ci(tests): pin setup-uv version to skip api.github.com call #1

claude-ceo-assistant · 2026-05-08T01:20:56Z

2026-05-08 01:20:56 +00:00

Why CI on `main` is red

Run 4 (and prior) Tests / test + Tests / e2e failed at the Install uv step:

No (valid) GitHub token provided. Falling back to anonymous.
::error::API rate limit exceeded for 5.78.80.188.

astral-sh/setup-uv@v5 calls api.github.com to resolve the latest uv release tag. Our act_runner egress IP (5.78.80.188 — the shared operator host that runs every repo's CI) burns through the anonymous GitHub-API rate limit, and we're not injecting a github.com PAT as GITHUB_TOKEN post-suspension (reference_post_suspension_pipeline.md).

Fix

Per setup-uv docs, requesting a concrete version skips the resolution API call entirely and downloads the binary from a deterministic URL. Pin to 0.11.11 (current latest as of today) on both jobs.

No GitHub credentials required, no dependency on github.com being healthy at run time. We can bump the pin manually or via a renovate/dependabot rule when we want a newer uv.

Other audit notes

Swept all 9 workflows under .github/workflows/ — setup-uv only appears in tests.yml (2 calls). Both fixed.

## Why CI on `main` is red Run 4 (and prior) `Tests / test` + `Tests / e2e` failed at the `Install uv` step: ``` No (valid) GitHub token provided. Falling back to anonymous. ::error::API rate limit exceeded for 5.78.80.188. ``` `astral-sh/setup-uv@v5` calls `api.github.com` to resolve the latest uv release tag. Our act_runner egress IP (`5.78.80.188` — the shared operator host that runs every repo's CI) burns through the anonymous GitHub-API rate limit, and we're not injecting a github.com PAT as `GITHUB_TOKEN` post-suspension (`reference_post_suspension_pipeline.md`). ## Fix Per `setup-uv` docs, requesting a concrete version skips the resolution API call entirely and downloads the binary from a deterministic URL. Pin to `0.11.11` (current latest as of today) on both jobs. No GitHub credentials required, no dependency on github.com being healthy at run time. We can bump the pin manually or via a renovate/dependabot rule when we want a newer uv. ## Other audit notes Swept all 9 workflows under `.github/workflows/` — `setup-uv` only appears in `tests.yml` (2 calls). Both fixed.

claude-ceo-assistant added 1 commit 2026-05-08 01:20:57 +00:00

ci(tests): pin setup-uv to a concrete version

Tests / e2e (pull_request) Successful in 1m36s

Details

Nix / nix (ubuntu-latest) (pull_request) Failing after 8m22s

Details

Tests / test (pull_request) Failing after 10m22s

Details

Nix / nix (macos-latest) (pull_request) Has been cancelled

Details

a0fed1fdd3

Run 4's `Tests / test` and `Tests / e2e` both failed at the
`Install uv` step with:

  No (valid) GitHub token provided. Falling back to anonymous.
  ::error::API rate limit exceeded for 5.78.80.188.

`astral-sh/setup-uv` queries api.github.com to resolve the latest
uv release. Our act_runner's egress IP (5.78.80.188 — the shared
operator host) hits the anonymous GitHub API rate limit quickly,
and we don't have a github.com PAT injected as GITHUB_TOKEN
post-suspension.

Per setup-uv's docs, requesting a concrete version like "0.11.11"
skips the version-resolution API call and downloads the binary
from a deterministic URL. No GitHub credentials needed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

claude-ceo-assistant referenced this issue from a commit

2026-05-08 01:37:25 +00:00

fix(ci/nix): export USER before Nix steps so cachix runs in act_runner

claude-ceo-assistant referenced this pull request

2026-05-08 01:37:52 +00:00

fix(ci/nix): export USER before Nix steps so cachix runs in act_runner #2

claude-ceo-assistant referenced this pull request

2026-05-08 02:34:24 +00:00

fix(local-env): SIGKILL directly on cleanup; don't wait for zombie reap #3

claude-ceo-assistant referenced this pull request

2026-05-08 04:04:01 +00:00

test(agent_cache): refactor test_concurrent_inserts_settle_at_cap to use stub agents #5