-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve Python linting situation (pin versions) #19986
Comments
My two cents: We mostly had/have this problem with cockpit.git, as ruff runs in the unit-tests container which gets updated at a pace independently from cockpit/tasks. It should never break spontaneously though, as unit-tests-refresh runs all the unit tests and is supposed to stop the container update if anything fails. I wasn't here when that thing happened, but if it did happen spontaneously, then the tests in -refresh are broken. That said, I'd much prefer a single source of truth. All other projects run ruff (and test/static-code) in our cockpit/tasks container, so we could just do the same for our unit tests. cockpit/tasks even has cockpit's build deps installed (for the very reason that we want to build it both in CI and also as developers in toolbox). So the smallest possible move would be to run all x86 unit tests in cockpit/tasks instead of our custom unit-tests container (done in PR #20005), and figuring out a robust environment for tox instead of That may also be the final nail in the coffin for testing on i386 -- frankly, it's almost useless these days. New stuff gets written in Python, nobody cares about i386 any more, and we run the unit tests during rpm build in packit, so we already have i386/aarch64/s390x coverage there. update: done in PR #20005 I must say I don't like the requirements.txt/tox/venv overhead at all. Too many moving parts, introducing yet more stuff to download all the time (aside from cluttering up $HOME). If fixing our projects for new ruff versions is that much of a problem (it hasn't been in my experience), we could install multiple versions into the tasks container as well (it's just a single static binary after all), and let projects choose (i.e. test/static-code could call a particular |
Another thing: So far our maintenance and update process for the tasks container sucks. It'd be much better to auto-refresh it weekly, push to a Building this "staging" infra isn't terribly hard: We need a new PR label, |
Some notes:
Inside,
|
We've spent a long time building the new CI infrastructure, but note that our recent encounter with this in #20149 was completely unrelated to our infra -- it started happening in the "tox" workflow, which dynamically installs the latest pip version from scratch. We need a solution for that, too, i.e. preferably run that in the tasks container too, and make it part of the unit tests? |
Yes. Since we follow this logic that the container is our single authority, we should read the container file from git and run tox in that container. |
#20154 went a long way towards addressing this. The last thing left here is to make sure we run our unit-tests workflows on github inside of the version of the container we find in |
We currently run ruff out of:
and recently had to deal with a pain in the neck of an upgrade which changed a bunch of options (adding
lint
to section names). The change was mutually-incompatible because the complaints to stderr got interpreted bytest/static-code
as a failure.We ended up needing to upgrade the tasks container in a hurry, which itself broke a bunch of stuff, including linting in all of the other projects.
We need a better approach here. For the node-based linters, we get them as part of our version-locked-in
node_modules
, and have direct support over upgrading those. For Python we could do something similar viarequirements.txt
or PEP 621 dependencies, but we don't.I've done a couple of rounds of thinking up an idea workflow for "how do we create a venv with a bunch of dependencies installed in it in order to run a test command" before realizing that I don't need to invent tox, because it already exists.
Here's some other info I've discovered from research so far, so we don't lose it:
tox
andpip
are missing support for installing just the dependencies, without installing the package itself.--only-deps
(and--only-build-deps
) option(s) pypa/pip#11440toxfile.py
and it more or less worked.requirements-lint.txt
or so as the easier solution at this point in timerequirements.txt
-type file: you just list-rfile.txt
as one of your dependencies. I haven't tested trying to enable "secure install mode" yet, although the docs suggest that one half of it comes automatically as soon as pip sees even one--hash
in the requirements file.The text was updated successfully, but these errors were encountered: