pyproject.toml is currently copied unchanged from conf/topdir to the toplevel directory. Set up machinery in py-topdir.mk to render it from a template in conf/templates instead, replacing {mypypath} in the process.
- Add an additional, more generic value that --format understands:
"tmpl". If chosen, the template selected by the new option
--template-name is rendered by replacing --field key=value pairs.
- This commit also adds the option --quote, which makes the
renderer enclose the rendered variable values in double quotes.
Add --search-path to the list of CmdCreateFile's supported options. Its value is split by ":" and subsequently passed to the tmpl_render()'s search_path argument.
tmpl_render()'s "values" argument currently understands dict[str,str|list[str]]. Enhance that to understand the broader RenderValues type, which also includes Iterable[tuple[str, str]], as produced by argparse.add_argument(action='append').
This commit also adds proper type-checking for the values argument. Before, its type had gone unchecked entirely.
Add an additional keyword-argument search_path to templates.tmpl_render(). It allows to specifiy a list of directory paths in which a template of a given name can be found. It defaults to [], in which case only the built-in templates are considered. Otherwise file locations are tried first, then the built-in templates.
In order to allow Pyright to check the types provided by dependant repositories without installing them, pyrightconfig.json contains a list of paths to their root directories in "extraPaths". These paths are unusable for Pyright, though: For type checking to work, it needs to be pointed to the "jw" namespace package paths within those repos. This commit achieves that by appending the subdirs src/python and tools/python to them, provided they exist.
TODO: This fix hardcodes the current project directory structure. Better would be a way to customize that via makefiles, where the paths can be more easily customized.
Replace variable PY_SRC_ROOT by PY_CHECK_ROOTS. The name PY_SRC_ROOT was a bad choice, given that it isn't immediately obvious that it a) can contain multiple root locations to be checked, and that it b) specifically concerns static type checking.
As of this commit, it's possible to limit the type checking scope with PY_CHECK_ROOTS as in
PY_CHECK_ROOTS="src/python/jw/pkg/CmdBase.py src/python/jw/lib" \
make check
App.get_projects_refs() is a versatile tool, but what it does isn't obvious. Use the simpler method .get_value() instead for get_libname(), and return None if a project doesn't provide a linkable library.
- Rename variable dep and deps to val and vals, respectively,
because that's more what they are values of key-value pairs. In
some cases that can represent dependencies, in some case other
things.
- Make a scope case distinction a little clearer by mentioning all
possible cases in a match / case block
Add enable-email-notifications: true. This seems to be needed for sending information about failed runs. Apparently it doesn't make it difference if I add it to ci/workflows/.github/workflows/test-packaging.yaml.
In another attempt at making CI workflow naming more concise:
- Rename standard-tests.yaml to ci.yaml
Currently the contents of this file covers everything CI-related
that happens in the context workflows, so for the time being,
naming it ci.yaml is just fitting. And it's going to be shorter
in commit message summaries. Should a real need arise, we can
always split the file up again.
- Shorten names again, otherwise they don't fit into Forgejo's
check-mark-popup. That should be self-explanatory in context:
name:
Default CI -> CI
jobs.CI.name:
Packaging test - All supported platforms -> Packaging test
Running pyright in a minimal docker container gives this error:
$ pyright
/usr/bin/npm-default: No such file or directory
Traceback (most recent call last):
File "/usr/bin/pyright-3.13", line 6, in <module>
sys.exit(entrypoint())
~~~~~~~~~~^^
File "/usr/lib/python3.13/site-packages/pyright/cli.py", line 31, in entrypoint
sys.exit(main(sys.argv[1:]))
~~~~^^^^^^^^^^^^^^
File "/usr/lib/python3.13/site-packages/pyright/cli.py", line 18, in main
return run(*args, **kwargs).returncode
~~~^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.13/site-packages/pyright/cli.py", line 22, in run
pkg_dir = install_pyright(args, quiet=None)
File "/usr/lib/python3.13/site-packages/pyright/_utils.py", line 69, in install_pyright
node.run(
~~~~~~~~^
'npm',
^^^^^^
...<5 lines>...
stderr=subprocess.PIPE if silent else sys.stderr,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File "/usr/lib/python3.13/site-packages/pyright/node.py", line 144, in run
subprocess.run(node_args, **kwargs),
~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.13/subprocess.py", line 577, in run
raise CalledProcessError(retcode, process.args,
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'install', \
'pyright@1.1.409']' returned non-zero exit status 255.
This means that on openSUSE, python3-pyright tries to pull in packages from the NPM registry. This increases the CI supply chain attack surface inacceptably, so remove pyright from the release prerequisites. That should be enough to remove it from the prerequisites of target check as well and allow it to succeed.
The pyright check machinery itself remains useful, so keep it in place for developers who install python3-pyright manually.
By the time projects-dir.mk is used during onboarding, it's already cloned, and so is jw-pkg in all its glory. So better use a ssh-wrapper.sh directly under jw-pkg's version control instead of plainly generating one with echo some-script-logic > ssh-wrapper.sh.
This has the main benefit of allowing a more elaborate script. The one added by this commit removes "-l user" from remotes which have a standard-user@gitserver form, typically because they differentiate users via their SSH pubkeys only, and which would deny access if both -l user and standard-user@ were specified.
ssh-wrapper.sh still needs to be a target which is updated by a recipe, because the version found in jw-pkg can't be trusted to be executable during bootstrapping, because "make all" has not run, yet.
After release, pkg.sh pushes the changes to VERSION and HASH upstream. Failures are masked, though, propagate them.
Unclear what motivated masking the error. Tracking that down with git blame leads to build-package.sh, which was inherited from ytools, where the change was introduced 2014 with the trust-inspiring comment:
attempted fix for error during commit of version files in build-package.sh
The git-get-pub does not have the same effect as the other git-get-% targets, and this commit makes it.
The other git-get-% targets run pgit.sh, which rebases the current branch onto the fetched branch, and git-get-pub doesn't. Since devops merges contributor forges fast-forward without a merge-commit, the pub remote's master needs to be the last to be rebased on, because otherwise it will not allow to force-push the result.
As soon as multiple forges with protected master branches contribute, fast-forward merging of the master branch will need to be abolished anyway, and the release machinery will need an overhaul.
- Remove package_name and package_path from the prototype of
detect_modules(). They can and should be deduced from
namespace['__name__'] and namespace['__path__'], respectively.
- Make prefix default to None, which signifies "Don't filter by
prefix".
- Add an optional extend_namespace parameter, which will make the
function append the module's __name__ to its __path__. This
defaults to True, thereby adding a side effect to the function.
Which is always wanted in the case for all callers of this
function.
pkg.requires.os.release = python3-pyright breaks CI on Kali Linux. It is present in the janware repos, but using those would cross a line: jw-pkg must be buildable from the base repositories alone, so don't make pyright mandatory for Debian, because that pulls it in for Kali, too.
Ironically, the Debian repo provides it. Which makes it obvious that we will need another entry in the os cascade for Debian proper to allow pulling in such packages on Debian.
Target all should create all necessary files in topdir. Currently they're only needed for static file checks, but they might well be prerequistes for the build to succeed in the future, so make target all depend on topdir.
Also, place target all before the block of includes, so that the execution order is defined in topdir.mk rather than the included snippets.
This commit reorganizes build-package.yaml in several ways:
- Follow name change of the called workflow
The reusable workflow used by build-package.yaml changed name and
location, and this commit follows the move. It was located at
ci/action-build-package before and has moved to ci/workflows,
because what it provides is semantically more of a workflow than
an action.
- Limit CI runs
The commit also adds safeguards against too many CI runs. It
limits them to PR events opened, re-opened or pushed-to, and to
push events hitting branches master, main and release.
- Rename workflow itself to standard-tests.yaml
That name reflects better what it represents: The entry point to
janware's standard set of CI tests. All of them happen to run in
the context of building and packaging at this point, but that
might not be the only standard test this repo chooses to
subscribe to in the future, and if so, they will be better off in
one file with defined order, so give that file a better umbrella
name.
Forgejo versions before 15 didn't support workflow expansion, and "runs-on" was necessary in callers of reusable workflows. janware.com now runs Forgejo 15.x, and the requirement is gone, so remove the config option.
runs-on is typically a required field. However, if a job defines jobs.<job_id>.uses in order to reference a reusable workflow, then it is optional. See jobs.<job_id>.uses for more information on this behaviour.
[...]
It is recommended that jobs.<job_id>.runs-on is omitted when using uses, as this will allow Forgejo to perform workflow expansion. Workflow expansion results in the target workflow’s jobs appearing in the UI as separate jobs. This provides an easier to understand experience for accessing the logs of each job, and permits the jobs to run on separate runners with their own runs-on fields.
Accept if AsyncSSH is missing. The package would be nice to have, i.e. a good candidate for a "recommends" section, but until there's support for that, better be able to do without and fall back to command-line ssh.
Accept if argcomplete is missing. The package would be nice to have, i.e. a good candidate for a "recommends" section, but until there's support for that, better be able to do without.
