diff --git a/.github/workflows/check_private_index.yml b/.github/workflows/check_private_index.yml new file mode 100644 index 000000000..25931889a --- /dev/null +++ b/.github/workflows/check_private_index.yml @@ -0,0 +1,43 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Check for Private Index URLs in uv.lock + +on: + push: + pull_request: + +jobs: + check-for-private-index: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Search for private index URL in uv.lock files + run: | + FORBIDDEN_URL="us-python.pkg.dev" + FOUND_FILES=$(find . -type f -name "uv.lock" -print) + if [ -n "$FOUND_FILES" ]; then + # Use grep and check its exit code. grep exits with 0 if a match is found. + if echo "$FOUND_FILES" | xargs grep -q "$FORBIDDEN_URL"; then + echo "::error::Found private index URL ($FORBIDDEN_URL) in the following uv.lock files:" + # Show which files contain the URL + echo "$FOUND_FILES" | xargs grep -H "$FORBIDDEN_URL" + exit 1 + else + echo "No private index URLs found in uv.lock files." + fi + else + echo "No uv.lock files found to check." + fi \ No newline at end of file diff --git a/a2a_agents/python/a2ui_extension/uv.lock b/a2a_agents/python/a2ui_extension/uv.lock index ef835190b..b344fc398 100644 --- a/a2a_agents/python/a2ui_extension/uv.lock +++ b/a2a_agents/python/a2ui_extension/uv.lock @@ -6,6 +6,10 @@ resolution-markers = [ "python_full_version < '3.13'", ] +# Test line for private index +some_package == 1.0; index = "https://us-python.pkg.dev/fake/simple" + + [[package]] name = "a2a-sdk" version = "0.3.22"