Skip to content

gh-91172: Create a workflow for verifying bundled pip and setuptools #31885

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ambv merged 33 commits into from
Jun 22, 2022
+128 −0
Merged

gh-91172: Create a workflow for verifying bundled pip and setuptools #31885

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
e4a8faf
bpo-47016: Create a workflow for verifying bundled pip and setuptools
illia-v Mar 14, 2022
a57cd3a
Corrupt the bundled pip wheel to test the new workflow
illia-v Mar 14, 2022
dcba624
Revert "Corrupt the bundled pip wheel to test the new workflow"
illia-v Mar 14, 2022
08a1043
Fix naming style of the new workflow
illia-v Mar 14, 2022
6edd10f
Allow manual triggering the new workflow
illia-v Mar 14, 2022
6f0d809
Bump actions/checkout to v3
illia-v Mar 15, 2022
809e4db
Create a separate script for verifying bundled wheels
illia-v Mar 15, 2022
e46f87d
Corrupt the bundled pip wheel to test the new workflow
illia-v Mar 14, 2022
594644b
Revert "Corrupt the bundled pip wheel to test the new workflow"
illia-v Mar 14, 2022
a35673b
Rename the workflow file
illia-v Mar 15, 2022
c82810c
Merge branch 'main' into bpo-47016
illia-v Jun 6, 2022
5210374
Add verify-ensurepip-wheels.py
AA-Turner Jun 6, 2022
7d44bbf
Update verify-bundled-wheels.yml
AA-Turner Jun 6, 2022
633881d
Make workflow permissions explicit
illia-v Jun 6, 2022
40ff278
Add shebang and file mode permissions for unix users
AA-Turner Jun 6, 2022
685c388
git mv verify-ensurepip-wheels verify_ensurepip_wheels
AA-Turner Jun 6, 2022
a2e7cd4
git mv verify-bundled-wheels verify-ensurepip-wheels
AA-Turner Jun 6, 2022
d6a355d
Address review
AA-Turner Jun 6, 2022
a27b7bc
Merge remote-tracking branch 'illia-v/bpo-47016' into bpo-47016
AA-Turner Jun 6, 2022
5acf921
Merge pull request #1 from AA-Turner/bpo-47016
illia-v Jun 7, 2022
7122121
Delete the shell script
illia-v Jun 7, 2022
e1b276a
Mention Adam Turner in the news entry
illia-v Jun 7, 2022
6492602
Corrupt the bundled pip wheel to test the updated workflow
illia-v Jun 7, 2022
6625719
Revert "Corrupt the bundled pip wheel to test the updated workflow"
illia-v Jun 7, 2022
0226c29
Refactor the script to fix the test
illia-v Jun 7, 2022
26cba98
Refactor the script even more
illia-v Jun 8, 2022
0d3dfaf
Make `GITHUB_ACTIONS` a boolean
illia-v Jun 17, 2022
fe4c423
Stop using `actions/setup-python`
illia-v Jun 17, 2022
6786960
Corrupt the bundled pip wheel to test the updated workflow
illia-v Jun 7, 2022
01d3386
Revert "Corrupt the bundled pip wheel to test the updated workflow"
illia-v Jun 7, 2022
7e283c3
Make changes to more files invoke the workflow
illia-v Jun 20, 2022
a74629c
Make the workflow use `actions/setup-python` again
illia-v Jun 20, 2022
66a91ac
Merge branch 'main' into bpo-47016
illia-v Jun 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 51 additions & 0 deletions .github/workflows/ensurepip_verify_bundled.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
name: Verify bundled pip and setuptools

on:
workflow_dispatch:
push:
paths:
- 'Lib/ensurepip/_bundled/**'
pull_request:
paths:
- 'Lib/ensurepip/_bundled/**'

jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
Comment thread
illia-v marked this conversation as resolved.
Outdated
- name: Compare checksums of bundled pip and setuptools to ones published on PyPI
run: |
package_names=("pip" "setuptools")
Copy link
Copy Markdown
Member

@hugovk hugovk Mar 15, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps this could be moved to a script (say, under Tools/scripts), so it can also be run locally?

Copy link
Copy Markdown
Contributor Author

@illia-v illia-v Mar 15, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea, but it looks like all scripts in Tools/scripts are written in Python.
This is a Bash script, and it may not work on some platforms.

Do you know how compatible with different platforms scripts located in Tools/scripts should be?

Copy link
Copy Markdown
Member

@hugovk hugovk Mar 15, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, or perhaps the Misc directory? The devguide says:

Various tools with configuration files as found in the Misc directory

I don't know what compatibility is needed, but as this script is primarily intended for Ubuntu on the CI, I'd stick with that.

Copy link
Copy Markdown
Contributor Author

@illia-v illia-v Mar 15, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. This is the latest run after I corrupted the pip wheel temporarily.

BTW, I added messages that GitHub has to show as annotations. But I could not see the annotations, maybe it does not show them for binary files…

Copy link
Copy Markdown
Member

@hugovk hugovk Mar 15, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They show up on the Summary page, for example clicking "🏠 Summary" at the top left:

image

👍

exit_status=0

for package_name in "${package_names[@]}"; do
package_path=$(find Lib/ensurepip/_bundled/ -name "${package_name}*")
echo $package_path

package_info=$(curl -fs "https://pypi.org/pypi/${package_name}/json")
package_file_name=$(basename $package_path)
package_version=$(
grep -Pom 1 "_${package_name^^}_VERSION = \"\K[^\"]*" Lib/ensurepip/__init__.py
)
expected_digest=$(echo $package_info | jq --raw-output "
.releases.\"${package_version}\"
| .[]
| select(.filename == \"${package_file_name}\")
| .digests.sha256
")
echo "Expected digest: ${expected_digest}"

actual_digest=$(sha256sum $package_path | awk '{print $1}')
echo "Actual digest: ${actual_digest}"

if [ "$actual_digest" = "$expected_digest" ]; then
echo "Digests are equal."
else
echo "Digests are NOT equal."
exit_status=1
fi
echo
done

exit $exit_status
2 changes: 2 additions & 0 deletions Misc/NEWS.d/next/Tests/2022-03-14-23-28-17.bpo-47016.K-t2QX.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Create a GitHub Actions workflow for verifying bundled pip and setuptools.
Patch by Illia Volochii.