-
Notifications
You must be signed in to change notification settings - Fork 6
180 lines (171 loc) · 7.55 KB
/
python-c-ext-sanity-check.yml
File metadata and controls
180 lines (171 loc) · 7.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
# This workflow will install Python C-extension dependencies, run tests and
# lint with a single version of Python.
# For more information see:
# https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
name: Python C-Extension Sanity Checks
# No need for more than read permission
permissions:
contents: read
# Ignore the following paths
# Format: PATH1|PATH2|PATH3
env:
PATHS_IGNORE_SPLINT: mig/src/lustreclient/.*$
on:
# Triggers the workflow on push or pull request events but only for this git branch
push:
paths-ignore:
- 'README'
- 'COPYING'
- 'NEWS'
- '*.txt'
- 'doc/**'
- 'doc-src/**'
- 'user-projects/**'
- 'state/**'
- 'certs/**'
- 'MiG-certificates/**'
- 'mig/images/**'
- 'mig/assets/**'
- 'mig/apache/**'
- 'mig/bin/**'
- 'mig/src/lustreclient/**'
- '**/*.py'
- '**/*.js'
branches:
- experimental
- next
pull_request:
types:
- opened
- reopened
- synchronize
- ready_for_review
paths-ignore:
- 'README'
- 'COPYING'
- 'NEWS'
- '*.txt'
- 'doc/**'
- 'doc-src/**'
- 'user-projects/**'
- 'state/**'
- 'certs/**'
- 'MiG-certificates/**'
- 'mig/images/**'
- 'mig/assets/**'
- 'mig/apache/**'
- 'mig/bin/**'
- 'mig/src/lustreclient/**'
- '**/*.py'
- '**/*.js'
branches:
- experimental
- next
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
lint-c-ext-python3-latest:
name: Sanity check c-extension module code in latest stable python3
# TODO: enable once we have figured out how to install matching headers here
if: ${{ false }} # Disabled until we figure out how to fix system headers
runs-on: ubuntu-latest
steps:
- name: Update packages
run: |
DEBIAN_FRONTEND='noninteractive' sudo apt update -y
- name: Set up latest stable python 3.x
uses: actions/setup-python@v5
with:
python-version: "3.x"
- name: Set up git, findutils and make with apt
run: |
DEBIAN_FRONTEND='noninteractive' sudo apt install -y git findutils make
- name: Install dependencies
run: |
DEBIAN_FRONTEND='noninteractive' sudo apt install -y libnss3-dev libpam-dev splint
# We may need git installed to get a full repo clone rather than unpacked archive
- name: Check out source repository
uses: actions/checkout@v4
with:
fetch-depth: 0 # This is necessary to get the commits
- name: Lint with splint
run: |
# NOTE: we only run splint error check for changed C files to limit noise
# NOTE: point splint to Ubuntu's custom /usr/include/python3.x for Python.h
echo "Lint changed code files: $(git diff --diff-filter=ACMRTB --name-only HEAD^1 -- | grep -Ev '${{ env.PATHS_IGNORE_SPLINT }}' | grep -E '\.c$')"
# NOTE: show splint warnings but don't fail unless it found critical errors
git diff --diff-filter=ACMRTB --name-only HEAD^1 -- | grep -Ev '${{ env.PATHS_IGNORE_SPLINT }}' | grep -E '\.c$' | xargs -r splint +posixlib -D__gnuc_va_list=va_list $(python3-config --includes) &> splint.log || true
[ ! -e splint.log ] || cat splint.log
[ ! -e splint.log ] || ! grep -q ' Cannot continue' splint.log
lint-c-ext-python3-ubuntu-lts:
# For a consistent python and header environment when the above job doesn't work
name: Sanity check c-extension module code in latest Ubuntu LTS python3
runs-on: ubuntu-24.04
steps:
- name: Update packages
run: |
DEBIAN_FRONTEND='noninteractive' sudo apt update -y
- name: Set up git, findutils and make with apt
run: |
DEBIAN_FRONTEND='noninteractive' sudo apt install -y git findutils make
- name: Install dependencies
run: |
DEBIAN_FRONTEND='noninteractive' sudo apt install -y python3-dev libnss3-dev libpam-dev splint
# We may need git installed to get a full repo clone rather than unpacked archive
- name: Check out source repository
uses: actions/checkout@v4
with:
fetch-depth: 0 # This is necessary to get the commits
- name: Lint with splint
run: |
# NOTE: we only run splint error check for changed C files to limit noise
# NOTE: point splint to Ubuntu's custom /usr/include/python3.x for Python.h
echo "Lint changed code files: $(git diff --diff-filter=ACMRTB --name-only HEAD^1 -- | grep -Ev '${{ env.PATHS_IGNORE_SPLINT }}' | grep -E '\.c$')"
# NOTE: splint complains about NATIVE_TSS_KEY_T in system header here
# NOTE: show splint warnings but don't fail unless it found critical errors
git diff --diff-filter=ACMRTB --name-only HEAD^1 -- | grep -Ev '${{ env.PATHS_IGNORE_SPLINT }}' | grep -E '\.c$' | xargs -r splint +posixlib -D__gnuc_va_list=va_list -DNATIVE_TSS_KEY_T=char $(python3-config --includes) &> splint.log || true
[ ! -e splint.log ] || cat splint.log
[ ! -e splint.log ] || ! grep -q ' Cannot continue' splint.log
lint-c-ext-python3-rocky9:
name: Sanity check c-extension module code in default python3 on Rocky9
# TODO: figure out how to get splint installed on rocky where it's not in repos
# - ancient upstream static binary doesn't work ('no such file')
# - installing fedora rpm fails with glibc incompatibility
# - building from git clone fails (autoconf and configure failures)
# TODO: enable once we have figured out how to install splint on rocky
if: ${{ false }} # Disabled until we figure out how to run splint on rocky
runs-on: ubuntu-latest
container:
image: rockylinux/rockylinux:9
steps:
- name: Update packages
run: |
dnf update -y
- name: Set up git, findutils, make and python3 with dnf and make the latter default
run: |
dnf install -y git findutils make python3 python3-pip python-unversioned-command
- name: Install dependencies
run: |
dnf install -y python3-devel nss-devel pam-devel
wget https://www.splint.org/downloads/binaries/splint-3.1.1.Linux.tgz
tar -xzf splint-3.1.1.Linux.tgz
cp splint-3.1.1/bin/splint /bin/
chmod 755 /bin/splint
rm -rf splint-3.1.1.Linux.tgz splint-3.1.1
# We need git installed to get a full repo clone rather than unpacked archive
- name: Check out source repository
uses: actions/checkout@v4
with:
fetch-depth: 0 # This is necessary to get the commits
- name: Lint with splint
run: |
# NOTE: perms are not right inside container so repeat what checkout module does.
git config --global --add safe.directory "$PWD"
# NOTE: we only run splint error check for changed C files to limit noise
echo "Lint changed code files: $(git diff --diff-filter=ACMRTB --name-only HEAD^1 -- | grep -Ev '${{ env.PATHS_IGNORE_SPLINT }}' | grep -E '\.c$')"
echo "with splint from $(which splint)"
ls -l /bin/splint
# NOTE: show splint warnings but don't fail unless it found critical errors
git diff --diff-filter=ACMRTB --name-only HEAD^1 -- | grep -Ev '${{ env.PATHS_IGNORE_SPLINT }}' | grep -E '\.c$' | xargs -r splint +posixlib -D__gnuc_va_list=va_list &> splint.log || true
[ ! -e splint.log ] || cat splint.log
[ ! -e splint.log ] || ! grep -q ' Cannot continue' splint.log