Skip to content

Commit 8887691

Browse files
julian-rischclaude
julian-risch
and
claude
authored
build: add uv exclude-newer, pip uploaded-prior-to and Dependabot cooldown as supply chain guardrails (#11170)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent ba56cce commit 8887691

15 files changed

Lines changed: 65 additions & 20 deletions

.github/dependabot.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,3 +4,12 @@ updates:
44
directory: '/'
55
schedule:
66
interval: 'daily'
7+
cooldown:
8+
default-days: 1
9+
10+
- package-ecosystem: 'pip'
11+
directory: '/'
12+
schedule:
13+
interval: 'daily'
14+
cooldown:
15+
default-days: 1

.github/workflows/check_api_ref.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,9 @@ jobs:
6565
6666
- name: Install Hatch
6767
if: steps.changed.outputs.needs_check == 'true'
68-
run: pip install hatch
68+
run: |
69+
python -m pip install --upgrade pip
70+
pip install hatch --uploaded-prior-to=P1D
6971
7072
- name: Generate API references
7173
if: steps.changed.outputs.needs_check == 'true'

.github/workflows/docs-website-test-docs-snippets.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,15 +38,17 @@ jobs:
3838
python-version: '3.11'
3939

4040
- name: Install Hatch
41-
run: pip install hatch==${{ env.HATCH_VERSION }}
41+
run: |
42+
python -m pip install --upgrade pip
43+
pip install hatch==${{ env.HATCH_VERSION }} --uploaded-prior-to=P1D
4244
4345
- name: Generate API reference for Docusaurus
4446
run: hatch run docs
4547

4648
- name: Install base dependencies
4749
run: |
4850
python -m pip install --upgrade pip
49-
pip install requests toml
51+
pip install requests toml --uploaded-prior-to=P1D
5052
5153
- name: Run snippet tests (verbose)
5254
shell: bash

.github/workflows/docs_search_sync.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,9 @@ jobs:
3838
- name: Install script dependencies
3939
# sniffio is needed because of https://github.com/deepset-ai/deepset-cloud-sdk/issues/286
4040
# we pin pyrate-limiter due to https://github.com/deepset-ai/deepset-cloud-sdk/issues/295
41-
run: pip install deepset-cloud-sdk sniffio requests "pyrate-limiter<4"
41+
run: |
42+
python -m pip install --upgrade pip
43+
pip install deepset-cloud-sdk sniffio requests "pyrate-limiter<4" --uploaded-prior-to=P1D
4244
4345
- name: Update new docs to Search pipeline and remove outdated docs
4446
env:

.github/workflows/docusaurus_sync.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,9 @@ jobs:
3030
python-version: "${{ env.PYTHON_VERSION }}"
3131

3232
- name: Install Hatch
33-
run: pip install hatch==${{ env.HATCH_VERSION }}
33+
run: |
34+
python -m pip install --upgrade pip
35+
pip install hatch==${{ env.HATCH_VERSION }} --uploaded-prior-to=P1D
3436
3537
- name: Generate API reference for Docusaurus
3638
run: hatch run docs

.github/workflows/e2e.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,9 @@ jobs:
3434
python-version: "${{ env.PYTHON_VERSION }}"
3535

3636
- name: Install Hatch
37-
run: pip install hatch==${{ env.HATCH_VERSION }}
37+
run: |
38+
python -m pip install --upgrade pip
39+
pip install hatch==${{ env.HATCH_VERSION }} --uploaded-prior-to=P1D
3840
3941
- name: Run tests
4042
run: hatch run e2e:test

.github/workflows/github_release.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ jobs:
2727
- name: Install reno
2828
run: |
2929
python -m pip install --upgrade pip
30-
pip install "reno<5"
30+
pip install "reno<5" --uploaded-prior-to=P1D
3131
3232
# Remove next version rc0 tag in the CI environment to prevent reno from assigning notes to future releases.
3333
# This ensures release notes are correctly aggregated for the current version.

.github/workflows/license_compliance.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,8 @@ jobs:
2929

3030
- name: Get direct dependencies
3131
run: |
32-
pip install toml
32+
python -m pip install --upgrade pip
33+
pip install toml --uploaded-prior-to=P1D
3334
python .github/utils/pyproject_to_requirements.py pyproject.toml > ${{ env.REQUIREMENTS_FILE }}
3435
3536
- name: Check Licenses

.github/workflows/nightly_testpypi_release.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,9 @@ jobs:
3636
echo "Building haystack-ai version: ${NIGHTLY_VERSION}"
3737
3838
- name: Install Hatch
39-
run: pip install hatch==${{ env.HATCH_VERSION }}
39+
run: |
40+
python -m pip install --upgrade pip
41+
pip install hatch==${{ env.HATCH_VERSION }} --uploaded-prior-to=P1D
4042
4143
- name: Build Haystack
4244
run: hatch build

.github/workflows/pypi_release.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,9 @@ jobs:
2222
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2323

2424
- name: Install Hatch
25-
run: pip install hatch==${{ env.HATCH_VERSION }}
25+
run: |
26+
python -m pip install --upgrade pip
27+
pip install hatch==${{ env.HATCH_VERSION }} --uploaded-prior-to=P1D
2628
2729
- name: Build Haystack
2830
run: hatch build

0 commit comments

Comments
 (0)