Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG - GH action workflows fixes #1970

Merged
merged 4 commits into from
Sep 3, 2024
Merged

BUG - GH action workflows fixes #1970

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0d1b764
:bug: Fix publish workflow permissions
trallard Sep 2, 2024
0366010
Skip coverage checks unless it is a PR or a push to main
trallard Sep 2, 2024
becf3f1
Include coverage files
trallard Sep 3, 2024
be74155
Remove debugging string
trallard Sep 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions .github/workflows/CI.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ jobs:
name: coverage-data-${{ matrix.python-version }}
path: .coverage
if-no-files-found: ignore
include-hidden-files: true
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actions/upload-artifact recently added this key which broke the upload for .coverage

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

curious if they said why they default to false, thereby breaking backward compatibility?


# Only run accessibility tests on the latest Python version (3.12) and Ubuntu
a11y-tests:
Expand Down Expand Up @@ -178,9 +179,11 @@ jobs:
runs: 3 # Multiple runs to reduce variance

coverage:
name: "check coverage"
name: "Check coverage"
needs: run-pytest
runs-on: ubuntu-latest
# avoid running this on schedule, releases, or workflow_call
if: github.event.workflow_run.event != 'schedule' && github.event.workflow_run.event != 'release' && github.event.workflow_run.event != 'workflow_call'
permissions:
contents: write
pull-requests: write
Expand Down Expand Up @@ -221,8 +224,6 @@ jobs:
- name: "Coverage comment 💬"
uses: py-cov-action/python-coverage-comment-action@v3
id: coverage_comment
# avoid running this on schedule or releases
if: github.event.workflow_run.event != 'schedule' && github.event.workflow_run.event != 'release'
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,10 @@ jobs:
# calls our general CI workflow (tests, build docs, etc.)
tests:
uses: ./.github/workflows/CI.yml
# needed for the coverage action
permissions:
contents: write
pull-requests: write
Comment on lines +23 to +26
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm slightly confused why this is needed even though the coverage job has a if: github.event.workflow_run.event != 'release' clause. But as you say, permissions are weird. I think you were saying it's because coverage runs anyway (for some reason) and pushes the coverage data to a new branch? Would be nice to just make it so that coverage doesn't try to run at all on release workflows... but I'm assuming that since you're not doing that here, it's probably not that simple. 🤷🏻

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It all seems to come from the fact that we have the coverage step within our main CI workflow, which is in turn called by the release workflow.
So even if the coverage comment part is not triggered per se, GH actions checks that the permissions granted within the caller workflow (release) and the called one (CI) match.

The one way I could think of decoupling these workflows would be to split the tests and docs building jobs into a reusable action and call that within the CI and release workflows independently but that seemed like too much hassle.
I can do that if you see it as worthwhile.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah ok, now I get it. thanks for explaining. I agree that splitting into reusable actions seems not worth the hassle... I recall last time I tried to do that it was a pain and I gave up :)


build-package:
name: "Build & verify PST package"
Expand Down
Loading