From 10280568045480a1f8f02aea57bd80e8be51adb7 Mon Sep 17 00:00:00 2001 From: Sajith Sasidharan Date: Fri, 31 May 2024 11:54:27 -0500 Subject: [PATCH 01/14] Use example workflow from 1Password/check-signed-commits-action@v1 --- .github/workflows/check_signed_commits.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .github/workflows/check_signed_commits.yml diff --git a/.github/workflows/check_signed_commits.yml b/.github/workflows/check_signed_commits.yml new file mode 100644 index 00000000..eaef4601 --- /dev/null +++ b/.github/workflows/check_signed_commits.yml @@ -0,0 +1,15 @@ +name: Check signed commits in PR +on: pull_request_target + +jobs: + check-signed-commits: + name: Check signed commits in PR + runs-on: ubuntu-latest + + permissions: + contents: read + pull-requests: write + + steps: + - name: Check signed commits in PR + uses: 1Password/check-signed-commits-action@v1 From a9b515d362ae9d854fcfcc0e238a2415dd73883e Mon Sep 17 00:00:00 2001 From: Sajith Sasidharan Date: Fri, 31 May 2024 11:57:14 -0500 Subject: [PATCH 02/14] Add some comments --- .github/workflows/check_signed_commits.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/check_signed_commits.yml b/.github/workflows/check_signed_commits.yml index eaef4601..45680a9f 100644 --- a/.github/workflows/check_signed_commits.yml +++ b/.github/workflows/check_signed_commits.yml @@ -1,3 +1,9 @@ +# FABRIC policy requires that code commits are signed with the +# committer's GPG key. +# +# https://github.com/marketplace/actions/check-signed-commits-in-pr +# runs on pull_request_target events. + name: Check signed commits in PR on: pull_request_target @@ -8,6 +14,8 @@ jobs: permissions: contents: read + # Allow 1Password/check-signed-commits-action to leave comments + # on pull requests. pull-requests: write steps: From d2b03d2b165773a7379291653b214b84c2115360 Mon Sep 17 00:00:00 2001 From: Sajith Sasidharan Date: Fri, 31 May 2024 12:03:36 -0500 Subject: [PATCH 03/14] Use a custom comment in code signing warnings --- .github/workflows/check_signed_commits.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/check_signed_commits.yml b/.github/workflows/check_signed_commits.yml index 45680a9f..7d54c32a 100644 --- a/.github/workflows/check_signed_commits.yml +++ b/.github/workflows/check_signed_commits.yml @@ -21,3 +21,12 @@ jobs: steps: - name: Check signed commits in PR uses: 1Password/check-signed-commits-action@v1 + with: + comment: | + ⚠️ This PR contains unsigned commits. To get your PR merged, please sign those commits (`git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}`) and force push them to this branch (`git push --force-with-lease`). + + If you're new to commit signing, follow the steps below to set up commit signing with `gpg`: + + 1. [Generate a GPG key](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key) + 2. [Add the GPG key to your GitHub account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account) + 3. [Configure `git` to use your GPG key for commit signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key#telling-git-about-your-gpg-key) From c897b9df92d47dfef87b01448e44c643edab45f0 Mon Sep 17 00:00:00 2001 From: Sajith Sasidharan Date: Fri, 31 May 2024 12:05:00 -0500 Subject: [PATCH 04/14] Update workflow name --- .github/workflows/checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 96845349..abbe2e4f 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -1,6 +1,6 @@ # Run some code checks with GitHub Actions. -name: Code checks +name: Code formatting checks on: push: From 551c22c3fdce2ddb1ecb4428238ea1b8c8c98e6b Mon Sep 17 00:00:00 2001 From: Sajith Sasidharan Date: Fri, 31 May 2024 12:06:58 -0500 Subject: [PATCH 05/14] Remove code signing checks from code formatting checks --- .github/workflows/checks.yml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index abbe2e4f..4931cf75 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -7,13 +7,6 @@ on: branches: - "main" pull_request: - pull_request_target: - -permissions: - contents: read - # Allow 1Password/check-signed-commits-action to leave comments on - # pull requests. - pull-requests: write jobs: @@ -25,14 +18,6 @@ jobs: with: fetch-depth: 0 # since we need to diff against origin/main. - # https://github.com/marketplace/actions/check-signed-commits-in-pr - # runs on pull_request_target and pull_request events, but - # pull_request_target is preferred because of the ability to - # leave comments on external PRs created from forks. - - name: Check that commits are signed - if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' - uses: 1Password/check-signed-commits-action@v1 - - name: Set up Python 3.9 uses: actions/setup-python@v4 with: From 1dfccc4d4c080712bff0c3e9085330c59ffb69ca Mon Sep 17 00:00:00 2001 From: Sajith Sasidharan Date: Fri, 31 May 2024 12:08:40 -0500 Subject: [PATCH 06/14] Rename workflow file --- .github/workflows/{checks.yml => check_format.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{checks.yml => check_format.yml} (100%) diff --git a/.github/workflows/checks.yml b/.github/workflows/check_format.yml similarity index 100% rename from .github/workflows/checks.yml rename to .github/workflows/check_format.yml From c7009d496c7d8edd2de127c47565c655ea27f00b Mon Sep 17 00:00:00 2001 From: Sajith Sasidharan Date: Fri, 31 May 2024 12:14:02 -0500 Subject: [PATCH 07/14] Use current versions of actions --- .github/workflows/build.yml | 8 ++++---- .github/workflows/check_format.yml | 6 +++--- .github/workflows/publish.yml | 4 ++-- .github/workflows/test.yml | 4 ++-- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 375ff9ee..3ac67631 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -17,10 +17,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 - - name: Set up Python 3.9 - uses: actions/setup-python@v4 + - name: Set up Python + uses: actions/setup-python@v5 with: python-version: "3.9" cache: 'pip' # cache pip dependencies @@ -41,7 +41,7 @@ jobs: # See https://github.com/actions/upload-artifact - name: Upload build artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: packages path: dist/ diff --git a/.github/workflows/check_format.yml b/.github/workflows/check_format.yml index 4931cf75..fa5ffc54 100644 --- a/.github/workflows/check_format.yml +++ b/.github/workflows/check_format.yml @@ -14,12 +14,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 # since we need to diff against origin/main. - - name: Set up Python 3.9 - uses: actions/setup-python@v4 + - name: Set up Python + uses: actions/setup-python@v5 with: python-version: "3.9" cache: 'pip' # cache pip dependencies diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 4c334483..4665ad81 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -37,10 +37,10 @@ jobs: steps: - name: Check out sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: "3.x" cache: 'pip' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index aac1d673..bfe00f6b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,10 +30,10 @@ jobs: steps: - name: Check out sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} cache: 'pip' # caching pip dependencies From 2632f71e10af5ba3312af7623241f615aa6a0b5d Mon Sep 17 00:00:00 2001 From: Sajith Sasidharan Date: Fri, 31 May 2024 12:17:44 -0500 Subject: [PATCH 08/14] Use current stable Python release --- .github/workflows/build.yml | 2 +- .github/workflows/check_format.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3ac67631..c8e49fb2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,7 +22,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v5 with: - python-version: "3.9" + python-version: "3.x" cache: 'pip' # cache pip dependencies cache-dependency-path: pyproject.toml diff --git a/.github/workflows/check_format.yml b/.github/workflows/check_format.yml index fa5ffc54..145e8ad0 100644 --- a/.github/workflows/check_format.yml +++ b/.github/workflows/check_format.yml @@ -21,7 +21,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v5 with: - python-version: "3.9" + python-version: "3.x" cache: 'pip' # cache pip dependencies cache-dependency-path: pyproject.toml From 2357f6f43b2b9b03d6a01c6b986ee319f9c4c649 Mon Sep 17 00:00:00 2001 From: Sajith Sasidharan Date: Fri, 31 May 2024 12:20:57 -0500 Subject: [PATCH 09/14] Use coverallsapp action to send coverage, not Python coveralls The former appears to be better supported --- .github/workflows/test.yml | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index bfe00f6b..d64a3c3f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -42,7 +42,7 @@ jobs: - name: Install dependencies run: | python -m pip install --upgrade pip - python -m pip install wheel coveralls + python -m pip install wheel # # TODO: we can't use flake8 right now, because there isn't a # # version of flake8 that can use pycodestyle==2.6.0, and fim has @@ -59,24 +59,23 @@ jobs: python -m pip install .[test] python -m coverage run -m pytest python -m coverage report - + # Generate LCOV format coverage data for coveralls. + python -m coverage lcov -o coverage.lcov + - name: Send coverage data to coveralls.io - run: | - python -m coveralls --service=github - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - COVERALLS_FLAG_NAME: ${{ matrix.python-version }} - COVERALLS_PARALLEL: true + uses: coverallsapp/github-action@v2 + with: + flag-name: run-${{ join(matrix.*, '-') }} + file: coverage.lcov + parallel: true finalize: name: finalize needs: test runs-on: ubuntu-latest - container: python:3-slim + if: ${{ always() }} steps: - name: Indicate completion to coveralls.io - run: | - python -m pip --no-cache-dir install --upgrade coveralls - python -m coveralls --service=github --finish - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: coverallsapp/github-action@v2 + with: + parallel-finished: true From 8cfe751f70fbc29be850ca8d026f32ad0a1021c6 Mon Sep 17 00:00:00 2001 From: Sajith Sasidharan Date: Fri, 31 May 2024 12:22:12 -0500 Subject: [PATCH 10/14] Add Python 3.12 to test matrix --- .github/workflows/test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d64a3c3f..df72b461 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,6 +21,7 @@ jobs: - "3.9" - "3.10" - "3.11" + - "3.12" os: - "ubuntu-22.04" - "windows-2022" From 95dcb8a66171109ca5620338bf91c45269b193da Mon Sep 17 00:00:00 2001 From: Sajith Sasidharan Date: Fri, 31 May 2024 12:27:27 -0500 Subject: [PATCH 11/14] Use macos13 (Intel) and macos-14 (ARM) --- .github/workflows/test.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index df72b461..e78333d7 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,9 +23,12 @@ jobs: - "3.11" - "3.12" os: + # See https://github.com/actions/runner-images for available + # runners. - "ubuntu-22.04" - "windows-2022" - - "macos-11" + - "macos-13" # Intel + - "macos-14" # ARM runs-on: ${{ matrix.os }} From 68ec49d4fa043794c84f3baf3e7731a1587a2c4a Mon Sep 17 00:00:00 2001 From: Sajith Sasidharan Date: Fri, 31 May 2024 12:31:37 -0500 Subject: [PATCH 12/14] Enable some workflows to be triggered manually --- .github/workflows/build.yml | 1 + .github/workflows/check_format.yml | 1 + .github/workflows/test.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c8e49fb2..f9c224cd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,6 +7,7 @@ on: branches: - "main" pull_request: + workflow_dispatch: permissions: contents: read diff --git a/.github/workflows/check_format.yml b/.github/workflows/check_format.yml index 145e8ad0..4367a434 100644 --- a/.github/workflows/check_format.yml +++ b/.github/workflows/check_format.yml @@ -7,6 +7,7 @@ on: branches: - "main" pull_request: + workflow_dispatch: jobs: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e78333d7..14ebe50c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,6 +9,7 @@ on: branches: - "main" pull_request: + workflow_dispatch: workflow_call: jobs: From d1659351b2bdfc17075b0d655942ef7ea82e67c0 Mon Sep 17 00:00:00 2001 From: Sajith Sasidharan Date: Fri, 31 May 2024 12:34:29 -0500 Subject: [PATCH 13/14] Ignore venv shaped things --- .gitignore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index a05a4036..710a068e 100644 --- a/.gitignore +++ b/.gitignore @@ -103,9 +103,9 @@ celerybeat.pid # Environments .env -.venv +.venv* env/ -venv/ +venv* ENV/ env.bak/ venv.bak/ From f3071f62679c347ef8bda16f454269fce29ca4f0 Mon Sep 17 00:00:00 2001 From: Sajith Sasidharan Date: Fri, 31 May 2024 12:45:33 -0500 Subject: [PATCH 14/14] Step back on Python 3.12 We're not there yet. This is the problem: > INFO: pip is looking at multiple versions of fabric-fim to determine which version is compatible with other requirements. This could take a while. > ERROR: Ignored the following versions that require a different python version: 1.0.2 Requires-Python >=3.8,<3.12; 1.0.3 Requires-Python >=3.8,<3.12; 1.21.2 Requires-Python >=3.7,<3.11; 1.21.3 Requires-Python >=3.7,<3.11; 1.21.4 Requires-Python >=3.7,<3.11; 1.21.5 Requires-Python >=3.7,<3.11; 1.21.6 Requires-Python >=3.7,<3.11; 2.0.0 Requires-Python >=3.8,<3.12; 2.0.1 Requires-Python >=3.8,<3.12 > ERROR: Could not find a version that satisfies the requirement networkx-query>=2.0.0 (from fabric-fim) (from versions: 0.1.0, 1.0.0, 1.0.1) > ERROR: No matching distribution found for networkx-query>=2.0.0 > Error: Process completed with exit code 1. --- .github/workflows/build.yml | 2 +- .github/workflows/publish.yml | 2 +- .github/workflows/test.yml | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f9c224cd..2ac92f38 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -23,7 +23,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v5 with: - python-version: "3.x" + python-version: "3.9" cache: 'pip' # cache pip dependencies cache-dependency-path: pyproject.toml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 4665ad81..0583733f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -42,7 +42,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v5 with: - python-version: "3.x" + python-version: "3.9" cache: 'pip' cache-dependency-path: pyproject.toml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 14ebe50c..2f124119 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -22,7 +22,6 @@ jobs: - "3.9" - "3.10" - "3.11" - - "3.12" os: # See https://github.com/actions/runner-images for available # runners.