Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork33.7k
gh-91172: Create a workflow for verifying bundled pip and setuptools#31885
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Uh oh!
There was an error while loading.Please reload this page.
Merged
Changes from9 commits
Commits
Show all changes
33 commits Select commitHold shift + click to select a range
e4a8faf bpo-47016: Create a workflow for verifying bundled pip and setuptools
illia-va57cd3a Corrupt the bundled pip wheel to test the new workflow
illia-vdcba624 Revert "Corrupt the bundled pip wheel to test the new workflow"
illia-v08a1043 Fix naming style of the new workflow
illia-v6edd10f Allow manual triggering the new workflow
illia-v6f0d809 Bump actions/checkout to v3
illia-v809e4db Create a separate script for verifying bundled wheels
illia-ve46f87d Corrupt the bundled pip wheel to test the new workflow
illia-v594644b Revert "Corrupt the bundled pip wheel to test the new workflow"
illia-va35673b Rename the workflow file
illia-vc82810c Merge branch 'main' into bpo-47016
illia-v5210374 Add verify-ensurepip-wheels.py
AA-Turner7d44bbf Update verify-bundled-wheels.yml
AA-Turner633881d Make workflow permissions explicit
illia-v40ff278 Add shebang and file mode permissions for unix users
AA-Turner685c388 git mv verify-ensurepip-wheels verify_ensurepip_wheels
AA-Turnera2e7cd4 git mv verify-bundled-wheels verify-ensurepip-wheels
AA-Turnerd6a355d Address review
AA-Turnera27b7bc Merge remote-tracking branch 'illia-v/bpo-47016' into bpo-47016
AA-Turner5acf921 Merge pull request #1 from AA-Turner/bpo-47016
illia-v7122121 Delete the shell script
illia-ve1b276a Mention Adam Turner in the news entry
illia-v6492602 Corrupt the bundled pip wheel to test the updated workflow
illia-v6625719 Revert "Corrupt the bundled pip wheel to test the updated workflow"
illia-v0226c29 Refactor the script to fix the test
illia-v26cba98 Refactor the script even more
illia-v0d3dfaf Make `GITHUB_ACTIONS` a boolean
illia-vfe4c423 Stop using `actions/setup-python`
illia-v6786960 Corrupt the bundled pip wheel to test the updated workflow
illia-v01d3386 Revert "Corrupt the bundled pip wheel to test the updated workflow"
illia-v7e283c3 Make changes to more files invoke the workflow
illia-va74629c Make the workflow use `actions/setup-python` again
illia-v66a91ac Merge branch 'main' into bpo-47016
illia-vFile filter
Filter by extension
Conversations
Failed to load comments.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Jump to
Jump to file
Failed to load files.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Diff view
Diff view
There are no files selected for viewing
18 changes: 18 additions & 0 deletions.github/workflows/verify_bundled_wheels.yml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| name: Verify bundled pip and setuptools | ||
illia-v marked this conversation as resolved. OutdatedShow resolvedHide resolvedUh oh!There was an error while loading.Please reload this page. | ||
| on: | ||
| workflow_dispatch: | ||
| push: | ||
| paths: | ||
| - 'Lib/ensurepip/_bundled/**' | ||
| pull_request: | ||
| paths: | ||
| - 'Lib/ensurepip/_bundled/**' | ||
| jobs: | ||
| verify: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - name: Compare checksums of bundled pip and setuptools to ones published on PyPI | ||
| run: ./Misc/verify-bundled-wheels.sh | ||
2 changes: 2 additions & 0 deletionsMisc/NEWS.d/next/Tests/2022-03-14-23-28-17.bpo-47016.K-t2QX.rst
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| Create a GitHub Actions workflow for verifying bundled pip and setuptools. | ||
| Patch by Illia Volochii. |
46 changes: 46 additions & 0 deletionsMisc/verify-bundled-wheels.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| #!/bin/sh | ||
illia-v marked this conversation as resolved. OutdatedShow resolvedHide resolvedUh oh!There was an error while loading.Please reload this page. | ||
| # | ||
| # Purpose: Compare checksums of bundled pip and setuptools to ones | ||
| # published on PyPI (retrieved via the Warehouse’s JSON API). | ||
| # | ||
| # Synopsis: ./Misc/verify-bundled-wheels.sh | ||
| # | ||
| # Requirements: curl, jq | ||
| # | ||
| cd "$(dirname "$0")/.." | ||
| package_names="pip setuptools" | ||
| exit_status=0 | ||
| for package_name in ${package_names}; do | ||
| package_path=$(find Lib/ensurepip/_bundled/ -name "${package_name}*.whl") | ||
| echo "$package_path" | ||
| package_name_uppercase=$(echo "$package_name" | tr "[:lower:]" "[:upper:]") | ||
| package_version=$( | ||
| grep -Pom 1 "_${package_name_uppercase}_VERSION = \"\K[^\"]+" Lib/ensurepip/__init__.py | ||
| ) | ||
| expected_digest=$(curl -fs "https://pypi.org/pypi/${package_name}/json" | jq --raw-output " | ||
| .releases.\"${package_version}\" | ||
| | .[] | ||
| | select(.filename == \"$(basename "$package_path")\") | ||
| | .digests.sha256 | ||
| ") | ||
| echo "Expected digest: ${expected_digest}" | ||
| actual_digest=$(sha256sum "$package_path" | awk '{print $1}') | ||
| echo "Actual digest:\t ${actual_digest}" | ||
| # The messages are formatted to be parsed by GitHub Actions. | ||
| # https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-a-notice-message | ||
| if [ "$actual_digest" = "$expected_digest" ]; then | ||
| echo "::notice file=${package_path}::Successfully verified checksum of this wheel." | ||
| else | ||
| echo "::error file=${package_path}::Failed to verify checksum of this wheel." | ||
| exit_status=1 | ||
| fi | ||
| echo | ||
| done | ||
| exit $exit_status | ||
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.