From b6add3ee6d15aa17dc6b3b77e0133d3a4d8e65cb Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Fri, 7 Nov 2025 17:09:29 -0500 Subject: [PATCH] chore: bump dist, remove old commenting workflows (#21302) --- .github/workflows/ci.yaml | 12 +- .github/workflows/mypy_primer.yaml | 9 +- .github/workflows/mypy_primer_comment.yaml | 122 ------------------ .github/workflows/pr-comment.yaml | 88 ------------- .github/workflows/release.yml | 6 +- .github/workflows/ty-ecosystem-analyzer.yaml | 10 +- .../ty-ecosystem-analyzer_comment.yaml | 85 ------------ .github/workflows/typing_conformance.yaml | 11 +- .../workflows/typing_conformance_comment.yaml | 112 ---------------- .github/zizmor.yml | 3 - dist-workspace.toml | 2 +- 11 files changed, 14 insertions(+), 446 deletions(-) delete mode 100644 .github/workflows/mypy_primer_comment.yaml delete mode 100644 .github/workflows/pr-comment.yaml delete mode 100644 .github/workflows/ty-ecosystem-analyzer_comment.yaml delete mode 100644 .github/workflows/typing_conformance_comment.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9f56f96e15..b4b642df4d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -627,16 +627,8 @@ jobs: cat ecosystem-result-format-preview >> ecosystem-result echo "" >> ecosystem-result - - name: Export pull request number - run: | - echo ${{ github.event.number }} > pr-number - - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - name: Upload PR Number - with: - name: pr-number - path: pr-number - + # NOTE: astral-sh-bot uses this artifact to post comments on PRs. + # Make sure to update the bot if you rename the artifact. - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 name: Upload Results with: diff --git a/.github/workflows/mypy_primer.yaml b/.github/workflows/mypy_primer.yaml index 89028a2235..4e292823e4 100644 --- a/.github/workflows/mypy_primer.yaml +++ b/.github/workflows/mypy_primer.yaml @@ -59,20 +59,15 @@ jobs: run: | cd ruff scripts/mypy_primer.sh - echo ${{ github.event.number }} > ../pr-number + # NOTE: astral-sh-bot uses this artifact to post comments on PRs. + # Make sure to update the bot if you rename the artifact. - name: Upload diff uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: mypy_primer_diff path: mypy_primer.diff - - name: Upload pr-number - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: pr-number - path: pr-number - memory_usage: name: Run memory statistics runs-on: ${{ github.repository == 'astral-sh/ruff' && 'depot-ubuntu-22.04-32' || 'ubuntu-latest' }} diff --git a/.github/workflows/mypy_primer_comment.yaml b/.github/workflows/mypy_primer_comment.yaml deleted file mode 100644 index 895956e766..0000000000 --- a/.github/workflows/mypy_primer_comment.yaml +++ /dev/null @@ -1,122 +0,0 @@ -name: PR comment (mypy_primer) - -on: # zizmor: ignore[dangerous-triggers] - workflow_run: - workflows: [Run mypy_primer] - types: [completed] - workflow_dispatch: - inputs: - workflow_run_id: - description: The mypy_primer workflow that triggers the workflow run - required: true - -jobs: - comment: - runs-on: ubuntu-24.04 - permissions: - pull-requests: write - steps: - - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 - name: Download PR number - with: - name: pr-number - run_id: ${{ github.event.workflow_run.id || github.event.inputs.workflow_run_id }} - if_no_artifact_found: ignore - allow_forks: true - - - name: Parse pull request number - id: pr-number - run: | - if [[ -f pr-number ]] - then - echo "pr-number=$(> "$GITHUB_OUTPUT" - fi - - - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 - name: "Download mypy_primer results" - id: download-mypy_primer_diff - if: steps.pr-number.outputs.pr-number - with: - name: mypy_primer_diff - workflow: mypy_primer.yaml - pr: ${{ steps.pr-number.outputs.pr-number }} - path: pr/mypy_primer_diff - workflow_conclusion: completed - if_no_artifact_found: ignore - allow_forks: true - - - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 - name: "Download mypy_primer memory results" - id: download-mypy_primer_memory_diff - if: steps.pr-number.outputs.pr-number - with: - name: mypy_primer_memory_diff - workflow: mypy_primer.yaml - pr: ${{ steps.pr-number.outputs.pr-number }} - path: pr/mypy_primer_memory_diff - workflow_conclusion: completed - if_no_artifact_found: ignore - allow_forks: true - - - name: Generate comment content - id: generate-comment - if: ${{ steps.download-mypy_primer_diff.outputs.found_artifact == 'true' && steps.download-mypy_primer_memory_diff.outputs.found_artifact == 'true' }} - run: | - # Guard against malicious mypy_primer results that symlink to a secret - # file on this runner - if [[ -L pr/mypy_primer_diff/mypy_primer.diff ]] || [[ -L pr/mypy_primer_memory_diff/mypy_primer_memory.diff ]] - then - echo "Error: mypy_primer.diff and mypy_primer_memory.diff cannot be a symlink" - exit 1 - fi - - # Note this identifier is used to find the comment to update on - # subsequent runs - echo '' >> comment.txt - - echo '## `mypy_primer` results' >> comment.txt - if [ -s "pr/mypy_primer_diff/mypy_primer.diff" ]; then - echo '
' >> comment.txt - echo 'Changes were detected when running on open source projects' >> comment.txt - echo '' >> comment.txt - echo '```diff' >> comment.txt - cat pr/mypy_primer_diff/mypy_primer.diff >> comment.txt - echo '```' >> comment.txt - echo '
' >> comment.txt - else - echo 'No ecosystem changes detected ✅' >> comment.txt - fi - - if [ -s "pr/mypy_primer_memory_diff/mypy_primer_memory.diff" ]; then - echo '
' >> comment.txt - echo 'Memory usage changes were detected when running on open source projects' >> comment.txt - echo '' >> comment.txt - echo '```diff' >> comment.txt - cat pr/mypy_primer_memory_diff/mypy_primer_memory.diff >> comment.txt - echo '```' >> comment.txt - echo '
' >> comment.txt - else - echo 'No memory usage changes detected ✅' >> comment.txt - fi - - echo 'comment<> "$GITHUB_OUTPUT" - cat comment.txt >> "$GITHUB_OUTPUT" - echo 'EOF' >> "$GITHUB_OUTPUT" - - - name: Find existing comment - uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 - if: steps.generate-comment.outcome == 'success' - id: find-comment - with: - issue-number: ${{ steps.pr-number.outputs.pr-number }} - comment-author: "github-actions[bot]" - body-includes: "" - - - name: Create or update comment - if: steps.find-comment.outcome == 'success' - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 - with: - comment-id: ${{ steps.find-comment.outputs.comment-id }} - issue-number: ${{ steps.pr-number.outputs.pr-number }} - body-path: comment.txt - edit-mode: replace diff --git a/.github/workflows/pr-comment.yaml b/.github/workflows/pr-comment.yaml deleted file mode 100644 index 0ef00644c1..0000000000 --- a/.github/workflows/pr-comment.yaml +++ /dev/null @@ -1,88 +0,0 @@ -name: Ecosystem check comment - -on: - workflow_run: - workflows: [CI] - types: [completed] - workflow_dispatch: - inputs: - workflow_run_id: - description: The ecosystem workflow that triggers the workflow run - required: true - -jobs: - comment: - runs-on: ubuntu-latest - permissions: - pull-requests: write - steps: - - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 - name: Download pull request number - with: - name: pr-number - run_id: ${{ github.event.workflow_run.id || github.event.inputs.workflow_run_id }} - if_no_artifact_found: ignore - allow_forks: true - - - name: Parse pull request number - id: pr-number - run: | - if [[ -f pr-number ]] - then - echo "pr-number=$(> "$GITHUB_OUTPUT" - fi - - - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 - name: "Download ecosystem results" - id: download-ecosystem-result - if: steps.pr-number.outputs.pr-number - with: - name: ecosystem-result - workflow: ci.yaml - pr: ${{ steps.pr-number.outputs.pr-number }} - path: pr/ecosystem - workflow_conclusion: completed - if_no_artifact_found: ignore - allow_forks: true - - - name: Generate comment content - id: generate-comment - if: steps.download-ecosystem-result.outputs.found_artifact == 'true' - run: | - # Guard against malicious ecosystem results that symlink to a secret - # file on this runner - if [[ -L pr/ecosystem/ecosystem-result ]] - then - echo "Error: ecosystem-result cannot be a symlink" - exit 1 - fi - - # Note this identifier is used to find the comment to update on - # subsequent runs - echo '' >> comment.txt - - echo '## `ruff-ecosystem` results' >> comment.txt - cat pr/ecosystem/ecosystem-result >> comment.txt - echo "" >> comment.txt - - echo 'comment<> "$GITHUB_OUTPUT" - cat comment.txt >> "$GITHUB_OUTPUT" - echo 'EOF' >> "$GITHUB_OUTPUT" - - - name: Find existing comment - uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 - if: steps.generate-comment.outcome == 'success' - id: find-comment - with: - issue-number: ${{ steps.pr-number.outputs.pr-number }} - comment-author: "github-actions[bot]" - body-includes: "" - - - name: Create or update comment - if: steps.find-comment.outcome == 'success' - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 - with: - comment-id: ${{ steps.find-comment.outputs.comment-id }} - issue-number: ${{ steps.pr-number.outputs.pr-number }} - body-path: comment.txt - edit-mode: replace diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e2a385715f..10730750a5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -68,7 +68,7 @@ jobs: # we specify bash to get pipefail; it guards against the `curl` command # failing. otherwise `sh` won't catch that `curl` returned non-0 shell: bash - run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.30.0/cargo-dist-installer.sh | sh" + run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.30.2/cargo-dist-installer.sh | sh" - name: Cache dist uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 with: @@ -166,8 +166,8 @@ jobs: - custom-build-binaries - custom-build-docker - build-global-artifacts - # Only run if we're "publishing", and only if local and global didn't fail (skipped is fine) - if: ${{ always() && needs.plan.outputs.publishing == 'true' && (needs.build-global-artifacts.result == 'skipped' || needs.build-global-artifacts.result == 'success') && (needs.custom-build-binaries.result == 'skipped' || needs.custom-build-binaries.result == 'success') && (needs.custom-build-docker.result == 'skipped' || needs.custom-build-docker.result == 'success') }} + # Only run if we're "publishing", and only if plan, local and global didn't fail (skipped is fine) + if: ${{ always() && needs.plan.result == 'success' && needs.plan.outputs.publishing == 'true' && (needs.build-global-artifacts.result == 'skipped' || needs.build-global-artifacts.result == 'success') && (needs.custom-build-binaries.result == 'skipped' || needs.custom-build-binaries.result == 'success') && (needs.custom-build-docker.result == 'skipped' || needs.custom-build-docker.result == 'success') }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} runs-on: "depot-ubuntu-latest-4" diff --git a/.github/workflows/ty-ecosystem-analyzer.yaml b/.github/workflows/ty-ecosystem-analyzer.yaml index cd763c3db1..417cf7d1f5 100644 --- a/.github/workflows/ty-ecosystem-analyzer.yaml +++ b/.github/workflows/ty-ecosystem-analyzer.yaml @@ -112,8 +112,6 @@ jobs: cat diff-statistics.md >> "$GITHUB_STEP_SUMMARY" - echo ${{ github.event.number }} > pr-number - - name: "Deploy to Cloudflare Pages" if: ${{ env.CF_API_TOKEN_EXISTS == 'true' }} id: deploy @@ -131,18 +129,14 @@ jobs: echo >> comment.md echo "**[Full report with detailed diff]($DEPLOYMENT_URL/diff)** ([timing results]($DEPLOYMENT_URL/timing))" >> comment.md + # NOTE: astral-sh-bot uses this artifact to post comments on PRs. + # Make sure to update the bot if you rename the artifact. - name: Upload comment uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: comment.md path: comment.md - - name: Upload pr-number - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: pr-number - path: pr-number - - name: Upload diagnostics diff uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: diff --git a/.github/workflows/ty-ecosystem-analyzer_comment.yaml b/.github/workflows/ty-ecosystem-analyzer_comment.yaml deleted file mode 100644 index f237f45e1e..0000000000 --- a/.github/workflows/ty-ecosystem-analyzer_comment.yaml +++ /dev/null @@ -1,85 +0,0 @@ -name: PR comment (ty ecosystem-analyzer) - -on: # zizmor: ignore[dangerous-triggers] - workflow_run: - workflows: [ty ecosystem-analyzer] - types: [completed] - workflow_dispatch: - inputs: - workflow_run_id: - description: The ty ecosystem-analyzer workflow that triggers the workflow run - required: true - -jobs: - comment: - runs-on: ubuntu-24.04 - permissions: - pull-requests: write - steps: - - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 - name: Download PR number - with: - name: pr-number - run_id: ${{ github.event.workflow_run.id || github.event.inputs.workflow_run_id }} - if_no_artifact_found: ignore - allow_forks: true - - - name: Parse pull request number - id: pr-number - run: | - if [[ -f pr-number ]] - then - echo "pr-number=$(> "$GITHUB_OUTPUT" - fi - - - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 - name: "Download comment.md" - id: download-comment - if: steps.pr-number.outputs.pr-number - with: - name: comment.md - workflow: ty-ecosystem-analyzer.yaml - pr: ${{ steps.pr-number.outputs.pr-number }} - path: pr/comment - workflow_conclusion: completed - if_no_artifact_found: ignore - allow_forks: true - - - name: Generate comment content - id: generate-comment - if: ${{ steps.download-comment.outputs.found_artifact == 'true' }} - run: | - # Guard against malicious ty ecosystem-analyzer results that symlink to a secret - # file on this runner - if [[ -L pr/comment/comment.md ]] - then - echo "Error: comment.md cannot be a symlink" - exit 1 - fi - - # Note: this identifier is used to find the comment to update on subsequent runs - echo '' > comment.md - echo >> comment.md - cat pr/comment/comment.md >> comment.md - - echo 'comment<> "$GITHUB_OUTPUT" - cat comment.md >> "$GITHUB_OUTPUT" - echo 'EOF' >> "$GITHUB_OUTPUT" - - - name: Find existing comment - uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 - if: steps.generate-comment.outcome == 'success' - id: find-comment - with: - issue-number: ${{ steps.pr-number.outputs.pr-number }} - comment-author: "github-actions[bot]" - body-includes: "" - - - name: Create or update comment - if: steps.find-comment.outcome == 'success' - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 - with: - comment-id: ${{ steps.find-comment.outputs.comment-id }} - issue-number: ${{ steps.pr-number.outputs.pr-number }} - body-path: comment.md - edit-mode: replace diff --git a/.github/workflows/typing_conformance.yaml b/.github/workflows/typing_conformance.yaml index aa99f6dd72..aefe0b6c40 100644 --- a/.github/workflows/typing_conformance.yaml +++ b/.github/workflows/typing_conformance.yaml @@ -94,21 +94,18 @@ jobs: touch typing_conformance_diagnostics.diff fi - echo ${{ github.event.number }} > pr-number echo "${CONFORMANCE_SUITE_COMMIT}" > conformance-suite-commit + # NOTE: astral-sh-bot uses this artifact to post comments on PRs. + # Make sure to update the bot if you rename the artifact. - name: Upload diff uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: typing_conformance_diagnostics_diff path: typing_conformance_diagnostics.diff - - name: Upload pr-number - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: pr-number - path: pr-number - + # NOTE: astral-sh-bot uses this artifact to post comments on PRs. + # Make sure to update the bot if you rename the artifact. - name: Upload conformance suite commit uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: diff --git a/.github/workflows/typing_conformance_comment.yaml b/.github/workflows/typing_conformance_comment.yaml deleted file mode 100644 index f596507448..0000000000 --- a/.github/workflows/typing_conformance_comment.yaml +++ /dev/null @@ -1,112 +0,0 @@ -name: PR comment (typing_conformance) - -on: # zizmor: ignore[dangerous-triggers] - workflow_run: - workflows: [Run typing conformance] - types: [completed] - workflow_dispatch: - inputs: - workflow_run_id: - description: The typing_conformance workflow that triggers the workflow run - required: true - -jobs: - comment: - runs-on: ubuntu-24.04 - permissions: - pull-requests: write - steps: - - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 - name: Download PR number - with: - name: pr-number - run_id: ${{ github.event.workflow_run.id || github.event.inputs.workflow_run_id }} - if_no_artifact_found: ignore - allow_forks: true - - - name: Parse pull request number - id: pr-number - run: | - if [[ -f pr-number ]] - then - echo "pr-number=$(> "$GITHUB_OUTPUT" - fi - - - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 - name: Download typing conformance suite commit - with: - name: conformance-suite-commit - run_id: ${{ github.event.workflow_run.id || github.event.inputs.workflow_run_id }} - if_no_artifact_found: ignore - allow_forks: true - - - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 - name: "Download typing_conformance results" - id: download-typing_conformance_diff - if: steps.pr-number.outputs.pr-number - with: - name: typing_conformance_diagnostics_diff - workflow: typing_conformance.yaml - pr: ${{ steps.pr-number.outputs.pr-number }} - path: pr/typing_conformance_diagnostics_diff - workflow_conclusion: completed - if_no_artifact_found: ignore - allow_forks: true - - - name: Generate comment content - id: generate-comment - if: ${{ steps.download-typing_conformance_diff.outputs.found_artifact == 'true' }} - run: | - # Guard against malicious typing_conformance results that symlink to a secret - # file on this runner - if [[ -L pr/typing_conformance_diagnostics_diff/typing_conformance_diagnostics.diff ]] - then - echo "Error: typing_conformance_diagnostics.diff cannot be a symlink" - exit 1 - fi - - # Note this identifier is used to find the comment to update on - # subsequent runs - echo '' >> comment.txt - - if [[ -f conformance-suite-commit ]] - then - echo "## Diagnostic diff on [typing conformance tests](https://github.com/python/typing/tree/$(> comment.txt - else - echo "conformance-suite-commit file not found" - echo "## Diagnostic diff on typing conformance tests" >> comment.txt - fi - - if [ -s "pr/typing_conformance_diagnostics_diff/typing_conformance_diagnostics.diff" ]; then - echo '
' >> comment.txt - echo 'Changes were detected when running ty on typing conformance tests' >> comment.txt - echo '' >> comment.txt - echo '```diff' >> comment.txt - cat pr/typing_conformance_diagnostics_diff/typing_conformance_diagnostics.diff >> comment.txt - echo '```' >> comment.txt - echo '
' >> comment.txt - else - echo 'No changes detected when running ty on typing conformance tests ✅' >> comment.txt - fi - - echo 'comment<> "$GITHUB_OUTPUT" - cat comment.txt >> "$GITHUB_OUTPUT" - echo 'EOF' >> "$GITHUB_OUTPUT" - - - name: Find existing comment - uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 - if: steps.generate-comment.outcome == 'success' - id: find-comment - with: - issue-number: ${{ steps.pr-number.outputs.pr-number }} - comment-author: "github-actions[bot]" - body-includes: "" - - - name: Create or update comment - if: steps.find-comment.outcome == 'success' - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 - with: - comment-id: ${{ steps.find-comment.outputs.comment-id }} - issue-number: ${{ steps.pr-number.outputs.pr-number }} - body-path: comment.txt - edit-mode: replace diff --git a/.github/zizmor.yml b/.github/zizmor.yml index 237af95e7b..28ec2a61ef 100644 --- a/.github/zizmor.yml +++ b/.github/zizmor.yml @@ -3,9 +3,6 @@ # # TODO: can we remove the ignores here so that our workflows are more secure? rules: - dangerous-triggers: - ignore: - - pr-comment.yaml cache-poisoning: ignore: - build-docker.yml diff --git a/dist-workspace.toml b/dist-workspace.toml index 20f123b05a..ddc157cdf3 100644 --- a/dist-workspace.toml +++ b/dist-workspace.toml @@ -5,7 +5,7 @@ packages = ["ruff"] # Config for 'dist' [dist] # The preferred dist version to use in CI (Cargo.toml SemVer syntax) -cargo-dist-version = "0.30.0" +cargo-dist-version = "0.30.2" # Whether to consider the binaries in a package for distribution (defaults true) dist = false # CI backends to support