From f4252bde4298be9bae8e8e4e5b006d7d34350b41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wilfredo=20Sa=CC=81nchez?= Date: Wed, 14 Feb 2024 09:51:30 -0800 Subject: [PATCH 1/6] drop ballast --- .github/workflows/cicd.yml | 47 -------------------------------------- tox.ini | 37 ------------------------------ 2 files changed, 84 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index fb76cc080..8c40b8f0d 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -149,53 +149,6 @@ jobs: run: tox run -e bandit - # safety: - - # name: Safety (dependency security checker) - - # runs-on: ubuntu-latest - # timeout-minutes: 5 - - # steps: - - # - name: Harden CI - # uses: step-security/harden-runner@v2.7.0 - # with: - # disable-sudo: true - # disable-file-monitoring: true - # egress-policy: block - # allowed-endpoints: > - # api.github.com:443 - # files.pythonhosted.org:443 - # github.com:443 - # pypi.org:443 - # pyup.io:443 - - # - name: Checkout source code - # uses: actions/checkout@v4 - - # - name: Install Python - # uses: actions/setup-python@v5 - # with: - # python-version: "3.12" - - # - name: System Python Information - # uses: twisted/python-info-action@v1 - - # - name: Set up Tox environment - # run: | - # pip install tox - # tox run -e safety --notest - - # - name: Tox Python Information - # uses: twisted/python-info-action@v1 - # with: - # python-path: .tox/safety/*/python - - # - name: Run Safety - # run: tox run -e safety - - docs: name: Build documentation diff --git a/tox.ini b/tox.ini index 6d4299d7f..0e9460545 100644 --- a/tox.ini +++ b/tox.ini @@ -149,43 +149,6 @@ commands = - coverage html -## -# Bandit security static analyzer -## - -[testenv:bandit] - -description = run Bandit (security static analyzer) - -basepython = {[default]basepython} - -usedevelop = true -skip_install = True - -deps = - -r requirements/requirements-bandit.txt - -commands = - bandit -c {toxinidir}/.bandit -r {posargs:src} - - -## -# Safety dependency security checker -## - -[testenv:safety] - -description = run Safety (dependency security checker) - -basepython = {[default]basepython} - -deps = - -r requirements/requirements-safety.txt - -commands = - safety check - - ## # Documentation ## From 004e245afaec0667af84c5103d8926d9c66208bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wilfredo=20Sa=CC=81nchez?= Date: Wed, 14 Feb 2024 09:52:31 -0800 Subject: [PATCH 2/6] drop ballast --- .github/workflows/cicd.yml | 46 -------------------------------------- 1 file changed, 46 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 8c40b8f0d..5e4463f97 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -103,52 +103,6 @@ jobs: run: tox run -e mypy - bandit: - - name: Bandit (security static analyzer) - - runs-on: ubuntu-latest - timeout-minutes: 5 - - steps: - - - name: Harden CI - uses: step-security/harden-runner@v2.7.0 - with: - disable-sudo: true - disable-file-monitoring: true - egress-policy: block - allowed-endpoints: > - api.github.com:443 - files.pythonhosted.org:443 - github.com:443 - pypi.org:443 - - - name: Checkout source code - uses: actions/checkout@v4 - - - name: Install Python - uses: actions/setup-python@v5 - with: - python-version: "3.12" - - - name: System Python Information - uses: twisted/python-info-action@v1 - - - name: Set up Tox environment - run: | - pip install tox - tox run -e bandit --notest - - - name: Tox Python Information - uses: twisted/python-info-action@v1 - with: - python-path: .tox/bandit/*/python - - - name: Run Bandit - run: tox run -e bandit - - docs: name: Build documentation From 4029e1da45c3f6a1963192b2b1021ea4cb3b53e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wilfredo=20Sa=CC=81nchez?= Date: Wed, 14 Feb 2024 10:41:58 -0800 Subject: [PATCH 3/6] Check branch coverage also --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index 0e9460545..7149e4f9d 100644 --- a/tox.ini +++ b/tox.ini @@ -69,7 +69,7 @@ commands = # - Use `tox -e coverage_report` to generate a report for all environments. coverage: python -c 'f=open("{envsitepackagesdir}/zz_coverage.pth", "w"); f.write("import coverage; coverage.process_startup()\n")' coverage: coverage erase - coverage: coverage run --parallel-mode --source="{env:PY_MODULE}" "{envdir}/bin/trial" --random=0 {env:TRIAL_JOBS} --logfile="{envlogdir}/trial.log" --temp-directory="{envlogdir}/trial.d" {posargs:{env:PY_MODULE}} + coverage: coverage run --branch --parallel-mode --source="{env:PY_MODULE}" "{envdir}/bin/trial" --random=0 {env:TRIAL_JOBS} --logfile="{envlogdir}/trial.log" --temp-directory="{envlogdir}/trial.d" {posargs:{env:PY_MODULE}} coverage: coverage combine coverage: coverage xml -o {toxworkdir}/coverage.xml From 132f3ea01a0684f633b0f872d5e6e5a74665b7b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wilfredo=20Sa=CC=81nchez?= Date: Wed, 14 Feb 2024 10:42:14 -0800 Subject: [PATCH 4/6] Try to take Codecov out of critical CI path --- .github/workflows/cicd.yml | 57 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 55 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 5e4463f97..6c925b814 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -306,9 +306,21 @@ jobs: name: trial path: .tox/${TOX_ENV}/log/trial.log + # The Codecov service causes too many CI failures. + # We'll verify coverage ourselves but attempt to upload to Codecov so that + # (when uploads work) we can use its features without relying on it to pass CI. + + - name: Upload coverage data + uses: actions/upload-artifact@v4 + if: ${{ matrix.tox-prefix == 'coverage' }} + with: + name: coverage-data-${{ matrix.os }}-${{ matrix.python-version }} + path: .coverage.* + # Use the latest supported Python version for combining coverage to # prevent parsing errors in older versions when looking at modern code. - - uses: "actions/setup-python@v5" + - name: Install latest Python + uses: "actions/setup-python@v5" if: ${{ matrix.tox-prefix == 'coverage' }} with: python-version: "3.12" @@ -320,7 +332,7 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} files: .tox/coverage.xml env_vars: GITHUB_REF,GITHUB_COMMIT,GITHUB_USER,GITHUB_WORKFLOW - fail_ci_if_error: true + fail_ci_if_error: false env: GITHUB_REF: ${{ github.ref }} GITHUB_COMMIT: ${{ github.sha }} @@ -328,6 +340,47 @@ jobs: GITHUB_WORKFLOW: ${{ github.workflow }} + coverage: + name: Check code coverage + + needs: unit + if: ${{ always() }} + + runs-on: ubuntu-latest + timeout-minutes: 5 + + steps: + # Use the latest supported Python version for combining coverage to + # prevent parsing errors in older versions when looking at modern code. + - name: Install Python + uses: "actions/setup-python@v5" + if: ${{ matrix.tox-prefix == 'coverage' }} + with: + python-version: "3.12" + + - uses: actions/download-artifact@v4 + with: + pattern: coverage-data-* + merge-multiple: true + + - name: Check coverage + run: | + pip install coverage + coverage combine + if ! coverage report --fail-under=100; then + coverage html --skip-covered --skip-empty + coverage report --format=markdown >> $GITHUB_STEP_SUMMARY + exit 1 + fi + + - name: Upload coverage report if check failed + uses: actions/upload-artifact@v4 + if: ${{ failure() }} + with: + name: coverage-report + path: htmlcov + + docker-build: name: Build Docker image From f307ba93062dbdabc342b1a948aef90f467c0a97 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Wed, 14 Feb 2024 18:43:58 +0000 Subject: [PATCH 5/6] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- .github/workflows/cicd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 6c925b814..e8392b0d2 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -316,7 +316,7 @@ jobs: with: name: coverage-data-${{ matrix.os }}-${{ matrix.python-version }} path: .coverage.* - + # Use the latest supported Python version for combining coverage to # prevent parsing errors in older versions when looking at modern code. - name: Install latest Python @@ -380,7 +380,7 @@ jobs: name: coverage-report path: htmlcov - + docker-build: name: Build Docker image From 4eb8b9208b798eb539e3e0cfbea7bfc82f5e128b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wilfredo=20Sa=CC=81nchez?= Date: Wed, 14 Feb 2024 10:57:19 -0800 Subject: [PATCH 6/6] try to find coverage files --- .github/workflows/cicd.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index e8392b0d2..aeb00bb11 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -310,12 +310,16 @@ jobs: # We'll verify coverage ourselves but attempt to upload to Codecov so that # (when uploads work) we can use its features without relying on it to pass CI. + - name: DEBUG + if: ${{ matrix.tox-prefix == 'coverage' }} + run: find . -name '*coverage*' -print + - name: Upload coverage data uses: actions/upload-artifact@v4 if: ${{ matrix.tox-prefix == 'coverage' }} with: name: coverage-data-${{ matrix.os }}-${{ matrix.python-version }} - path: .coverage.* + path: .tox/coverage.* # Use the latest supported Python version for combining coverage to # prevent parsing errors in older versions when looking at modern code. @@ -365,6 +369,8 @@ jobs: - name: Check coverage run: | + export COVERAGE_FILE="./.tox/coverage" + find . -name '*coverage*' -print pip install coverage coverage combine if ! coverage report --fail-under=100; then