From e0091636d589e1fd8895fdbea13e9637365f7742 Mon Sep 17 00:00:00 2001 From: Grzegorz Bokota Date: Mon, 22 Jul 2024 10:16:11 +0200 Subject: [PATCH] Add actionlint on CI (#7049) # References and relevant issues To avoid PR like #7033 # Description This PR adds action lint on CI to early detect problems with workflows that are not executed on pull-request trigger. I first try to do this on pre-commit, but then it will require `go` compiler and will not contain [shellcheck](https://github.com/koalaman/shellcheck). --- .github/workflows/actionlint.yml | 18 +++++++++++ .github/workflows/benchmarks.yml | 14 ++++---- .github/workflows/benchmarks_report.yml | 2 +- .../workflows/docker-singularity-publish.yml | 6 ++-- .github/workflows/make_release.yml | 8 ++--- .../workflows/reusable_coverage_upload.yml | 2 +- .github/workflows/reusable_pip_test.yml | 2 +- .github/workflows/reusable_run_tox_test.yml | 11 ++++--- .github/workflows/test_comprehensive.yml | 1 - .github/workflows/test_prereleases.yml | 1 + .github/workflows/test_pull_requests.yml | 9 +++--- .github/workflows/test_translations.yml | 4 +-- .../workflows/upgrade_test_constraints.yml | 32 ++++++++----------- 13 files changed, 63 insertions(+), 47 deletions(-) create mode 100644 .github/workflows/actionlint.yml diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml new file mode 100644 index 00000000000..26d3c1ae873 --- /dev/null +++ b/.github/workflows/actionlint.yml @@ -0,0 +1,18 @@ +name: Actionlint + +on: + pull_request: + paths: + - '.github/**' + +jobs: + actionlint: + name: Action lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Check workflow files + run: | + bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) + ./actionlint -color -ignore SC2129 + shell: bash diff --git a/.github/workflows/benchmarks.yml b/.github/workflows/benchmarks.yml index 2a41a2c658e..11c08abb35a 100644 --- a/.github/workflows/benchmarks.yml +++ b/.github/workflows/benchmarks.yml @@ -72,7 +72,7 @@ jobs: - uses: tlambert03/setup-qt-libs@v1 - name: Setup asv - run: python -m pip install asv[virtualenv] + run: python -m pip install "asv[virtualenv]" env: PIP_CONSTRAINT: resources/constraints/benchmark.txt @@ -91,9 +91,11 @@ jobs: # asv will checkout commits, which might contain LFS artifacts; ignore those errors since # they are probably just documentation PNGs not needed here anyway GIT_LFS_SKIP_SMUDGE: 1 + HEAD_LABEL: ${{ github.event.pull_request.head.label }} PIP_CONSTRAINT: ${{ github.workspace }}/resources/constraints/benchmark.txt run: | set -euxo pipefail + read -ra cmd_options <<< "$ASV_OPTIONS" # ID this runner asv machine --yes @@ -103,7 +105,7 @@ jobs: BASE_REF=${{ github.event.pull_request.base.sha }} CONTENDER_REF=${GITHUB_SHA} echo "Baseline: ${BASE_REF} (${{ github.event.pull_request.base.label }})" - echo "Contender: ${CONTENDER_REF} (${{ github.event.pull_request.head.label }})" + echo "Contender: ${CONTENDER_REF} ($HEAD_LABEL)" elif [[ $GITHUB_EVENT_NAME == schedule ]]; then EVENT_NAME="cronjob" BASE_REF="${{ fromJSON(steps.latest_release.outputs.data).target_commitish }}" @@ -118,12 +120,12 @@ jobs: echo "Contender: ${CONTENDER_REF} (workflow input)" fi - echo "EVENT_NAME=$EVENT_NAME" >> $GITHUB_ENV - echo "BASE_REF=$BASE_REF" >> $GITHUB_ENV - echo "CONTENDER_REF=$CONTENDER_REF" >> $GITHUB_ENV + echo "EVENT_NAME=$EVENT_NAME" >> "$GITHUB_ENV" + echo "BASE_REF=$BASE_REF" >> "$GITHUB_ENV" + echo "CONTENDER_REF=$CONTENDER_REF" >> "$GITHUB_ENV" # Run benchmarks for current commit against base - asv continuous $ASV_OPTIONS -b '${{ matrix.selection-regex }}' ${BASE_REF} ${CONTENDER_REF} \ + asv continuous "${cmd_options[@]}" -b "${{ matrix.selection-regex }}" "${BASE_REF}" "${CONTENDER_REF}" \ | sed -E "/Traceback | failed$|PERFORMANCE DECREASED/ s/^/::error:: /" \ | tee asv_continuous.log diff --git a/.github/workflows/benchmarks_report.yml b/.github/workflows/benchmarks_report.yml index e4c2e2352f8..f4244f72844 100644 --- a/.github/workflows/benchmarks_report.yml +++ b/.github/workflows/benchmarks_report.yml @@ -63,7 +63,7 @@ jobs: - name: Collect PR number if available run: | if [[ -f pr_number ]]; then - echo "PR_NUMBER=$(cat pr_number)" >> $GITHUB_ENV + echo "PR_NUMBER=$(cat pr_number)" >> "$GITHUB_ENV" fi - name: "Comment on PR" diff --git a/.github/workflows/docker-singularity-publish.yml b/.github/workflows/docker-singularity-publish.yml index 02d8a11a50a..f5803cbd9af 100644 --- a/.github/workflows/docker-singularity-publish.yml +++ b/.github/workflows/docker-singularity-publish.yml @@ -121,7 +121,7 @@ jobs: - name: Continue if Singularity Recipe Exists run: | if [[ -f "${{ matrix.recipe }}" ]]; then - echo "keepgoing=true" >> $GITHUB_ENV + echo "keepgoing=true" >> "$GITHUB_ENV" fi - name: Build Container @@ -136,7 +136,7 @@ jobs: fi # Build the container and name by tag echo "Tag is $tag." - echo "tag=$tag" >> $GITHUB_ENV + echo "tag=$tag" >> "$GITHUB_ENV" - name: Login and Deploy Container if: (github.event_name != 'pull_request') @@ -145,5 +145,5 @@ jobs: run: | if [[ "${keepgoing}" == "true" ]]; then echo ${{ secrets.GITHUB_TOKEN }} | singularity remote login -u ${{ secrets.GHCR_USERNAME }} --password-stdin oras://ghcr.io - singularity push container.sif oras://ghcr.io/${GITHUB_REPOSITORY}:${tag} + singularity push container.sif "oras://ghcr.io/${GITHUB_REPOSITORY}:${tag}" fi diff --git a/.github/workflows/make_release.yml b/.github/workflows/make_release.yml index 9e1e7fe1499..b84e52dd7aa 100644 --- a/.github/workflows/make_release.yml +++ b/.github/workflows/make_release.yml @@ -46,10 +46,10 @@ jobs: VER="${VER/rc*/}" # remove rc identifier RELEASE_NOTES_PATH="docs/docs/release/release_${VER//./_}.md" - echo "tag=${TAG}" >> $GITHUB_ENV - echo "release_notes_path=${RELEASE_NOTES_PATH}" >> $GITHUB_ENV - echo tag: ${TAG} - echo release_notes_path: ${RELEASE_NOTES_PATH} + echo "tag=${TAG}" >> "$GITHUB_ENV" + echo "release_notes_path=${RELEASE_NOTES_PATH}" >> "$GITHUB_ENV" + echo tag: "${TAG}" + echo release_notes_path: "${RELEASE_NOTES_PATH}" ls docs/docs/release - name: Create Release diff --git a/.github/workflows/reusable_coverage_upload.yml b/.github/workflows/reusable_coverage_upload.yml index 6aebd5f2b4c..9caf01086d1 100644 --- a/.github/workflows/reusable_coverage_upload.yml +++ b/.github/workflows/reusable_coverage_upload.yml @@ -37,7 +37,7 @@ jobs: python -Im coverage xml -o coverage.xml # Report and write to summary. - python -Im coverage report --format=markdown --skip-empty --skip-covered >> $GITHUB_STEP_SUMMARY + python -Im coverage report --format=markdown --skip-empty --skip-covered >> "$GITHUB_STEP_SUMMARY" - name: Upload coverage data uses: codecov/codecov-action@v4 diff --git a/.github/workflows/reusable_pip_test.yml b/.github/workflows/reusable_pip_test.yml index 61fd00bddbe..f720f16e35c 100644 --- a/.github/workflows/reusable_pip_test.yml +++ b/.github/workflows/reusable_pip_test.yml @@ -25,7 +25,7 @@ jobs: - name: Install this commit run: | pip install --upgrade pip - pip install ./napari-from-github[pyqt,testing] + pip install "./napari-from-github[pyqt,testing]" env: PIP_CONSTRAINT: napari-from-github/resources/constraints/constraints_py3.9.txt diff --git a/.github/workflows/reusable_run_tox_test.yml b/.github/workflows/reusable_run_tox_test.yml index df908646729..f8e0386423b 100644 --- a/.github/workflows/reusable_run_tox_test.yml +++ b/.github/workflows/reusable_run_tox_test.yml @@ -69,7 +69,7 @@ jobs: path: dist - name: Set wheel path - run: echo "WHEEL_PATH=$(ls dist/*.whl)" >> $GITHUB_ENV + run: echo "WHEEL_PATH=$(ls dist/*.whl)" >> "$GITHUB_ENV" shell: bash - name: Set up Python ${{ inputs.python_version }} @@ -92,6 +92,7 @@ jobs: git clone --depth 1 https://github.com/pyvista/gl-ci-helpers.git powershell gl-ci-helpers/appveyor/install_opengl.ps1 if (Test-Path -Path "C:\Windows\system32\opengl32.dll" -PathType Leaf) {Exit 0} else {Exit 1} + shell: powershell - name: Disable ptrace security restrictions if: runner.os == 'Linux' @@ -133,10 +134,10 @@ jobs: # FOURTH=none shell: bash run: | - python tools/split_qt_backend.py 0 ${{ inputs.qt_backend }} >> $GITHUB_ENV - python tools/split_qt_backend.py 1 ${{ inputs.qt_backend }} >> $GITHUB_ENV - python tools/split_qt_backend.py 2 ${{ inputs.qt_backend }} >> $GITHUB_ENV - python tools/split_qt_backend.py 3 ${{ inputs.qt_backend }} >> $GITHUB_ENV + python tools/split_qt_backend.py 0 ${{ inputs.qt_backend }} >> "$GITHUB_ENV" + python tools/split_qt_backend.py 1 ${{ inputs.qt_backend }} >> "$GITHUB_ENV" + python tools/split_qt_backend.py 2 ${{ inputs.qt_backend }} >> "$GITHUB_ENV" + python tools/split_qt_backend.py 3 ${{ inputs.qt_backend }} >> "$GITHUB_ENV" - name: Test with tox main timeout-minutes: ${{ inputs.timeout }} diff --git a/.github/workflows/test_comprehensive.yml b/.github/workflows/test_comprehensive.yml index 9579f55438b..ae83c85bbc8 100644 --- a/.github/workflows/test_comprehensive.yml +++ b/.github/workflows/test_comprehensive.yml @@ -86,7 +86,6 @@ jobs: qt_backend: ${{ matrix.backend }} min_req: ${{ matrix.MIN_REQ }} coverage: cov - toxenv: ${{ matrix.toxenv }} tox_extras: ${{ matrix.tox_extras }} test_pip_install: diff --git a/.github/workflows/test_prereleases.yml b/.github/workflows/test_prereleases.yml index 3f1b466b09a..e0b75a6f8d1 100644 --- a/.github/workflows/test_prereleases.yml +++ b/.github/workflows/test_prereleases.yml @@ -53,6 +53,7 @@ jobs: git clone --depth 1 https://github.com/pyvista/gl-ci-helpers.git powershell gl-ci-helpers/appveyor/install_opengl.ps1 if (Test-Path -Path "C:\Windows\system32\opengl32.dll" -PathType Leaf) {Exit 0} else {Exit 1} + shell: powershell - name: Install dependencies run: | diff --git a/.github/workflows/test_pull_requests.yml b/.github/workflows/test_pull_requests.yml index dd25f4b764c..b159d7219ee 100644 --- a/.github/workflows/test_pull_requests.yml +++ b/.github/workflows/test_pull_requests.yml @@ -70,7 +70,7 @@ jobs: pip install --upgrade pip semgrep # f"..." and f'...' are the same for semgrep semgrep --error --lang python --pattern 'trans._(f"...")' napari - semgrep --error --lang python --pattern 'trans._($X.format(...))' napari + semgrep --error --lang python --pattern "trans._(\$X.format(...))" napari build_wheel: name: Build wheel @@ -89,11 +89,13 @@ jobs: backend: pyqt5 pydantic: "_pydantic_1" coverage: no_cov + min_req: "" - python: 3.12 platform: ubuntu-latest backend: pyqt6 pydantic: "" coverage: no_cov + min_req: "" with: python_version: ${{ matrix.python }} platform: ${{ matrix.platform }} @@ -166,7 +168,6 @@ jobs: qt_backend: ${{ matrix.backend }} min_req: ${{ matrix.MIN_REQ }} coverage: ${{ matrix.coverage }} - toxenv: ${{ matrix.toxenv }} tox_extras: ${{ matrix.tox_extras }} constraints_suffix: ${{ matrix.pydantic }} @@ -200,7 +201,7 @@ jobs: test_benchmarks: name: test benchmarks runs-on: ubuntu-latest -# needs: test_initial + needs: test_initial timeout-minutes: 60 env: GIT_LFS_SKIP_SMUDGE: 1 @@ -229,7 +230,7 @@ jobs: - name: install dependencies run: | pip install --upgrade pip - pip install asv[virtualenv] + pip install "asv[virtualenv]" env: PIP_CONSTRAINT: resources/constraints/benchmark.txt diff --git a/.github/workflows/test_translations.yml b/.github/workflows/test_translations.yml index 2a6f2955537..4c9a1b76030 100644 --- a/.github/workflows/test_translations.yml +++ b/.github/workflows/test_translations.yml @@ -22,8 +22,8 @@ jobs: cache-dependency-path: pyproject.toml - name: Install napari run: | - pip install -e .[all] - pip install -e .[testing] + pip install -e ".[all]" + pip install -e ".[testing]" - name: Run check run: | python -m pytest -Wignore tools/ --tb=short diff --git a/.github/workflows/upgrade_test_constraints.yml b/.github/workflows/upgrade_test_constraints.yml index cbd4a403ba4..c489b969695 100644 --- a/.github/workflows/upgrade_test_constraints.yml +++ b/.github/workflows/upgrade_test_constraints.yml @@ -86,11 +86,11 @@ jobs: "https://api.github.com/repos/${{ github.repository }}/pulls/$PR_number" \ ) - FULL_NAME=$(echo $PR_data | jq -r .head.repo.full_name) - echo "FULL_NAME=$FULL_NAME" >> $GITHUB_ENV + FULL_NAME=$(echo "${PR_data}" | jq -r .head.repo.full_name) + echo "FULL_NAME=$FULL_NAME" >> "$GITHUB_ENV" - BRANCH=$(echo $PR_data | jq -r .head.ref) - echo "BRANCH=$BRANCH" >> $GITHUB_ENV + BRANCH=$(echo "${PR_data}" | jq -r .head.ref) + echo "BRANCH=$BRANCH" >> "$GITHUB_ENV" env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -99,8 +99,8 @@ jobs: # when schedule or workflow_dispatch triggers workflow, then we need to get info about which branch to use if: github.event_name != 'issue_comment' && github.event_name != 'pull_request' run: | - echo "FULL_NAME=${{ github.repository }}" >> $GITHUB_ENV - echo "BRANCH=${{ github.ref_name }}" >> $GITHUB_ENV + echo "FULL_NAME=${{ github.repository }}" >> "$GITHUB_ENV" + echo "BRANCH=${{ github.ref_name }}" >> "$GITHUB_ENV" - uses: actions/checkout@v4 with: @@ -156,7 +156,8 @@ jobs: run: | set -x pip install -U uv - flags="--quiet" + flags=(--quiet --extra pyqt5 --extra pyqt6 --extra pyside2 --extra pyside6_experimental --extra testing --extra testing_extra --extra optional) + # Explanation of below commands # uv pip compile --python-version 3.9 - call uv pip compile but ensure proper interpreter # --upgrade upgrade to the latest possible version. Without this pip-compile will take a look to output files and reuse versions (so will ad something on when adding dependency. @@ -164,27 +165,20 @@ jobs: # pyproject.toml resources/constraints/version_denylist.txt - source files. the resources/constraints/version_denylist.txt - contains our test specific constraints like pytes-cov` # # --extra pyqt5 etc - names of extra sections from pyproject.toml that should be checked for the dependencies list (maybe we could create a super extra section to collect them all in) - flags+=" --extra pyqt5" - flags+=" --extra pyqt6" - flags+=" --extra pyside2" - flags+=" --extra pyside6_experimental" - flags+=" --extra testing" - flags+=" --extra testing_extra" - flags+=" --extra optional" prefix="napari_repo" pyproject_toml="${prefix}/pyproject.toml" constraints="${prefix}/resources/constraints" for pyv in 3.9 3.10 3.11 3.12; do - uv pip compile --python-version ${pyv} --upgrade --output-file $constraints/constraints_py${pyv}.txt $pyproject_toml $constraints/version_denylist.txt ${flags} - uv pip compile --python-version ${pyv} --upgrade --output-file $constraints/constraints_py${pyv}_pydantic_1.txt $pyproject_toml $constraints/version_denylist.txt $constraints/pydantic_le_2.txt ${flags} - uv pip compile --python-platform aarch64-apple-darwin --python-version ${pyv} --upgrade --output-file $constraints/constraints_py${pyv}_macos_arm.txt $pyproject_toml $constraints/version_denylist.txt ${flags} + uv pip compile --python-version ${pyv} --upgrade --output-file $constraints/constraints_py${pyv}.txt $pyproject_toml $constraints/version_denylist.txt "${flags[@]}" + uv pip compile --python-version ${pyv} --upgrade --output-file $constraints/constraints_py${pyv}_pydantic_1.txt $pyproject_toml $constraints/version_denylist.txt $constraints/pydantic_le_2.txt "${flags[@]}" + uv pip compile --python-platform aarch64-apple-darwin --python-version ${pyv} --upgrade --output-file $constraints/constraints_py${pyv}_macos_arm.txt $pyproject_toml $constraints/version_denylist.txt "${flags[@]}" done - uv pip compile --python-version 3.9 --upgrade --output-file $constraints/constraints_py3.9_examples.txt $pyproject_toml $constraints/version_denylist.txt resources/constraints/version_denylist_examples.txt ${flags} - uv pip compile --python-version 3.10 --upgrade --output-file $constraints/constraints_py3.10_docs.txt $pyproject_toml $constraints/version_denylist.txt resources/constraints/version_denylist_examples.txt docs/requirements.txt $constraints/pydantic_le_2.txt ${flags} + uv pip compile --python-version 3.9 --upgrade --output-file $constraints/constraints_py3.9_examples.txt $pyproject_toml $constraints/version_denylist.txt resources/constraints/version_denylist_examples.txt "${flags[@]}" + uv pip compile --python-version 3.10 --upgrade --output-file $constraints/constraints_py3.10_docs.txt $pyproject_toml $constraints/version_denylist.txt resources/constraints/version_denylist_examples.txt docs/requirements.txt $constraints/pydantic_le_2.txt "${flags[@]}" uv pip compile --python-version 3.11 --upgrade --output-file ${prefix}/resources/requirements_mypy.txt ${prefix}/resources/requirements_mypy.in # END PYTHON DEPENDENCIES