Skip to content

Update vendored Pip's CA cert bundle. #3286

Update vendored Pip's CA cert bundle.

Update vendored Pip's CA cert bundle. #3286

Workflow file for this run

name: CI
on: [push, pull_request]
defaults:
run:
shell: bash
env:
_PEX_TEST_DEV_ROOT: ${{ github.workspace }}/.pex_dev
_PEX_TEST_POS_ARGS: "--color --devpi --devpi-timeout 15.0 --shutdown-devpi -vvs"
_PEX_PEXPECT_TIMEOUT: 10
# We have integration tests that exercise `--scie` support and these can trigger downloads from
# GitHub Releases that needed elevated rate limit quota, which this gives.
SCIENCE_AUTH_API_GITHUB_COM_BEARER: ${{ secrets.GITHUB_TOKEN }}
concurrency:
group: CI-${{ github.ref }}
# Queue on all branches and tags, but only cancel overlapping PR burns.
cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !startsWith(github.ref, 'refs/tags/') }}
jobs:
org-check:
name: Check GitHub Organization
if: github.repository_owner == 'pex-tool'
runs-on: ubuntu-24.04
steps:
- name: Noop
run: "true"
checks:
name: tox -e format-check,lint-check,typecheck,enum-check,vendor-check,package,docs
needs: org-check
runs-on: ubuntu-24.04
steps:
- name: Checkout Pex
uses: actions/checkout@v4
with:
# We need branches and tags since package leans on `git describe`. Passing 0 gets us
# complete history.
fetch-depth: 0
- name: Setup Python 3.9
uses: actions/setup-python@v5
with:
# We need to keep Python 3.9 for consistent vendoring with tox.
python-version: "3.9"
- name: Check Formatting, Lints and Types
uses: pex-tool/actions/run-tox@c53dadd8b410bbd66480de91067e9e45d2b3af38
with:
tox-env: format-check,lint-check,typecheck
- name: Check Enum Types
run: |
BASE_MODE=pull ./dtox.sh -e enum-check -- -v --require-py27
- name: Check Vendoring
uses: pex-tool/actions/run-tox@c53dadd8b410bbd66480de91067e9e45d2b3af38
with:
tox-env: vendor-check
- name: Check Packaging
uses: pex-tool/actions/run-tox@c53dadd8b410bbd66480de91067e9e45d2b3af38
with:
tox-env: >-
package -- --additional-format sdist --additional-format wheel --embed-docs --clean-docs
--scies --gen-md-table-of-hash-and-size dist/hashes.md
- name: Check Docs
uses: pex-tool/actions/run-tox@c53dadd8b410bbd66480de91067e9e45d2b3af38
with:
tox-env: docs -- --linkcheck --pdf --clean-html
# N.B.: The name of this job key (linux-tests) is depended on by scrips/build_cache_image.py. In
# particular, the tox-env matrix list is used to ensure the cache covers all Linux CI jobs.
linux-tests:
name: ./dtox.sh -e ${{ matrix.tox-env }} ${{ matrix.pex-test-pos-args }}
needs: org-check
runs-on: ubuntu-24.04
strategy:
matrix:
include:
# Unit tests:
# -----------
- tox-env: py27-pip20
- tox-env: py38-pip22_3_1
- tox-env: py311-pip23_3_2
- tox-env: py313-pip24_3_1
- tox-env: py314-pip24_3_1
- tox-env: pypy310-pip24_3_1
# Integration tests, split most into two shards:
# ----------------------------------------------
# CPython 2.7 is fast enough not to require sharding.
- tox-env: py27-pip20-integration
- tox-env: py38-pip22_3_1-integration
pex-test-pos-args: --shard 1/2
- tox-env: py38-pip22_3_1-integration
pex-test-pos-args: --shard 2/2
- tox-env: py311-pip23_3_2-integration
pex-test-pos-args: --shard 1/2
- tox-env: py311-pip23_3_2-integration
pex-test-pos-args: --shard 2/2
- tox-env: py313-pip24_3_1-integration
pex-test-pos-args: --shard 1/2
- tox-env: py313-pip24_3_1-integration
pex-test-pos-args: --shard 2/2
- tox-env: py314-pip24_3_1-integration
pex-test-pos-args: --shard 1/2
- tox-env: py314-pip24_3_1-integration
pex-test-pos-args: --shard 2/2
- tox-env: pypy310-pip24_3_1-integration
pex-test-pos-args: --shard 1/2
- tox-env: pypy310-pip24_3_1-integration
pex-test-pos-args: --shard 2/2
steps:
- name: Free Up Disk Space
uses: jlumbroso/[email protected]
with:
android: true # ~14GB
dotnet: true # ~2GB
tool-cache: true # ~12GB
# Too little space savings or too slow.
haskell: false
large-packages: false
docker-images: false
swap-storage: false
- name: Checkout Pex
uses: actions/checkout@v4
with:
# We need branches and tags for some ITs.
fetch-depth: 0
# Some ITs need this for VCS URLs of the form git+ssh://[email protected]/...
- name: Setup SSH Agent
uses: webfactory/[email protected]
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
if: env.SSH_PRIVATE_KEY != ''
with:
ssh-private-key: ${{ env.SSH_PRIVATE_KEY }}
- name: Run Tests
run: |
# This is needed to get pexpect tests working under PyPy running under docker.
export TERM="xterm"
BASE_MODE=pull CACHE_MODE=pull \
./dtox.sh -e ${{ matrix.tox-env }} -- \
${{ env._PEX_TEST_POS_ARGS }} ${{ matrix.pex-test-pos-args }}
mac-tests:
name: tox -e ${{ matrix.tox-env }} ${{ matrix.pex-test-pos-args }}
needs: org-check
runs-on: macos-13
strategy:
matrix:
include:
- python-version: [ 3, 13 ]
tox-env: py313-pip24_3_1
tox-env-python: python3.11
- python-version: [ 3, 13 ]
tox-env: py313-pip24_3_1-integration
tox-env-python: python3.11
pex-test-pos-args: --shard 1/2
- python-version: [ 3, 13 ]
tox-env: py313-pip24_3_1-integration
tox-env-python: python3.11
pex-test-pos-args: --shard 2/2
steps:
- name: Checkout Pex
uses: actions/checkout@v4
with:
# We need branches and tags for some ITs.
fetch-depth: 0
path: repo
- name: Setup Python ${{ join(matrix.python-version, '.') }}
uses: actions/setup-python@v5
with:
python-version: "${{ join(matrix.python-version, '.') }}"
- name: Expose Pythons
uses: pex-tool/actions/expose-pythons@c53dadd8b410bbd66480de91067e9e45d2b3af38
- name: Restore Cached Pyenv Interpreters
id: restore-pyenv-interpreters
uses: actions/cache/restore@v4
with:
path: ${{ env._PEX_TEST_DEV_ROOT }}/pyenv
key: macos-13-${{ runner.arch }}-pex-test-dev-root-pyenv-v1
- name: Restore Cached Devpi Server
id: restore-devpi-server
uses: actions/cache/restore@v4
with:
path: ${{ env._PEX_TEST_DEV_ROOT }}/devpi
# We're using a key suffix / restore-keys prefix trick here to get an updatable cache.
# See: https://github.com/actions/cache/blob/main/tips-and-workarounds.md#update-a-cache
key: macos-13-${{ runner.arch }}-${{ matrix.tox-env }}-pex-test-dev-root-devpi-v1-${{ github.run_id }}
restore-keys: macos-13-${{ runner.arch }}-${{ matrix.tox-env }}-pex-test-dev-root-devpi-v1
# Some ITs need this for VCS URLs of the form git+ssh://[email protected]/...
- name: Setup SSH Agent
uses: webfactory/[email protected]
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
if: env.SSH_PRIVATE_KEY != ''
with:
ssh-private-key: ${{ env.SSH_PRIVATE_KEY }}
- name: Run Tests
uses: pex-tool/actions/run-tox@c53dadd8b410bbd66480de91067e9e45d2b3af38
with:
path: repo/tox.ini
python: ${{ matrix.tox-env-python }}
tox-env: >-
${{ matrix.tox-env }} -- ${{ env._PEX_TEST_POS_ARGS }} ${{ matrix.pex-test-pos-args }}
- name: Cache Pyenv Interpreters
uses: actions/cache/save@v4
if: github.ref == 'refs/heads/main'
with:
path: ${{ env._PEX_TEST_DEV_ROOT }}/pyenv
key: ${{ steps.restore-pyenv-interpreters.outputs.cache-primary-key }}
- name: Cache Devpi Server
uses: actions/cache/save@v4
if: github.ref == 'refs/heads/main'
with:
path: ${{ env._PEX_TEST_DEV_ROOT }}/devpi
key: ${{ steps.restore-devpi-server.outputs.cache-primary-key }}
final-status:
name: Gather Final Status
needs:
- checks
- linux-tests
- mac-tests
runs-on: ubuntu-24.04
steps:
- name: Check Non-Success
if: |
contains(needs.*.result, 'cancelled') ||
contains(needs.*.result, 'failure') ||
contains(needs.*.result, 'skipped')
run: "false"
- name: Success
run: "true"