Skip to content

Try out hack by placing venv in system Python #3173

Try out hack by placing venv in system Python

Try out hack by placing venv in system Python #3173

Workflow file for this run

---
name: Lint
"on":
workflow_call:
push:
branches:
- main
pull_request:
concurrency:
# Group workflow jobs so new commits cancels in-progress execution triggered by previous commits.
# Source: https://mail.python.org/archives/list/pypa-committers@python.org/thread/PCBCQMJF64JGRBOX7E2EE4YLKHT4DI55/
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
jobs:
project-metadata:
name: Project metadata
runs-on: ubuntu-22.04
outputs:
python_files: ${{ steps.project-metadata.outputs.python_files }}
is_poetry_project: ${{ steps.project-metadata.outputs.is_poetry_project }}
mypy_params: ${{ steps.project-metadata.outputs.mypy_params }}
steps:
- uses: actions/checkout@v4.1.1
with:
# Checkout pull request HEAD commit to ignore actions/checkout's merge commit. Fallback to push SHA.
ref: ${{ github.event.pull_request.head.sha || github.sha }}
# We're going to browse all new commits.
fetch-depth: 0
- name: Hack setup-python cache
id: setup_python_hack
# XXX Create an empty pyproject.toml if this file (or requirements.txt) doesn't exist.
# This work around and issue with setup-python for non-Python projects, which ends up with ends up
# with this error:
#
# Run actions/setup-python@v5.0.0
# with:
# python-version: 3.12
# cache: pip
# Installed versions
# Successfully set up CPython (3.12.1)
# Error: No file in /home/runner/work/awesome-iam/awesome-iam matched to
# [**/requirements.txt or **/pyproject.toml], make sure you have checked out the target repository
#
# This has been reported at: https://github.com/actions/setup-python/issues/807
# In the future this might be addressed by: https://github.com/actions/setup-python/pull/762
# or https://github.com/actions/setup-python/issues/751
if: hashFiles('**/requirements.txt', '**/pyproject.toml') == ''
run: |
touch ./pyproject.toml
echo "tmp_deps_file=true" >> "$GITHUB_OUTPUT"
- uses: actions/setup-python@v5.0.0
with:
python-version: "3.12"
cache: "pip"
- name: Remove setup-python hack
if: steps.setup_python_hack.outputs.tmp_deps_file
run: |
rm ./pyproject.toml
- name: Hack uv to use system Python as default venv
# See: https://github.com/astral-sh/uv/issues/1386#issuecomment-1947801083
run: |
echo "VIRTUAL_ENV=${Python_ROOT_DIR}" >> $GITHUB_ENV
- name: Install uv
run: |
python -m pip install uv
# XXX Wait for https://github.com/astral-sh/uv/issues/1481 to bypass the intermediate requirements.txt
# download with curl.
- name: Download requirements.txt
run: >
curl -fsSL --output ./pinned-requirements.txt
https://raw.githubusercontent.com/kdeldycke/workflows/main/requirements.txt
- name: Install Poetry
# uv needs a venv. See:
# https://github.com/astral-sh/uv/issues/1386
# https://github.com/astral-sh/uv/issues/1374
run: |
uv venv
uv pip install --requirement ./pinned-requirements.txt
- name: Project metadata
id: project-metadata
env:
GITHUB_CONTEXT: ${{ toJSON(github) }}
run: >
python -c "$(curl -fsSL
https://raw.githubusercontent.com/kdeldycke/workflows/main/.github/metadata.py)"
lint-python-types:
needs:
- project-metadata
# Skip linting on prepare-release branch as it points to a tagged URL that does not exist yet.
if: github.head_ref != 'prepare-release' && needs.project-metadata.outputs.python_files
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4.1.1
- uses: actions/setup-python@v5.0.0
with:
python-version: "3.12"
cache: "pip"
- name: Install pip
run: |
python -m pip install --upgrade pip
- name: Install Poetry and Mypy
run: >
python -m pip install --requirement
https://raw.githubusercontent.com/kdeldycke/workflows/main/requirements.txt
- name: Install project with Poetry
# Install project with Poetry if supported, so we can benefits from dependencies on typing stubs.
if: fromJSON(needs.project-metadata.outputs.is_poetry_project)
run: |
poetry install --no-interaction
- name: Run Poetry's Mypy
if: fromJSON(needs.project-metadata.outputs.is_poetry_project)
run: >
poetry run mypy ${{ needs.project-metadata.outputs.mypy_params }}
${{ needs.project-metadata.outputs.python_files }}
- name: Run vanilla Mypy
if: ${{ ! fromJSON(needs.project-metadata.outputs.is_poetry_project) }}
# --color-output - Force colorized output as in CI, Mypy defaults to no color.
run: >
mypy --color-output ${{ needs.project-metadata.outputs.mypy_params }}
${{ needs.project-metadata.outputs.python_files }}
lint-yaml:
# Skip linting on prepare-release branch as it points to a tagged URL that does not exist yet.
if: github.head_ref != 'prepare-release'
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4.1.1
- name: Hack setup-python cache
id: setup_python_hack
# XXX Create an empty pyproject.toml if this file (or requirements.txt) doesn't exist.
# This work around and issue with setup-python for non-Python projects, which ends up with ends up
# with this error:
#
# Run actions/setup-python@v5.0.0
# with:
# python-version: 3.12
# cache: pip
# Installed versions
# Successfully set up CPython (3.12.1)
# Error: No file in /home/runner/work/awesome-iam/awesome-iam matched to
# [**/requirements.txt or **/pyproject.toml], make sure you have checked out the target repository
#
# This has been reported at: https://github.com/actions/setup-python/issues/807
# In the future this might be addressed by: https://github.com/actions/setup-python/pull/762
# or https://github.com/actions/setup-python/issues/751
if: hashFiles('**/requirements.txt', '**/pyproject.toml') == ''
run: |
touch ./pyproject.toml
echo "tmp_deps_file=true" >> "$GITHUB_OUTPUT"
- uses: actions/setup-python@v5.0.0
with:
python-version: "3.12"
cache: "pip"
- name: Remove setup-python hack
if: steps.setup_python_hack.outputs.tmp_deps_file
run: |
rm ./pyproject.toml
- name: Install pip
run: |
python -m pip install --upgrade pip
- name: Install yamllint
run: >
python -m pip install --requirement
https://raw.githubusercontent.com/kdeldycke/workflows/main/requirements.txt
- name: Run yamllint
run: |
yamllint --strict --config-data "{rules: {line-length: {max: 120}}}" --format github .
lint-zsh:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4.1.1
- name: Install Zsh
run: |
sudo apt update
sudo apt install --yes zsh
- name: Lint
run: |
find . -iname "*.sh" -exec zsh --no-exec "{}" \;
lint-github-action:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4.1.1
- name: Install actionlint
id: install_actionlint
run: |
bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
- name: Install shellcheck
run: |
sudo apt update
sudo apt install --yes shellcheck
- name: Install problem matcher
# Source: https://github.com/rhysd/actionlint/blob/main/docs/usage.md#problem-matchers
run: >
curl -fsSL --output ./.github/labeller-file-based.yaml
https://raw.githubusercontent.com/rhysd/actionlint/main/.github/actionlint-matcher.json
- name: Register problem matcher
run: |
echo "::add-matcher::.github/labeller-file-based.yaml"
- name: Run actionlint
# XXX actionlint triggers this error:
# Error: .github/workflows/release.yaml:198:27:
# property "workflow_update_github_pat" is not defined in object type {actions_runner_debug: string;
# actions_step_debug: string; github_token: string; pypi_token: string} [expression]
# See: https://github.com/rhysd/actionlint/issues/148
run: >
${{ steps.install_actionlint.outputs.executable }}
-color
-ignore 'property "workflow_update_github_pat" is not defined in .+'
broken-links:
# Skip checks on prepare-release branch as it contains commits in changelog and documentation that points to a tag
# that does not exist yet, rendering URLs artificially broken. Also skips the merge commit of the prepare-release
# branch, as if the URLs are good, the tag is created asynchronously by release.yaml:git-tag job. And as a
# precautionary measure, just skip any event that contains a post-release bump commit.
if: >
github.head_ref != 'prepare-release'
&& github.ref != 'refs/heads/prepare-release'
&& (! contains(github.event.commits.*.message, '[changelog] Post-release version bump'))
runs-on: ubuntu-22.04
# XXX We need to manually manage the life-cycle of issues created in this job because the create-issue-from-file
# action blindly creates issues ad-nauseam. See: https://github.com/peter-evans/create-issue-from-file/issues/298 .
# This was also discussed at: https://github.com/lycheeverse/lychee-action/issues/74#issuecomment-1587089689
steps:
- uses: actions/checkout@v4.1.1
- uses: lycheeverse/lychee-action@v1.9.3
with:
# XXX Skip HN because of rate-limiting.
# See: https://github.com/lycheeverse/lychee/issues/989#issuecomment-1587208730
# https://github.com/lycheeverse/lychee/pull/1147
args: >
--exclude ycombinator.com
--base .
--verbose
--no-progress
'./**/*.md' './**/*.html' './**/*.rst'
- name: Install hub
run: |
sudo apt install --yes hub
- name: List open issues
id: open_issues
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: >
echo "issues=$(
hub issue
--state open
--creator "github-actions[bot]"
--format $'%I %t\t'
--sort created )" >> "$GITHUB_OUTPUT"
- name: Print open issues
run: |
echo "Open issues: ${{ steps.open_issues.outputs.issues }}"
- name: Filter issues
id: issue_groups
shell: python
run: |
import os
from pathlib import Path
exit_code = os.getenv("lychee_exit_code")
print(f"Lychee exit code: {exit_code!r} (type: {type(exit_code)})")
broken_links_found = bool(int(exit_code))
if broken_links_found:
print("Broken links found: create or update an issue.")
else:
print("No broken link found: close all open issues.")
open_issues = """${{ steps.open_issues.outputs.issues }}"""
update_issue = ""
close_issues = set()
for entry in (e.strip() for e in open_issues.split("\t") if e.strip()):
print(f"Processing {entry!r} ...")
number, title = entry.split(" ", 1)
if title != "Broken links":
print(f"{entry!r} is not a broken links issue, skip it.")
continue
if broken_links_found and not update_issue:
print(f"Issue #{number} is the last open issue.")
update_issue = number
else:
print(f"Issue #{number} is an old open issue.")
close_issues.add(number)
output = f"broken_links_found={str(broken_links_found).lower()}\n"
output += f"update_issue={update_issue}\n"
output += f"close_issues={' '.join(close_issues)}\n"
env_file = Path(os.getenv("GITHUB_OUTPUT"))
env_file.write_text(output)
- name: Print issue groups
run: |
echo "Broken links found: ${{ steps.issue_groups.outputs.broken_links_found }}"
echo "Issue to update: ${{ steps.issue_groups.outputs.update_issue }}"
echo "Issues to close: ${{ steps.issue_groups.outputs.close_issues }}"
- name: Close old issues
if: steps.issue_groups.outputs.close_issues
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
NUMBER_LIST="${{ steps.issue_groups.outputs.close_issues }}"
for number in $NUMBER_LIST; do
hub issue update "$number" --state closed;
done
- name: Get label
if: fromJSON(steps.issue_groups.outputs.broken_links_found)
id: get_label
run: >
echo "label=${{ startsWith(github.event.repository.name, 'awesome-')
&& '🩹 fix link' || '📚 documentation' }}" >> "$GITHUB_OUTPUT"
- name: Create or update issue
if: fromJSON(steps.issue_groups.outputs.broken_links_found)
uses: peter-evans/create-issue-from-file@v5.0.0
with:
title: "Broken links"
issue-number: ${{ steps.issue_groups.outputs.update_issue }}
content-filepath: ./lychee/out.md
labels: ${{ steps.get_label.outputs.label }}
lint-awesome:
name: Lint Awesome list
if: startsWith(github.event.repository.name, 'awesome-')
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4.1.1
with:
# Fetch all history to please linter's age checks.
fetch-depth: 0
- run: |
npx awesome-lint --version
npx awesome-lint
check-secrets:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4.1.1
with:
fetch-depth: 0
- uses: gitleaks/gitleaks-action@v2.3.3
with:
config-path: .github/gitleaks.toml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}