Update macos versions#34
Merged
Merged
Conversation
danielmeppiel
added a commit
that referenced
this pull request
Apr 30, 2026
…#1073) * docs(notice): rename NOTICE.md -> NOTICE; add CLA third-party section Two changes, one file rename: 1. Rename NOTICE.md -> NOTICE, matching the Apache / CNCF convention used by upstream third-party-attribution files (kubernetes-sigs/kro, kubernetes-sigs/headlamp, etc.). The .md extension was non-idiomatic for a generated legal artifact -- NOTICE files are read by tooling (license scanners, SBOM generators) that match on the bare filename. Generator (scripts/generate-notice.py), Makefile target, and the NOTICE Drift Check workflow are all updated to operate on the extension-less path. 2. Add a 'Submitted on behalf of a third-party' section to NOTICE, crediting five contributors whose pull requests landed before the microsoft-github-policy-service CLA bot recorded a signature on file. The repo transferred from danielmeppiel/awd-cli to the microsoft org; some early PRs predate CLA enforcement, and we could not retroactively reach all contributors. Mirrors section 7 of common CLA texts (the wording adopted by CNCF NOTICE files). Driven by a new _third_party_submissions block in scripts/notice-metadata.yaml -- legally-significant wording stays alongside the per-component data, not buried in code. Contributors named (verified via Check Runs API against the microsoft-github-policy-service app, license/cla check on every merged PR by each suspected author): - @pofallon (PR #4) - @richgo (PRs #8, #25, #26, #33, #34) - @ryanfk (PR #92 -- bot ran with conclusion=null, output: 'Contributor License Agreement is not agreed yet.') - @foutoucour (PR #108) - @Jah-yee (PR #184) Listed contributors who later sign the CLA (or who were signed under a different GitHub account at the time) can request removal via issue. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(notice): trim third-party section preamble Strip the historical/CNCF-citation paragraph and the verbatim CLA-section-7 quote. Keep only the active sentence (what the listing means + how to request removal). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(notice): address PR #1073 review Three fixes from copilot-pull-request-reviewer: 1. Drop spurious leading '---' separator in the third-party-submissions renderer. render_component already ends each component with '---\n\n', so prepending another '---' produced two consecutive separators in NOTICE. Verified: separator count dropped from 17 to 16. 2. Sweep stale 'NOTICE.md' references in scripts/generate-notice.py (top-level docstring, Modes section, ComponentMeta and DepSpec field docstrings). The constant was renamed; the docs lagged. 3. Append (#1073) PR refs to both CHANGELOG entries; ASCII-correct the arrow ('->' instead of '->'). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <copilot-rework@github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
danielmeppiel
added a commit
that referenced
this pull request
May 7, 2026
…) (#1181) * chore(aw): bump microsoft/apm-action v1.6.0 -> v1.7.1 Picks up the v0.12.3 strict-detection fix series: - #33 (apm-action): forwards target: input into the generated apm.yml in isolated mode (all four uses in shared/apm.md are isolated mode with target: all, so this is the relevant fix). - #33 (apm-action): pins the action's apm-version default to 0.12.3 instead of latest, removing the silent-breakage exposure that burned this repo when v0.12.3 shipped. - #34 (apm-action): strict allowlist validation on target: input. - #36 (apm-action): forwards --target to additive 'apm install' invocations (not used here today but ships with the bundle). Without this bump the lock'd v1.6.0 still resolves apm-version=latest, so every triage-panel / pr-review-panel run that hits the APM pack step would now fail with 'No harness detected' under v0.12.3. Lock-file refresh side effects (from gh aw compile v0.71.5): - github/gh-aw-actions/setup v0.71.2 -> v0.71.5 - new actions/github-script@v9.0.0 entry pulled in Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(audit): re-anchor in-package asset rewrite onto package_root during replay (#1182) The replay path of `apm audit --ci` deploys to a scratch tmpdir while `package_root` for self-packages still points at the real project tree. `os.path.relpath(candidate, target_location)` therefore produced a tmpdir traversal (e.g. `../../../../Users/.../MANIFESTO.md`) instead of the project-relative form real install writes (`../../MANIFESTO.md`), flagging every primitive with a `../<repo-root-file>` link as drifted. Detect the cross-frame case (candidate outside `base_dir`) in `_resolve_in_package_asset_link` and re-anchor `target_location` onto `package_root` so the rewrite mirrors install-time output. Dependency packages are unaffected (their `install_path` materialises inside the scratch tree, so candidate stays in-frame). Also lands the .agents/skills convergence: v0.12.3 made `.agents/skills/` the cross-client default, so the 10 self-package skill bundles move from `.github/skills/` -> `.agents/skills/`. The lockfile is regenerated to match. Running `apm install` then `apm audit --ci` against this branch is now a clean no-op. Bundled together with the `apm-action@v1.7.1` workflow bump from the prior commit because the audit gate (broken on `main` since v0.12.3) would otherwise stay red and the skills convergence cannot land without the bug fix above. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore(release): cut v0.12.4 Bumps pyproject.toml 0.12.3 -> 0.12.4 and rolls the [Unreleased] entries (orphan-cleanup #1173 + audit-replay #1182) into the [0.12.4] section. Tag will be cut post-merge. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Daniel Meppiel <copilot-rework@github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
sergio-sisternes-epam
pushed a commit
that referenced
this pull request
May 19, 2026
Update macos versions
sergio-sisternes-epam
pushed a commit
that referenced
this pull request
May 19, 2026
…#1073) * docs(notice): rename NOTICE.md -> NOTICE; add CLA third-party section Two changes, one file rename: 1. Rename NOTICE.md -> NOTICE, matching the Apache / CNCF convention used by upstream third-party-attribution files (kubernetes-sigs/kro, kubernetes-sigs/headlamp, etc.). The .md extension was non-idiomatic for a generated legal artifact -- NOTICE files are read by tooling (license scanners, SBOM generators) that match on the bare filename. Generator (scripts/generate-notice.py), Makefile target, and the NOTICE Drift Check workflow are all updated to operate on the extension-less path. 2. Add a 'Submitted on behalf of a third-party' section to NOTICE, crediting five contributors whose pull requests landed before the microsoft-github-policy-service CLA bot recorded a signature on file. The repo transferred from danielmeppiel/awd-cli to the microsoft org; some early PRs predate CLA enforcement, and we could not retroactively reach all contributors. Mirrors section 7 of common CLA texts (the wording adopted by CNCF NOTICE files). Driven by a new _third_party_submissions block in scripts/notice-metadata.yaml -- legally-significant wording stays alongside the per-component data, not buried in code. Contributors named (verified via Check Runs API against the microsoft-github-policy-service app, license/cla check on every merged PR by each suspected author): - @pofallon (PR #4) - @richgo (PRs #8, #25, #26, #33, #34) - @ryanfk (PR #92 -- bot ran with conclusion=null, output: 'Contributor License Agreement is not agreed yet.') - @foutoucour (PR #108) - @Jah-yee (PR #184) Listed contributors who later sign the CLA (or who were signed under a different GitHub account at the time) can request removal via issue. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(notice): trim third-party section preamble Strip the historical/CNCF-citation paragraph and the verbatim CLA-section-7 quote. Keep only the active sentence (what the listing means + how to request removal). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(notice): address PR #1073 review Three fixes from copilot-pull-request-reviewer: 1. Drop spurious leading '---' separator in the third-party-submissions renderer. render_component already ends each component with '---\n\n', so prepending another '---' produced two consecutive separators in NOTICE. Verified: separator count dropped from 17 to 16. 2. Sweep stale 'NOTICE.md' references in scripts/generate-notice.py (top-level docstring, Modes section, ComponentMeta and DepSpec field docstrings). The constant was renamed; the docs lagged. 3. Append (#1073) PR refs to both CHANGELOG entries; ASCII-correct the arrow ('->' instead of '->'). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <copilot-rework@github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
sergio-sisternes-epam
pushed a commit
that referenced
this pull request
May 19, 2026
…) (#1181) * chore(aw): bump microsoft/apm-action v1.6.0 -> v1.7.1 Picks up the v0.12.3 strict-detection fix series: - #33 (apm-action): forwards target: input into the generated apm.yml in isolated mode (all four uses in shared/apm.md are isolated mode with target: all, so this is the relevant fix). - #33 (apm-action): pins the action's apm-version default to 0.12.3 instead of latest, removing the silent-breakage exposure that burned this repo when v0.12.3 shipped. - #34 (apm-action): strict allowlist validation on target: input. - #36 (apm-action): forwards --target to additive 'apm install' invocations (not used here today but ships with the bundle). Without this bump the lock'd v1.6.0 still resolves apm-version=latest, so every triage-panel / pr-review-panel run that hits the APM pack step would now fail with 'No harness detected' under v0.12.3. Lock-file refresh side effects (from gh aw compile v0.71.5): - github/gh-aw-actions/setup v0.71.2 -> v0.71.5 - new actions/github-script@v9.0.0 entry pulled in Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(audit): re-anchor in-package asset rewrite onto package_root during replay (#1182) The replay path of `apm audit --ci` deploys to a scratch tmpdir while `package_root` for self-packages still points at the real project tree. `os.path.relpath(candidate, target_location)` therefore produced a tmpdir traversal (e.g. `../../../../Users/.../MANIFESTO.md`) instead of the project-relative form real install writes (`../../MANIFESTO.md`), flagging every primitive with a `../<repo-root-file>` link as drifted. Detect the cross-frame case (candidate outside `base_dir`) in `_resolve_in_package_asset_link` and re-anchor `target_location` onto `package_root` so the rewrite mirrors install-time output. Dependency packages are unaffected (their `install_path` materialises inside the scratch tree, so candidate stays in-frame). Also lands the .agents/skills convergence: v0.12.3 made `.agents/skills/` the cross-client default, so the 10 self-package skill bundles move from `.github/skills/` -> `.agents/skills/`. The lockfile is regenerated to match. Running `apm install` then `apm audit --ci` against this branch is now a clean no-op. Bundled together with the `apm-action@v1.7.1` workflow bump from the prior commit because the audit gate (broken on `main` since v0.12.3) would otherwise stay red and the skills convergence cannot land without the bug fix above. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore(release): cut v0.12.4 Bumps pyproject.toml 0.12.3 -> 0.12.4 and rolls the [Unreleased] entries (orphan-cleanup #1173 + audit-replay #1182) into the [0.12.4] section. Tag will be cut post-merge. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Daniel Meppiel <copilot-rework@github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request
Description
Update to latest macos versions (13 are deprecated)
Type of Change
🏷️ IMPORTANT: Apply the appropriate label after creating this PR:
enhancementorfeaturebugorfixdocumentationordocsignore-for-releaseTesting
Checklist
Fixes # (issue)