ci: workflows: pin python dependencies #87609
Conversation
zephyrbot
added
platform: nRF BSIM
zephyrbot
requested review from
aescolar,
andyross,
ceolin,
cfriedt,
dcpleung,
fabiobaltieri,
kartben,
npitre,
peter-mitsis,
stephanosio and
TaiJuWu
nashif
force-pushed
the
topic/ci/pin_deps
branch
2 times, most recently
from
e13a855 to
68c2a9b
Compare
nashif
force-pushed
the
topic/ci/pin_deps
branch
2 times, most recently
from
18b79c3 to
374367f
Compare
|
hmm, not sure about this one: I have not seen this during testing :( |
Can we update the |
nashif
force-pushed
the
topic/ci/pin_deps
branch
2 times, most recently
from
f7b1d2e to
4ebcffb
Compare
github-actions
bot
requested review from
gchwier,
golowanow,
hakehuang,
LukaszMrugala and
PerMac
nashif
force-pushed
the
topic/ci/pin_deps
branch
from
ba2ad47 to
30216ea
Compare
|
Should help with caching / false positives as well. |
|
Why was the "Checkout source code" step skipped in the failed "Publish Unit Tests Results"? 🤔 |
nashif
force-pushed
the
topic/ci/pin_deps
branch
from
30216ea to
81f8987
Compare
this is fixed now |
|
The commit to temporarily disable the failing test also touches the |
no, will fix, thanks. |
nashif
force-pushed
the
topic/ci/pin_deps
branch
from
81f8987 to
fb12ef5
Compare
ok, fixed |
| @@ -178,7 +178,6 @@ jobs: | |||
|
|
|||
| - name: Merge Test Results | |||
| run: | | |||
| pip install junitparser junit2html | |||
There was a problem hiding this comment.
Looks like you just dropped them as I can't see any step where you install the requirements?
There was a problem hiding this comment.
those are already in the docker image, no need to install them
.github/workflows/clang.yaml
Outdated
| cache: pip | ||
| cache-dependency-path: scripts/requirements-actions.txt | ||
|
|
||
| - name: install-packages |
There was a problem hiding this comment.
If you have a chance to do a s/install-packages/Install Python packages/g so that steps have consistent naming that would be great (non blocking obviously)
.github/workflows/scripts_tests.yml
Outdated
| - name: Rebase | ||
| continue-on-error: true | ||
| env: | ||
| BASE_REF: ${{ github.base_ref }} | ||
| PR_HEAD: ${{ github.event.pull_request.head.sha }} | ||
| run: | | ||
| git config --global user.email "[email protected]" | ||
| git config --global user.name "Github Actions" | ||
| rm -fr ".git/rebase-apply" | ||
| rm -fr ".git/rebase-merge" | ||
| git rebase origin/${BASE_REF} | ||
| git clean -f -d | ||
| git log --graph --oneline HEAD...${PR_HEAD} | ||
|
|
Pin python dependencies to hashes and cleanup/unify python setup steps in various workflows. We now have one dependency file containing all requirements for github actions that is managed centrally with hashes. No direct pip installs are needed in workflow files and everything shall go via the requirements file. Pinning to specific version and hashes helps with preventing supply chain attacks. Signed-off-by: Anas Nashif <[email protected]>
Pin dependencies on the workflow and move it from using docker to the zephyr setup action. Signed-off-by: Anas Nashif <[email protected]>
This test fails on older python versions (3.10) and only on CI. Disabling it while we investigate. The test itself verifies inline logs options, so the functionality test is not impacted. Tracked in zephyrproject-rtos#87769 Signed-off-by: Anas Nashif <[email protected]>
nashif
force-pushed
the
topic/ci/pin_deps
branch
from
9b43181 to
fc7e570
Compare
|
Lets do it with the entire environment using nix :-D Hash all the things! |
|
Missed it last time I reviewed, but commit messages shouldn't contain Github |
Pin python dependencies to hashes and cleanup/unify python setup steps in
various workflows.
We now have one dependency file containing all requirements for github
actions that is managed centrally with hashes. No direct pip installs
are needed in workflow files and everything shall go via the
requirements file.
Pinning to specific version and hashes helps with preventing supply
chain attacks.
Signed-off-by: Anas Nashif [email protected]