Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Poetry 2 upgrade (PEP612-conformity) and gh-actions renovation #364

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

Poetry 2 upgrade (PEP612-conformity) and gh-actions renovation #364

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
0c4ee76
Update pyproject.toml to poetry 2.0 / PEP 621
dalito Jan 29, 2025
d83e296
Update poetry.lock
dalito Jan 29, 2025
89d9760
Add dependabot for monthly action updates
dalito Jan 29, 2025
2e8555d
Actions: change to poetry2 & use safer hash-id
dalito Jan 29, 2025
b119d13
Update publish action (prepare for trusted publishing)
dalito Jan 29, 2025
077c63a
Change to SPDX license identifier; make readme non-dynamic
dalito Jan 30, 2025
7a93f04
Make main.yaml workflow safer
dalito Jan 30, 2025
c3d474b
On Win, inject poetry-dynamic-versioning into pipx
dalito Jan 30, 2025
e0bf17d
Same lower Python bound for linkml-runtime as for linkml
dalito Jan 31, 2025
4033a40
Improve test_upstream with poetry sync
dalito Jan 31, 2025
f62a4a3
pipx inject poetry-dynamic-versioning also on linux
dalito Jan 31, 2025
f612aff
Remove redundant Python version constraint
dalito Feb 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
- package-ecosystem: github-actions
directory: "/"
schedule:
interval: monthly
19 changes: 13 additions & 6 deletions .github/workflows/check-dependencies.yaml
View file
Open in desktop
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Huh, hadn't looked at this action before. I am not exactly sure what the point is, because unless we are looking at the results of this run regularly it doesn't rly force us to do anything and isn't visible e.g. on PRs? This would probably be easier to do by just running pip install rather than poetry if the intention is to test against the deps people would get if they installed normally.

Just passing thoughts, not needed to change in this PR.

Copy link
Member Author

@dalito dalito Jan 30, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependabot makes PRs . It updates hashes so using hashes looses its pain. See here for an example PR. If desired it can automerge or assign to someone; I prefer to merge myself after short review of changes (which are also conveniently linked in the PRs).
The dependabot config in this PR only looks for action-updates but not for python-package updates (I am unsure if you thought it would touch Python packages because you mentioned pip).

Copy link
Member Author

@dalito dalito Jan 30, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I thought your comment was on dependabot, now I see its on check-dependencies.yaml. - I just updated it. I don't know why its present in the repo.

Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest]
python-version: ["3.8", "3.9", "3.10"]
python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
exclude:
- os: windows-latest
python-version: "3.8"
Expand All @@ -26,17 +26,23 @@ jobs:
# install poetry
#----------------------------------------------
- name: Install Poetry
# Pin to 1.3.2 to workaround https://github.com/python-poetry/poetry/issues/7611
run: pipx install poetry==1.3.2
run: pipx install poetry

# We install poetry-dynamic-versioning into pipx because the automatic installallation
# by poetry 2.x triggers a Windows issue https://github.com/pypa/installer/issues/260
- name: Install poetry-dynamic-versioning
if: runner.os == 'Windows'
run:
pipx inject poetry poetry-dynamic-versioning

#----------------------------------------------
# check-out repo and set-up python
#----------------------------------------------
- name: Check out repository
uses: actions/checkout@v3
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b
with:
python-version: ${{ matrix.python-version }}
cache: 'poetry'
Expand All @@ -62,4 +68,5 @@ jobs:
run: Remove-Item poetry.lock -Force

- name: Run tests
run: poetry run python -m unittest discover
shell: bash
run: poetry run python -m pytest --with-slow
38 changes: 25 additions & 13 deletions .github/workflows/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,40 +1,50 @@
# Built from:
# https://docs.github.com/en/actions/guides/building-and-testing-python
# https://github.com/actions/setup-python/

# Action passes pedantic check with zizmor 1.3.0, https://woodruffw.github.io/zizmor/
name: Build and test linkml-runtime

on: [pull_request]

permissions: {}

jobs:
test:
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest]
python-version: ["3.8", "3.9", "3.10", "3.12"]
python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
exclude:
- os: windows-latest
python-version: "3.8"

runs-on: ${{ matrix.os }}

permissions:
contents: read
steps:

#----------------------------------------------
# install poetry
#----------------------------------------------
- name: Install Poetry
run: pipx install poetry==1.4.0

run: |
pipx install poetry

# We install poetry-dynamic-versioning into pipx because the automatic installallation
# by poetry 2.x triggers a Windows issue https://github.com/pypa/installer/issues/260
- name: Install poetry-dynamic-versioning
if: runner.os == 'Windows'
run:
pipx inject poetry poetry-dynamic-versioning

#----------------------------------------------
# check-out repo and set-up python
#----------------------------------------------
- name: Check out repository
uses: actions/checkout@v3
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
fetch-depth: 0
persist-credentials: false

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b
with:
python-version: ${{ matrix.python-version }}
cache: 'poetry'
Expand All @@ -43,12 +53,14 @@ jobs:
# install your root project, if required
#----------------------------------------------
- name: Install library
run: poetry install --no-interaction
run: |
poetry install --no-interaction

#----------------------------------------------
# coverage report
#----------------------------------------------
- name: Generate coverage results
shell: bash
run: |
poetry run coverage run -m pytest
poetry run coverage xml
Expand All @@ -58,7 +70,7 @@ jobs:
# upload coverage results
#----------------------------------------------
- name: Upload coverage report
uses: codecov/codecov-action@v3
uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3
with:
name: codecov-results-${{ matrix.os }}-${{ matrix.python-version }}
token: ${{ secrets.CODECOV_TOKEN }}
Expand Down
54 changes: 43 additions & 11 deletions .github/workflows/pypi-publish.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,21 @@
name: Publish Python Package
# Publishes to PyPI triggered by creating a releases in GitHub UI

on:
release:
types: [created]
types: [published]

jobs:
build-n-publish:
name: Build and publish Python 🐍 distributions 📦 to PyPI
build:
name: Build Python 🐍 distributions 📦 for publishing to PyPI
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

- name: Set up Python
uses: actions/setup-python@v2.2.2
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b
with:
python-version: 3.8
python-version: 3.12

- name: Install Poetry
run: pipx install poetry
Expand All @@ -28,8 +28,40 @@ jobs:
poetry version $(git describe --tags --abbrev=0)
poetry build

- name: Publish distribution 📦 to PyPI
uses: pypa/gh-action-pypi-publish@v1.2.2
- name: Store built distribution
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
with:
user: __token__
password: ${{ secrets.pypi_password }}
name: distribution-files
path: dist/

pypi-publish:
name: Build and publish Python 🐍 package 📦 to PyPI
needs: build
runs-on: ubuntu-latest
# Next 5 lines prepare for trusted publishing: https://docs.pypi.org/trusted-publishers/adding-a-publisher/
# environment:
# name: pypi-release
# url: https://pypi.org/p/linkml-runtime
# permissions:
# id-token: write # this permission is mandatory for trusted publishing
steps:
- name: Download built distribution
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: distribution-files
path: dist

- name: Publish package 📦 to PyPI
if: github.event_name == 'release'
uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc
with:
user: __token__
password: ${{ secrets.pypi_password }}
# verbose: true

# Used actions: (updates managed by dependabot)
# - https://github.com/actions/checkout
# - https://github.com/actions/setup-python
# - https://github.com/actions/upload-artifact
# - https://github.com/actions/download-artifact
# - https://github.com/pypa/gh-action-pypi-publish/
17 changes: 11 additions & 6 deletions .github/workflows/test-upstream.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,15 +25,15 @@ jobs:
steps:

- name: checkout upstream
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
repository: linkml/linkml
path: linkml
ref: main
fetch-depth: 0

- name: checkout linkml-runtime
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
# don't specify repository like this or else we won't get pull request branches correctly
# repository: linkml/linkml-runtime
Expand All @@ -48,19 +48,23 @@ jobs:
git fetch upstream --tags

- name: set up python
uses: actions/setup-python@v5
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b
with:
python-version: ${{ matrix.python-version }}

- name: Install poetry
run: pipx install poetry

- name: Install dynamic versioning plugin
run: poetry self add "poetry-dynamic-versioning[plugin]"
# We install poetry-dynamic-versioning into pipx because the automatic installallation
# by poetry 2.x triggers a Windows issue https://github.com/pypa/installer/issues/260
- name: Install poetry-dynamic-versioning
if: runner.os == 'Windows'
run:
pipx inject poetry poetry-dynamic-versioning

- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v3
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57
with:
path: linkml/.venv
key: venv-${{ matrix.python-version }}-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
Expand Down Expand Up @@ -89,6 +93,7 @@ jobs:
run: poetry run python -c 'import linkml_runtime; from importlib.metadata import version; print(linkml_runtime.__file__); print(version("linkml_runtime"))'

- name: run tests
shell: bash
working-directory: linkml
run: poetry run python -m pytest --with-slow

Expand Down
Loading
Loading