chore: bump deps to open-aea 2.2.1 / open-autonomy 0.21.18 + migrate scripts to CLIs#22
Conversation
- open-aea* pins: ==2.1.0 -> ==2.2.1 - open-autonomy pins: ==0.21.13 -> ==0.21.17 - Remove open-aea-ledger-ethereum-flashbots from scripts/bump.py (plugin removed upstream in open-aea 2.2.1) - Remove open-aea-flashbots from dependency ignore lists Third-party package hashes will need updating once open-autonomy 0.21.17 is released and packages are available on IPFS. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Dependency bumps:
* open-aea*: ==2.1.0 -> ==2.2.1
* open-autonomy: ==0.21.13 -> ==0.21.17
* tomte: ==0.6.2 -> ==0.6.5
Script migration (3 scripts deleted):
* scripts/check_dependencies.py -> aea-ci check-dependencies --check
* scripts/check_doc_ipfs_hashes.py -> aea-ci check-doc-hashes
* scripts/bump.py -> aea-helpers bump-dependencies
(install open-aea-helpers)
Flashbots cleanup:
* Removed open-aea-ledger-ethereum-flashbots from scripts/bump.py
(done before deletion)
* Removed open-aea-flashbots from scripts/check_dependencies.py
(done before deletion)
Remaining in scripts/: __init__.py
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two CI failures: 1. check-packages: ModuleNotFoundError for aea_cli_ipfs. Root cause: open-aea-cli-ipfs is behind open-autonomy's [cli]/[all] extras. Changed all open-autonomy==0.21.17 pins to open-autonomy[all]==0.21.17 so the CLI deps are installed. 2. liccheck: regex 2026.4.4 has license "Apache-2.0 AND CNRI-Python". CNRI-Python is OSI-approved but not in liccheck's built-in list. Added regex to [Authorized Packages]. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bumps open-autonomy from 0.21.17 to 0.21.18 in pyproject.toml and tox.ini. Poetry lock regenerated. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ense Two CI failures: 1. check-abciapp-specs: ModuleNotFoundError for aea_cli_ipfs. The env had no deps — added open-autonomy[all]==0.21.18 so the autonomy CLI and its transitive deps (including open-aea-cli-ipfs) are available. 2. liccheck: open-autonomy 0.21.18 wheel metadata reports "Other/Proprietary" (Poetry's license field mapping issue). Added to [Authorized Packages] whitelist pinned to ==0.21.18. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Every tox env that runs the autonomy CLI needs open-autonomy[all] installed (for open-aea-cli-ipfs, python-dotenv, and other extras). Previously only check-hash and check-packages had it explicitly; check-dependencies, check-abciapp-specs, and the base testenv did not. Root fix: add open-autonomy[all]==0.21.18 to [deps-packages] so all inheriting envs get it automatically. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
aea-ci check-dependencies --check strictly compares deps declared in pyproject.toml vs tox.ini. Added missing explicit deps to both: pyproject.toml: * open-autonomy[all]==0.21.18 (was bare, needs [all] for CLI extras) * open-aea[all]==2.2.1 * open-aea-cli-ipfs==2.2.1 * open-aea-ci-helpers==2.2.1 * setuptools<=81.0.0 tox.ini [deps-packages]: * open-aea[all]==2.2.1 * open-aea-cli-ipfs==2.2.1 * toml==0.10.2 Poetry lock regenerated. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
aea-ci check-doc-hashes has deploy-image/build.sh hardcoded in its file list (designed for open-autonomy's repo structure). dev-template has no deploy-image directory and no IPFS hashes in any docs — the check was always a no-op here. Removed the workflow step and tox env. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
| ; check-doc-hashes removed — aea-ci check-doc-hashes is hardcoded for | ||
| ; open-autonomy's directory structure (requires deploy-image/build.sh). | ||
| ; dev-template has no deployment images. Upstream fix needed to make | ||
| ; the command configurable before it can be used here. |
There was a problem hiding this comment.
why aren't we fixing this in open-autonomy first?
There was a problem hiding this comment.
I will be creating a PR in Open aea as well, but since this check was anyways not being used for this repo, to unblock the CI have added a comment.
|
imo both |
|
readme is outdated |
| open-aea = {version = "==2.2.1", extras = ["all"]} | ||
| open-aea-cli-ipfs = "==2.2.1" | ||
| open-aea-ci-helpers = "==2.2.1" | ||
| setuptools = "<=81.0.0" |
There was a problem hiding this comment.
are these really needed? I'm asking because if they are just transitive deps then it would be cleaner as it was before. Otherwise please also consider if keeping the required ones in development below makes more sense.
There was a problem hiding this comment.
Good catch — you're right about the transitive ones. Confirmed by empirically running aea-ci check-dependencies --check locally:
open-aea[all]==2.2.1andopen-aea-cli-ipfs==2.2.1→ redundant, transitive viaopen-autonomy[all]. Removed from bothpyproject.tomlandtox.ini [deps-packages].open-aea-ci-helpers==2.2.1andsetuptools<=81.0.0→ required in main deps. Tested moving them to[tool.poetry.group.development.dependencies]and the checker fails withERROR: X not found in pyproject.toml.aea-ci check-dependenciesonly reads[tool.poetry.dependencies](source), not group deps — so they have to stay there to satisfy the check.
Both are transitive via open-autonomy[all], so explicit pins were redundant. Verified aea-ci check-dependencies --check still passes locally with only the deps it actually enforces: - open-aea-ci-helpers (required — in tox.ini check-dependencies env) - setuptools (required — in tox.ini liccheck env) Kept in [tool.poetry.dependencies] because the checker only reads that section, not dev group deps. Addresses review feedback from @OjusWiZard. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Per review feedback from @DavidMinarsch: tests canonically live in packages/<author>/<skill>/tests, so keeping a top-level tests/ with a dummy test implies a bad pattern. Same for scripts/ which is now empty after the CLI migration. Changes: * Delete scripts/ (only __init__.py remained after CLI migration) * Delete tests/ (contained only a dummy no-op test) * tox.ini: strip `scripts` and `tests/` references from all lint envs; repoint pytest at packages/ so it targets the canonical test location * Makefile: drop `-e check-doc-hashes` from common-checks-1 target (env was removed earlier) * README: fix Python version typo (>=10 -> >=3.10) Verified aea-ci check-dependencies --check still passes locally. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Addresses @DavidMinarsch's review feedback that the README was outdated. Key fixes: * poetry shell -> poetry env activate (shell removed in Poetry 2.0) * Python version: clarified as >=3.10, <4.0 (tested on 3.10-3.14) * Note Poetry >=2.0 requirement (pyproject pins poetry-core>=2.0.0) * Drop separate Pip bullet (poetry brings it transitively) * packages/ description corrected (not an "empty directory" — has packages.json with dev/third_party trees) * .env description corrected (prepends project root to PYTHONPATH, not just the packages directory) * Expanded Useful commands into a table covering formatters, code-checks, security, generators, common-checks-1, clean, autonomy test * Link to CONTRIBUTING.md for pre-PR workflow Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Root cause: deleting tests/ removed the dummy test that kept pytest
from exiting with code 5 ("no tests collected"), which tox treats as
failure. Empty packages/ (template state) has nothing for pytest to
find, so the py3.1x-{linux,darwin,win} matrix fails on empty forks.
Fix: add pytest-custom_exit_code plugin and pass
--suppress-no-test-exit-code so exit 5 is converted to exit 0. When
users add packages/<author>/<skill>/tests/ (canonical location per
@DavidMinarsch), pytest picks them up automatically and CI starts
running real tests with no extra user action.
Chosen over alternatives:
* Fake skill scaffold under packages/ — implies a pattern the
template shouldn't dictate.
* Root conftest.py with pytest_sessionfinish hook — less
discoverable than a named flag.
* Commenting out CI test steps — risks users silently shipping
with no tests running for weeks before they notice.
Also fixes the Python version marker: pyproject previously claimed
python = "<4.0,>=3.10" but open-autonomy[all]==0.21.18 requires
<3.15,>=3.10 (and the existing classifiers list only 3.10-3.14).
Updated to "<3.15,>=3.10" so the constraint matches reality —
without this, `poetry lock` couldn't resolve.
Regenerated poetry.lock (was stale from pre-PR state — last updated
before the open-aea 2.2.1 / open-autonomy 0.21.18 bumps).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
| python = "<3.15,>=3.10" | ||
| open-autonomy = {version = "==0.21.18", extras = ["all"]} | ||
| open-aea-ci-helpers = "==2.2.1" | ||
| pytest-custom_exit_code = "==0.3.0" |
There was a problem hiding this comment.
Needed because of your earlier feedback to delete tests/. That removed the dummy test which kept pytest from exiting with code 5 on the empty template. The plugin + --suppress-no-test-exit-code converts exit-5 to 0 on empty packages/ so the py3.1x-* matrix passes. When users add packages/<author>/<skill>/tests/, pytest finds them automatically.
Placed in [tool.poetry.dependencies] because aea-ci check-dependencies --check only reads that section (not group deps) — same reason as open-aea-ci-helpers.
| open-autonomy = {version = "==0.21.18", extras = ["all"]} | ||
| open-aea-ci-helpers = "==2.2.1" | ||
| pytest-custom_exit_code = "==0.3.0" | ||
| setuptools = "<=81.0.0" |
There was a problem hiding this comment.
Required for the [testenv:liccheck] env: liccheck 0.6.0 (pulled in via tomte 0.6.5[liccheck]) imports pkg_resources, which was removed in setuptools 81+. Verified empirically just now — removing the pin gives ModuleNotFoundError: No module named 'pkg_resources' in the liccheck env.
Pin was originally added by @OjusWiZard in commit fbb3160 (fix: liccheck) pre-PR. The only new thing in this PR is that I also declared it in pyproject.toml, because aea-ci check-dependencies --check requires anything in tox.ini to also be in [tool.poetry.dependencies] (it doesn't read dev groups).
Fair point on the downstream ceiling. Cleanest long-term fixes are upstream: either teach aea-ci check-dependencies to read dev-group deps (so we can move this to development), or upgrade liccheck to one that uses importlib.metadata instead of pkg_resources. Happy to file either if you'd like — they're both out of scope for this PR though.
| ## System requirements | ||
|
|
||
| - Python `>=10` | ||
| - Python `>=3.10, <4.0` (tested on 3.10–3.14) |
There was a problem hiding this comment.
| - Python `>=3.10, <4.0` (tested on 3.10–3.14) | |
| - Python `>=3.10, <3.15` |
| ``` | ||
|
|
||
| Get developing... | ||
| > `poetry shell` was removed in Poetry 2.0 — use `poetry env activate` (prints the activation command) or prefix commands with `poetry run`. |
There was a problem hiding this comment.
let's clean that up. don't need a history on poetry
ReviewAll 22 CI jobs pass, including the full Python 3.10–3.14 × 3-OS matrix. Reviewer feedback on deleting Blocking1. Stale PR description. Please refresh:
2. README Python upper bound is wrong. Non-blocking nits3. 4. 5. 6. Downstream heads-up. Forks relying on |
Addresses @DavidMinarsch's follow-up review: README.md: * Line 7: adopt David's suggestion — "Python >=3.10, <3.15" (matches pyproject.toml constraint; drops the "(tested on 3.10-3.14)" prose). * Line 34: drop the Poetry-shell removal note — just show the activation command without the history. tox.ini: consolidate open-autonomy[all]==0.21.18 from 6 places to 2. * Delete unused [extra-deps] block (dead code — not referenced anywhere in tox.ini). * Remove redundant explicit line in check-hash, check-packages, and check-abciapp-specs — they already inherit the pin via {[testenv]deps} -> [deps-packages]. After this, the version lives only in [deps-packages] and the liccheck [Authorized Packages] whitelist (which is version-locked by design). Verified locally: all 19 tox/tomte envs I can run on this machine pass (the full Python 3.10-3.14 darwin matrix, check-dependencies, check-hash, check-packages, check-abciapp-specs, abci-docstrings, liccheck, and all tomte CLI checks + gitleaks). Remaining envs (safety, check-generate-all-protocols) are blocked by pre-existing local tooling mismatches, not my changes — both passed on CI for 63e8895. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Re-reviewAll 22 CI jobs pass on Resolved
Remaining (non-blocking)
LGTM — ship it. |
The open-autonomy plugin aea-helpers exposes a layout-agnostic
check-doc-hashes command — unlike the open-aea aea-ci variant that
hardcoded deploy-image/build.sh. aea-helpers check-doc-hashes:
- default scan path is just Path("docs") (repeatable --doc-path)
- handles missing docs/ gracefully (empty rglob -> no-op)
- exits 0 cleanly on templates with no docs yet
Verified locally: tox -e check-doc-hashes passes on the empty
template with "No commands were found in the docs. Skipping."
Restores the check-doc-hashes tox env and the corresponding CI
workflow step (both deleted in 59a1336 when we thought an upstream
open-aea PR was the only path). No upstream PR required anymore —
aea-helpers is the right tool for this job.
Adds open-aea-helpers==0.21.18 to [tool.poetry.dependencies] (not a
transitive dep of open-autonomy[all]; required explicitly in main
deps for aea-ci check-dependencies compliance).
poetry.lock regenerated.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
DhairyaPatel7
changed the title
|
Thanks for the re-review and LGTM! PR title: fixed — now reads setuptools placement: I tested the dev-group move and can confirm the ceiling is indeed there at install time, via the
I also checked the freshly-added So cleanest fix is upstream in both checker variants — teach them to also read Bonus: while digging into |
DavidMinarsch
left a comment
DavidMinarsch
left a comment
There was a problem hiding this comment.
Approved
All 22 CI jobs pass on b0d3a9b. The aea-helpers check-doc-hashes restoration is a clean solve — avoids the upstream dependency and handles the empty-docs/ case gracefully.
Non-blocking follow-ups (pick up later)
- PR title still says
0.21.17— body is correct; fix on squash/merge. setuptools = "<=81.0.0"sits in main deps but is driven by a liccheck (dev-only) constraint — logically belongs under[tool.poetry.group.development.dependencies].open-aea-helpers==0.21.18literal pinned in bothpyproject.toml:21andtox.ini:262. Onlycheck-doc-hashesuses it, so keeping it local is defensible; lifting to[deps-packages]would be consistent with the open-autonomy dedup pattern if another env ever needs it.
Ship it.
3 participants
Summary
Bumps all framework dependencies and migrates CI scripts to CLI commands.
Dependency bumps
open-aea*:==2.1.0→==2.2.1open-autonomy:==0.21.13→==0.21.18tomte:==0.6.2→==0.6.5>=3.10, <3.15(matches open-autonomy's real support range and the existing classifiers)Scripts removed
scripts/(and the top-leveltests/) are deleted entirely, per review feedback that tests canonically live underpackages/<author>/<skill>/tests/. Migration path for forks:scripts/check_dependencies.pyaea-ci check-dependencies --checkscripts/bump.pyaea-helpers bump-dependencies(installopen-aea-helpers)scripts/check_doc_ipfs_hashes.pyaea-helpers check-doc-hashes(open-autonomy plugin — layout-agnostic, unlike the hardcodedaea-ci check-doc-hashesfrom open-aea)Heads-up for downstream forks: anything that referenced
scripts/check_dependencies.py,scripts/bump.py, orscripts/check_doc_ipfs_hashes.pymust switch to theaea-ci/aea-helperscommands above.CI-compatibility fixes
pytest-custom_exit_codeplugin added so the empty template passes thepy3.1x-*matrix whenpackages/has no tests yet. When a user addspackages/<author>/<skill>/tests/, pytest auto-picks them up.setuptools<=81.0.0pinned becauseliccheck 0.6.0(viatomte[liccheck]==0.6.5) importspkg_resources, which was removed in setuptools 81+.open-aea-ci-helpersandopen-aea-helperspinned in[tool.poetry.dependencies](required byaea-ci check-dependencies --check, which only reads main deps).tox.iniconsolidated:open-autonomy[all]==0.21.18now lives in[deps-packages]+ liccheck whitelist only (was duplicated in 6 places; redundant explicit lines dropped fromcheck-hash,check-packages,check-abciapp-specs, and the dead[extra-deps]block deleted).poetry.lock(was stale from pre-PR state).README refresh
Rewritten to reflect current repo state: accurate
packages/description,.envbehaviour, Poetry 2.0+ requirement (poetry install+eval $(poetry env activate)—poetry shellwas removed in Poetry 2.0), and a table covering themaketargets that actually exist.Test plan
tox -e black-check,isort-check,flake8,mypy,pylint,darglint,bandittox -e check-dependencies,check-hash,check-packages,check-abciapp-specs,abci-docstrings,check-doc-hashestox -e liccheck(verified locally with manual pip workaround)tox -e py{3.10,3.11,3.12,3.13,3.14}-darwintomte check-copyright,check-doc-links,check-spelling,check-code;gitleaks9f3632b(22/22 jobs)