From 3161192f0f3b189d7e279533c7ecb9a5ed4a3875 Mon Sep 17 00:00:00 2001 From: Henry Schreiner Date: Tue, 23 Apr 2024 23:15:46 -0400 Subject: [PATCH 01/43] ci: Use 'macos-13' runs-on to continue using x86 based macOS runners (#2468) * The 'macos-latest' `runs-on` option has been changed to be the Apple silicon based 'macos-14' runners. To continue to use the x86 based macOS runners use 'macos-13' instead. --- .github/workflows/ci.yml | 3 ++- .github/workflows/dependencies-head.yml | 3 ++- .github/workflows/release_tests.yml | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 65d7e656dd..147ff55b1d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,7 +29,8 @@ jobs: os: [ubuntu-latest] python-version: ['3.8', '3.9', '3.10', '3.11', '3.12'] include: - - os: macos-latest + # macos-latest runners are Apple silicon + - os: macos-13 python-version: '3.12' # Apple silicon runner - os: macos-14 diff --git a/.github/workflows/dependencies-head.yml b/.github/workflows/dependencies-head.yml index 1e4651251f..28b561e526 100644 --- a/.github/workflows/dependencies-head.yml +++ b/.github/workflows/dependencies-head.yml @@ -16,7 +16,8 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - os: [ubuntu-latest, macos-latest] + # macos-latest runners are Apple silicon + os: [ubuntu-latest, macos-13] python-version: ['3.12'] steps: diff --git a/.github/workflows/release_tests.yml b/.github/workflows/release_tests.yml index b149d22d11..626854329c 100644 --- a/.github/workflows/release_tests.yml +++ b/.github/workflows/release_tests.yml @@ -20,7 +20,8 @@ jobs: os: [ubuntu-latest] python-version: ['3.8', '3.9', '3.10', '3.11', '3.12'] include: - - os: macos-latest + # macos-latest runners are Apple silicon + - os: macos-13 python-version: '3.12' steps: From 826085264ed8fe5ee9d6679488a25422635f402f Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Wed, 24 Apr 2024 02:23:54 -0500 Subject: [PATCH 02/43] build: Update scipy lower bound to v1.5.2 (#2469) * Update the lower bounds on scipy to v1.5.2 to ensure that the minimum supported dependencies workflow passes as it has started to fail consistently for scipy v1.5.1. * Update scipy to v1.5.2 in tests/constraints.txt to enforce the lower bound for the minimum supported dependencies tests. --- pyproject.toml | 2 +- tests/constraints.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 034be5f52f..57e91c2410 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -50,7 +50,7 @@ dependencies = [ "jsonpatch>=1.15", "jsonschema>=4.15.0", # for utils "pyyaml>=5.1", # for parsing CLI equal-delimited options - "scipy>=1.5.1", # requires numpy, which is required by pyhf and tensorflow + "scipy>=1.5.2", # requires numpy, which is required by pyhf and tensorflow "tqdm>=4.56.0", # for readxml "numpy", # compatible versions controlled through scipy ] diff --git a/tests/constraints.txt b/tests/constraints.txt index 6a7e13f7ac..7954b2be44 100644 --- a/tests/constraints.txt +++ b/tests/constraints.txt @@ -1,5 +1,5 @@ # core -scipy==1.5.1 # c.f. PR #2081 +scipy==1.5.2 # c.f. PR #2469 click==8.0.0 # c.f. PR #1958, #1909 tqdm==4.56.0 jsonschema==4.15.0 # c.f. PR #1979 From f561f867f1327ccfa8e631885d28e87863930d8b Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Fri, 26 Apr 2024 00:53:01 -0500 Subject: [PATCH 03/43] ci: Use Apple silicon for the default macOS runners (#2471) * Use the 'macos-latest' runs-on option which now defaults to 'macos-14' which are Apple silicon runners. - c.f. https://github.com/actions/runner-images/blob/e63a194563cb0bb3bc1493144fe0ef6804249b43/images/macos/macos-14-arm64-Readme.md * Keep a 'macos-13' runners to continue to test Intel based macOS for the latest Python version. - c.f. https://github.com/actions/runner-images/blob/e63a194563cb0bb3bc1493144fe0ef6804249b43/images/macos/macos-13-Readme.md * Updates PR https://github.com/scikit-hep/pyhf/pull/2468 --- .github/workflows/ci.yml | 11 +++++------ .github/workflows/dependencies-head.yml | 3 +-- .github/workflows/release_tests.yml | 6 ++++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 147ff55b1d..2d1c3f3217 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,11 +29,10 @@ jobs: os: [ubuntu-latest] python-version: ['3.8', '3.9', '3.10', '3.11', '3.12'] include: - # macos-latest runners are Apple silicon - - os: macos-13 + - os: macos-latest python-version: '3.12' - # Apple silicon runner - - os: macos-14 + # Intel runner + - os: macos-13 python-version: '3.12' steps: @@ -97,11 +96,11 @@ jobs: - name: Test docstring examples with doctest # TODO: Don't currently try to match amd64 and arm64 floating point for docs, but will in the future. - if: matrix.python-version == '3.12' && matrix.os != 'macos-14' + if: matrix.python-version == '3.12' && matrix.os != 'macos-latest' run: coverage run --data-file=.coverage-doctest --module pytest src/ README.rst - name: Coverage report for doctest only - if: matrix.python-version == '3.12' && matrix.os != 'macos-14' + if: matrix.python-version == '3.12' && matrix.os != 'macos-latest' run: | coverage report --data-file=.coverage-doctest coverage xml --data-file=.coverage-doctest -o doctest-coverage.xml diff --git a/.github/workflows/dependencies-head.yml b/.github/workflows/dependencies-head.yml index 28b561e526..96f1863760 100644 --- a/.github/workflows/dependencies-head.yml +++ b/.github/workflows/dependencies-head.yml @@ -16,8 +16,7 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - # macos-latest runners are Apple silicon - os: [ubuntu-latest, macos-13] + os: [ubuntu-latest, macos-latest, macos-13] python-version: ['3.12'] steps: diff --git a/.github/workflows/release_tests.yml b/.github/workflows/release_tests.yml index 626854329c..83b42ef02a 100644 --- a/.github/workflows/release_tests.yml +++ b/.github/workflows/release_tests.yml @@ -20,7 +20,9 @@ jobs: os: [ubuntu-latest] python-version: ['3.8', '3.9', '3.10', '3.11', '3.12'] include: - # macos-latest runners are Apple silicon + - os: macos-latest + python-version: '3.12' + # Intel runner - os: macos-13 python-version: '3.12' @@ -35,7 +37,7 @@ jobs: - name: Install from PyPI run: | python -m pip install --upgrade pip setuptools wheel - python -m pip install --pre pyhf[backends,xmlio] + python -m pip install --pre 'pyhf[backends,xmlio]' python -m pip install pytest python -m pip list From 682ce763646daf47c4f624f28d2be1759e7c50f2 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Sat, 27 Apr 2024 13:54:19 -0500 Subject: [PATCH 04/43] build: Use lower bounds for all dependencies (#2472) * Loosen the install requirements for papermill, scrapbook, and sphinxcontrib-bibtex to use lower bounds instead of compatible release constraints. * Required for PR https://github.com/scikit-hep/pyhf/pull/2444 --- pyproject.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 57e91c2410..7af3b92123 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -107,8 +107,8 @@ test = [ "pytest-mpl", "ipympl>=0.3.0", "pydocstyle", - "papermill~=2.5.0", - "scrapbook~=0.5.0", + "papermill>=2.5.0", + "scrapbook>=0.5.0", "jupyter", "graphviz", "pytest-socket>=0.2.0", # c.f. PR #1917 @@ -116,7 +116,7 @@ test = [ docs = [ "pyhf[xmlio,contrib]", "sphinx>=7.0.0", # c.f. https://github.com/scikit-hep/pyhf/pull/2271 - "sphinxcontrib-bibtex~=2.1", + "sphinxcontrib-bibtex>=2.1", "sphinx-click", "sphinx-rtd-theme>=1.3.0", # c.f. https://github.com/scikit-hep/pyhf/pull/2271 "nbsphinx!=0.8.8", # c.f. https://github.com/spatialaudio/nbsphinx/issues/620 From 08755e45ed134cbe6e5e6e238b7b5011700080b3 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Tue, 30 Apr 2024 00:38:18 -0500 Subject: [PATCH 05/43] ci: Use uv for all pip installs (#2444) * Use 'uv pip' for all calls to 'pip install' and 'pip uninstall' in CI workflows. - c.f. https://github.com/astral-sh/uv/ - Still use pip for Python 3.8 until https://github.com/astral-sh/uv/issues/2062 is resolved. * Apply subtle changes to install commands in .github/workflows/dependencies-head.yml. - 'uv pip install --upgrade' will try to upgrade all dependencies of the target package as well, which for the dependencies-head workflow isn't the goal. So remove the '--upgrade' from calls that also install from the scientific-python-nightly-wheels package index when testing only particular packages. - 'up pip' and 'pip' have different behavior with regards to --extra-index-url, as 'uv pip' gives --extra-index-url priority over --index-url, where 'pip' does not give priority to either. Use this with 'uv pip' to give priority to the scientific-python-nightly-wheels package index. * Add uv to the 'develop' extras. --- .github/workflows/bump-version.yml | 5 +- .github/workflows/ci-windows.yml | 5 +- .github/workflows/ci.yml | 9 +++ .github/workflows/dependencies-head.yml | 64 ++++++++++--------- .github/workflows/docs.yml | 7 +- .../workflows/lower-bound-requirements.yml | 5 +- .github/workflows/notebooks.yml | 5 +- .github/workflows/publish-package.yml | 9 +-- .github/workflows/release_tests.yml | 9 +-- .readthedocs.yaml | 2 +- pyproject.toml | 1 + 11 files changed, 72 insertions(+), 49 deletions(-) diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index 8083fa8a43..cfd178cac4 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -204,8 +204,9 @@ jobs: - name: Install Python dependencies run: | - python -m pip install --upgrade pip setuptools wheel - python -m pip install tbump + python -m pip install uv + uv pip install --system --upgrade pip setuptools wheel + uv pip install --system tbump python -m pip list - name: Setup Git user to push new tag diff --git a/.github/workflows/ci-windows.yml b/.github/workflows/ci-windows.yml index c9f3e8e68b..696fadc5a4 100644 --- a/.github/workflows/ci-windows.yml +++ b/.github/workflows/ci-windows.yml @@ -29,8 +29,9 @@ jobs: - name: Install dependencies run: | - python -m pip install --upgrade pip setuptools wheel - python -m pip install --upgrade '.[all,test]' + python -m pip install uv + uv pip install --system --upgrade pip setuptools wheel + uv pip install --system --upgrade '.[all,test]' - name: List installed Python packages run: python -m pip list diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2d1c3f3217..82a92e10fb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -44,6 +44,15 @@ jobs: python-version: ${{ matrix.python-version }} - name: Install dependencies + if: matrix.python-version != '3.8' + run: | + python -m pip install uv + uv pip install --system --upgrade pip setuptools wheel + uv pip install --system --upgrade ".[all,test]" + + # c.f. https://github.com/astral-sh/uv/issues/2062 + - name: Install dependencies (Python 3.8) + if: matrix.python-version == '3.8' run: | python -m pip install --upgrade pip setuptools wheel python -m pip install --upgrade ".[all,test]" diff --git a/.github/workflows/dependencies-head.yml b/.github/workflows/dependencies-head.yml index 96f1863760..849cf6fea4 100644 --- a/.github/workflows/dependencies-head.yml +++ b/.github/workflows/dependencies-head.yml @@ -29,8 +29,9 @@ jobs: - name: Install dependencies run: | - python -m pip install --upgrade pip setuptools wheel - python -m pip --no-cache-dir --quiet install --upgrade --pre ".[all,test]" + python -m pip install uv + uv pip install --system --upgrade pip setuptools wheel + uv pip --no-cache --quiet install --system --upgrade --pre ".[all,test]" python -m pip list - name: List release candidates, alpha, and beta releases @@ -57,14 +58,14 @@ jobs: with: python-version: ${{ matrix.python-version }} - # Use nightly SciPy wheels from Anaconda's PyPI - # c.f. https://twitter.com/ralfgommers/status/1419917265781334025 - name: Install dependencies run: | - python -m pip install --upgrade pip setuptools wheel - python -m pip --no-cache-dir --quiet install --upgrade ".[all,test]" - python -m pip uninstall --yes scipy - python -m pip install --upgrade --index-url https://pypi.anaconda.org/scientific-python-nightly-wheels/simple scipy + python -m pip install uv + uv pip install --system --upgrade pip setuptools wheel + uv pip --no-cache --quiet install --system --upgrade ".[all,test]" + uv pip uninstall --system scipy + # uv wants to upgrade dependencies (numpy) to a dev release too, so don't --upgrade + uv pip install --system --index-url https://pypi.anaconda.org/scientific-python-nightly-wheels/simple scipy python -m pip list - name: Test with pytest @@ -87,11 +88,12 @@ jobs: python-version: ${{ matrix.python-version }} - name: Install dependencies run: | - python -m pip install --upgrade pip setuptools wheel - python -m pip --no-cache-dir --quiet install --upgrade ".[all,test]" - python -m pip uninstall --yes iminuit - python -m pip install --upgrade cython - python -m pip install --upgrade git+https://github.com/scikit-hep/iminuit.git + python -m pip install uv + uv pip install --system --upgrade pip setuptools wheel + uv pip --no-cache --quiet install --system --upgrade ".[all,test]" + uv pip uninstall --system iminuit + uv pip install --system --upgrade cython + uv pip install --system --upgrade git+https://github.com/scikit-hep/iminuit.git python -m pip list - name: Test with pytest run: | @@ -113,10 +115,11 @@ jobs: python-version: ${{ matrix.python-version }} - name: Install dependencies run: | - python -m pip install --upgrade pip setuptools wheel - python -m pip --no-cache-dir --quiet install --upgrade ".[all,test]" - python -m pip uninstall --yes uproot - python -m pip install --upgrade git+https://github.com/scikit-hep/uproot5.git + python -m pip install uv + uv pip install --system --upgrade pip setuptools wheel + uv pip --no-cache --quiet install --system --upgrade ".[all,test]" + uv pip uninstall --system uproot + uv pip install --system --upgrade git+https://github.com/scikit-hep/uproot5.git python -m pip list - name: Test with pytest run: | @@ -140,16 +143,18 @@ jobs: - name: Install dependencies run: | - python -m pip install --upgrade pip setuptools wheel - python -m pip --no-cache-dir --quiet install --upgrade ".[all,test]" - python -m pip uninstall --yes matplotlib - # Need to use --extra-index-url as dependencies aren't on scientific-python-nightly-wheels package index. + python -m pip install uv + uv pip install --system --upgrade pip setuptools wheel + uv pip --no-cache --quiet install --system --upgrade ".[all,test]" + uv pip uninstall --system matplotlib + # Need to use --extra-index-url as all dependencies aren't on scientific-python-nightly-wheels package index. # Need to use --pre as dev releases will need priority over stable releases. - python -m pip install \ - --upgrade \ + # Note that uv and pip differ on --extra-index-url priority + # c.f. https://github.com/scientific-python/upload-nightly-action/issues/76 + uv pip install --system \ --pre \ - --index-url https://pypi.anaconda.org/scientific-python-nightly-wheels/simple \ - --extra-index-url https://pypi.org/simple/ \ + --index-url https://pypi.org/simple/ \ + --extra-index-url https://pypi.anaconda.org/scientific-python-nightly-wheels/simple \ matplotlib - name: List installed Python packages @@ -175,10 +180,11 @@ jobs: python-version: ${{ matrix.python-version }} - name: Install dependencies run: | - python -m pip install --upgrade pip setuptools wheel - python -m pip --no-cache-dir --quiet install --upgrade ".[all,test]" - python -m pip uninstall --yes pytest - python -m pip install --upgrade git+https://github.com/pytest-dev/pytest.git + python -m pip install uv + uv pip install --system --upgrade pip setuptools wheel + uv pip --no-cache --quiet install --system --upgrade ".[all,test]" + uv pip uninstall --system pytest + uv pip install --system --upgrade git+https://github.com/pytest-dev/pytest.git python -m pip list - name: Test with pytest run: | diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 155100d0ed..0bb1bc4315 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -28,9 +28,10 @@ jobs: - name: Install Python dependencies run: | - python -m pip install --upgrade pip setuptools wheel - python -m pip --quiet install --upgrade .[docs,test] - python -m pip install yq + python -m pip install uv + uv pip install --system --upgrade pip setuptools wheel + uv pip --quiet install --system --upgrade ".[docs,test]" + uv pip install --system yq python -m pip list - name: Install apt-get dependencies diff --git a/.github/workflows/lower-bound-requirements.yml b/.github/workflows/lower-bound-requirements.yml index 96b5c6a3d8..e9ebdbaa86 100644 --- a/.github/workflows/lower-bound-requirements.yml +++ b/.github/workflows/lower-bound-requirements.yml @@ -26,8 +26,9 @@ jobs: - name: Install dependencies and force lowest bound run: | - python -m pip install --upgrade pip setuptools wheel - python -m pip --no-cache-dir install --constraint tests/constraints.txt ".[all,test]" + python -m pip install uv + uv pip install --system --upgrade pip setuptools wheel + uv pip --no-cache install --system --constraint tests/constraints.txt ".[all,test]" - name: List installed Python packages run: python -m pip list diff --git a/.github/workflows/notebooks.yml b/.github/workflows/notebooks.yml index 7ab2b048f8..8278f2abdc 100644 --- a/.github/workflows/notebooks.yml +++ b/.github/workflows/notebooks.yml @@ -28,9 +28,10 @@ jobs: - name: Install dependencies run: | - python -m pip install --upgrade pip setuptools wheel + python -m pip install uv + uv pip install --system --upgrade pip setuptools wheel # FIXME: c.f. https://github.com/scikit-hep/pyhf/issues/2104 - python -m pip install --upgrade ".[all,test]" 'jupyter-client<8.0.0' + uv pip install --system --upgrade ".[all,test]" 'jupyter-client<8.0.0' - name: List installed Python packages run: python -m pip list diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index cd5d4a9ba7..38b455e8b5 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -43,19 +43,20 @@ jobs: - name: Install python-build and twine run: | - python -m pip install --upgrade pip - python -m pip install build twine + python -m pip install uv + uv pip install --system --upgrade pip + uv pip install --system build twine python -m pip list - name: Build a sdist and wheel if: github.event_name != 'schedule' run: | - python -m build . + python -m build --installer uv . - name: Build a sdist and wheel and check for warnings if: github.event_name == 'schedule' run: | - PYTHONWARNINGS=error,default::DeprecationWarning python -m build . + PYTHONWARNINGS=error,default::DeprecationWarning python -m build --installer uv . - name: Verify untagged commits have dev versions if: "!startsWith(github.ref, 'refs/tags/')" diff --git a/.github/workflows/release_tests.yml b/.github/workflows/release_tests.yml index 83b42ef02a..2d3f2e8bd5 100644 --- a/.github/workflows/release_tests.yml +++ b/.github/workflows/release_tests.yml @@ -36,9 +36,10 @@ jobs: - name: Install from PyPI run: | - python -m pip install --upgrade pip setuptools wheel - python -m pip install --pre 'pyhf[backends,xmlio]' - python -m pip install pytest + python -m pip install uv + uv pip install --system --upgrade pip setuptools wheel + uv pip install --system --pre 'pyhf[backends,xmlio]' + uv pip install --system pytest python -m pip list - name: Canary test public API @@ -48,6 +49,6 @@ jobs: # FIXME: c.f. https://github.com/proycon/codemetapy/issues/24 - name: Verify requirements in codemeta.json run: | - python -m pip install jq "codemetapy>=2.3.0" + uv pip install --system jq "codemetapy>=2.3.0" codemetapy --inputtype python --no-extras pyhf > codemeta_generated.json diff <(jq -S .softwareRequirements codemeta.json) <(jq -S .softwareRequirements codemeta_generated.json) diff --git a/.readthedocs.yaml b/.readthedocs.yaml index bd5f4ea9cd..6ff1c4c8b8 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -21,7 +21,7 @@ sphinx: # If using Sphinx, optionally build your docs in additional formats such as PDF and ePub formats: all -# python -m pip install .[docs] +# python -m pip install '.[docs]' python: install: - method: pip diff --git a/pyproject.toml b/pyproject.toml index 7af3b92123..8aad3f9850 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -134,6 +134,7 @@ develop = [ "pre-commit", "nox", "codemetapy>=2.3.0", + "uv>=0.1.39" ] [tool.hatch.version] From 58c72b696603602e212f593e128d12c9bcaea98d Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 6 May 2024 23:58:15 -0500 Subject: [PATCH 06/43] chore: [pre-commit.ci] pre-commit autoupdate (#2474) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update pre-commit hooks: - github.com/pre-commit/pre-commit-hooks: v4.5.0 → v4.6.0 - github.com/astral-sh/ruff-pre-commit: v0.3.5 → v0.4.3 - github.com/psf/black-pre-commit-mirror: 24.3.0 → 24.4.2 - github.com/pre-commit/mirrors-mypy: v1.9.0 → v1.10.0 --- .pre-commit-config.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0a69bd27a6..2903cf297a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -4,7 +4,7 @@ ci: repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 + rev: v4.6.0 hooks: - id: check-added-large-files - id: check-case-conflict @@ -35,13 +35,13 @@ repos: - id: rst-inline-touching-normal - repo: https://github.com/astral-sh/ruff-pre-commit - rev: "v0.3.5" + rev: "v0.4.3" hooks: - id: ruff args: ["--fix", "--show-fixes"] - repo: https://github.com/psf/black-pre-commit-mirror - rev: 24.3.0 + rev: 24.4.2 hooks: - id: black-jupyter types_or: [python, pyi, jupyter] @@ -50,10 +50,10 @@ repos: rev: 1.16.0 hooks: - id: blacken-docs - additional_dependencies: [black==24.3.0] + additional_dependencies: [black==24.4.2] - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.9.0 + rev: v1.10.0 # check the oldest and newest supported Pythons hooks: - &mypy From ac42e211c098fd29de84718d2f3c88347304696a Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Fri, 10 May 2024 00:58:12 -0500 Subject: [PATCH 07/43] ci: Use uv for install on ReadTheDocs (#2475) * RTD doesn't support uv at the same level as pip, but there are ways to still use it along with most of the infrastructure. Adopt the strategy provided in ReadTheDocs's 'Build process customization' section https://docs.readthedocs.io/en/latest/build-customization.html#install-dependencies-with-uv , from https://github.com/readthedocs/readthedocs.org/pull/11152/, but continue to monitor alternative faster methods such as those described in https://github.com/readthedocs/readthedocs.org/issues/11289 . --- .readthedocs.yaml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/.readthedocs.yaml b/.readthedocs.yaml index 6ff1c4c8b8..5bd7c51f22 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -13,6 +13,13 @@ build: apt_packages: - curl - jq + jobs: + post_create_environment: + - pip install uv + post_install: + # VIRTUAL_ENV needs to be set manually for now. + # See https://github.com/readthedocs/readthedocs.org/pull/11152/ + - VIRTUAL_ENV=$READTHEDOCS_VIRTUALENV_PATH uv pip install '.[docs]' # Build documentation in the docs/ directory with Sphinx sphinx: @@ -20,11 +27,3 @@ sphinx: # If using Sphinx, optionally build your docs in additional formats such as PDF and ePub formats: all - -# python -m pip install '.[docs]' -python: - install: - - method: pip - path: . - extra_requirements: - - docs From 5b9c384e0ad358dea0ea4746c2e392fb1b4a372f Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Fri, 10 May 2024 01:31:25 -0500 Subject: [PATCH 08/43] docs: Add automatic release notes config file (#2476) * Add a .github/release.yml file to configure the automatic release notes that GitHub can generate on a release. - https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes * Ignore contributions from Dependabot and pre-commit-ci from the release notes. --- .github/release.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .github/release.yml diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 0000000000..9d1e0987bf --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,5 @@ +changelog: + exclude: + authors: + - dependabot + - pre-commit-ci From ecd06135a9d59fa66dcbbc5537bba65661108a87 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Tue, 14 May 2024 02:22:56 -0500 Subject: [PATCH 09/43] docs: Use importlib.metadata to get version info (#2477) * pkg_resources is deprecated as an API, so stop using it. - c.f. https://setuptools.pypa.io/en/latest/pkg_resources.html * importlib.metadata.version is the recommended way to get package version information. - c.f. https://docs.python.org/3/library/importlib.metadata.html --- docs/conf.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/conf.py b/docs/conf.py index 60ab7b974d..132f4da544 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -15,11 +15,11 @@ # add these directories to sys.path here. If the directory is relative to the # documentation root, use Path('../relative_path_to_dir').resolve() to make it absolute, like shown here. +import importlib.metadata import sys from pathlib import Path import jupytext -from pkg_resources import get_distribution sys.path.insert(0, str(Path('./exts').resolve())) @@ -123,7 +123,7 @@ def setup(app): # |version| and |release|, also used in various other places throughout the # built documents. # The full version, including alpha/beta/rc tags. -release = get_distribution('pyhf').version +release = importlib.metadata.version("pyhf") # for example take major/minor/patch version = '.'.join(release.split('.')[:3]) From 1c4994b54515dfe5e97f907db35dea35970ec4f6 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Thu, 16 May 2024 17:18:43 +0200 Subject: [PATCH 10/43] ci: Add GitHub artifact attestations to package distribution (#2473) * Add generation of GitHub artifact attestations to built sdist and wheel before upload. c.f.: - https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/ - https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds * Add verification of artifact attestation before publishing to PyPI using the 'gh attestation verify' CLI API, added in v2.49.0. - c.f. https://github.com/cli/cli/releases/tag/v2.49.0 --- .github/workflows/publish-package.yml | 35 +++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index 38b455e8b5..edd27998dd 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -31,6 +31,11 @@ jobs: build: name: Build Python distribution runs-on: ubuntu-latest + permissions: + id-token: write + attestations: write + contents: read + steps: - uses: actions/checkout@v4 with: @@ -98,6 +103,16 @@ jobs: - name: List contents of wheel run: python -m zipfile --list dist/pyhf-*.whl + - name: Generate artifact attestation for sdist and wheel + # If publishing to TestPyPI or PyPI + if: >- + (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && github.repository == 'scikit-hep/pyhf') + || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true' && github.repository == 'scikit-hep/pyhf') + || (github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf') + uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0 + with: + subject-path: "dist/pyhf-*" + - name: Upload distribution artifact uses: actions/upload-artifact@v4 with: @@ -127,6 +142,26 @@ jobs: - name: List all files run: ls -lh dist + - name: Verify sdist artifact attestation + # If publishing to TestPyPI or PyPI + if: >- + (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && github.repository == 'scikit-hep/pyhf') + || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true' && github.repository == 'scikit-hep/pyhf') + || (github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf') + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: gh attestation verify dist/pyhf-*.tar.gz --repo ${{ github.repository }} + + - name: Verify wheel artifact attestation + # If publishing to TestPyPI or PyPI + if: >- + (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && github.repository == 'scikit-hep/pyhf') + || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true' && github.repository == 'scikit-hep/pyhf') + || (github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf') + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: gh attestation verify dist/pyhf-*.whl --repo ${{ github.repository }} + - name: Publish distribution 📦 to Test PyPI # Publish to TestPyPI on tag events of if manually triggered # Compare to 'true' string as booleans get turned into strings in the console From 8543fe50277bc2b1754712dfe0b45499f1bd6234 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 17:58:48 -0500 Subject: [PATCH 11/43] build(deps): bump actions/attest-build-provenance from 1.0.0 to 1.1.2 in the actions group (#2478) updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/publish-package.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index edd27998dd..9aced4f4aa 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -109,7 +109,7 @@ jobs: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true' && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf') - uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0 + uses: actions/attest-build-provenance@173725a1209d09b31f9d30a3890cf2757ebbff0d # v1.1.2 with: subject-path: "dist/pyhf-*" From b0efa648e97ccde6483f56ff3ca6e2b8fea46806 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Wed, 22 May 2024 22:56:03 -0500 Subject: [PATCH 12/43] ci: Place upper bound on min supported setuptools (#2479) * Place an upper bound on setuptools of <70.0.0 for the 'minimum supported dependencies' workflow as setuptools v70.0.0 reduces pkg_resources useage. - Avoids a "cannot import name 'packaging' from 'pkg_resources'" ImportError caused by PyTorch. - c.f. https://setuptools.pypa.io/en/latest/pkg_resources.html --- .github/workflows/lower-bound-requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lower-bound-requirements.yml b/.github/workflows/lower-bound-requirements.yml index e9ebdbaa86..9d8490137e 100644 --- a/.github/workflows/lower-bound-requirements.yml +++ b/.github/workflows/lower-bound-requirements.yml @@ -27,7 +27,7 @@ jobs: - name: Install dependencies and force lowest bound run: | python -m pip install uv - uv pip install --system --upgrade pip setuptools wheel + uv pip install --system --upgrade pip 'setuptools<70.0.0' wheel uv pip --no-cache install --system --constraint tests/constraints.txt ".[all,test]" - name: List installed Python packages From 1ad59fc86e9f340fec0829032236d9ec8198fa7c Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Thu, 23 May 2024 10:12:59 -0500 Subject: [PATCH 13/43] ci: Add python-jsonschema/check-jsonschema pre-commit hook (#2480) * Add https://github.com/python-jsonschema/check-jsonschema pre-commit hook. * Fix schema errors by converting 'choice' dispatch type, which is a string, to 'boolean'. --- .github/workflows/bump-version.yml | 24 +++++++++--------------- .github/workflows/publish-package.yml | 8 +++----- .pre-commit-config.yaml | 8 ++++++++ 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index cfd178cac4..3a5b1f0142 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -12,11 +12,9 @@ on: - minor - major release_candidate: - type: choice - description: 'Release candidate?' - options: - - false - - true + type: boolean + description: 'Release candidate' + default: false new_version: description: 'New version to bump to' required: true @@ -27,17 +25,13 @@ on: required: true type: string force: - type: choice - description: 'Force override check?' - options: - - false - - true + type: boolean + description: 'Force override check' + default: false dry_run: - type: choice - description: 'Perform a dry run to check?' - options: - - true - - false + type: boolean + description: 'Perform a dry run to check' + default: true jobs: bump-version: diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index 9aced4f4aa..eeb8131afa 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -17,11 +17,9 @@ on: workflow_dispatch: inputs: publish: - type: choice - description: 'Publish to TestPyPI?' - options: - - false - - true + type: boolean + description: 'Publish to TestPyPI' + default: false concurrency: group: ${{ github.workflow }}-${{ github.ref }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2903cf297a..8012c467c0 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -73,3 +73,11 @@ repos: - id: codespell files: ^.*\.(py|md|rst)$ args: ["-w", "-L", "hist,gaus"] + +- repo: https://github.com/python-jsonschema/check-jsonschema + rev: 0.28.4 + hooks: + - id: check-readthedocs + args: ["--verbose"] + - id: check-github-workflows + args: ["--verbose"] From 39d56f16e8da7316e2b6c74d23955242bf8b19c1 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Thu, 23 May 2024 17:46:17 -0500 Subject: [PATCH 14/43] ci: Update permissions for GitHub attestations (#2481) * Remove explicit content read permissions as not formally required. - c.f. https://github.com/actions/attest-build-provenance/tree/v1.1.2?tab=readme-ov-file#usage --- .github/workflows/publish-package.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index eeb8131afa..bea7e22c7e 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -32,7 +32,6 @@ jobs: permissions: id-token: write attestations: write - contents: read steps: - uses: actions/checkout@v4 From e6e6647747ea3468e12c44a81340d3c998ef3df5 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Fri, 24 May 2024 18:12:16 -0500 Subject: [PATCH 15/43] ci: Add OSSF Scorecard GitHub action (#2482) * Add the Open Source Security Foundation (OSSF) scorecard GitHub action to perform security tests. - c.f. https://github.com/ossf/scorecard-action * Change from using branch protection rules to using repository rulesets to allow for use of action without personal access tokens. - c.f. https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets - c.f. https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional * Recommended as part of SPEC-8: Supply-Chain Security. - c.f. https://discuss.scientific-python.org/t/spec-8-supply-chain-security/1163 --- .github/workflows/scorecard.yml | 73 +++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 .github/workflows/scorecard.yml diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 0000000000..17d1a83f70 --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,73 @@ +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '23 3 * * 0' + push: + branches: [ "main" ] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + + steps: + - name: "Checkout code" + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional. + # repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard (optional). + # Commenting out will disable upload of results to your repo's Code Scanning dashboard + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + with: + sarif_file: results.sarif From cdd404a9454eac7cc3ed2be3892a79936ab80b9b Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Sat, 25 May 2024 11:38:52 -0700 Subject: [PATCH 16/43] [StepSecurity] ci: Restrict token permissions to harden GitHub Actions (#2483) * Restrict token permissions as identified by https://app.stepsecurity.io/. Signed-off-by: StepSecurity Bot --- .github/workflows/bump-version.yml | 5 +++++ .github/workflows/ci-windows.yml | 3 +++ .github/workflows/ci.yml | 3 +++ .github/workflows/codeql-analysis.yml | 7 +++++++ .github/workflows/dependencies-head.yml | 3 +++ .github/workflows/docker.yml | 3 +++ .github/workflows/lower-bound-requirements.yml | 3 +++ .github/workflows/merged.yml | 3 +++ .github/workflows/notebooks.yml | 3 +++ .github/workflows/publish-package.yml | 3 +++ .github/workflows/release_tests.yml | 3 +++ .github/workflows/semantic-pr-check.yml | 6 ++++++ 12 files changed, 45 insertions(+) diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index 3a5b1f0142..e63bf7c940 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -33,8 +33,13 @@ on: description: 'Perform a dry run to check' default: true +permissions: + contents: read + jobs: bump-version: + permissions: + contents: write # for Git to git push runs-on: ubuntu-latest if: github.repository == 'scikit-hep/pyhf' diff --git a/.github/workflows/ci-windows.yml b/.github/workflows/ci-windows.yml index 696fadc5a4..0dbef41600 100644 --- a/.github/workflows/ci-windows.yml +++ b/.github/workflows/ci-windows.yml @@ -10,6 +10,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: + contents: read + jobs: test: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 82a92e10fb..9c7f5dcdfe 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,6 +15,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: + contents: read + jobs: test: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7d680f58d3..507b0c7808 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -15,8 +15,15 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: + contents: read + jobs: analyze: + permissions: + actions: read # for github/codeql-action/init to get workflow details + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/analyze to upload SARIF results name: Analyze runs-on: ubuntu-latest diff --git a/.github/workflows/dependencies-head.yml b/.github/workflows/dependencies-head.yml index 849cf6fea4..feaf00a5ec 100644 --- a/.github/workflows/dependencies-head.yml +++ b/.github/workflows/dependencies-head.yml @@ -10,6 +10,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: + contents: read + jobs: release-candidates: diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 484c9400fe..578377650b 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -19,6 +19,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: + contents: read + jobs: docker: name: Build, test, and publish Docker images to Docker Hub diff --git a/.github/workflows/lower-bound-requirements.yml b/.github/workflows/lower-bound-requirements.yml index 9d8490137e..87305d10a8 100644 --- a/.github/workflows/lower-bound-requirements.yml +++ b/.github/workflows/lower-bound-requirements.yml @@ -6,6 +6,9 @@ on: - cron: '1 0 * * *' workflow_dispatch: +permissions: + contents: read + jobs: test: diff --git a/.github/workflows/merged.yml b/.github/workflows/merged.yml index 3923caaffe..cce0e42670 100644 --- a/.github/workflows/merged.yml +++ b/.github/workflows/merged.yml @@ -5,6 +5,9 @@ on: types: [closed] workflow_dispatch: +permissions: + contents: read + jobs: binder: name: Trigger Binder build diff --git a/.github/workflows/notebooks.yml b/.github/workflows/notebooks.yml index 8278f2abdc..50580dfa86 100644 --- a/.github/workflows/notebooks.yml +++ b/.github/workflows/notebooks.yml @@ -10,6 +10,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: + contents: read + jobs: test: diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index bea7e22c7e..7f798b3616 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -25,6 +25,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: + contents: read + jobs: build: name: Build Python distribution diff --git a/.github/workflows/release_tests.yml b/.github/workflows/release_tests.yml index 2d3f2e8bd5..46df16d3f3 100644 --- a/.github/workflows/release_tests.yml +++ b/.github/workflows/release_tests.yml @@ -10,6 +10,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: + contents: read + jobs: pypi_release: diff --git a/.github/workflows/semantic-pr-check.yml b/.github/workflows/semantic-pr-check.yml index 143ec8377e..f7f0d13283 100644 --- a/.github/workflows/semantic-pr-check.yml +++ b/.github/workflows/semantic-pr-check.yml @@ -11,9 +11,15 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event.number }} cancel-in-progress: true +permissions: + contents: read + jobs: main: + permissions: + pull-requests: read # for amannn/action-semantic-pull-request to analyze PRs + statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR name: Validate PR title runs-on: ubuntu-latest From 42cd129b7b6ded0365886d22120f4b045b80f05f Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Sat, 25 May 2024 14:52:01 -0500 Subject: [PATCH 17/43] ci: Restrict content permissions to harden GitHub Actions (#2484) * Restrict content permissions to read. At the moment there are no steps to the changed workflows that use tokens, and so this is preventative if this ever changes. * Give packages write permissions to publish to ghcr. - Amends PR https://github.com/scikit-hep/pyhf/pull/2483. --- .github/workflows/docker.yml | 3 +++ .github/workflows/docs.yml | 3 +++ .github/workflows/lint.yml | 3 +++ 3 files changed, 9 insertions(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 578377650b..e71ac7f1ce 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -25,6 +25,9 @@ permissions: jobs: docker: name: Build, test, and publish Docker images to Docker Hub + permissions: + contents: read + packages: write # for docker to push to registry runs-on: ubuntu-latest steps: diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 0bb1bc4315..81e9cd38e5 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -11,6 +11,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: + contents: read + jobs: build: name: Build docs diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index fdce2d7b28..5cc93cb35c 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -8,6 +8,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: + contents: read + jobs: lint: From f4eb73f799eb85ac56545e3668b2ad33aa96743e Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Sat, 25 May 2024 16:18:27 -0500 Subject: [PATCH 18/43] chore: Use uv during Dockerfile build (#2485) * Speed up the Dockerfile build by using uv to install all Python dependencies. * Have hadolint ignore SC1091 in Dockerfile. - c.f. https://www.shellcheck.net/wiki/SC1091 --- docker/Dockerfile | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 154d279e35..4e3da76cd5 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -6,7 +6,7 @@ FROM base as builder # Set PATH to pickup virtual environment by default ENV PATH=/usr/local/venv/bin:"${PATH}" COPY . /code -# hadolint ignore=DL3003,SC2102 +# hadolint ignore=DL3003,SC2102,SC1091 RUN apt-get -qq -y update && \ apt-get -qq -y install --no-install-recommends \ git && \ @@ -14,10 +14,12 @@ RUN apt-get -qq -y update && \ apt-get -y autoremove && \ rm -rf /var/lib/apt/lists/* && \ python -m venv /usr/local/venv && \ + . /usr/local/venv/bin/activate && \ cd /code && \ - python -m pip --no-cache-dir install --upgrade pip setuptools wheel && \ - python -m pip --no-cache-dir install '.[xmlio,contrib]' && \ - python -m pip list + python -m pip --no-cache-dir install --upgrade uv && \ + uv pip install --no-cache --upgrade pip setuptools wheel && \ + uv pip install --no-cache '.[xmlio,contrib]' && \ + uv pip list FROM base From abaf2ea19f6ef4e569d0277ce982a2a0b073f270 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Sat, 25 May 2024 16:45:54 -0500 Subject: [PATCH 19/43] chore: Speed up pyhf CLI API execution for Docker users (#2486) * The first ever run of the CLI API incurs some overhead so do that during the build instead of making the user wait. --- docker/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker/Dockerfile b/docker/Dockerfile index 4e3da76cd5..47ff491ea6 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -61,4 +61,8 @@ ENV LANG=C.UTF-8 ENV PATH=${HOME}/.local/bin:${PATH} +# The first ever run of the CLI API incurs some overhead so do that during the +# build instead of making the user wait +RUN pyhf --version + ENTRYPOINT ["/usr/local/venv/bin/pyhf"] From a1d8476f9f236cd9fc70ef8fbb16bc1b9450670c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 May 2024 18:25:16 -0500 Subject: [PATCH 20/43] build(deps): bump ossf/scorecard-action in the actions group (#2488) Bumps the actions group with 1 update: [ossf/scorecard-action](https://github.com/ossf/scorecard-action). Updates `ossf/scorecard-action` from 2.3.1 to 2.3.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/0864cf19026789058feabb7e87baa5f140aac736...dc50aa9510b46c811795eb24b2f1ba02a914e534) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 17d1a83f70..83410e069f 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -37,7 +37,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 with: results_file: results.sarif results_format: sarif From 1af5ed423cfbdda40dedabf93fed772c729adee3 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Wed, 29 May 2024 11:55:48 -0500 Subject: [PATCH 21/43] ci: Don't test warnings on release tests (#2489) * Override error on filterwarnings to avoid failing on warnings. * Set the fail-fast to False in the CI strategy to allow for identifying if things are OS specific. --- .github/workflows/release_tests.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/release_tests.yml b/.github/workflows/release_tests.yml index 46df16d3f3..12fbb2fa53 100644 --- a/.github/workflows/release_tests.yml +++ b/.github/workflows/release_tests.yml @@ -28,6 +28,7 @@ jobs: # Intel runner - os: macos-13 python-version: '3.12' + fail-fast: false steps: - uses: actions/checkout@v4 @@ -47,6 +48,10 @@ jobs: - name: Canary test public API run: | + # Override the ini option for filterwarnings with an empty list to disable error on filterwarnings + # as testing the latest release API still works, not the release is warning free. + # Though still show warnings by setting warning control to 'default'. + export PYTHONWARNINGS='default' pytest tests/test_public_api.py # FIXME: c.f. https://github.com/proycon/codemetapy/issues/24 From ba896a6e1195470030a3b7b2480d5d68202fbc0d Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Thu, 30 May 2024 14:40:23 -0500 Subject: [PATCH 22/43] chore: Remove codemeta from repository (#2490) * Remove all files, tests, and documentation related to codemeta, codemeta.json, and codemetapy. * codemeta is not realistically used for anything useful and codemetapy is not maintained, so there is no strong reason to keep using codemeta or to have a codemeta.json. --- .github/ISSUE_TEMPLATE/~release-checklist.md | 1 - .github/workflows/release_tests.yml | 7 - codemeta.json | 127 ------------------- docs/development.rst | 16 +-- pyproject.toml | 1 - tbump.toml | 3 - 6 files changed, 3 insertions(+), 152 deletions(-) delete mode 100644 codemeta.json diff --git a/.github/ISSUE_TEMPLATE/~release-checklist.md b/.github/ISSUE_TEMPLATE/~release-checklist.md index b2510ba3f6..d10f2fbd25 100644 --- a/.github/ISSUE_TEMPLATE/~release-checklist.md +++ b/.github/ISSUE_TEMPLATE/~release-checklist.md @@ -13,7 +13,6 @@ about: Checklist for core developers to complete as part of making a release * [ ] Verify that the release notes files correctly summarize all development changes since the last release. * [ ] Add any new use citations or published statistical models to the [Use and Citations page][citations_page]. * [ ] Verify that the citations on the [Use and Citations page][citations_page] are up to date with their current [INSPIRE](https://inspirehep.net/) record. Checking the [Dimensions listing of publication citations](https://app.dimensions.ai/discover/publication?or_subset_publication_citations=pub.1135154020) can be helpful to catch citations that are now journal publications. -* [ ] Update the ``codemeta.json`` file in the release PR if its requirements have updated. * [ ] Update the [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) GitHub Action used for deployment to TestPyPI and PyPI to the latest stable release. * [ ] Make a release to [TestPyPI][TestPyPI_pyhf] using the [workflow dispatch event trigger](https://github.com/scikit-hep/pyhf/actions/workflows/publish-package.yml). * [ ] Verify that the project README is displaying correctly on [TestPyPI][TestPyPI_pyhf]. diff --git a/.github/workflows/release_tests.yml b/.github/workflows/release_tests.yml index 12fbb2fa53..9a903f2aeb 100644 --- a/.github/workflows/release_tests.yml +++ b/.github/workflows/release_tests.yml @@ -53,10 +53,3 @@ jobs: # Though still show warnings by setting warning control to 'default'. export PYTHONWARNINGS='default' pytest tests/test_public_api.py - - # FIXME: c.f. https://github.com/proycon/codemetapy/issues/24 - - name: Verify requirements in codemeta.json - run: | - uv pip install --system jq "codemetapy>=2.3.0" - codemetapy --inputtype python --no-extras pyhf > codemeta_generated.json - diff <(jq -S .softwareRequirements codemeta.json) <(jq -S .softwareRequirements codemeta_generated.json) diff --git a/codemeta.json b/codemeta.json deleted file mode 100644 index 1b9ca9c817..0000000000 --- a/codemeta.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "@context": [ - "https://doi.org/10.5063/schema/codemeta-2.0", - "https://w3id.org/software-iodata", - "https://raw.githubusercontent.com/jantman/repostatus.org/master/badges/latest/ontology.jsonld", - "https://schema.org", - "https://w3id.org/software-types" - ], - "@type": "SoftwareSourceCode", - "applicationCategory": [ - "Scientific/Engineering", - "Scientific/Engineering > Physics" - ], - "audience": { - "@type": "Audience", - "audienceType": "Science/Research" - }, - "author": [ - { - "@type": "Person", - "email": "lukas.heinrich@cern.ch", - "familyName": "Heinrich", - "identifier": "https://orcid.org/0000-0002-4048-7584", - "givenName": "Lukas" - }, - { - "@type": "Person", - "email": "matthew.feickert@cern.ch", - "familyName": "Feickert", - "identifier": "https://orcid.org/0000-0003-4124-7862", - "givenName": "Matthew" - }, - { - "@type": "Person", - "email": "gstark@cern.ch", - "familyName": "Stark", - "identifier": "https://orcid.org/0000-0001-6616-3433", - "givenName": "Giordon" - } - ], - "codeRepository": "https://github.com/scikit-hep/pyhf", - "description": "pure-Python HistFactory implementation with tensors and autodiff", - "developmentStatus": "4 - Beta", - "identifier": "pyhf", - "issueTracker": "https://github.com/scikit-hep/pyhf/issues", - "keywords": "physics fitting numpy scipy tensorflow pytorch jax", - "license": "http://spdx.org/licenses/Apache-2.0", - "name": "pyhf", - "releaseNotes": "https://pyhf.readthedocs.io/en/stable/release-notes.html", - "runtimePlatform": [ - "Python 3", - "Python 3 Only", - "Python 3.12", - "Python 3.11", - "Python 3.10", - "Python 3.8", - "Python 3.9", - "Python Implementation CPython" - ], - "softwareHelp": "https://pyhf.readthedocs.io/", - "softwareRequirements": [ - { - "@type": "SoftwareApplication", - "identifier": "click", - "name": "click", - "runtimePlatform": "Python 3", - "version": ">=8.0.0" - }, - { - "@type": "SoftwareApplication", - "identifier": "importlib-resources", - "name": "importlib-resources", - "runtimePlatform": "Python 3", - "version": ">=1.4.0" - }, - { - "@type": "SoftwareApplication", - "identifier": "jsonpatch", - "name": "jsonpatch", - "runtimePlatform": "Python 3", - "version": ">=1.15" - }, - { - "@type": "SoftwareApplication", - "identifier": "jsonschema", - "name": "jsonschema", - "runtimePlatform": "Python 3", - "version": ">=4.15.0" - }, - { - "@type": "SoftwareApplication", - "identifier": "numpy", - "name": "numpy", - "runtimePlatform": "Python 3" - }, - { - "@type": "SoftwareApplication", - "identifier": "pyyaml", - "name": "pyyaml", - "runtimePlatform": "Python 3", - "version": ">=5.1" - }, - { - "@type": "SoftwareApplication", - "identifier": "scipy", - "name": "scipy", - "runtimePlatform": "Python 3", - "version": ">=1.3.2" - }, - { - "@type": "SoftwareApplication", - "identifier": "tqdm", - "name": "tqdm", - "runtimePlatform": "Python 3", - "version": ">=4.56.0" - } - ], - "targetProduct": { - "@type": "CommandLineApplication", - "description": "The pyhf command line interface.", - "executableName": "pyhf", - "name": "pyhf", - "runtimePlatform": "Python 3" - }, - "url": "https://github.com/scikit-hep/pyhf", - "version": "0.7.6" -} diff --git a/docs/development.rst b/docs/development.rst index fa6149a8a9..3d3341cd12 100644 --- a/docs/development.rst +++ b/docs/development.rst @@ -267,19 +267,9 @@ sdist and wheel, and then deploy them to PyPI_. Context Files and Archive Metadata ---------------------------------- -The ``.zenodo.json`` and ``codemeta.json`` files have the version number -automatically updated through ``tbump``, though their additional metadata -should be checked periodically by the dev team (probably every release). -The ``codemeta.json`` file can be generated automatically **from a PyPI install** -of ``pyhf`` using ``codemetapy`` - -.. code-block:: console - - codemetapy --no-extras pyhf > codemeta.json - -though the ``author`` metadata will still need to be checked and revised by hand. -The ``.zenodo.json`` is currently generated by hand, so it is worth using -``codemeta.json`` as a guide to edit it. +The ``.zenodo.json`` file has the version number automatically updated through +``tbump``, though its additional metadata should be checked periodically by +the dev team (probably every release). .. _bump version GitHub Actions workflow: https://github.com/scikit-hep/pyhf/actions/workflows/bump-version.yml .. _PyPI: https://pypi.org/project/pyhf/ diff --git a/pyproject.toml b/pyproject.toml index 8aad3f9850..070eb2d708 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -133,7 +133,6 @@ develop = [ "tbump>=6.7.0", "pre-commit", "nox", - "codemetapy>=2.3.0", "uv>=0.1.39" ] diff --git a/tbump.toml b/tbump.toml index edc6fa00e6..935bbeba09 100644 --- a/tbump.toml +++ b/tbump.toml @@ -48,9 +48,6 @@ src = "src/pyhf/data/citation.bib" [[file]] src = ".zenodo.json" -[[file]] -src = "codemeta.json" - [[file]] src = "CITATION.cff" From 9f5c979f355c2efb363e7df47181e7be92ea438f Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Fri, 31 May 2024 02:44:51 -0500 Subject: [PATCH 23/43] build: Use notebook over jupyter (#2507) * jupyter is a metapackage that is never updated, so defining the notebook dependency provides better control on the actual tools required. --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 070eb2d708..6b53e2b5bc 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -109,7 +109,7 @@ test = [ "pydocstyle", "papermill>=2.5.0", "scrapbook>=0.5.0", - "jupyter", + "notebook>=6.5.7", "graphviz", "pytest-socket>=0.2.0", # c.f. PR #1917 ] From faa4ccf5d7fd08cc942a16919990798d17c45fc7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 16:08:02 -0700 Subject: [PATCH 24/43] build(deps): bump actions/attest-build-provenance in the actions group (#2510) Bumps the actions group with 1 update: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance). Updates `actions/attest-build-provenance` from 1.1.2 to 1.2.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/173725a1209d09b31f9d30a3890cf2757ebbff0d...49df96e17e918a15956db358890b08e61c704919) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/publish-package.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index 7f798b3616..9803c69663 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -109,7 +109,7 @@ jobs: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true' && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf') - uses: actions/attest-build-provenance@173725a1209d09b31f9d30a3890cf2757ebbff0d # v1.1.2 + uses: actions/attest-build-provenance@49df96e17e918a15956db358890b08e61c704919 # v1.2.0 with: subject-path: "dist/pyhf-*" From dd95dee5b676afc52be47df286b0fac84c4f4568 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Thu, 6 Jun 2024 23:44:31 -0700 Subject: [PATCH 25/43] test: Lower tolerance for iminuit v2.26.0+ on Apple silicon (#2514) * Lower the tolerance for the tests/test_optim.py test_optim_uncerts test to reach agreement for iminuit v2.26.0+ on Apple silicon. --- tests/test_optim.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/test_optim.py b/tests/test_optim.py index b94b722cf8..cfd7b0890a 100644 --- a/tests/test_optim.py +++ b/tests/test_optim.py @@ -385,7 +385,9 @@ def test_optim_uncerts(backend, source, spec, mu): return_uncertainties=True, ) assert result.shape == (2, 2) - assert pytest.approx([0.26418431, 0.0]) == pyhf.tensorlib.tolist(result[:, 1]) + assert pytest.approx([0.26418431, 0.0], rel=1e-5) == pyhf.tensorlib.tolist( + result[:, 1] + ) @pytest.mark.parametrize('mu', [1.0], ids=['mu=1']) From 7d316ef3d48a6ede64c7d8b7d8d238f6283550a2 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Fri, 7 Jun 2024 02:05:47 -0500 Subject: [PATCH 26/43] chore: [pre-commit.ci] pre-commit autoupdate (#2509) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update pre-commit hooks: - github.com/astral-sh/ruff-pre-commit: v0.4.3 → v0.4.7 - github.com/codespell-project/codespell: v2.2.6 → v2.3.0 --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 8012c467c0..63687db6c1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -35,7 +35,7 @@ repos: - id: rst-inline-touching-normal - repo: https://github.com/astral-sh/ruff-pre-commit - rev: "v0.4.3" + rev: "v0.4.7" hooks: - id: ruff args: ["--fix", "--show-fixes"] @@ -68,7 +68,7 @@ repos: args: ["--python-version=3.12"] - repo: https://github.com/codespell-project/codespell - rev: v2.2.6 + rev: v2.3.0 hooks: - id: codespell files: ^.*\.(py|md|rst)$ From e8789a2a5233f1c4d825ef0daeec8434f6893146 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Melissa=20Weber=20Mendon=C3=A7a?= Date: Fri, 7 Jun 2024 00:45:27 -0700 Subject: [PATCH 27/43] docs: Change docs theme to PyData Sphinx theme (#2513) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Switch docs theme to use the PyData Sphinx theme which is used across the broader Scientific Python community ubiquitously. - Replace sphinx-rtd-theme with pydata-sphinx-theme in 'docs' extra. * Reorder the navigation bar to keep API reference sections visible by default. * Remove 'View me on GitHub' ribbon. - The ribbon will cause issues with the theme and isn't needed anymore. * Add Melissa Weber Mendonça to contributors list. --- docs/conf.py | 5 ++--- docs/contributors.rst | 1 + docs/index.rst | 13 ++++--------- pyproject.toml | 2 +- 4 files changed, 8 insertions(+), 13 deletions(-) diff --git a/docs/conf.py b/docs/conf.py index 132f4da544..801ef81cef 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -55,7 +55,6 @@ def setup(app): 'sphinx.ext.viewcode', 'sphinx.ext.githubpages', 'sphinx.ext.intersphinx', - 'sphinx_rtd_theme', 'sphinxcontrib.bibtex', 'sphinx.ext.napoleon', 'sphinx_click.ext', @@ -243,13 +242,13 @@ def setup(app): # The theme to use for HTML and HTML Help pages. See the documentation for # a list of builtin themes. # -html_theme = 'sphinx_rtd_theme' +html_theme = 'pydata_sphinx_theme' # Theme options are theme-specific and customize the look and feel of a theme # further. For a list of options available for each theme, see the # documentation. # -html_theme_options = {} +html_theme_options = {"header_links_before_dropdown": 6} # Add any paths that contain custom themes here, relative to this directory. html_theme_path = [] diff --git a/docs/contributors.rst b/docs/contributors.rst index d29fd0974b..292efde1c7 100644 --- a/docs/contributors.rst +++ b/docs/contributors.rst @@ -34,3 +34,4 @@ Contributors include: - Daniel Werner - Jonas Rembser - Lorenz Gaertner +- Melissa Weber Mendonça diff --git a/docs/index.rst b/docs/index.rst index fbb5bf9925..7bddc7b269 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -8,25 +8,20 @@ intro likelihood - learn examples - outreach + api + cli installation development faq + learn babel - cli - api + outreach citations governance/ROADMAP release-notes contributors -.. raw:: html - - View me on GitHub - - .. raw:: html

Warning: This is a development version. The latest stable version is at ReadTheDocs.

diff --git a/pyproject.toml b/pyproject.toml index 6b53e2b5bc..52ae121b8f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -118,7 +118,7 @@ docs = [ "sphinx>=7.0.0", # c.f. https://github.com/scikit-hep/pyhf/pull/2271 "sphinxcontrib-bibtex>=2.1", "sphinx-click", - "sphinx-rtd-theme>=1.3.0", # c.f. https://github.com/scikit-hep/pyhf/pull/2271 + "pydata-sphinx-theme>=0.15.3", "nbsphinx!=0.8.8", # c.f. https://github.com/spatialaudio/nbsphinx/issues/620 "ipywidgets", "sphinx-issues", From a0caf3190403b2048b46eac2f38d055750eaabfe Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 17 Jun 2024 03:41:37 -0500 Subject: [PATCH 28/43] fix: Use shutil.copytree over setuptools._distutils (#2518) * As setuptools is not the build backend there should be no reliance on setuptools or distutils for use. This exchanges setuptools._distutils.dir_util.copy_tree for shutil.copytree with dirs_exist_ok=True as pyhf supports Python 3.8+. --- tests/conftest.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/tests/conftest.py b/tests/conftest.py index ad2d9d7cba..b17910a6a0 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -1,10 +1,10 @@ import json import pathlib +import shutil import sys import tarfile import pytest -from setuptools._distutils import dir_util import pyhf @@ -164,9 +164,6 @@ def datadir(tmp_path, request): test_dir = pathlib.Path(request.module.__file__).with_suffix('') if test_dir.is_dir(): - dir_util.copy_tree(test_dir, str(tmp_path)) - # shutil is nicer, but doesn't work: https://bugs.python.org/issue20849 - # Once pyhf is Python 3.8+ only then the below can be used. - # shutil.copytree(test_dir, tmp_path) + shutil.copytree(test_dir, tmp_path, dirs_exist_ok=True) return tmp_path From 644b1baf75c68fff9a708d94088d4142675d5524 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Mon, 17 Jun 2024 04:19:14 -0500 Subject: [PATCH 29/43] ci: Remove setuptools uprgrade as no longer backend (#2519) * Remove setuptools installs and upgrades from CI workflows and the Dockerfile build as it should not be required by any component of pyhf. --- .github/workflows/bump-version.yml | 2 +- .github/workflows/ci-windows.yml | 2 +- .github/workflows/ci.yml | 4 ++-- .github/workflows/dependencies-head.yml | 12 ++++++------ .github/workflows/docs.yml | 2 +- .github/workflows/notebooks.yml | 2 +- .github/workflows/release_tests.yml | 2 +- docker/Dockerfile | 2 +- docker/gpu/Dockerfile | 2 +- 9 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index e63bf7c940..71a14ea3e7 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -204,7 +204,7 @@ jobs: - name: Install Python dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip setuptools wheel + uv pip install --system --upgrade pip wheel uv pip install --system tbump python -m pip list diff --git a/.github/workflows/ci-windows.yml b/.github/workflows/ci-windows.yml index 0dbef41600..3a75d9e3ab 100644 --- a/.github/workflows/ci-windows.yml +++ b/.github/workflows/ci-windows.yml @@ -33,7 +33,7 @@ jobs: - name: Install dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip setuptools wheel + uv pip install --system --upgrade pip wheel uv pip install --system --upgrade '.[all,test]' - name: List installed Python packages diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9c7f5dcdfe..5482e8a9d0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -50,14 +50,14 @@ jobs: if: matrix.python-version != '3.8' run: | python -m pip install uv - uv pip install --system --upgrade pip setuptools wheel + uv pip install --system --upgrade pip wheel uv pip install --system --upgrade ".[all,test]" # c.f. https://github.com/astral-sh/uv/issues/2062 - name: Install dependencies (Python 3.8) if: matrix.python-version == '3.8' run: | - python -m pip install --upgrade pip setuptools wheel + python -m pip install --upgrade pip wheel python -m pip install --upgrade ".[all,test]" - name: List installed Python packages diff --git a/.github/workflows/dependencies-head.yml b/.github/workflows/dependencies-head.yml index feaf00a5ec..403695b65e 100644 --- a/.github/workflows/dependencies-head.yml +++ b/.github/workflows/dependencies-head.yml @@ -33,7 +33,7 @@ jobs: - name: Install dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip setuptools wheel + uv pip install --system --upgrade pip wheel uv pip --no-cache --quiet install --system --upgrade --pre ".[all,test]" python -m pip list @@ -64,7 +64,7 @@ jobs: - name: Install dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip setuptools wheel + uv pip install --system --upgrade pip wheel uv pip --no-cache --quiet install --system --upgrade ".[all,test]" uv pip uninstall --system scipy # uv wants to upgrade dependencies (numpy) to a dev release too, so don't --upgrade @@ -92,7 +92,7 @@ jobs: - name: Install dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip setuptools wheel + uv pip install --system --upgrade pip wheel uv pip --no-cache --quiet install --system --upgrade ".[all,test]" uv pip uninstall --system iminuit uv pip install --system --upgrade cython @@ -119,7 +119,7 @@ jobs: - name: Install dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip setuptools wheel + uv pip install --system --upgrade pip wheel uv pip --no-cache --quiet install --system --upgrade ".[all,test]" uv pip uninstall --system uproot uv pip install --system --upgrade git+https://github.com/scikit-hep/uproot5.git @@ -147,7 +147,7 @@ jobs: - name: Install dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip setuptools wheel + uv pip install --system --upgrade pip wheel uv pip --no-cache --quiet install --system --upgrade ".[all,test]" uv pip uninstall --system matplotlib # Need to use --extra-index-url as all dependencies aren't on scientific-python-nightly-wheels package index. @@ -184,7 +184,7 @@ jobs: - name: Install dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip setuptools wheel + uv pip install --system --upgrade pip wheel uv pip --no-cache --quiet install --system --upgrade ".[all,test]" uv pip uninstall --system pytest uv pip install --system --upgrade git+https://github.com/pytest-dev/pytest.git diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 81e9cd38e5..11251ae136 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -32,7 +32,7 @@ jobs: - name: Install Python dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip setuptools wheel + uv pip install --system --upgrade pip wheel uv pip --quiet install --system --upgrade ".[docs,test]" uv pip install --system yq python -m pip list diff --git a/.github/workflows/notebooks.yml b/.github/workflows/notebooks.yml index 50580dfa86..91439d0f8f 100644 --- a/.github/workflows/notebooks.yml +++ b/.github/workflows/notebooks.yml @@ -32,7 +32,7 @@ jobs: - name: Install dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip setuptools wheel + uv pip install --system --upgrade pip wheel # FIXME: c.f. https://github.com/scikit-hep/pyhf/issues/2104 uv pip install --system --upgrade ".[all,test]" 'jupyter-client<8.0.0' diff --git a/.github/workflows/release_tests.yml b/.github/workflows/release_tests.yml index 9a903f2aeb..f3312c8c9e 100644 --- a/.github/workflows/release_tests.yml +++ b/.github/workflows/release_tests.yml @@ -41,7 +41,7 @@ jobs: - name: Install from PyPI run: | python -m pip install uv - uv pip install --system --upgrade pip setuptools wheel + uv pip install --system --upgrade pip wheel uv pip install --system --pre 'pyhf[backends,xmlio]' uv pip install --system pytest python -m pip list diff --git a/docker/Dockerfile b/docker/Dockerfile index 47ff491ea6..ba7c8f5ab5 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -17,7 +17,7 @@ RUN apt-get -qq -y update && \ . /usr/local/venv/bin/activate && \ cd /code && \ python -m pip --no-cache-dir install --upgrade uv && \ - uv pip install --no-cache --upgrade pip setuptools wheel && \ + uv pip install --no-cache --upgrade pip wheel && \ uv pip install --no-cache '.[xmlio,contrib]' && \ uv pip list diff --git a/docker/gpu/Dockerfile b/docker/gpu/Dockerfile index 0bc93597bc..7c4a3ab3ae 100644 --- a/docker/gpu/Dockerfile +++ b/docker/gpu/Dockerfile @@ -14,7 +14,7 @@ COPY . /code COPY ./docker/gpu/install_backend.sh /code/install_backend.sh WORKDIR /code ARG BACKEND=tensorflow -RUN python3 -m pip --no-cache-dir install --upgrade pip setuptools wheel && \ +RUN python3 -m pip --no-cache-dir install --upgrade pip wheel && \ /bin/bash install_backend.sh ${BACKEND} && \ python3 -m pip list From 997e5e5a7c1372de1b9ce54fe38c2c29d0c432fc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 17:52:12 -0500 Subject: [PATCH 30/43] build(deps): bump the actions group with 3 updates (#2520) Bumps the actions group with 3 updates: [docker/build-push-action](https://github.com/docker/build-push-action), [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish). Updates `docker/build-push-action` from 5 to 6 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v5...v6) Updates `actions/attest-build-provenance` from 1.2.0 to 1.3.2 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/49df96e17e918a15956db358890b08e61c704919...bdd51370e0416ac948727f861e03c2f05d32d78e) Updates `pypa/gh-action-pypi-publish` from 1.8.14 to 1.9.0 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.14...v1.9.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: pypa/gh-action-pypi-publish dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 6 +++--- .github/workflows/publish-package.yml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index e71ac7f1ce..eab191755d 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -81,7 +81,7 @@ jobs: - name: Test build id: docker_build_test - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . file: docker/Dockerfile @@ -119,7 +119,7 @@ jobs: # every PR will trigger a push event on main, so check the push event is actually coming from main if: github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'scikit-hep/pyhf' id: docker_build_latest - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . file: docker/Dockerfile @@ -136,7 +136,7 @@ jobs: - name: Build and publish to registry with release tag if: github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf' id: docker_build_release - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . file: docker/Dockerfile diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index 9803c69663..ed38b51558 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -109,7 +109,7 @@ jobs: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true' && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf') - uses: actions/attest-build-provenance@49df96e17e918a15956db358890b08e61c704919 # v1.2.0 + uses: actions/attest-build-provenance@bdd51370e0416ac948727f861e03c2f05d32d78e # v1.3.2 with: subject-path: "dist/pyhf-*" @@ -168,13 +168,13 @@ jobs: if: >- (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true' && github.repository == 'scikit-hep/pyhf') - uses: pypa/gh-action-pypi-publish@v1.8.14 + uses: pypa/gh-action-pypi-publish@v1.9.0 with: repository-url: https://test.pypi.org/legacy/ print-hash: true - name: Publish distribution 📦 to PyPI if: github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf' - uses: pypa/gh-action-pypi-publish@v1.8.14 + uses: pypa/gh-action-pypi-publish@v1.9.0 with: print-hash: true From 2e4b93043ece95d78e7eb040b56736c11dd6c160 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Wed, 19 Jun 2024 23:04:03 -0500 Subject: [PATCH 31/43] feat: Use 'method' arg for jax.numpy.percentile (#2522) * Change the argument name in jax.numpy.percentile from 'interpolation' to 'method'. No change to the lower bounds on jax and jaxlib is required as 'method' already existed as an argument in jax v0.4.1. This just deprecates the use of 'interpolation'. - Avoids the following DeprecationWarning in jax v0.4.29+: > DeprecationWarning: The interpolation= argument to 'percentile' is deprecated. > Use 'method=' instead. - c.f. https://github.com/google/jax/pull/21267 --- src/pyhf/tensor/jax_backend.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pyhf/tensor/jax_backend.py b/src/pyhf/tensor/jax_backend.py index 61a14084c3..438f3e7325 100644 --- a/src/pyhf/tensor/jax_backend.py +++ b/src/pyhf/tensor/jax_backend.py @@ -321,7 +321,7 @@ def percentile(self, tensor_in, q, axis=None, interpolation="linear"): .. versionadded:: 0.7.0 """ - return jnp.percentile(tensor_in, q, axis=axis, interpolation=interpolation) + return jnp.percentile(tensor_in, q, axis=axis, method=interpolation) def stack(self, sequence, axis=0): return jnp.stack(sequence, axis=axis) From 7259d60ba6f43935601149b145b98488e265f004 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Wed, 19 Jun 2024 23:27:58 -0500 Subject: [PATCH 32/43] fix: Add filterwarnings for jax.xla_computation DeprecationWarning (#2523) * Add an ignore to filterwarnings to avoid a DeprecationWarning on jax.xla_computation in jax v0.4.30+. > DeprecationWarning: jax.xla_computation is deprecated. > Please use the AOT APIs. - c.f. https://github.com/google/jax/pull/21923 --- pyproject.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/pyproject.toml b/pyproject.toml index 52ae121b8f..cc39287ab3 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -227,6 +227,7 @@ filterwarnings = [ "ignore:jsonschema.RefResolver is deprecated as of v4.18.0, in favor of the:DeprecationWarning", # Issue #2139 "ignore:Skipping device Apple Paravirtual device that does not support Metal 2.0:UserWarning", # Can't fix given hardware/virtualized device 'ignore:Type google._upb._message.[A-Z]+ uses PyType_Spec with a metaclass that has custom:DeprecationWarning', # protobuf via tensorflow + "ignore:jax.xla_computation is deprecated. Please use the AOT APIs:DeprecationWarning", # jax v0.4.30 ] [tool.coverage.run] From 89a6c132c7edcf934eac52203b08945eadc4ad13 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 2 Jul 2024 01:14:24 +0200 Subject: [PATCH 33/43] chore: [pre-commit.ci] pre-commit autoupdate (#2527) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update pre-commit hooks: - github.com/astral-sh/ruff-pre-commit: v0.4.7 → v0.5.0 - github.com/adamchainz/blacken-docs: 1.16.0 → 1.18.0 - github.com/pre-commit/mirrors-mypy: v1.10.0 → v1.10.1 - github.com/python-jsonschema/check-jsonschema: 0.28.4 → 0.28.6 --- .pre-commit-config.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 63687db6c1..3c42892e73 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -35,7 +35,7 @@ repos: - id: rst-inline-touching-normal - repo: https://github.com/astral-sh/ruff-pre-commit - rev: "v0.4.7" + rev: "v0.5.0" hooks: - id: ruff args: ["--fix", "--show-fixes"] @@ -47,13 +47,13 @@ repos: types_or: [python, pyi, jupyter] - repo: https://github.com/adamchainz/blacken-docs - rev: 1.16.0 + rev: 1.18.0 hooks: - id: blacken-docs additional_dependencies: [black==24.4.2] - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.10.0 + rev: v1.10.1 # check the oldest and newest supported Pythons hooks: - &mypy @@ -75,7 +75,7 @@ repos: args: ["-w", "-L", "hist,gaus"] - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.28.4 + rev: 0.28.6 hooks: - id: check-readthedocs args: ["--verbose"] From dff116cd5b3a4527501540a681813ad14d7a55fc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 15:48:03 -0700 Subject: [PATCH 34/43] build(deps): bump actions/upload-artifact in the actions group (#2530) Bumps the actions group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/upload-artifact` from 3.pre.node20 to 4.3.4 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3-node20...v4.3.4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production dependency-group: actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish-package.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index ed38b51558..25f7e610ff 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -114,7 +114,7 @@ jobs: subject-path: "dist/pyhf-*" - name: Upload distribution artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v4.3.4 with: name: dist-artifact path: dist diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 83410e069f..a624b23f69 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: SARIF file path: results.sarif From c9de60e90057d42f9e503dbd01d05f8488638877 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2024 15:40:13 -0700 Subject: [PATCH 35/43] build(deps): bump actions/attest-build-provenance in the actions group (#2532) Bumps the actions group with 1 update: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance). Updates `actions/attest-build-provenance` from 1.3.2 to 1.3.3 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/bdd51370e0416ac948727f861e03c2f05d32d78e...5e9cb68e95676991667494a6a4e59b8a2f13e1d0) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish-package.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index 25f7e610ff..39f10aaf82 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -109,7 +109,7 @@ jobs: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true' && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf') - uses: actions/attest-build-provenance@bdd51370e0416ac948727f861e03c2f05d32d78e # v1.3.2 + uses: actions/attest-build-provenance@5e9cb68e95676991667494a6a4e59b8a2f13e1d0 # v1.3.3 with: subject-path: "dist/pyhf-*" From d81c5a0e92a386a3ba6a69af74758ec92821b04f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jul 2024 00:38:35 -0500 Subject: [PATCH 36/43] build(deps): bump ossf/scorecard-action in the actions group (#2534) Bumps the actions group with 1 update: [ossf/scorecard-action](https://github.com/ossf/scorecard-action). Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/dc50aa9510b46c811795eb24b2f1ba02a914e534...62b2cac7ed8198b15735ed49ab1e5cf35480ba46) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a624b23f69..a43c6e28ea 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -37,7 +37,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif From ef9359fdc5c53bca7c992ccab178be31ce35d138 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 18:28:43 -0500 Subject: [PATCH 37/43] build(deps): bump the actions group with 2 updates (#2536) Bumps the actions group with 2 updates: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/attest-build-provenance` from 1.3.3 to 1.4.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/5e9cb68e95676991667494a6a4e59b8a2f13e1d0...210c1913531870065f03ce1f9440dd87bc0938cd) Updates `actions/upload-artifact` from 4.3.4 to 4.3.5 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish-package.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index 39f10aaf82..de6d8eba55 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -109,12 +109,12 @@ jobs: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true' && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf') - uses: actions/attest-build-provenance@5e9cb68e95676991667494a6a4e59b8a2f13e1d0 # v1.3.3 + uses: actions/attest-build-provenance@210c1913531870065f03ce1f9440dd87bc0938cd # v1.4.0 with: subject-path: "dist/pyhf-*" - name: Upload distribution artifact - uses: actions/upload-artifact@v4.3.4 + uses: actions/upload-artifact@v4.3.5 with: name: dist-artifact path: dist diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a43c6e28ea..9b77ef97eb 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: SARIF file path: results.sarif From 990681dd1e1423beef02063959fcaf20722260d1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Aug 2024 18:00:10 -0500 Subject: [PATCH 38/43] build(deps): bump the actions group with 2 updates (#2537) Bumps the actions group with 2 updates: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/attest-build-provenance` from 1.4.0 to 1.4.1 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/210c1913531870065f03ce1f9440dd87bc0938cd...310b0a4a3b0b78ef57ecda988ee04b132db73ef8) Updates `actions/upload-artifact` from 4.3.5 to 4.3.6 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish-package.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index de6d8eba55..9b0a0adc9b 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -109,12 +109,12 @@ jobs: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true' && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf') - uses: actions/attest-build-provenance@210c1913531870065f03ce1f9440dd87bc0938cd # v1.4.0 + uses: actions/attest-build-provenance@310b0a4a3b0b78ef57ecda988ee04b132db73ef8 # v1.4.1 with: subject-path: "dist/pyhf-*" - name: Upload distribution artifact - uses: actions/upload-artifact@v4.3.5 + uses: actions/upload-artifact@v4.3.6 with: name: dist-artifact path: dist diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 9b77ef97eb..b592e0ab56 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: SARIF file path: results.sarif From 1cca44f1adc2ca0609f7fc20a08ebac7d8786007 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Aug 2024 01:21:31 +0200 Subject: [PATCH 39/43] build(deps): bump actions/attest-build-provenance in the actions group (#2539) Bumps the actions group with 1 update: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance). Updates `actions/attest-build-provenance` from 1.4.1 to 1.4.2 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/310b0a4a3b0b78ef57ecda988ee04b132db73ef8...6149ea5740be74af77f260b9db67e633f6b0a9a1) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish-package.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index 9b0a0adc9b..d6fc5e84e2 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -109,7 +109,7 @@ jobs: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true' && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf') - uses: actions/attest-build-provenance@310b0a4a3b0b78ef57ecda988ee04b132db73ef8 # v1.4.1 + uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2 with: subject-path: "dist/pyhf-*" From aab34688a33fb614fb89d6e8aa09606f3de18529 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Sep 2024 08:45:09 -0500 Subject: [PATCH 40/43] build(deps): bump the actions group across 1 directory with 3 updates (#2541) Bumps the actions group with 3 updates in the / directory: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish). Updates `actions/attest-build-provenance` from 1.4.2 to 1.4.3 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/6149ea5740be74af77f260b9db67e633f6b0a9a1...1c608d11d69870c2092266b3f9a6f3abbf17002c) Updates `actions/upload-artifact` from 4.3.6 to 4.4.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0) Updates `pypa/gh-action-pypi-publish` from 1.9.0 to 1.10.1 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/v1.9.0...v1.10.1) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: pypa/gh-action-pypi-publish dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish-package.yml | 8 ++++---- .github/workflows/scorecard.yml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index d6fc5e84e2..ae1139179c 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -109,12 +109,12 @@ jobs: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true' && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf') - uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2 + uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 with: subject-path: "dist/pyhf-*" - name: Upload distribution artifact - uses: actions/upload-artifact@v4.3.6 + uses: actions/upload-artifact@v4.4.0 with: name: dist-artifact path: dist @@ -168,13 +168,13 @@ jobs: if: >- (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true' && github.repository == 'scikit-hep/pyhf') - uses: pypa/gh-action-pypi-publish@v1.9.0 + uses: pypa/gh-action-pypi-publish@v1.10.1 with: repository-url: https://test.pypi.org/legacy/ print-hash: true - name: Publish distribution 📦 to PyPI if: github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf' - uses: pypa/gh-action-pypi-publish@v1.9.0 + uses: pypa/gh-action-pypi-publish@v1.10.1 with: print-hash: true diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b592e0ab56..4d605498e3 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@b18b1d32f3f31abcdc29dee3f2484801fe7822f4 # v4.3.6 with: name: SARIF file path: results.sarif From 609af8883c051ff0fcd43e30a866f99d19f565e8 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Thu, 19 Sep 2024 12:52:37 -0500 Subject: [PATCH 41/43] ci: Remove upgrade of wheel (#2542) * Remove upgrading of wheel from CI workflows. - For dependencies that don't provide a wheel, and don't have build-system metadata in pyproject.toml, modern setuptools has integrated wheel and so installation is unnecessary. * Remove 'uv pip install --system --upgrade pip' as 'uv pip' is a different program. --- .github/workflows/bump-version.yml | 1 - .github/workflows/ci-windows.yml | 1 - .github/workflows/ci.yml | 3 +-- .github/workflows/dependencies-head.yml | 6 ------ .github/workflows/docs.yml | 1 - .github/workflows/lower-bound-requirements.yml | 2 +- .github/workflows/notebooks.yml | 1 - .github/workflows/release_tests.yml | 1 - docker/Dockerfile | 1 - 9 files changed, 2 insertions(+), 15 deletions(-) diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index 71a14ea3e7..e574a2ab34 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -204,7 +204,6 @@ jobs: - name: Install Python dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip wheel uv pip install --system tbump python -m pip list diff --git a/.github/workflows/ci-windows.yml b/.github/workflows/ci-windows.yml index 3a75d9e3ab..b625754baf 100644 --- a/.github/workflows/ci-windows.yml +++ b/.github/workflows/ci-windows.yml @@ -33,7 +33,6 @@ jobs: - name: Install dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip wheel uv pip install --system --upgrade '.[all,test]' - name: List installed Python packages diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5482e8a9d0..28a449ab63 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -50,14 +50,13 @@ jobs: if: matrix.python-version != '3.8' run: | python -m pip install uv - uv pip install --system --upgrade pip wheel uv pip install --system --upgrade ".[all,test]" # c.f. https://github.com/astral-sh/uv/issues/2062 - name: Install dependencies (Python 3.8) if: matrix.python-version == '3.8' run: | - python -m pip install --upgrade pip wheel + python -m pip install --upgrade pip python -m pip install --upgrade ".[all,test]" - name: List installed Python packages diff --git a/.github/workflows/dependencies-head.yml b/.github/workflows/dependencies-head.yml index 403695b65e..c714392d81 100644 --- a/.github/workflows/dependencies-head.yml +++ b/.github/workflows/dependencies-head.yml @@ -33,7 +33,6 @@ jobs: - name: Install dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip wheel uv pip --no-cache --quiet install --system --upgrade --pre ".[all,test]" python -m pip list @@ -64,7 +63,6 @@ jobs: - name: Install dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip wheel uv pip --no-cache --quiet install --system --upgrade ".[all,test]" uv pip uninstall --system scipy # uv wants to upgrade dependencies (numpy) to a dev release too, so don't --upgrade @@ -92,7 +90,6 @@ jobs: - name: Install dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip wheel uv pip --no-cache --quiet install --system --upgrade ".[all,test]" uv pip uninstall --system iminuit uv pip install --system --upgrade cython @@ -119,7 +116,6 @@ jobs: - name: Install dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip wheel uv pip --no-cache --quiet install --system --upgrade ".[all,test]" uv pip uninstall --system uproot uv pip install --system --upgrade git+https://github.com/scikit-hep/uproot5.git @@ -147,7 +143,6 @@ jobs: - name: Install dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip wheel uv pip --no-cache --quiet install --system --upgrade ".[all,test]" uv pip uninstall --system matplotlib # Need to use --extra-index-url as all dependencies aren't on scientific-python-nightly-wheels package index. @@ -184,7 +179,6 @@ jobs: - name: Install dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip wheel uv pip --no-cache --quiet install --system --upgrade ".[all,test]" uv pip uninstall --system pytest uv pip install --system --upgrade git+https://github.com/pytest-dev/pytest.git diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 11251ae136..c7a99fda4d 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -32,7 +32,6 @@ jobs: - name: Install Python dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip wheel uv pip --quiet install --system --upgrade ".[docs,test]" uv pip install --system yq python -m pip list diff --git a/.github/workflows/lower-bound-requirements.yml b/.github/workflows/lower-bound-requirements.yml index 87305d10a8..5bdd837c68 100644 --- a/.github/workflows/lower-bound-requirements.yml +++ b/.github/workflows/lower-bound-requirements.yml @@ -30,7 +30,7 @@ jobs: - name: Install dependencies and force lowest bound run: | python -m pip install uv - uv pip install --system --upgrade pip 'setuptools<70.0.0' wheel + uv pip install --system --upgrade 'setuptools<70.0.0' uv pip --no-cache install --system --constraint tests/constraints.txt ".[all,test]" - name: List installed Python packages diff --git a/.github/workflows/notebooks.yml b/.github/workflows/notebooks.yml index 91439d0f8f..52b6fb1af4 100644 --- a/.github/workflows/notebooks.yml +++ b/.github/workflows/notebooks.yml @@ -32,7 +32,6 @@ jobs: - name: Install dependencies run: | python -m pip install uv - uv pip install --system --upgrade pip wheel # FIXME: c.f. https://github.com/scikit-hep/pyhf/issues/2104 uv pip install --system --upgrade ".[all,test]" 'jupyter-client<8.0.0' diff --git a/.github/workflows/release_tests.yml b/.github/workflows/release_tests.yml index f3312c8c9e..0569562704 100644 --- a/.github/workflows/release_tests.yml +++ b/.github/workflows/release_tests.yml @@ -41,7 +41,6 @@ jobs: - name: Install from PyPI run: | python -m pip install uv - uv pip install --system --upgrade pip wheel uv pip install --system --pre 'pyhf[backends,xmlio]' uv pip install --system pytest python -m pip list diff --git a/docker/Dockerfile b/docker/Dockerfile index ba7c8f5ab5..1e81d375c4 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -17,7 +17,6 @@ RUN apt-get -qq -y update && \ . /usr/local/venv/bin/activate && \ cd /code && \ python -m pip --no-cache-dir install --upgrade uv && \ - uv pip install --no-cache --upgrade pip wheel && \ uv pip install --no-cache '.[xmlio,contrib]' && \ uv pip list From eb44f8c78537517d4515bc6d04feac0361b1e58e Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Thu, 19 Sep 2024 17:53:51 -0500 Subject: [PATCH 42/43] chore: Apply Docker build check corrections (#2543) * Apply revisions to Dockerfile from Docker build checks. - https://docs.docker.com/reference/build-checks/from-as-casing/ - https://docs.docker.com/go/dockerfile/rule/undefined-var/ - https://docs.docker.com/go/dockerfile/rule/legacy-key-value-format/ --- docker/Dockerfile | 9 +++++---- docker/gpu/Dockerfile | 4 ++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 1e81d375c4..6c4e62eb31 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,8 +1,8 @@ ARG BASE_IMAGE=python:3.12-slim-bullseye # hadolint ignore=DL3006 -FROM ${BASE_IMAGE} as base +FROM ${BASE_IMAGE} AS base -FROM base as builder +FROM base AS builder # Set PATH to pickup virtual environment by default ENV PATH=/usr/local/venv/bin:"${PATH}" COPY . /code @@ -48,10 +48,11 @@ RUN adduser \ COPY --from=builder --chown=moby /usr/local/venv /usr/local/venv/ +# Does NOT define USER as ENV USER moby -ENV USER ${USER} -ENV HOME /home/moby +ENV USER=moby +ENV HOME=/home/moby WORKDIR ${HOME}/work # Use C.UTF-8 locale to avoid issues with ASCII encoding diff --git a/docker/gpu/Dockerfile b/docker/gpu/Dockerfile index 7c4a3ab3ae..288ef916f2 100644 --- a/docker/gpu/Dockerfile +++ b/docker/gpu/Dockerfile @@ -1,6 +1,6 @@ -FROM nvidia/cuda:10.1-cudnn7-runtime-ubuntu18.04 as base +FROM nvidia/cuda:10.1-cudnn7-runtime-ubuntu18.04 AS base -FROM base as builder +FROM base AS builder # hadolint ignore=DL3015 RUN apt-get update -y && \ apt-get install -y \ From 3d26434be836050e334190c212b1db1a6f7650c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 18:53:43 -0500 Subject: [PATCH 43/43] build(deps): bump pypa/gh-action-pypi-publish in the actions group (#2546) Bumps the actions group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish). Updates `pypa/gh-action-pypi-publish` from 1.10.1 to 1.10.2 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/v1.10.1...v1.10.2) --- updated-dependencies: - dependency-name: pypa/gh-action-pypi-publish dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish-package.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index ae1139179c..ce5d0e8ffa 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -168,13 +168,13 @@ jobs: if: >- (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && github.repository == 'scikit-hep/pyhf') || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true' && github.repository == 'scikit-hep/pyhf') - uses: pypa/gh-action-pypi-publish@v1.10.1 + uses: pypa/gh-action-pypi-publish@v1.10.2 with: repository-url: https://test.pypi.org/legacy/ print-hash: true - name: Publish distribution 📦 to PyPI if: github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pyhf' - uses: pypa/gh-action-pypi-publish@v1.10.1 + uses: pypa/gh-action-pypi-publish@v1.10.2 with: print-hash: true