You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
🤖 This is an automated pull request from Repo Assist.
Problem
Two reproducibility/consistency issues were found across the CI workflows:
docs-ci.yml uses an unpinned Poetry installation (pip install poetry) while every other workflow pins to Poetry 2.1.3 via abatilo/actions-poetry@v4.0.0. This means docs builds silently pick up whatever Poetry version happens to be latest on PyPI, which can cause unexpected breakage or behaviour differences between CI jobs.
KyleMayes/install-llvm-action is pinned to @v2.0.5 in ci.yml but uses the floating @v2 tag in nightly-tests.yml, ci-install.yml, and advanced-on-demand.yml. Floating major-version tags can silently pick up patch releases at unpredictable times, making it harder to diagnose regressions.
Changes
File
Change
docs-ci.yml
Replace pip install poetry with abatilo/actions-poetry@v4.0.0 pinned to poetry-version: 2.1.3
Consistency across all workflows makes it easier to reason about failures and to update versions in future.
No functional logic changes; only the mechanism by which tools are installed is made consistent.
Test Status
This PR only modifies GitHub Actions workflow YAML files — no Python code is changed. There are no unit tests to run locally. The changes will be validated by CI when the PR is opened.
The Poetry version being pinned (2.1.3) is already proven to work in ci.yml across all supported Python versions (3.9–3.13).
Warning
🛡️ Protected Files — Push Permission Denied
This was originally intended as a pull request, but the patch modifies protected files: .github/workflows/advanced-on-demand.yml, .github/workflows/ci-install.yml, .github/workflows/docs-ci.yml, .github/workflows/nightly-tests.yml.
The push was rejected because GitHub Actions does not have workflows permission to push these changes, and is never allowed to make such changes, or other authorization being used does not have this permission. A human must create the pull request manually.
To create a pull request with the changes:
# Download the patch from the workflow run
gh run download 23690003931 -n agent-artifacts -D /tmp/agent-artifacts-23690003931
# Create a new branch
git checkout -b repo-assist/eng-pin-ci-tool-versions-2026-03-28-c950498644b07743 main
# Apply the patch (--3way handles cross-repo patches)
git am --3way /tmp/agent-artifacts-23690003931/aw-repo-assist-eng-pin-ci-tool-versions-2026-03-28.patch
# Push the branch and create the pull request
git push origin repo-assist/eng-pin-ci-tool-versions-2026-03-28-c950498644b07743
gh pr create --title '[Repo Assist] ci: pin Poetry version and standardise LLVM action version across workflows' --base main --head repo-assist/eng-pin-ci-tool-versions-2026-03-28-c950498644b07743 --repo py-why/dowhy
Note
🔒 Integrity filtering filtered 59 items
Integrity filtering activated and filtered the following items during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.
#1418 (list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)
#1399 (list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)
#1396 (list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)
#1392 (list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)
#1391 (list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)
#1371 (list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)
issue:Mediation Analysis key error #214 (list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)
🤖 This is an automated pull request from Repo Assist.
Problem
Two reproducibility/consistency issues were found across the CI workflows:
docs-ci.ymluses an unpinned Poetry installation (pip install poetry) while every other workflow pins to Poetry2.1.3viaabatilo/actions-poetry@v4.0.0. This means docs builds silently pick up whatever Poetry version happens to be latest on PyPI, which can cause unexpected breakage or behaviour differences between CI jobs.KyleMayes/install-llvm-actionis pinned to@v2.0.5inci.ymlbut uses the floating@v2tag innightly-tests.yml,ci-install.yml, andadvanced-on-demand.yml. Floating major-version tags can silently pick up patch releases at unpredictable times, making it harder to diagnose regressions.Changes
docs-ci.ymlpip install poetrywithabatilo/actions-poetry@v4.0.0pinned topoetry-version: 2.1.3nightly-tests.ymlinstall-llvm-action@v2→@v2.0.5ci-install.ymlinstall-llvm-action@v2→@v2.0.5advanced-on-demand.ymlinstall-llvm-action@v2→@v2.0.5Rationale
Test Status
This PR only modifies GitHub Actions workflow YAML files — no Python code is changed. There are no unit tests to run locally. The changes will be validated by CI when the PR is opened.
The Poetry version being pinned (
2.1.3) is already proven to work inci.ymlacross all supported Python versions (3.9–3.13).Warning
🛡️ Protected Files — Push Permission Denied
This was originally intended as a pull request, but the patch modifies protected files:
.github/workflows/advanced-on-demand.yml,.github/workflows/ci-install.yml,.github/workflows/docs-ci.yml,.github/workflows/nightly-tests.yml.The push was rejected because GitHub Actions does not have
workflowspermission to push these changes, and is never allowed to make such changes, or other authorization being used does not have this permission. A human must create the pull request manually.To create a pull request with the changes:
Note
🔒 Integrity filtering filtered 59 items
Integrity filtering activated and filtered the following items during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.
list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)