Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: workflows: pin python dependencies #87609

Merged
merged 3 commits into from
Mar 29, 2025
Merged

ci: workflows: pin python dependencies #87609

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
58a77f6
ci: workflows: pin python dependencies
nashif Mar 24, 2025
3b3a374
ci: overhaul and pin dependencies on twister_tests_blackbox
nashif Mar 28, 2025
fc7e570
tests: twister: disable test_inline_logs temporarily
nashif Mar 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 11 additions & 4 deletions .github/workflows/assigner.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,20 @@ jobs:
issues: write # to add assignees to issues

steps:
- name: Install Python dependencies
run: |
pip install -U PyGithub>=1.55 west

- name: Check out source code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Set up Python
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: 3.12
cache: pip
cache-dependency-path: scripts/requirements-actions.txt

- name: Install Python packages
run: |
pip install -r scripts/requirements-actions.txt --require-hashes

- name: Run assignment script
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
19 changes: 13 additions & 6 deletions .github/workflows/backport_issue_check.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,16 +28,23 @@ jobs:
- name: Check out source code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Install Python dependencies
- name: Set up Python
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: 3.12
cache: pip
cache-dependency-path: scripts/requirements-actions.txt

- name: Install Python packages
run: |
pip install -U pygithub
pip install -r scripts/requirements-actions.txt --require-hashes

- name: Run backport issue checker
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
./scripts/release/list_backports.py \
-o ${{ github.event.repository.owner.login }} \
-r ${{ github.event.repository.name }} \
-b ${{ github.event.pull_request.base.ref }} \
-p ${{ github.event.pull_request.number }}
-o ${{ github.event.repository.owner.login }} \
-r ${{ github.event.repository.name }} \
-b ${{ github.event.pull_request.base.ref }} \
-p ${{ github.event.pull_request.number }}
1 change: 0 additions & 1 deletion .github/workflows/bsim-tests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,6 @@ jobs:

- name: Merge Test Results
run: |
pip install junitparser junit2html
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like you just dropped them as I can't see any step where you install the requirements?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

those are already in the docker image, no need to install them

junitparser merge --glob "./bsim_*/*bsim_results.*.xml" "./twister-out/twister.xml" junit.xml
junit2html junit.xml junit.html

Expand Down
12 changes: 10 additions & 2 deletions .github/workflows/bug_snapshot.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,17 @@ jobs:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Install Python dependencies
- name: Set up Python
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: 3.12
cache: pip
cache-dependency-path: scripts/requirements-actions.txt

- name: Install Python packages
run: |
pip install -U pygithub
pip install -r scripts/requirements-actions.txt --require-hashes


- name: Snapshot bugs
env:
Expand Down
19 changes: 18 additions & 1 deletion .github/workflows/clang.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,13 +135,30 @@ jobs:
checks: write # to create GitHub annotations
if: (success() || failure())
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
persist-credentials: false

- name: Download Artifacts
uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
with:
path: artifacts

- name: Set up Python
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: 3.12
cache: pip
cache-dependency-path: scripts/requirements-actions.txt

- name: Install Python packages
run: |
pip install -r scripts/requirements-actions.txt --require-hashes

- name: Merge Test Results
run: |
pip install junitparser junit2html
junitparser merge artifacts/*/twister.xml junit.xml
junit2html junit.xml junit-clang.html

Expand Down
14 changes: 11 additions & 3 deletions .github/workflows/codecov.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,6 @@ jobs:
export ZEPHYR_BASE=${PWD}
export ZEPHYR_TOOLCHAIN_VARIANT=zephyr
mkdir -p coverage/reports
pip install gcovr==6.0
./scripts/twister -E ${{matrix.normalized}}-testplan.json
ls -la
./scripts/twister \
Expand Down Expand Up @@ -144,6 +143,17 @@ jobs:
with:
fetch-depth: 0

- name: Set up Python
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: 3.12
cache: pip
cache-dependency-path: scripts/requirements-actions.txt

- name: Install Python packages
run: |
pip install -r scripts/requirements-actions.txt --require-hashes

- name: Download Artifacts
uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
with:
Expand Down Expand Up @@ -185,7 +195,6 @@ jobs:
- name: Merge coverage files
run: |
pushd ./coverage/reports
pip install gcovr==6.0
gcovr ${{ steps.get-coverage-files.outputs.mergefiles }} --merge-mode-functions=separate --json merged.json
gcovr ${{ steps.get-coverage-files.outputs.mergefiles }} --merge-mode-functions=separate --cobertura merged.xml
popd
Expand All @@ -201,7 +210,6 @@ jobs:
- name: Generate Coverage Report
if: always()
run: |
pip install xlsxwriter ijson
python3 ./scripts/ci/coverage/coverage_analysis.py \
-t native_sim-testplan.json \
-m MAINTAINERS.yml \
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/coding_guidelines.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,16 +16,16 @@ jobs:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0

- name: cache-pip
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
- name: Set up Python
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('.github/workflows/coding_guidelines.yml') }}
python-version: 3.12
cache: pip
cache-dependency-path: scripts/requirements-actions.txt

- name: Install python dependencies
- name: Install Python packages
run: |
pip install unidiff
pip install sh
pip install -r scripts/requirements-actions.txt --require-hashes

- name: Install Packages
run: |
Expand Down
15 changes: 5 additions & 10 deletions .github/workflows/compliance.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,18 +46,13 @@ jobs:
- name: Set up Python
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: 3.11
python-version: 3.12
cache: pip
cache-dependency-path: scripts/requirements-actions.txt

- name: cache-pip
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('.github/workflows/compliance.yml') }}

- name: Install python dependencies
- name: Install Python packages
run: |
pip install -r scripts/requirements-compliance.txt
pip install west
pip install -r scripts/requirements-actions.txt --require-hashes

- name: west setup
run: |
Expand Down
15 changes: 11 additions & 4 deletions .github/workflows/daily_test_version.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,15 +26,22 @@ jobs:
aws-secret-access-key: ${{ secrets.AWS_TESTING_SECRET_ACCESS_KEY }}
aws-region: us-east-1

- name: install-pip
run: |
pip install gitpython

- name: checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

- name: Set up Python
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: 3.12
cache: pip
cache-dependency-path: scripts/requirements-actions.txt

- name: Install Python packages
run: |
pip install -r scripts/requirements-actions.txt --require-hashes

- name: Upload to AWS S3
run: |
python3 scripts/ci/version_mgr.py --update .
Expand Down
34 changes: 7 additions & 27 deletions .github/workflows/devicetree_checks.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,38 +34,18 @@ jobs:
steps:
- name: checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: ${{ matrix.python-version }}
- name: cache-pip-linux
if: startsWith(runner.os, 'Linux')
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ matrix.python-version }}
restore-keys: |
${{ runner.os }}-pip-${{ matrix.python-version }}
- name: cache-pip-mac
if: startsWith(runner.os, 'macOS')
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: ~/Library/Caches/pip
# Trailing '-' was just to get a different cache name
key: ${{ runner.os }}-pip-${{ matrix.python-version }}-
restore-keys: |
${{ runner.os }}-pip-${{ matrix.python-version }}-
- name: cache-pip-win
if: startsWith(runner.os, 'Windows')
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: ~\AppData\Local\pip\Cache
key: ${{ runner.os }}-pip-${{ matrix.python-version }}
restore-keys: |
${{ runner.os }}-pip-${{ matrix.python-version }}
- name: install python dependencies
cache: pip
cache-dependency-path: scripts/requirements-actions.txt

- name: Install Python packages
run: |
pip install pytest pyyaml tox
pip install -r scripts/requirements-actions.txt --require-hashes

- name: run tox
working-directory: scripts/dts/python-devicetree
run: |
Expand Down
14 changes: 11 additions & 3 deletions .github/workflows/footprint-tracking.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,14 +61,24 @@ jobs:
run: |
sudo apt-get update
sudo apt-get install -y python3-venv
pip install -U gitpython

- name: checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0

- name: Set up Python
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: 3.12
cache: pip
cache-dependency-path: scripts/requirements-actions.txt

- name: Install Python packages
run: |
pip install -r scripts/requirements-actions.txt --require-hashes

- name: Environment Setup
run: |
echo "ZEPHYR_SDK_INSTALL_DIR=/opt/toolchains/zephyr-sdk-$( cat SDK_VERSION )" >> $GITHUB_ENV
Expand Down Expand Up @@ -97,7 +107,6 @@ jobs:
run: |
python3 -m venv .venv
. .venv/bin/activate
pip install awscli
aws s3 sync --quiet footprint_data/ s3://testing.zephyrproject.org/footprint_data/

- name: Transform Footprint data to Twister JSON reports
Expand All @@ -116,7 +125,6 @@ jobs:
ELASTICSEARCH_INDEX: ${{ vars.FOOTPRINT_TRACKING_INDEX }}
run: |
shopt -s globstar
pip install -U elasticsearch
run_date=`date --iso-8601=minutes`
python3 ./scripts/ci/upload_test_results_es.py -r ${run_date} \
--flatten footprint \
Expand Down
13 changes: 12 additions & 1 deletion .github/workflows/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,23 @@
fetch-depth: 0
persist-credentials: false

- name: Set up Python
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: 3.12
cache: pip
cache-dependency-path: scripts/requirements-actions.txt

- name: Install Python packages
run: |
cd zephyrproject/zephyr
pip install -r scripts/requirements-actions.txt --require-hashes

- name: west setup

Check failure

Code scanning / CodeQL

Checkout of untrusted code in trusted context Critical

Potential execution of untrusted code on a privileged workflow (
pull_request_target
Loading
)
env:
BASE_REF: ${{ github.base_ref }}
working-directory: zephyrproject/zephyr
run: |
pip install west
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
west init -l . || true
Expand Down
16 changes: 6 additions & 10 deletions .github/workflows/pylib_tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,21 +33,17 @@ jobs:
steps:
- name: checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: ${{ matrix.python-version }}
- name: cache-pip-linux
if: startsWith(runner.os, 'Linux')
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ matrix.python-version }}
restore-keys: |
${{ runner.os }}-pip-${{ matrix.python-version }}
- name: install-packages
cache: pip
cache-dependency-path: scripts/requirements-actions.txt

- name: Install Python packages
run: |
pip install -r scripts/requirements-base.txt -r scripts/requirements-build-test.txt
pip install -r scripts/requirements-actions.txt --require-hashes
- name: Run pytest for build_helpers
env:
ZEPHYR_BASE: ./
Expand Down
15 changes: 4 additions & 11 deletions .github/workflows/scripts_tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,19 +55,12 @@ jobs:
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: ${{ matrix.python-version }}
cache: pip
cache-dependency-path: scripts/requirements-actions.txt

- name: cache-pip-linux
if: startsWith(runner.os, 'Linux')
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ matrix.python-version }}
restore-keys: |
${{ runner.os }}-pip-${{ matrix.python-version }}

- name: install-packages
- name: Install Python packages
run: |
pip install -r scripts/requirements-base.txt -r scripts/requirements-build-test.txt
pip install -r scripts/requirements-actions.txt --require-hashes

- name: Run pytest
env:
Expand Down
Loading
Loading