Skip to content

Commit

Permalink
Merge branch 'main' into docs/pycafe_embedding
Browse files Browse the repository at this point in the history
  • Loading branch information
stichbury authored Aug 7, 2024
2 parents 49a00f5 + 6af04a7 commit 238dfc3
Show file tree
Hide file tree
Showing 82 changed files with 2,786 additions and 344 deletions.
29 changes: 29 additions & 0 deletions .github/workflows/checks-workflows.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: Checks for GitHub workflows

on:
push:
branches: [main]
pull_request:
branches:
- main

env:
PYTHONUNBUFFERED: 1
FORCE_COLOR: 1
PYTHON_VERSION: "3.11"

jobs:
checks-workflows:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4

- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}

- name: Checks for GitHub workflows
run: |
python tools/scan_yaml_for_risky_text.py .github/workflows
74 changes: 0 additions & 74 deletions .github/workflows/circleci-trigger.yml

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/labeler.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,6 @@ jobs:
pull-requests: write

steps:
- uses: actions/labeler@v4
- uses: actions/labeler@v5
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
13 changes: 13 additions & 0 deletions .github/workflows/test-integration-vizro-ai.yml
Original file line number Diff line number Diff line change
Expand Up @@ -93,3 +93,16 @@ jobs:
cd ../vizro-ai
hatch run ${{ matrix.hatch-env }}:pip install ../vizro-core/dist/vizro*.tar.gz
hatch run ${{ matrix.hatch-env }}:test-integration
- name: Send custom JSON data to Slack
id: slack
uses: slackapi/[email protected]
if: failure()
with:
payload: |
{
"text": "Vizro-ai ${{ matrix.hatch-env }} integration tests build result: ${{ job.status }}\nBranch: ${{ github.head_ref }}\n${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
53 changes: 53 additions & 0 deletions .github/workflows/vizro-qa-tests-trigger.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: Vizro QA tests trigger

on:
push:
branches: [main]
pull_request:
branches:
- main

env:
PYTHONUNBUFFERED: 1
FORCE_COLOR: 1

jobs:
vizro-qa-test-trigger-fork:
if: ${{ github.event.pull_request.head.repo.fork }}
name: Vizro QA ${{ matrix.label }} trigger
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- label: integration tests
- label: notebooks tests
steps:
- name: Passed fork step
run: echo "Success!"

vizro-qa-tests-trigger:
if: ${{ ! github.event.pull_request.head.repo.fork }}
name: Vizro QA ${{ matrix.label }} trigger
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- label: integration tests
- label: notebooks test
steps:
- uses: actions/checkout@v4
- name: Tests trigger
run: |
export INPUT_OWNER=${{ secrets.VIZRO_QA_ORG }}
export INPUT_REPO=${{ secrets.VIZRO_QA_REPO }}
if [ "${{ matrix.label }}" == "integration tests" ]; then
export INPUT_WORKFLOW_FILE_NAME=${{ secrets.VIZRO_QA_INTEGRATION_TESTS_WORKFLOW }}
elif [ "${{ matrix.label }}" == "notebooks test" ]; then
export INPUT_WORKFLOW_FILE_NAME=${{ secrets.VIZRO_QA_NOTEBOOKS_TESTS_WORKFLOW }}
fi
export INPUT_GITHUB_TOKEN=${{ secrets.VIZRO_SVC_PAT }}
export INPUT_REF=main # because we should send existent branch to dispatch workflow
export INPUT_CLIENT_PAYLOAD='{"branch": "${{ github.head_ref }}"}'
tools/trigger-workflow-and-wait.sh
11 changes: 7 additions & 4 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -43,19 +43,19 @@ repos:
- id: prettier

- repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks
rev: v2.13.0
rev: v2.14.0
hooks:
- id: pretty-format-toml
args: [--autofix]

- repo: https://github.com/astral-sh/ruff-pre-commit
rev: v0.5.0
rev: v0.5.6
hooks:
- id: ruff
args: [--fix, --exit-non-zero-on-fix]

- repo: https://github.com/psf/black
rev: 24.4.2
rev: 24.8.0
hooks:
- id: black

Expand All @@ -67,6 +67,9 @@ repos:
additional_dependencies: ["bandit[toml]"]

- repo: https://github.com/pre-commit/mirrors-mypy
# Upgrade to v1.11.1 not possible as it doesn't seem compatible with pydantic<2 plugin.
# Similar issue with previous v.1.11.X versions: https://github.com/pydantic/pydantic/issues/10000
# We need to revert the changes from the pre-commit autoupdate for now.
rev: v1.10.1
hooks:
- id: mypy
Expand Down Expand Up @@ -103,7 +106,7 @@ repos:
args: ["--fix"]

- repo: https://github.com/errata-ai/vale
rev: v3.6.0
rev: v3.7.0
hooks:
- id: vale
args: [--config=.vale/.vale.ini]
Expand Down
19 changes: 19 additions & 0 deletions tools/scan_yaml_for_risky_text.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
"""Check for security issues in workflows files."""

import sys
from pathlib import Path

# according to this article: https://nathandavison.com/blog/github-actions-and-the-threat-of-malicious-pull-requests
# we should avoid using `pull_request_target` for security reasons
risky_text = "pull_request_target"


def find_risky_files(path: str):
"""Searching for risky text in yml files for given path."""
return {file for file in Path(path).rglob("*.yml") if risky_text in file.read_text()}


if __name__ == "__main__":
risky_files = find_risky_files(sys.argv[1])
if risky_files:
sys.exit(f"{risky_text} found in files {risky_files}.")
Loading

0 comments on commit 238dfc3

Please sign in to comment.