From f0cdf340c8405274fd0060243b5ffd5fca8b51ff Mon Sep 17 00:00:00 2001
From: Chaya Carey <chaya.carey@dbtlabs.com>
Date: Wed, 18 Feb 2026 14:30:26 -0800
Subject: [PATCH 1/6] Cache uv dependencies to speed up PR checks

---
 .github/workflows/cache-dependencies.yml | 44 ++++++++++++++++++++++++
 .github/workflows/pytest-pr.yml          | 32 ++++++++++++++---
 2 files changed, 71 insertions(+), 5 deletions(-)
 create mode 100644 .github/workflows/cache-dependencies.yml

diff --git a/.github/workflows/cache-dependencies.yml b/.github/workflows/cache-dependencies.yml
new file mode 100644
index 00000000..f76d4ad4
--- /dev/null
+++ b/.github/workflows/cache-dependencies.yml
@@ -0,0 +1,44 @@
+name: Build uv cache
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "uv.lock"
+      - "**/pyproject.toml"
+  workflow_dispatch:
+
+jobs:
+  build-cache:
+    name: build cache on ${{ matrix.python-version }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
+        with:
+          python-version: ${{ matrix.python-version }}
+          enable-cache: false
+
+      - name: Install dependencies and populate cache
+        run: |
+          echo "Building global UV cache..."
+          uv sync --all-packages --all-extras
+          echo "Cache populated successfully"
+
+      - name: Save uv caches
+        uses: actions/cache/save@v4
+        with:
+          path: |
+            ~/.cache/uv
+            ~/.local/share/uv
+            .venv
+          key: uv-main-${{ matrix.python-version }}-${{ hashFiles('uv.lock') }}
\ No newline at end of file
diff --git a/.github/workflows/pytest-pr.yml b/.github/workflows/pytest-pr.yml
index ad28bfc4..90841408 100644
--- a/.github/workflows/pytest-pr.yml
+++ b/.github/workflows/pytest-pr.yml
@@ -20,14 +20,35 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: astral-sh/setup-uv@e58605a9b6da7c637471fab8847a5e5a6b8df081 # v5
+      - name: Restore global uv cache
+        id: cache-restore
+        uses: actions/cache/restore@v4
+        with:
+          path: |
+            ~/.cache/uv
+            ~/.local/share/uv
+            .venv
+          key: uv-main-${{ matrix.python-version }}-${{ hashFiles('uv.lock') }}
+          restore-keys: |
+            uv-main-${{ matrix.python-version }}-
+
+      - uses: astral-sh/setup-uv@v7
         with:
           python-version: ${{ matrix.python-version }}
-          enable-cache: true
-          cache-suffix: test
+          enable-cache: false
 
       - run: uv sync --all-extras --all-packages 
       - run: uv run pytest
+ 
+      - name: Save uv caches
+        if: steps.cache-restore.outputs.cache-hit != 'true'
+        uses: actions/cache/save@v4
+        with:
+          path: |
+            ~/.cache/uv
+            ~/.local/share/uv
+            .venv
+          key: uv-main-${{ matrix.python-version }}-${{ hashFiles('uv.lock') }}
 
   lint:
     name: lint
@@ -35,10 +56,11 @@ jobs:
     timeout-minutes: 5
     steps:
       - uses: actions/checkout@v4
-      - uses: astral-sh/setup-uv@e58605a9b6da7c637471fab8847a5e5a6b8df081 # v5
+      - uses: astral-sh/setup-uv@v7
         with:
           python-version: "3.10"
           enable-cache: true
           cache-suffix: lint
       - run: uv tool run ruff@0.14.14 check . --config pyproject.toml
-      - run: uv tool run ruff@0.14.14 format --check --diff . --config pyproject.toml
\ No newline at end of file
+      - run: uv tool run ruff@0.14.14 format --check --diff . --config pyproject.toml
+  
\ No newline at end of file

From fade2ddf6696f6b47729628ae8362bb851afc5c9 Mon Sep 17 00:00:00 2001
From: Chaya <chaya.carey@dbtlabs.com>
Date: Wed, 18 Feb 2026 14:32:30 -0800
Subject: [PATCH 2/6] Potential fix for code scanning alert no. 29: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/cache-dependencies.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/cache-dependencies.yml b/.github/workflows/cache-dependencies.yml
index f76d4ad4..85a0da21 100644
--- a/.github/workflows/cache-dependencies.yml
+++ b/.github/workflows/cache-dependencies.yml
@@ -1,5 +1,8 @@
 name: Build uv cache
 
+permissions:
+  contents: read
+
 on:
   push:
     branches:

From 61690be39ceea56a63ce6e6285583524cea6acff Mon Sep 17 00:00:00 2001
From: Chaya Carey <chaya.carey@dbtlabs.com>
Date: Wed, 18 Feb 2026 14:35:53 -0800
Subject: [PATCH 3/6] update astral-sh/setup-uv workflow to latest version

---
 .github/workflows/cache-dependencies.yml | 2 +-
 .github/workflows/nox-pr.yml             | 2 +-
 .github/workflows/pytest-pr.yml          | 4 ++--
 .github/workflows/release.yml            | 2 +-
 .github/workflows/schedule.yml           | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/cache-dependencies.yml b/.github/workflows/cache-dependencies.yml
index 85a0da21..7a106e7b 100644
--- a/.github/workflows/cache-dependencies.yml
+++ b/.github/workflows/cache-dependencies.yml
@@ -26,7 +26,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install uv
-        uses: astral-sh/setup-uv@v7
+        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7
         with:
           python-version: ${{ matrix.python-version }}
           enable-cache: false
diff --git a/.github/workflows/nox-pr.yml b/.github/workflows/nox-pr.yml
index 264ce36d..7a1038d1 100644
--- a/.github/workflows/nox-pr.yml
+++ b/.github/workflows/nox-pr.yml
@@ -10,6 +10,6 @@ jobs:
     steps:
       - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4
       - name: Install uv
-        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # astral-sh/setup-uv@v5
+        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7
       - uses: fjwillemsen/setup-nox2@fc5420448a3f1145b0128f86b1837e82841684a4 # fjwillemsen/setup-nox2@v3.0.0
       - run: nox
diff --git a/.github/workflows/pytest-pr.yml b/.github/workflows/pytest-pr.yml
index 90841408..cec04b01 100644
--- a/.github/workflows/pytest-pr.yml
+++ b/.github/workflows/pytest-pr.yml
@@ -32,7 +32,7 @@ jobs:
           restore-keys: |
             uv-main-${{ matrix.python-version }}-
 
-      - uses: astral-sh/setup-uv@v7
+      - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7
         with:
           python-version: ${{ matrix.python-version }}
           enable-cache: false
@@ -56,7 +56,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - uses: actions/checkout@v4
-      - uses: astral-sh/setup-uv@v7
+      - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7
         with:
           python-version: "3.10"
           enable-cache: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index beda35d1..9f987d64 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -36,7 +36,7 @@ jobs:
           persist-credentials: false
 
       - name: Install uv
-        uses: astral-sh/setup-uv@caf0cab7a618c569241d31dcd442f54681755d39 # astral-sh/setup-uv@v3
+        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7
 
       - name: Build artifacts
         run: uv build --all
diff --git a/.github/workflows/schedule.yml b/.github/workflows/schedule.yml
index b83b0b97..9fccd2f8 100644
--- a/.github/workflows/schedule.yml
+++ b/.github/workflows/schedule.yml
@@ -10,7 +10,7 @@ jobs:
     steps:
       - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # actions/checkout@v4
       - name: Install uv
-        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # astral-sh/setup-uv@v5
+        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7
       - uses: fjwillemsen/setup-nox2@fc5420448a3f1145b0128f86b1837e82841684a4 # fjwillemsen/setup-nox2@v3.0.0
       - run: nox --session check_latest_schema-3.13
       - run: uv sync --all-extras --all-packages --python 3.13

From 3fefebc2a292b685699304088eab1e05e239676a Mon Sep 17 00:00:00 2001
From: Chaya Carey <chaya.carey@dbtlabs.com>
Date: Wed, 18 Feb 2026 14:40:10 -0800
Subject: [PATCH 4/6] refresh dependency cache daily

---
 .github/workflows/cache-dependencies.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/cache-dependencies.yml b/.github/workflows/cache-dependencies.yml
index 7a106e7b..ed5507d7 100644
--- a/.github/workflows/cache-dependencies.yml
+++ b/.github/workflows/cache-dependencies.yml
@@ -11,6 +11,8 @@ on:
       - "uv.lock"
       - "**/pyproject.toml"
   workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *'
 
 jobs:
   build-cache:

From 19f30c9dc37483e432b560eecb9d96c0377d185c Mon Sep 17 00:00:00 2001
From: Chaya Carey <chaya.carey@dbtlabs.com>
Date: Wed, 18 Feb 2026 15:14:47 -0800
Subject: [PATCH 5/6] Add GH workflow to test Pypi release

---
 .github/workflows/check-pypi-release.yml | 38 ++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 .github/workflows/check-pypi-release.yml

diff --git a/.github/workflows/check-pypi-release.yml b/.github/workflows/check-pypi-release.yml
new file mode 100644
index 00000000..8f0803d4
--- /dev/null
+++ b/.github/workflows/check-pypi-release.yml
@@ -0,0 +1,38 @@
+name: Check Latest Pypi Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      release-version:
+        type: string
+        description: Choose which release tag to test
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+          sparse-checkout: |
+            tests/integration_tests/dbt_projects/project1
+            tests/integration_tests/package_upgrades/mixed_versions
+          sparse-checkout-cone-mode: false
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7
+
+      - name: Create new uv project
+        run: uv init
+    
+      - name: Install specified release
+        run: uv add dbt-autofix==${{ inputs.release-version }}
+    
+      - name: Check version
+        run: uv run dbt-autofix --version
+      
+      - name: Test deprecations
+        run: uv run dbt-autofix deprecations --all --path tests/integration_tests/dbt_projects/project1
+      
+      - name: Test package upgrade
+        run: uv run dbt-autofix packages --force-upgrade --path tests/integration_tests/package_upgrades/mixed_versions
\ No newline at end of file

From c737fa4974d5df9fe7cc9f24c55ce56fad5000da Mon Sep 17 00:00:00 2001
From: Chaya Carey <chaya.carey@dbtlabs.com>
Date: Wed, 18 Feb 2026 15:22:31 -0800
Subject: [PATCH 6/6] update workflow permissions

---
 .github/workflows/check-pypi-release.yml | 8 +++++++-
 .github/workflows/schedule.yml           | 3 +++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/check-pypi-release.yml b/.github/workflows/check-pypi-release.yml
index 8f0803d4..6df2c97c 100644
--- a/.github/workflows/check-pypi-release.yml
+++ b/.github/workflows/check-pypi-release.yml
@@ -5,7 +5,10 @@ on:
     inputs:
       release-version:
         type: string
-        description: Choose which release tag to test
+        description: Choose which release tag to test (no leading v)
+
+permissions:
+  contents: read
 
 jobs:
   build:
@@ -27,6 +30,9 @@ jobs:
     
       - name: Install specified release
         run: uv add dbt-autofix==${{ inputs.release-version }}
+      
+      - name: Display uv dependencies
+        run: uv tree
     
       - name: Check version
         run: uv run dbt-autofix --version
diff --git a/.github/workflows/schedule.yml b/.github/workflows/schedule.yml
index 9fccd2f8..8c46366d 100644
--- a/.github/workflows/schedule.yml
+++ b/.github/workflows/schedule.yml
@@ -4,6 +4,9 @@ on:
   schedule:
     - cron: '0 * * * *'
 
+permissions:
+  contents: read
+
 jobs:
   nox:
     runs-on: ubuntu-latest