Skip to content

Commit

Permalink
CI: avoid annoying warnings of OSSF ScoreCard about unpinned pip install
Browse files Browse the repository at this point in the history
  • Loading branch information
rouault committed Dec 6, 2024
1 parent 5473f96 commit e05c1b2
Show file tree
Hide file tree
Showing 15 changed files with 36 additions and 34 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/alpine/Dockerfile.ci
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ RUN apk add \
zstd-dev

COPY requirements.txt /tmp/
RUN python3 -m pip install --break-system-packages -U -r /tmp/requirements.txt
RUN PYTHON_CMD=python3 && $PYTHON_CMD -m pip install --break-system-packages -U -r /tmp/requirements.txt

RUN apk add git autoconf automake libtool bison && \
git clone --branch "${SWIG_GIT_TAG:-master}" --depth 1 https://github.com/swig/swig.git swig-git && \
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/alpine_32bit/Dockerfile.ci
Original file line number Diff line number Diff line change
Expand Up @@ -74,4 +74,4 @@ RUN apk add \
zstd-dev

COPY requirements.txt /tmp/
RUN python3 -m pip install --break-system-packages -U -r /tmp/requirements.txt
RUN PYTHON_CMD=python3 && $PYTHON_CMD -m pip install --break-system-packages -U -r /tmp/requirements.txt
14 changes: 7 additions & 7 deletions .github/workflows/cmake_builds.yml
Original file line number Diff line number Diff line change
Expand Up @@ -97,8 +97,8 @@ jobs:
# Workaround bug in ogdi packaging
sudo ln -s /usr/lib/ogdi/libvrf.so /usr/lib
#
python3 -m pip install -U pip wheel setuptools numpy importlib_metadata
python3 -m pip install -r $GITHUB_WORKSPACE/autotest/requirements.txt
PYTHON_CMD=python3 && $PYTHON_CMD -m pip install -U pip wheel setuptools numpy importlib_metadata
PYTHON_CMD=python3 && $PYTHON_CMD -m pip install -r $GITHUB_WORKSPACE/autotest/requirements.txt
- name: Build libjxl
run: |
Expand Down Expand Up @@ -245,7 +245,7 @@ jobs:
python3 -m venv myvenv
source myvenv/bin/activate
# Set PATH so that gdal-config is found
PATH=$GITHUB_WORKSPACE/install-gdal/bin:$PATH pip install gdal-python.tar.gz[numpy]
PYTHON_CMD=python3 && PATH=$GITHUB_WORKSPACE/install-gdal/bin:$PATH $PYTHON_CMD -m pip install gdal-python.tar.gz[numpy]
LD_LIBRARY_PATH=$GITHUB_WORKSPACE/install-gdal/lib python -c "from osgeo import gdal_array"
which gdal_edit
cp $GITHUB_WORKSPACE/autotest/gcore/data/byte.tif .
Expand All @@ -262,7 +262,7 @@ jobs:
python3 -m venv myvenv
source myvenv/bin/activate
# Set PATH so that gdal-config is found
PATH=$GITHUB_WORKSPACE/install-gdal/bin:$PATH pip install gdal_utils-X.Y.Z.T-py3-none-any.whl
PYTHON_CMD=python3 && PATH=$GITHUB_WORKSPACE/install-gdal/bin:$PATH $PYTHON_CMD -m pip install gdal_utils-X.Y.Z.T-py3-none-any.whl
which gdal_edit
cp $GITHUB_WORKSPACE/autotest/gcore/data/byte.tif .
LD_LIBRARY_PATH=$GITHUB_WORKSPACE/install-gdal/lib gdal_edit byte.tif -mo FOO=BAR
Expand Down Expand Up @@ -353,8 +353,8 @@ jobs:
- name: Install python dependencies for autotest
run: |
# One of the dependencies of jsonschema 4.18 is rpds_py which requires a Rust compiler
python -m pip install "jsonschema<4.18"
python -m pip install -r autotest/requirements.txt
PYTHON_CMD=python3 && $PYTHON_CMD -m pip install "jsonschema<4.18"
PYTHON_CMD=python3 && $PYTHON_CMD -m pip install -r autotest/requirements.txt
# Disable mySQL since C:/mysql/lib/mysqlclient.lib (unrelated to msys) is found, which causes linking issues
# Set explicitly CMAKE_C|CXX_COMPILER otherwise C:/ProgramData/chocolatey/bin/gcc.exe would be used
# Disable GDAL_ENABLE_DRIVER_HDF5 because of https://github.com/OSGeo/gdal/issues/11181
Expand Down Expand Up @@ -653,7 +653,7 @@ jobs:
export PKG_CONFIG_PATH=/opt/homebrew/Cellar/libxml2/lib/pkgconfig
# FIXME: remove -DBUILD_PYTHON_BINDINGS=OFF. Python tests fail with "ModuleNotFoundError: No module named '_gdal'" with macos-12
cmake -Werror=dev -DCMAKE_INSTALL_PREFIX=$GITHUB_WORKSPACE/install-gdal ${CMAKE_OPTIONS} -DCMAKE_C_FLAGS=-Werror -DCMAKE_CXX_FLAGS=-Werror -DUSE_CCACHE=ON -DCMAKE_UNITY_BUILD=${CMAKE_UNITY_BUILD} -S "$GITHUB_WORKSPACE" -B "$GITHUB_WORKSPACE/build" -DWERROR_DEV_FLAG="-Werror=dev" -DBUILD_PYTHON_BINDINGS=OFF "-DUSE_PRECOMPILED_HEADERS=ON"
#$(cat $GITHUB_WORKSPACE/build/python_executable.txt) -m pip install --user -r $GITHUB_WORKSPACE/autotest/requirements.txt
#PYTHON_CMD=$(cat $GITHUB_WORKSPACE/build/python_executable.txt) && $PYTHON_CMD -m pip install --user -r $GITHUB_WORKSPACE/autotest/requirements.txt
- name: Build
run: |
cmake --build $GITHUB_WORKSPACE/build -j 3
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/code_checks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ jobs:
run: |
sudo apt install python3-pip wget
# ruamel.yaml.clib 0.2.9 throws a 'TypeError: a string or stream input is required' when running cffconvert --validate
sudo pip3 install cffconvert "ruamel.yaml.clib<0.2.9"
PYTHON_CMD=python3 && sudo $PYTHON_CMD -m pip install cffconvert "ruamel.yaml.clib<0.2.9"
- name: Validate citation file
run: |
Expand All @@ -199,8 +199,8 @@ jobs:
python-version: 3.8
- name: Install lint tool
run: |
python -m pip install --upgrade pip
pip install cmake-format pyyaml
PYTHON_CMD=python3 && $PYTHON_CMD -m pip --upgrade pip
PYTHON_CMD=python3 && $PYTHON_CMD -m pip install cmake-format pyyaml
- name: Check cmakelist
run: find . -name CMakeLists.txt |xargs cmake-format --check

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ jobs:
unixodbc-dev
- name: Install latest ninja
run: pip install ninja
run: PYTHON_CMD=python3 && $PYTHON_CMD -m pip install ninja

- name: Configure
if: matrix.language == 'c-cpp'
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/doc_checks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ jobs:
run: |
apt update
apt install -y libproj-dev swig
python3 -m pip install -r doc/requirements.txt
python3 -m pip install numpy setuptools
PYTHON_CMD=python3 && $PYTHON_CMD -m pip install -r doc/requirements.txt
PYTHON_CMD=python3 && $PYTHON_CMD -m pip install numpy setuptools
pushd .
mkdir build
cd build
Expand All @@ -52,21 +52,21 @@ jobs:
cd swig/python
python3 setup.py sdist
cp dist/* /tmp/gdal.tar.gz
python3 -m pip install /tmp/gdal.tar.gz
PYTHON_CMD=python3 && $PYTHON_CMD -m pip install /tmp/gdal.tar.gz
ldconfig
popd
- name: Update components
shell: bash -l {0}
run: |
pip install -U "sphinx-rtd-theme>=3.0.0" "sphinxcontrib-spelling>=8.0.0"
PYTHON_CMD=python3 && $PYTHON_CMD -m pip install -U "sphinx-rtd-theme>=3.0.0" "sphinxcontrib-spelling>=8.0.0"
- name: Print versions
shell: bash -l {0}
run: |
python3 --version
sphinx-build --version
python3 -m pip list --not-required --format=columns
PYTHON_CMD=python3 && $PYTHON_CMD -m pip list --not-required --format=columns
- name: Lint .rst files
shell: bash -l {0}
run: |
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/fedora_rawhide/Dockerfile.ci
Original file line number Diff line number Diff line change
Expand Up @@ -26,5 +26,5 @@ RUN dnf install -y clang make diffutils ccache cmake \

COPY requirements.txt /tmp/
# One of the dependencies of jsonschema 4.18 is rpds_py which requires a Rust compiler
RUN python3 -m pip install "jsonschema<4.18"
RUN python3 -m pip install -r /tmp/requirements.txt
RUN PYTHON_CMD=python3 && $PYTHON_CMD -m pip install "jsonschema<4.18"
RUN PYTHON_CMD=python3 && $PYTHON_CMD -m pip install -r /tmp/requirements.txt
2 changes: 1 addition & 1 deletion .github/workflows/icc/Dockerfile.ci
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ RUN wget https://registrationcenter-download.intel.com/akdlm/IRC_NAS/bb99984f-37
# cpython-38-x86_64-linux-gnu.so: undefined symbol: __intel_sse2_strcpy

COPY requirements.txt /tmp/
RUN python3 -m pip install -U -r /tmp/requirements.txt
RUN PYTHON_CMD=python3 && $PYTHON_CMD -m pip install -U -r /tmp/requirements.txt

# Intel uses a script to set numerous environment variables.
# Sourcing a script in the Dockerfile does not persist the variables
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/ubuntu_20.04/Dockerfile.ci
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@ RUN curl -v -j -k -s -L -H "Cookie: eula_3_2_agreed=tools.hana.ondemand.com/deve
&& rm hanaclient*
ENV PATH=/usr/sap/hdbclient:$PATH

RUN python3 -m pip install hdbcli
RUN PYTHON_CMD=python3 && $PYTHON_CMD -m pip install hdbcli

# Download and compile odbc-cpp-wrapper
ENV ODBCCPP_VERSION=1.1
Expand All @@ -224,7 +224,7 @@ RUN wget https://apache.jfrog.io/artifactory/arrow/$(lsb_release --id --short |
&& apt-get install -y -V libarrow-dev libparquet-dev libarrow-dataset-dev \
&& rm ./apache-arrow-apt-source-latest-$(lsb_release --codename --short).deb \
&& rm -rf /var/lib/apt/lists/* \
&& python3 -m pip install pyarrow==11.0.0
&& PYTHON_CMD=python3 && $PYTHON_CMD -m pip install pyarrow==11.0.0

# Build libQB3
# Used by the MRF driver
Expand Down Expand Up @@ -277,4 +277,4 @@ RUN if test "${OPENDRIVE_VERSION}" != ""; then ( \
RUN ldconfig

COPY requirements.txt /tmp/
RUN python3 -m pip install -U -r /tmp/requirements.txt
RUN PYTHON_CMD=python3 && $PYTHON_CMD -m pip install -U -r /tmp/requirements.txt
2 changes: 1 addition & 1 deletion .github/workflows/ubuntu_22.04/Dockerfile.ci
Original file line number Diff line number Diff line change
Expand Up @@ -137,5 +137,5 @@ RUN curl -L -O https://download.oracle.com/otn_software/linux/instantclient/1990
&& apt-get install -y libaio1

COPY requirements.txt /tmp/
RUN python3 -m pip install -U -r /tmp/requirements.txt
RUN PYTHON_CMD=python3 && $PYTHON_CMD -m pip install -U -r /tmp/requirements.txt

6 changes: 3 additions & 3 deletions .github/workflows/ubuntu_24.04/Dockerfile.ci
Original file line number Diff line number Diff line change
Expand Up @@ -162,13 +162,13 @@ RUN curl -L -O https://download.oracle.com/otn_software/linux/instantclient/1990
RUN ln -s /usr/lib/x86_64-linux-gnu/ogdi/4.1/libvrf.so /usr/lib/x86_64-linux-gnu

COPY requirements.txt /tmp/
RUN python3 -m pip install -U --break-system-packages -r /tmp/requirements.txt
RUN PYTHON_CMD=python3 && $PYTHON_CMD -m pip install -U --break-system-packages -r /tmp/requirements.txt

# cfchecker requires udunits2
RUN apt-get install -y --allow-unauthenticated libudunits2-0 libudunits2-data
RUN python3 -m pip install --break-system-packages cfchecker
RUN PYTHON_CMD=python3 && $PYTHON_CMD -m pip install --break-system-packages cfchecker

RUN python3 -m pip install --break-system-packages fsspec
RUN PYTHON_CMD=python3 && $PYTHON_CMD -m pip install --break-system-packages fsspec

# Manually install ADBC packages from Ubuntu 22.04 as there are no 24.04 packages at time of writing.
RUN curl -LO -fsS https://apache.jfrog.io/artifactory/arrow/ubuntu/pool/jammy/main/a/apache-arrow-adbc/libadbc-driver-manager102_14-1_amd64.deb \
Expand Down
3 changes: 2 additions & 1 deletion ci/travis/graviton2/script.sh
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,8 @@ export PYTEST="python3 -m pytest -vv -p no:sugar --color=no"
(cd "$PWD/build" && make quicktest)

# install test dependencies
sudo python3 -m pip install -U -r "$PWD/autotest/requirements.txt"
export PYTHON_CMD=python3
sudo $PYTHON_CMD -m pip install -U -r "$PWD/autotest/requirements.txt"

# Run all the Python autotests
cd build
Expand Down
3 changes: 2 additions & 1 deletion ci/travis/s390x/script.sh
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,8 @@ export PYTEST="python3 -m pytest -vv -p no:sugar --color=no"
(cd "$PWD/build" && make quicktest)

# install test dependencies
sudo pip3 install -U -r "$PWD/autotest/requirements.txt"
export PIP_CMD=pip3
sudo $PIP_CMD install -U -r "$PWD/autotest/requirements.txt"

# Run all the Python autotests
cd build
Expand Down
2 changes: 1 addition & 1 deletion scripts/vagrant/gdal.sh
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,4 @@ cmake .. \
ninja -j6
sudo ninja install

python3 -m pip install -r ../autotest/requirements.txt
PYTHON_CMD=python3 && $PYTHON_CMD -m pip install -r ../autotest/requirements.txt
6 changes: 3 additions & 3 deletions swig/python/gdal-utils/test-ubuntu-install.sh.txt
Original file line number Diff line number Diff line change
Expand Up @@ -10,22 +10,22 @@ export CPLUS_INCLUDE_PATH=/usr/include/gdal
export C_INCLUDE_PATH=/usr/include/gdal

# Install python GDAL bindings
pip install gdal
PYTHON_CMD=python3 && $PYTHON_CMD -m pip install gdal
# note: this could be `sudo apt-get install python3-gdal` instead but
# pip method is preferred, better tested

# install gdal-utilities from source
# (assumes git clone etc. are already done)
cd swig/python/gdal-utils
python setup.py bdist_wheel
pip install dist/gdal_utils-*.whl
PYTHON_CMD=python3 && $PYTHON_CMD -m pip install dist/gdal_utils-*.whl

# ensure gdal source code tree installed gdal binaries are the same version
git checkout v`gdal-config --version`

# Test the scripts using autotest suite
cd ../../../autotest/
pip install -r requirements.txt
PYTHON_CMD=python3 && $PYTHON_CMD -m pip install -r requirements.txt
pytest pyscripts/

# Todo: verify the console_scripts also work
Expand Down

0 comments on commit e05c1b2

Please sign in to comment.