_REF="$(git rev-parse "origin/${GITHUB_BASE_REF}")" + COMPARE_RANGE="$BASE_REF...HEAD" +else + COMPARE_RANGE="HEAD~1..HEAD" +fi + +# If requirements.txt changed in comparison range, ensure latest change's commit +# was authored by an allowed bot, or the latest commit message exactly matches +# the canonical bot commit message, or fallback to any bot-authored commit. +if git diff --name-only $COMPARE_RANGE | grep -q "^requirements.txt$"; then + latest_sha=$(git log -1 --pretty=format:'%H' $COMPARE_RANGE -- requirements.txt || true) + + if [ -z "$latest_sha" ]; then + echo "::error::No commits found touching requirements.txt in range $COMPARE_RANGE" + exit 1 + fi + + latest_author=$(git show -s --format='%an' "$latest_sha") + latest_committer=$(git show -s --format='%cn' "$latest_sha") + latest_message=$(git show -s --format='%B' "$latest_sha") + + echo "Latest commit touching requirements.txt: $latest_sha" + echo " author: $latest_author" + echo " committer: $latest_committer" + echo " message: $(echo "$latest_message" | head -n1)" + + # Build a grep-friendly regex from comma-separated allowed bots + allowed_regex=$(echo "$ALLOWED_BOTS" | sed 's/,/\\|/g') + + # 1) author or committer is allowed bot + if echo "$latest_author" | grep -qE "^($allowed_regex)$" || echo "$latest_committer" | grep -qE "^($allowed_regex)$"; then + echo "Latest change by allowed bot: OK" + exit 0 + fi + + # 2) latest commit message exactly equals canonical message + if [ -n "${COMMIT_MSG_FILE:-}" ] && [ -f "$COMMIT_MSG_FILE" ]; then + canonical_msg=$(sed -n '1p' "$COMMIT_MSG_FILE" | tr -d '\r') + # Compare exact first-line equality (trim trailing newline/space) + latest_first_line=$(echo "$latest_message" | head -n1 | sed -e 's/[[:space:]]*$//') + if [ "$latest_first_line" = "$canonical_msg" ]; then + echo "Latest commit message exactly matches canonical bot message: OK" + exit 0 + fi + fi + + # 3) fallback: any commit touching the file in range has allowed bot author or committer + if git log $COMPARE_RANGE --pretty=format:'%an|%cn' -- requirements.txt | grep -qE "($allowed_regex)"; then + echo "Found a bot-authored/committed change touching requirements.txt in the range: OK" + exit 0 + fi + + echo "::error::You may NOT edit 'requirements.txt'" + echo "::warning::Undo your changes to requirements.txt, so robot can maintain it." + echo "::notice::To pin dependencies, use 'poetry add '." + echo "Latest commit: $latest_sha" + echo "Latest author: $latest_author" + echo "Latest committer: $latest_committer" + echo "Latest message: $(echo "$latest_message" | head -n1)" + exit 1 +fi + +echo "'requirements.txt' unchanged (or latest change by allowed bot/marker)" diff --git a/.github/commit-messages/requirements_update.txt b/.github/commit-messages/requirements_update.txt new file mode 100644 index 00000000..322db8b8 --- /dev/null +++ b/.github/commit-messages/requirements_update.txt @@ -0,0 +1 @@ +chore: auto-update requirements.txt [bot] diff --git a/.github/workflows/requirements-validate.yml b/.github/workflows/requirements-validate.yml index de140da0..c0ba5acb 100644 --- a/.github/workflows/requirements-validate.yml +++ b/.github/workflows/requirements-validate.yml @@ -19,23 +19,8 @@ jobs: with: fetch-depth: 0 # full history - - name: Check if requirements.txt was modified unexpectedly - run: | - # For PRs, check against base branch - # For pushes, check last commit - if [ "${{ github.event_name }}" = "pull_request" ]; then - BASE_REF="${{ github.event.pull_request.base.sha }}" - COMPARE_RANGE="$BASE_REF...HEAD" - else - COMPARE_RANGE="HEAD~1..HEAD" - fi - - # If requirements.txt modified in that range - if git diff --name-only $COMPARE_RANGE | grep -q "^requirements.txt$"; then - echo "::error::You may NOT edit 'requirements.txt'" - echo "::warning::Undo your changes to requirements.txt, so robot can maintain it." - echo "::notice::To pin dependencies, use 'poetry add '." - exit 1 - fi + - name: Validate requirements + uses: ./.github/actions/validate-requirements + with: + allowed_bots: 'github-actions[bot],dependabot[bot]' - echo "'requirements.txt' unchanged (or only changed by bot)" diff --git a/.github/workflows/requirments-sync.yml b/.github/workflows/requirments-sync.yml index e9cab15a..ef828b6a 100644 --- a/.github/workflows/requirments-sync.yml +++ b/.github/workflows/requirments-sync.yml @@ -83,6 +83,9 @@ jobs: if git diff --staged --quiet; then echo "No changes to requirements.txt" else - git commit -m "chore: auto-update requirements.txt [bot]" - git push - fi + commit_msg=$(sed -n '1p' .github/commit-messages/requirements_update.txt 2>/dev/null | tr -d '\r') + if [ -z "$commit_msg" ]; then + echo "::error::Missing or empty canonical commit message file: .github/commit-messages/requirements_update.txt" + exit 1 + fi + git commit -m "$commit_msg" diff --git a/.github/workflows/validate-requirements.yml b/.github/workflows/validate-requirements.yml index 420c6133..7640e5fa 100644 --- a/.github/workflows/validate-requirements.yml +++ b/.github/workflows/validate-requirements.yml @@ -12,21 +12,10 @@ jobs: - name: Checkout code uses: actions/checkout@v4 with: - fetch-depth: 2 + fetch-depth: 0 - - name: Check if requirements.txt was modified unexpectedly - run: | - # Get author of last commit - AUTHOR=$(git log -1 --pretty=format:'%an') - - # Check if requirements.txt was modified in last commit - if git diff --name-only HEAD~1 HEAD | grep -q "^requirements.txt$"; then - if [ "$AUTHOR" != "github-actions[bot]" ]; then - echo "❌ ERROR: You may NOT edit `requirements.txt`" - echo "To pin dependencies, use `poetry add `." - echo "Please remove your changes to requirements.txt, so the robot can maintain it." - exit 1 - fi - fi + - name: Validate requirements + uses: ./.github/actions/validate-requirements + with: + allowed_bots: 'github-actions[bot],dependabot[bot]' - echo "✅ SUCCESS: `requirements.txt` not modified unexpectedly" From 5faa588c935a0109ad35a56c432e36f7e2503695 Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 14:49:23 -0600 Subject: [PATCH 04/26] fix: [AI] compare author of req's change --- .github/actions/validate-requirements/check.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/validate-requirements/check.sh b/.github/actions/validate-requirements/check.sh index c83f855a..253ef58d 100644 --- a/.github/actions/validate-requirements/check.sh +++ b/.github/actions/validate-requirements/check.sh @@ -5,15 +5,15 @@ IFS=$'\n\t' ALLOWED_BOTS="${ALLOWED_BOTS:-github-actions[bot],dependabot[bot]}" # Determine the comparison range -is_pr=; +is_pr="" if [ "${GITHUB_EVENT_NAME:-}" = "pull_request" ]; then is_pr=1 fi -has_base_ref=; +has_base_ref="" if [ -n "${GITHUB_BASE_REF:-}" ]; then has_base_ref=1 fi -origin_base_ref_exists=; +origin_base_ref_exists="" if [ -n "${GITHUB_BASE_REF:-}" ] && git rev-parse --verify "origin/${GITHUB_BASE_REF}" >/dev/null 2>&1; then origin_base_ref_exists=1 fi From 5720cfffda3ac1ee27f6896249ccbac61672ffaa Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 14:56:56 -0600 Subject: [PATCH 05/26] fix: [AI] missing fi --- .github/workflows/requirments-sync.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/requirments-sync.yml b/.github/workflows/requirments-sync.yml index ef828b6a..51ce2131 100644 --- a/.github/workflows/requirments-sync.yml +++ b/.github/workflows/requirments-sync.yml @@ -89,3 +89,4 @@ jobs: exit 1 fi git commit -m "$commit_msg" + fi From af5abcb3440b13f3aa9e3383c1d03bc977c3baeb Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 15:07:31 -0600 Subject: [PATCH 06/26] refactor: [AI] unify commit message file handling --- .github/workflows/requirements-validate.yml | 3 +++ .github/workflows/requirments-sync.yml | 6 ++++-- .github/workflows/validate-requirements.yml | 3 +++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/requirements-validate.yml b/.github/workflows/requirements-validate.yml index c0ba5acb..3f62791d 100644 --- a/.github/workflows/requirements-validate.yml +++ b/.github/workflows/requirements-validate.yml @@ -9,6 +9,8 @@ on: jobs: reject-requirements-drift: runs-on: ubuntu-latest + env: + COMMIT_MSG_FILE: .github/commit-messages/requirements_update.txt # Skip if the last commit was from the bot (prevent unnecessary check) if: github.event.head_commit.author.name != 'github-actions[bot]' @@ -23,4 +25,5 @@ jobs: uses: ./.github/actions/validate-requirements with: allowed_bots: 'github-actions[bot],dependabot[bot]' + commit_message_file: ${{ env.COMMIT_MSG_FILE }} diff --git a/.github/workflows/requirments-sync.yml b/.github/workflows/requirments-sync.yml index 51ce2131..7d84e69a 100644 --- a/.github/workflows/requirments-sync.yml +++ b/.github/workflows/requirments-sync.yml @@ -53,6 +53,8 @@ jobs: runs-on: ubuntu-latest needs: detect-requirements-delta if: needs.detect-requirements-delta.outputs.has_change == 'true' + env: + COMMIT_MSG_FILE: .github/commit-messages/requirements_update.txt steps: - name: Checkout code @@ -83,9 +85,9 @@ jobs: if git diff --staged --quiet; then echo "No changes to requirements.txt" else - commit_msg=$(sed -n '1p' .github/commit-messages/requirements_update.txt 2>/dev/null | tr -d '\r') + commit_msg=$(sed -n '1p' "$COMMIT_MSG_FILE" 2>/dev/null | tr -d '\r') if [ -z "$commit_msg" ]; then - echo "::error::Missing or empty canonical commit message file: .github/commit-messages/requirements_update.txt" + echo "::error::Missing or empty canonical commit message file: $COMMIT_MSG_FILE" exit 1 fi git commit -m "$commit_msg" diff --git a/.github/workflows/validate-requirements.yml b/.github/workflows/validate-requirements.yml index 7640e5fa..3c43dc16 100644 --- a/.github/workflows/validate-requirements.yml +++ b/.github/workflows/validate-requirements.yml @@ -7,6 +7,8 @@ on: jobs: check-requirements: runs-on: ubuntu-latest + env: + COMMIT_MSG_FILE: .github/commit-messages/requirements_update.txt steps: - name: Checkout code @@ -18,4 +20,5 @@ jobs: uses: ./.github/actions/validate-requirements with: allowed_bots: 'github-actions[bot],dependabot[bot]' + commit_message_file: ${{ env.COMMIT_MSG_FILE }} From 9fc9c6c7f4cc7b38b9fd7c16f175fd28ad20af2b Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 15:09:34 -0600 Subject: [PATCH 07/26] test: add new line to poetry.lock will it update requirements.txt? --- poetry.lock | 1 + 1 file changed, 1 insertion(+) diff --git a/poetry.lock b/poetry.lock index 3d87dd73..4e744a0b 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,5 +1,6 @@ # This file is automatically @generated by Poetry 2.2.1 and should not be changed by hand. + [[package]] name = "babel" version = "2.17.0" From d5ff87f855e3c8bde3ed46301a7a651cfc7f88eb Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 15:12:42 -0600 Subject: [PATCH 08/26] fix: missing push --- .github/workflows/requirments-sync.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/requirments-sync.yml b/.github/workflows/requirments-sync.yml index 7d84e69a..5796d762 100644 --- a/.github/workflows/requirments-sync.yml +++ b/.github/workflows/requirments-sync.yml @@ -91,4 +91,5 @@ jobs: exit 1 fi git commit -m "$commit_msg" + git push fi From f5bb0f1c40c01ef624dbc6fec6e82b8161943a6c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 5 Jan 2026 21:13:40 +0000 Subject: [PATCH 09/26] chore: auto-update requirements.txt [bot] --- requirements.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements.txt b/requirements.txt index df45f168..9bb7d560 100644 --- a/requirements.txt +++ b/requirements.txt @@ -115,9 +115,9 @@ mkdocs-exclude-search==0.6.6 ; python_version >= "3.10" and python_version < "3. mkdocs-include-markdown-plugin==5.1.0 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:4a1b8d79a0e1b6fd357ca8013a6d1701c755ada4acb74ee97b0642d1afe6756e \ --hash=sha256:e9ca188ab1d86f5fc4a6b96ce8c85acf6e25f114897868041056ec7945f29f65 -mkdocs-tacc==1.0.0 ; python_version >= "3.10" and python_version < "3.13" \ - --hash=sha256:5d9f1d4a4b871526f74e92bda8eb52584ece817d1eef5d4064ef40fe6adcf99d \ - --hash=sha256:cbd107eab1ff1659bc164c84f17055f367097a0b3dfe2ec3b41ef34850f7181c +mkdocs-tacc==1.0.1 ; python_version >= "3.10" and python_version < "3.13" \ + --hash=sha256:08b8e0b1ab5bdcdfea493c2f18077723b36569afdd71a23a5d097fb7942799ea \ + --hash=sha256:f14ac8d3833bb43447cdb91210f6179e85fe5bef92f7d948ac9c50e41ec8e6c0 mkdocs==1.4.3 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:5955093bbd4dd2e9403c5afaf57324ad8b04f16886512a3ee6ef828956481c57 \ --hash=sha256:6ee46d309bda331aac915cd24aab882c179a933bd9e77b80ce7d2eaaa3f689dd From 53e6149f87bbf776e259d40b857dfce852e911b8 Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 15:15:37 -0600 Subject: [PATCH 10/26] test: add new line to requirements.txt will this change be caught by bot? --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index df45f168..7bd8a20a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,4 @@ + babel==2.17.0 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:0c54cffb19f690cdcc52a3b50bcbf71e07a808d1c80d549f2459b9d2cf0afb9d \ --hash=sha256:4d0b53093fdfb4b21c92b5213dba5a1b23885afa8383709427046b21c366e5f2 From e0506c0aed0f39f881d5684028d9c964c5c7502a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 5 Jan 2026 21:16:32 +0000 Subject: [PATCH 11/26] chore: auto-update requirements.txt [bot] --- requirements.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 41ee2b72..9bb7d560 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,3 @@ - babel==2.17.0 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:0c54cffb19f690cdcc52a3b50bcbf71e07a808d1c80d549f2459b9d2cf0afb9d \ --hash=sha256:4d0b53093fdfb4b21c92b5213dba5a1b23885afa8383709427046b21c366e5f2 From df3057d166c0b6eb74f6d667e0f882ea9fe9f0e0 Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 15:18:36 -0600 Subject: [PATCH 12/26] test: (again) add new line to requirements.txt will this change be caught by bot? previous test got marred by auto-merge because i forgot to pulll beofre push --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index 9bb7d560..41ee2b72 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,4 @@ + babel==2.17.0 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:0c54cffb19f690cdcc52a3b50bcbf71e07a808d1c80d549f2459b9d2cf0afb9d \ --hash=sha256:4d0b53093fdfb4b21c92b5213dba5a1b23885afa8383709427046b21c366e5f2 From 9722566175e81268db25b62b1d0a38bd1a1dab14 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 5 Jan 2026 21:19:32 +0000 Subject: [PATCH 13/26] chore: auto-update requirements.txt [bot] --- requirements.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 41ee2b72..9bb7d560 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,3 @@ - babel==2.17.0 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:0c54cffb19f690cdcc52a3b50bcbf71e07a808d1c80d549f2459b9d2cf0afb9d \ --hash=sha256:4d0b53093fdfb4b21c92b5213dba5a1b23885afa8383709427046b21c366e5f2 From 773685d949b557d2a411a9e6cb9776971e5c6532 Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 16:27:01 -0600 Subject: [PATCH 14/26] refactor: [AI] repair changes to validation logic --- .../actions/validate-requirements/action.yml | 6 +- .../actions/validate-requirements/check.sh | 57 ++++++++----------- 2 files changed, 27 insertions(+), 36 deletions(-) diff --git a/.github/actions/validate-requirements/action.yml b/.github/actions/validate-requirements/action.yml index 16f4d659..37c2ee4a 100644 --- a/.github/actions/validate-requirements/action.yml +++ b/.github/actions/validate-requirements/action.yml @@ -1,8 +1,10 @@ name: "Validate requirements" description: | - Reject changes to `requirements.txt` unless the latest commit that touched - the file in the compare range was authored by an allowed bot. + Reject direct edits to `requirements.txt` by humans: the action fails if + any commit touching the file in the compare range appears to be authored by a + human or otherwise not from an allowed bot (unless the commit message exactly + matches the canonical bot commit message). inputs: allowed_bots: diff --git a/.github/actions/validate-requirements/check.sh b/.github/actions/validate-requirements/check.sh index 253ef58d..31c424c8 100644 --- a/.github/actions/validate-requirements/check.sh +++ b/.github/actions/validate-requirements/check.sh @@ -24,59 +24,48 @@ else COMPARE_RANGE="HEAD~1..HEAD" fi -# If requirements.txt changed in comparison range, ensure latest change's commit -# was authored by an allowed bot, or the latest commit message exactly matches -# the canonical bot commit message, or fallback to any bot-authored commit. +# If requirements.txt changed in comparison range, ensure latest change's commit was authored by an allowed bot, or the latest commit message exactly matches the canonical bot commit message, or fallback to any bot-authored commit if git diff --name-only $COMPARE_RANGE | grep -q "^requirements.txt$"; then - latest_sha=$(git log -1 --pretty=format:'%H' $COMPARE_RANGE -- requirements.txt || true) + # Get commits touching requirements.txt in the range + commits=$(git log --pretty=format:'%H' $COMPARE_RANGE -- requirements.txt || true) - if [ -z "$latest_sha" ]; then + if [ -z "$commits" ]; then echo "::error::No commits found touching requirements.txt in range $COMPARE_RANGE" exit 1 fi - latest_author=$(git show -s --format='%an' "$latest_sha") - latest_committer=$(git show -s --format='%cn' "$latest_sha") - latest_message=$(git show -s --format='%B' "$latest_sha") - - echo "Latest commit touching requirements.txt: $latest_sha" - echo " author: $latest_author" - echo " committer: $latest_committer" - echo " message: $(echo "$latest_message" | head -n1)" - # Build a grep-friendly regex from comma-separated allowed bots allowed_regex=$(echo "$ALLOWED_BOTS" | sed 's/,/\\|/g') - # 1) author or committer is allowed bot - if echo "$latest_author" | grep -qE "^($allowed_regex)$" || echo "$latest_committer" | grep -qE "^($allowed_regex)$"; then - echo "Latest change by allowed bot: OK" - exit 0 - fi - - # 2) latest commit message exactly equals canonical message + # Read canonical commit message first line if available + canonical_msg="" if [ -n "${COMMIT_MSG_FILE:-}" ] && [ -f "$COMMIT_MSG_FILE" ]; then canonical_msg=$(sed -n '1p' "$COMMIT_MSG_FILE" | tr -d '\r') - # Compare exact first-line equality (trim trailing newline/space) - latest_first_line=$(echo "$latest_message" | head -n1 | sed -e 's/[[:space:]]*$//') - if [ "$latest_first_line" = "$canonical_msg" ]; then - echo "Latest commit message exactly matches canonical bot message: OK" - exit 0 - fi fi - # 3) fallback: any commit touching the file in range has allowed bot author or committer - if git log $COMPARE_RANGE --pretty=format:'%an|%cn' -- requirements.txt | grep -qE "($allowed_regex)"; then - echo "Found a bot-authored/committed change touching requirements.txt in the range: OK" + # Short check: report any commit touching requirements.txt in the range that is not authored by an allowed bot and does not exactly match the canonical bot commit message (first line) + offending=$(git log $COMPARE_RANGE --pretty=format:'%H|%an|%s' -- requirements.txt | + while IFS='|' read -r sha author subject; do + if echo "$author" | grep -qE "^($allowed_regex)$"; then + continue + fi + if [ -n "$canonical_msg" ] && [ "$subject" = "$canonical_msg" ]; then + continue + fi + printf '%s|%s|%s\n' "$sha" "$author" "$subject" + break + done) + + if [ -z "$offending" ]; then + echo "All commits touching requirements.txt in the range are from allowed bots or canonical bot messages: OK" exit 0 fi echo "::error::You may NOT edit 'requirements.txt'" echo "::warning::Undo your changes to requirements.txt, so robot can maintain it." echo "::notice::To pin dependencies, use 'poetry add '." - echo "Latest commit: $latest_sha" - echo "Latest author: $latest_author" - echo "Latest committer: $latest_committer" - echo "Latest message: $(echo "$latest_message" | head -n1)" + echo "Offending commit(s):" + echo "$offending" | sed 's/^/ /' exit 1 fi From 67f433eca60eaa583245096ca6945f81cf793495 Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 16:49:31 -0600 Subject: [PATCH 15/26] fix: [AI] prevent bot commit if human edit --- .../actions/validate-requirements/check.sh | 86 ++++++++++++------- .github/workflows/requirments-sync.yml | 43 +++++++++- 2 files changed, 96 insertions(+), 33 deletions(-) diff --git a/.github/actions/validate-requirements/check.sh b/.github/actions/validate-requirements/check.sh index 31c424c8..cebdfa17 100644 --- a/.github/actions/validate-requirements/check.sh +++ b/.github/actions/validate-requirements/check.sh @@ -2,6 +2,8 @@ set -euo pipefail IFS=$'\n\t' +# Mode: "validate" (default, exits non-zero on human edit) or "detect" (outputs to GITHUB_OUTPUT) +MODE="${MODE:-validate}" ALLOWED_BOTS="${ALLOWED_BOTS:-github-actions[bot],dependabot[bot]}" # Determine the comparison range @@ -24,49 +26,69 @@ else COMPARE_RANGE="HEAD~1..HEAD" fi -# If requirements.txt changed in comparison range, ensure latest change's commit was authored by an allowed bot, or the latest commit message exactly matches the canonical bot commit message, or fallback to any bot-authored commit -if git diff --name-only $COMPARE_RANGE | grep -q "^requirements.txt$"; then - # Get commits touching requirements.txt in the range - commits=$(git log --pretty=format:'%H' $COMPARE_RANGE -- requirements.txt || true) - - if [ -z "$commits" ]; then - echo "::error::No commits found touching requirements.txt in range $COMPARE_RANGE" - exit 1 +# Check if requirements.txt changed +if ! git diff --name-only $COMPARE_RANGE | grep -q "^requirements.txt$"; then + echo "'requirements.txt' unchanged" + if [ "$MODE" = "detect" ]; then + echo "human_edit=false" >> "${GITHUB_OUTPUT:-/dev/stdout}" fi + exit 0 +fi - # Build a grep-friendly regex from comma-separated allowed bots - allowed_regex=$(echo "$ALLOWED_BOTS" | sed 's/,/\\|/g') +# Get latest commit that touched requirements.txt +latest_sha=$(git log -1 --pretty=format:'%H' $COMPARE_RANGE -- requirements.txt || true) - # Read canonical commit message first line if available - canonical_msg="" - if [ -n "${COMMIT_MSG_FILE:-}" ] && [ -f "$COMMIT_MSG_FILE" ]; then - canonical_msg=$(sed -n '1p' "$COMMIT_MSG_FILE" | tr -d '\r') +if [ -z "$latest_sha" ]; then + echo "::error::No commits found touching requirements.txt in range $COMPARE_RANGE" + if [ "$MODE" = "detect" ]; then + echo "human_edit=false" >> "${GITHUB_OUTPUT:-/dev/stdout}" fi + exit 1 +fi + +latest_author=$(git show -s --format='%an' "$latest_sha") +latest_committer=$(git show -s --format='%cn' "$latest_sha") +latest_message=$(git show -s --format='%B' "$latest_sha") +latest_subject=$(echo "$latest_message" | head -n1 | sed -e 's/[[:space:]]*$//') - # Short check: report any commit touching requirements.txt in the range that is not authored by an allowed bot and does not exactly match the canonical bot commit message (first line) - offending=$(git log $COMPARE_RANGE --pretty=format:'%H|%an|%s' -- requirements.txt | - while IFS='|' read -r sha author subject; do - if echo "$author" | grep -qE "^($allowed_regex)$"; then - continue - fi - if [ -n "$canonical_msg" ] && [ "$subject" = "$canonical_msg" ]; then - continue - fi - printf '%s|%s|%s\n' "$sha" "$author" "$subject" - break - done) +# Build a grep-friendly regex from comma-separated allowed bots +allowed_regex=$(echo "$ALLOWED_BOTS" | sed 's/,/\\|/g') - if [ -z "$offending" ]; then - echo "All commits touching requirements.txt in the range are from allowed bots or canonical bot messages: OK" +# Check 1: author or committer is allowed bot +if echo "$latest_author" | grep -qE "^($allowed_regex)$" || echo "$latest_committer" | grep -qE "^($allowed_regex)$"; then + echo "Latest change by allowed bot: OK" + if [ "$MODE" = "detect" ]; then + echo "human_edit=false" >> "${GITHUB_OUTPUT:-/dev/stdout}" + fi + exit 0 +fi + +# Check 2: commit message exactly matches canonical message +if [ -n "${COMMIT_MSG_FILE:-}" ] && [ -f "$COMMIT_MSG_FILE" ]; then + canonical_msg=$(sed -n '1p' "$COMMIT_MSG_FILE" | tr -d '\r') + if [ "$latest_subject" = "$canonical_msg" ]; then + echo "Latest commit message exactly matches canonical bot message: OK" + if [ "$MODE" = "detect" ]; then + echo "human_edit=false" >> "${GITHUB_OUTPUT:-/dev/stdout}" + fi exit 0 fi +fi +# Human edit detected +if [ "$MODE" = "detect" ]; then + echo "human_edit=true" >> "${GITHUB_OUTPUT:-/dev/stdout}" + echo "offender_author=$latest_author" >> "${GITHUB_OUTPUT:-/dev/stdout}" + echo "offender_subject=$latest_subject" >> "${GITHUB_OUTPUT:-/dev/stdout}" + echo "Human edit detected" + exit 0 +else echo "::error::You may NOT edit 'requirements.txt'" echo "::warning::Undo your changes to requirements.txt, so robot can maintain it." echo "::notice::To pin dependencies, use 'poetry add '." - echo "Offending commit(s):" - echo "$offending" | sed 's/^/ /' + echo "Latest commit: $latest_sha" + echo "Latest author: $latest_author" + echo "Latest committer: $latest_committer" + echo "Latest message: $latest_subject" exit 1 fi - -echo "'requirements.txt' unchanged (or latest change by allowed bot/marker)" diff --git a/.github/workflows/requirments-sync.yml b/.github/workflows/requirments-sync.yml index 5796d762..2c823986 100644 --- a/.github/workflows/requirments-sync.yml +++ b/.github/workflows/requirments-sync.yml @@ -49,10 +49,51 @@ jobs: echo "has_change=true" >> $GITHUB_OUTPUT fi - commit-requirements-delta: + prevent-bot-commit-if-human-edit: runs-on: ubuntu-latest needs: detect-requirements-delta if: needs.detect-requirements-delta.outputs.has_change == 'true' + outputs: + is_human_edit: ${{ steps.check.outputs.is_human_edit }} + offender_author: ${{ steps.check.outputs.offender_author }} + offender_subject: ${{ steps.check.outputs.offender_subject }} + env: + ALLOWED_BOTS: 'github-actions[bot],dependabot[bot]' + COMMIT_MSG_FILE: .github/commit-messages/requirements_update.txt + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ github.head_ref || github.ref_name }} + fetch-depth: 0 + + - name: Check for human edits + id: check + env: + MODE: detect + run: bash ./.github/actions/validate-requirements/check.sh + + - name: Comment on PR about human edit + if: steps.check.outputs.is_human_edit == 'true' + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const author = `${{ steps.check.outputs.offender_author }}` + const subject = `${{ steps.check.outputs.offender_subject }}` + const body = `Undo edits to \`requirements.txt\` in this PR. That file is maintained by a bot; human edits should be reverted so the bot can manage it. Offending commit by ${author}: "${subject}". If you intended to pin a dependency, use \`poetry add \`.` + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + body + }) + + commit-requirements-delta: + runs-on: ubuntu-latest + needs: [detect-requirements-delta, prevent-bot-commit-if-human-edit] + if: needs.detect-requirements-delta.outputs.has_change == 'true' && needs.prevent-bot-commit-if-human-edit.outputs.is_human_edit == 'false' env: COMMIT_MSG_FILE: .github/commit-messages/requirements_update.txt From 31b7f29bc6fec6b5a48ea633d004586f26abdfa1 Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 16:52:09 -0600 Subject: [PATCH 16/26] test: (again) add new line to requirements.txt will this change be caught by bot? testing now since latest refactor commit --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index 9bb7d560..41ee2b72 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,4 @@ + babel==2.17.0 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:0c54cffb19f690cdcc52a3b50bcbf71e07a808d1c80d549f2459b9d2cf0afb9d \ --hash=sha256:4d0b53093fdfb4b21c92b5213dba5a1b23885afa8383709427046b21c366e5f2 From d0d0ab6a6b22600ee2175a52a21dc65ae504caaf Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 16:55:02 -0600 Subject: [PATCH 17/26] Revert "test: (again) add new line to requirements.txt" This reverts commit 31b7f29bc6fec6b5a48ea633d004586f26abdfa1. --- requirements.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 41ee2b72..9bb7d560 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,3 @@ - babel==2.17.0 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:0c54cffb19f690cdcc52a3b50bcbf71e07a808d1c80d549f2459b9d2cf0afb9d \ --hash=sha256:4d0b53093fdfb4b21c92b5213dba5a1b23885afa8383709427046b21c366e5f2 From 908938bedbaa1b4cbee1e55bdedb3cfbfd4f1d65 Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 17:01:36 -0600 Subject: [PATCH 18/26] fix: [AI] don't reject drift unless there is diff --- .../actions/validate-requirements/check.sh | 22 ++++++++++++++----- .github/workflows/requirments-sync.yml | 2 +- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/.github/actions/validate-requirements/check.sh b/.github/actions/validate-requirements/check.sh index cebdfa17..a4223af9 100644 --- a/.github/actions/validate-requirements/check.sh +++ b/.github/actions/validate-requirements/check.sh @@ -30,18 +30,30 @@ fi if ! git diff --name-only $COMPARE_RANGE | grep -q "^requirements.txt$"; then echo "'requirements.txt' unchanged" if [ "$MODE" = "detect" ]; then - echo "human_edit=false" >> "${GITHUB_OUTPUT:-/dev/stdout}" + echo "is_human_edit=false" >> "${GITHUB_OUTPUT:-/dev/stdout}" fi exit 0 fi +# Check if requirements.txt differs from base (net change across all commits in range) +if [ -n "$is_pr" ] && [ -n "$has_base_ref" ] && [ -n "$origin_base_ref_exists" ]; then + BASE_REF_PARSED="origin/${GITHUB_BASE_REF}" + if git diff --quiet "$BASE_REF_PARSED" HEAD -- requirements.txt; then + echo "requirements.txt touched but matches base branch (likely reverted): OK" + if [ "$MODE" = "detect" ]; then + echo "is_human_edit=false" >> "${GITHUB_OUTPUT:-/dev/stdout}" + fi + exit 0 + fi +fi + # Get latest commit that touched requirements.txt latest_sha=$(git log -1 --pretty=format:'%H' $COMPARE_RANGE -- requirements.txt || true) if [ -z "$latest_sha" ]; then echo "::error::No commits found touching requirements.txt in range $COMPARE_RANGE" if [ "$MODE" = "detect" ]; then - echo "human_edit=false" >> "${GITHUB_OUTPUT:-/dev/stdout}" + echo "is_human_edit=false" >> "${GITHUB_OUTPUT:-/dev/stdout}" fi exit 1 fi @@ -58,7 +70,7 @@ allowed_regex=$(echo "$ALLOWED_BOTS" | sed 's/,/\\|/g') if echo "$latest_author" | grep -qE "^($allowed_regex)$" || echo "$latest_committer" | grep -qE "^($allowed_regex)$"; then echo "Latest change by allowed bot: OK" if [ "$MODE" = "detect" ]; then - echo "human_edit=false" >> "${GITHUB_OUTPUT:-/dev/stdout}" + echo "is_human_edit=false" >> "${GITHUB_OUTPUT:-/dev/stdout}" fi exit 0 fi @@ -69,7 +81,7 @@ if [ -n "${COMMIT_MSG_FILE:-}" ] && [ -f "$COMMIT_MSG_FILE" ]; then if [ "$latest_subject" = "$canonical_msg" ]; then echo "Latest commit message exactly matches canonical bot message: OK" if [ "$MODE" = "detect" ]; then - echo "human_edit=false" >> "${GITHUB_OUTPUT:-/dev/stdout}" + echo "is_human_edit=false" >> "${GITHUB_OUTPUT:-/dev/stdout}" fi exit 0 fi @@ -77,7 +89,7 @@ fi # Human edit detected if [ "$MODE" = "detect" ]; then - echo "human_edit=true" >> "${GITHUB_OUTPUT:-/dev/stdout}" + echo "is_human_edit=true" >> "${GITHUB_OUTPUT:-/dev/stdout}" echo "offender_author=$latest_author" >> "${GITHUB_OUTPUT:-/dev/stdout}" echo "offender_subject=$latest_subject" >> "${GITHUB_OUTPUT:-/dev/stdout}" echo "Human edit detected" diff --git a/.github/workflows/requirments-sync.yml b/.github/workflows/requirments-sync.yml index 2c823986..e96171d2 100644 --- a/.github/workflows/requirments-sync.yml +++ b/.github/workflows/requirments-sync.yml @@ -82,7 +82,7 @@ jobs: script: | const author = `${{ steps.check.outputs.offender_author }}` const subject = `${{ steps.check.outputs.offender_subject }}` - const body = `Undo edits to \`requirements.txt\` in this PR. That file is maintained by a bot; human edits should be reverted so the bot can manage it. Offending commit by ${author}: "${subject}". If you intended to pin a dependency, use \`poetry add \`.` + const body = `Please undo edits to \`requirements.txt\` in this PR. This file is maintained by a bot and human edits should be reverted so the bot can manage it. Offending commit by ${author}: "${subject}". If you intended to pin a dependency, use \`poetry add \`.` await github.rest.issues.createComment({ owner: context.repo.owner, repo: context.repo.repo, From bc3a3107c55fde8c605d45380cea9353e41716ff Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 17:04:21 -0600 Subject: [PATCH 19/26] revert requirements.txt to main --- requirements.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements.txt b/requirements.txt index 9bb7d560..df45f168 100644 --- a/requirements.txt +++ b/requirements.txt @@ -115,9 +115,9 @@ mkdocs-exclude-search==0.6.6 ; python_version >= "3.10" and python_version < "3. mkdocs-include-markdown-plugin==5.1.0 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:4a1b8d79a0e1b6fd357ca8013a6d1701c755ada4acb74ee97b0642d1afe6756e \ --hash=sha256:e9ca188ab1d86f5fc4a6b96ce8c85acf6e25f114897868041056ec7945f29f65 -mkdocs-tacc==1.0.1 ; python_version >= "3.10" and python_version < "3.13" \ - --hash=sha256:08b8e0b1ab5bdcdfea493c2f18077723b36569afdd71a23a5d097fb7942799ea \ - --hash=sha256:f14ac8d3833bb43447cdb91210f6179e85fe5bef92f7d948ac9c50e41ec8e6c0 +mkdocs-tacc==1.0.0 ; python_version >= "3.10" and python_version < "3.13" \ + --hash=sha256:5d9f1d4a4b871526f74e92bda8eb52584ece817d1eef5d4064ef40fe6adcf99d \ + --hash=sha256:cbd107eab1ff1659bc164c84f17055f367097a0b3dfe2ec3b41ef34850f7181c mkdocs==1.4.3 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:5955093bbd4dd2e9403c5afaf57324ad8b04f16886512a3ee6ef828956481c57 \ --hash=sha256:6ee46d309bda331aac915cd24aab882c179a933bd9e77b80ce7d2eaaa3f689dd From e8ea33df15a88fd187a736b9b9b600bfadfb96e5 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 5 Jan 2026 23:05:26 +0000 Subject: [PATCH 20/26] chore: auto-update requirements.txt [bot] --- requirements.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements.txt b/requirements.txt index df45f168..9bb7d560 100644 --- a/requirements.txt +++ b/requirements.txt @@ -115,9 +115,9 @@ mkdocs-exclude-search==0.6.6 ; python_version >= "3.10" and python_version < "3. mkdocs-include-markdown-plugin==5.1.0 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:4a1b8d79a0e1b6fd357ca8013a6d1701c755ada4acb74ee97b0642d1afe6756e \ --hash=sha256:e9ca188ab1d86f5fc4a6b96ce8c85acf6e25f114897868041056ec7945f29f65 -mkdocs-tacc==1.0.0 ; python_version >= "3.10" and python_version < "3.13" \ - --hash=sha256:5d9f1d4a4b871526f74e92bda8eb52584ece817d1eef5d4064ef40fe6adcf99d \ - --hash=sha256:cbd107eab1ff1659bc164c84f17055f367097a0b3dfe2ec3b41ef34850f7181c +mkdocs-tacc==1.0.1 ; python_version >= "3.10" and python_version < "3.13" \ + --hash=sha256:08b8e0b1ab5bdcdfea493c2f18077723b36569afdd71a23a5d097fb7942799ea \ + --hash=sha256:f14ac8d3833bb43447cdb91210f6179e85fe5bef92f7d948ac9c50e41ec8e6c0 mkdocs==1.4.3 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:5955093bbd4dd2e9403c5afaf57324ad8b04f16886512a3ee6ef828956481c57 \ --hash=sha256:6ee46d309bda331aac915cd24aab882c179a933bd9e77b80ce7d2eaaa3f689dd From 0fd6f03ac31cfd7637231d28aa01f0e486b9fc44 Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 17:06:27 -0600 Subject: [PATCH 21/26] test: (again) add new line to requirements.txt will this change be caught by bot? testing now since latest fix commit --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index 9bb7d560..41ee2b72 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,4 @@ + babel==2.17.0 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:0c54cffb19f690cdcc52a3b50bcbf71e07a808d1c80d549f2459b9d2cf0afb9d \ --hash=sha256:4d0b53093fdfb4b21c92b5213dba5a1b23885afa8383709427046b21c366e5f2 From ad379fcc0e2e5bb575ad4078d02012bc12995b75 Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 17:09:33 -0600 Subject: [PATCH 22/26] fix: remove (failing) attempt to comment on PR --- .github/workflows/requirments-sync.yml | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.github/workflows/requirments-sync.yml b/.github/workflows/requirments-sync.yml index e96171d2..58d1401c 100644 --- a/.github/workflows/requirments-sync.yml +++ b/.github/workflows/requirments-sync.yml @@ -74,22 +74,6 @@ jobs: MODE: detect run: bash ./.github/actions/validate-requirements/check.sh - - name: Comment on PR about human edit - if: steps.check.outputs.is_human_edit == 'true' - uses: actions/github-script@v6 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const author = `${{ steps.check.outputs.offender_author }}` - const subject = `${{ steps.check.outputs.offender_subject }}` - const body = `Please undo edits to \`requirements.txt\` in this PR. This file is maintained by a bot and human edits should be reverted so the bot can manage it. Offending commit by ${author}: "${subject}". If you intended to pin a dependency, use \`poetry add \`.` - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - body - }) - commit-requirements-delta: runs-on: ubuntu-latest needs: [detect-requirements-delta, prevent-bot-commit-if-human-edit] From 0329a391eb581e063d11584f5e6e50a836e40ace Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 17:11:19 -0600 Subject: [PATCH 23/26] chore: quote message --- .github/actions/validate-requirements/check.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/validate-requirements/check.sh b/.github/actions/validate-requirements/check.sh index a4223af9..ac5dabcd 100644 --- a/.github/actions/validate-requirements/check.sh +++ b/.github/actions/validate-requirements/check.sh @@ -101,6 +101,6 @@ else echo "Latest commit: $latest_sha" echo "Latest author: $latest_author" echo "Latest committer: $latest_committer" - echo "Latest message: $latest_subject" + echo "Latest message: \"$latest_subject\"" exit 1 fi From a97a2fd28f1827b30ea03bd6b369a5b711cdf92c Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 17:11:29 -0600 Subject: [PATCH 24/26] Revert "test: (again) add new line to requirements.txt" This reverts commit 0fd6f03ac31cfd7637231d28aa01f0e486b9fc44. --- requirements.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 41ee2b72..9bb7d560 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,3 @@ - babel==2.17.0 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:0c54cffb19f690cdcc52a3b50bcbf71e07a808d1c80d549f2459b9d2cf0afb9d \ --hash=sha256:4d0b53093fdfb4b21c92b5213dba5a1b23885afa8383709427046b21c366e5f2 From a17276a66467eceae4123e7af712783e867ac021 Mon Sep 17 00:00:00 2001 From: Wesley B <62723358+wesleyboar@users.noreply.github.com> Date: Mon, 5 Jan 2026 17:13:24 -0600 Subject: [PATCH 25/26] revert requirements.txt to main --- requirements.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements.txt b/requirements.txt index 9bb7d560..df45f168 100644 --- a/requirements.txt +++ b/requirements.txt @@ -115,9 +115,9 @@ mkdocs-exclude-search==0.6.6 ; python_version >= "3.10" and python_version < "3. mkdocs-include-markdown-plugin==5.1.0 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:4a1b8d79a0e1b6fd357ca8013a6d1701c755ada4acb74ee97b0642d1afe6756e \ --hash=sha256:e9ca188ab1d86f5fc4a6b96ce8c85acf6e25f114897868041056ec7945f29f65 -mkdocs-tacc==1.0.1 ; python_version >= "3.10" and python_version < "3.13" \ - --hash=sha256:08b8e0b1ab5bdcdfea493c2f18077723b36569afdd71a23a5d097fb7942799ea \ - --hash=sha256:f14ac8d3833bb43447cdb91210f6179e85fe5bef92f7d948ac9c50e41ec8e6c0 +mkdocs-tacc==1.0.0 ; python_version >= "3.10" and python_version < "3.13" \ + --hash=sha256:5d9f1d4a4b871526f74e92bda8eb52584ece817d1eef5d4064ef40fe6adcf99d \ + --hash=sha256:cbd107eab1ff1659bc164c84f17055f367097a0b3dfe2ec3b41ef34850f7181c mkdocs==1.4.3 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:5955093bbd4dd2e9403c5afaf57324ad8b04f16886512a3ee6ef828956481c57 \ --hash=sha256:6ee46d309bda331aac915cd24aab882c179a933bd9e77b80ce7d2eaaa3f689dd From 67a7721bcc1c9b51f81feebe4e60cf67715f0a9d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 5 Jan 2026 23:14:27 +0000 Subject: [PATCH 26/26] chore: auto-update requirements.txt [bot] --- requirements.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements.txt b/requirements.txt index df45f168..9bb7d560 100644 --- a/requirements.txt +++ b/requirements.txt @@ -115,9 +115,9 @@ mkdocs-exclude-search==0.6.6 ; python_version >= "3.10" and python_version < "3. mkdocs-include-markdown-plugin==5.1.0 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:4a1b8d79a0e1b6fd357ca8013a6d1701c755ada4acb74ee97b0642d1afe6756e \ --hash=sha256:e9ca188ab1d86f5fc4a6b96ce8c85acf6e25f114897868041056ec7945f29f65 -mkdocs-tacc==1.0.0 ; python_version >= "3.10" and python_version < "3.13" \ - --hash=sha256:5d9f1d4a4b871526f74e92bda8eb52584ece817d1eef5d4064ef40fe6adcf99d \ - --hash=sha256:cbd107eab1ff1659bc164c84f17055f367097a0b3dfe2ec3b41ef34850f7181c +mkdocs-tacc==1.0.1 ; python_version >= "3.10" and python_version < "3.13" \ + --hash=sha256:08b8e0b1ab5bdcdfea493c2f18077723b36569afdd71a23a5d097fb7942799ea \ + --hash=sha256:f14ac8d3833bb43447cdb91210f6179e85fe5bef92f7d948ac9c50e41ec8e6c0 mkdocs==1.4.3 ; python_version >= "3.10" and python_version < "3.13" \ --hash=sha256:5955093bbd4dd2e9403c5afaf57324ad8b04f16886512a3ee6ef828956481c57 \ --hash=sha256:6ee46d309bda331aac915cd24aab882c179a933bd9e77b80ce7d2eaaa3f689dd