Skip to content

Commit

Permalink
Don't cache git credentials in workflows
Browse files Browse the repository at this point in the history
Includes a small update to the launch modules in
the sample project so the PR generation for output
updates is tested with the updated workflow.

Addresses initial manual workflow scan for #50
  • Loading branch information
ncoghlan committed Oct 29, 2024
1 parent 763dbec commit b7c2349
Show file tree
Hide file tree
Showing 7 changed files with 32 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ jobs:
# for latest versions if the standard actions start emitting warnings
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false

# sphinx-action uses docker under the hood and doesn't play nice with the
# dependency caching, so it may be better to switch to using `tox -e docs`
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ jobs:
id-token: write
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false

- uses: pdm-project/setup-pdm@v4
with:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ jobs:

steps:
- uses: actions/checkout@v4
with:
persist-credentials: false

- name: Capture timestamp for debugging artifacts
id: timestamp
Expand Down Expand Up @@ -149,6 +151,9 @@ jobs:

steps:
- uses: actions/checkout@v4
with:
persist-credentials: false

- uses: actions/setup-python@v5
with:
# Use latest Python, so it understands all syntax.
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/update-expected-output.yml
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,8 @@ jobs:

steps:
- uses: actions/checkout@v4
with:
persist-credentials: false

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
Expand Down Expand Up @@ -183,6 +185,7 @@ jobs:
uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
persist-credentials: false

- name: Download all updated output files
uses: actions/download-artifact@v4
Expand Down
7 changes: 7 additions & 0 deletions tests/sample_project/launch_modules/scipy_client/cli.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
"""Sample CLI helper module importing scipy and httpx"""

import numpy
import scipy
import httpx

Expand All @@ -11,4 +12,10 @@ def main():
for disallowed in ("pip", "sklearn"):
if find_spec(disallowed):
raise RuntimeError(f"Should not be able to import {disallowed!r}!")

for module in (numpy, scipy, httpx):
# This is just here to allow the launch modules to pass lint checks
assert module.__spec__ is not None
assert find_spec(module.__spec__.name) is not None

print("Environment launch module executed successfully")
6 changes: 6 additions & 0 deletions tests/sample_project/launch_modules/scipy_import.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
"""Sample launch module importing scipy"""

import numpy
import scipy

if __name__ == "__main__":
Expand All @@ -10,4 +11,9 @@
if find_spec(disallowed):
raise RuntimeError(f"Should not be able to import {disallowed!r}!")

for module in (numpy, scipy):
# This is just here to allow the launch modules to pass lint checks
assert module.__spec__ is not None
assert find_spec(module.__spec__.name) is not None

print("Environment launch module executed successfully")
7 changes: 7 additions & 0 deletions tests/sample_project/launch_modules/sklearn_import.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
"""Sample launch module importing sklearn"""

import numpy
import scipy
import sklearn

if __name__ == "__main__":
Expand All @@ -10,4 +12,9 @@
if find_spec(disallowed):
raise RuntimeError(f"Should not be able to import {disallowed!r}!")

for module in (numpy, scipy, sklearn):
# This is just here to allow the launch modules to pass lint checks
assert module.__spec__ is not None
assert find_spec(module.__spec__.name) is not None

print("Environment launch module executed successfully")

0 comments on commit b7c2349

Please sign in to comment.