New data collected at 2025-09-08_00-03-34

Author: actions-user

github-actions/googlesheets4/format-suggest.yaml

@@ -0,0 +1,46 @@
+# Workflow derived from https://github.com/posit-dev/setup-air/tree/main/examples
+
+on:
+  # Using `pull_request_target` over `pull_request` for elevated `GITHUB_TOKEN`
+  # privileges, otherwise we can't set `pull-requests: write` when the pull
+  # request comes from a fork, which is our main use case (external contributors).
+  #
+  # `pull_request_target` runs in the context of the target branch (`main`, usually),
+  # rather than in the context of the pull request like `pull_request` does. Due
+  # to this, we must explicitly checkout `ref: ${{ github.event.pull_request.head.sha }}`.
+  # This is typically frowned upon by GitHub, as it exposes you to potentially running
+  # untrusted code in a context where you have elevated privileges, but they explicitly
+  # call out the use case of reformatting and committing back / commenting on the PR
+  # as a situation that should be safe (because we aren't actually running the untrusted
+  # code, we are just treating it as passive data).
+  # https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
+  pull_request_target:
+
+name: format-suggest.yaml
+
+jobs:
+  format-suggest:
+    name: format-suggest
+    runs-on: ubuntu-latest
+
+    permissions:
+      # Required to push suggestion comments to the PR
+      pull-requests: write
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Install
+        uses: posit-dev/setup-air@v1
+
+      - name: Format
+        run: air format .
+
+      - name: Suggest
+        uses: reviewdog/action-suggester@v1
+        with:
+          level: error
+          fail_level: error
+          tool_name: air

github-actions/greta/R-CMD-check.yaml

@@ -87,16 +87,21 @@ jobs:
       - name: Install package + deps
         run: remotes::install_local(dependencies = TRUE, force = TRUE)
 
-      - name: Install greta deps
-        run: |
-          library(greta)
-          greta::install_greta_deps(timeout = 50)
+      ## greta deps are automatically resolved via py_require()
+      # - name: Install greta deps
+      #   run: |
+      #     library(greta)
+      #     greta::install_greta_deps(timeout = 50)
+      #
+      # - name: Situation Report on greta install
+      #   run: greta::greta_sitrep()
 
-      - name: Situation Report on greta install
-        run: greta::greta_sitrep()
+      # - name: Install rcmdcheck
+      #   run: remotes::install_cran("rcmdcheck")
 
-      - name: Install rcmdcheck
-        run: remotes::install_cran("rcmdcheck")
+      # Some snapshot tests specifically check for miniconda
+      - name: Install miniconda
+        run: reticulate::install_miniconda()
 
       - uses: r-lib/actions/check-r-package@v2
         with:

github-actions/leaflet/R-CMD-check.yaml

@@ -23,4 +23,4 @@ jobs:
     uses: rstudio/shiny-workflows/.github/workflows/R-CMD-check.yaml@v1
     with:
       minimum-r-version: "3.5.0"
-      ubuntu: "ubuntu-20.04"
+      ubuntu: "ubuntu-latest"

github-actions/magick/R-CMD-check.yaml

@@ -18,15 +18,15 @@ jobs:
         config:
           - {os: macOS-13,   r: 'release'}
           - {os: macOS-14,   r: 'release'}
-          - {os: macOS-15,   r: 'next'}
           - {os: windows-latest, r: '4.1'}
           - {os: windows-latest, r: '4.2'}
+          - {os: windows-latest, r: '4.3'}
+          - {os: windows-latest, r: '4.4'}
           - {os: windows-latest, r: 'release'}
           - {os: windows-latest,   r: 'devel'}
           - {os: ubuntu-latest,   r: 'devel', http-user-agent: 'release'}
           - {os: ubuntu-latest,   r: 'release'}
-          - {os: ubuntu-latest,   r: 'oldrel-1'}
-          - {os: ubuntu-22.04,   r: '4.1'}
+          - {os: ubuntu-latest,   r: 'oldrel-3'}
 
     env:
       GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}

github-actions/mlflow/autoformat.yml

@@ -99,13 +99,10 @@ jobs:
       # ************************************************************************
       # pre-commit
       # ************************************************************************
-      - run: |
-          dev/install-taplo.sh
-          dev/install-typos.sh
-          dev/install-conftest.sh
       - run: |
           pip install -r requirements/lint-requirements.txt
           pre-commit install --install-hooks
+          pre-commit run install-bin -a -v
           pre-commit run --all-files --color=always || true
       # ************************************************************************
       # protos

github-actions/mlflow/copilot-setup-steps.yml

@@ -18,7 +18,5 @@ jobs:
       - name: pre-commit setup
         run: |
           uv pip install --system . -r requirements/lint-requirements.txt
-          dev/install-taplo.sh
-          dev/install-typos.sh
-          dev/install-conftest.sh
           pre-commit install --install-hooks
+          pre-commit run install-bin -a -v

github-actions/mlflow/lint.yml

@@ -29,11 +29,16 @@ env:
 
 jobs:
   lint:
-    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
     timeout-minutes: 30
     permissions:
       contents: read
     if: github.event_name != 'pull_request' || github.event.pull_request.draft == false
+    name: ${{ matrix.os == 'ubuntu-latest' && 'lint' || 'lint-macos' }}
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
@@ -44,6 +49,7 @@ jobs:
       - uses: ./.github/actions/setup-python
         id: setup-python
       - name: Add problem matchers
+        if: matrix.os == 'ubuntu-latest'
         run: |
           echo "::add-matcher::.github/workflows/matchers/clint.json"
           echo "::add-matcher::.github/workflows/matchers/format.json"
@@ -52,14 +58,12 @@ jobs:
       - name: Install dependencies
         run: |
           uv pip install --system -r requirements/lint-requirements.txt
-          dev/install-taplo.sh
-          dev/install-typos.sh
-          dev/install-conftest.sh
       - uses: ./.github/actions/show-versions
       - uses: ./.github/actions/pipdeptree
       - name: Install pre-commit hooks
         run: |
           pre-commit install --install-hooks
+          pre-commit run install-bin -a -v
       - name: Run pre-commit
         id: pre-commit
         env:

github-actions/mlflow/push-images.yml

@@ -30,16 +30,35 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Check if should update latest tag
+        id: check_latest
+        run: |
+          CURRENT_VERSION=${GITHUB_REF_NAME#v}
+
+          HIGHEST_VERSION=$(gh release list --exclude-pre-releases --exclude-drafts --limit 100 | \
+            grep -E '^v[0-9]+\.[0-9]+\.[0-9]+\s' | \
+            awk '{print $1}' | \
+            sed 's/^v//' | \
+            sort -V | \
+            tail -n1)
+
+          if [ -z "$HIGHEST_VERSION" ] || [ "$(echo -e "$CURRENT_VERSION\n$HIGHEST_VERSION" | sort -V | tail -n1)" = "$CURRENT_VERSION" ]; then
+            echo "should_update_latest=true" >> $GITHUB_OUTPUT
+          else
+            echo "should_update_latest=false" >> $GITHUB_OUTPUT
+          fi
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Gather Docker Metadata for Tracking
         id: meta
         uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0
         with:
-          # list of Docker images to use as base name for tags
           images: |
             ghcr.io/mlflow/mlflow
-          # generate Docker tags based on the following events/attributes
           tags: |
             type=ref,event=tag
+            type=raw,value=latest,enable=${{ steps.check_latest.outputs.should_update_latest == 'true' }}
 
       - name: Build and Push Base Image
         uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3.3.1
@@ -55,12 +74,11 @@ jobs:
         id: modelmeta
         uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0
         with:
-          # list of Docker images to use as base name for tags
           images: |
             ghcr.io/mlflow/model-server
-          # generate Docker tags based on the following events/attributes
           tags: |
             type=ref,event=tag
+            type=raw,value=latest,enable=${{ steps.check_latest.outputs.should_update_latest == 'true' }}
 
       - name: Build Model Server Image
         run: |

github-actions/mlflow/review.yml

@@ -10,7 +10,7 @@ on:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
-  cancel-in-progress: true
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 jobs:
   review:
@@ -20,15 +20,14 @@ jobs:
       models: read
       pull-requests: write
     timeout-minutes: 10
-    # Run on pull_request events from mlflow/mlflow (not forks) or when harupy comments '/review' on a pull request
+    # Run on pull_request events from mlflow/mlflow (not forks) or when anyone comments '/review' on a pull request
     if: >
       (github.event_name == 'pull_request' &&
        github.event.pull_request.head.repo.full_name == 'mlflow/mlflow')
       ||
       (github.event_name == 'issue_comment' &&
        github.event.issue.pull_request &&
-       startsWith(github.event.comment.body, '/review') &&
-       github.event.comment.user.login == 'harupy')
+       startsWith(github.event.comment.body, '/review'))
     steps:
       - name: React to comment
         if: ${{ github.event_name == 'issue_comment' }}
@@ -42,6 +41,21 @@ jobs:
               comment_id: comment.id,
               content: 'rocket'
             });
+      - name: Check authorization for issue comment
+        if: ${{ github.event_name == 'issue_comment' && github.event.comment.user.login != 'harupy' }}
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            // Leave a comment indicating only 'harupy' is allowed to trigger the workflow
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body: "⚠️ Only **harupy** is authorized to trigger this workflow via comments. Your request has been ignored."
+            });
+
+            // Fail the workflow to abort further execution
+            throw new Error("Unauthorized user attempted to trigger workflow: " + context.payload.comment.user.login);
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           sparse-checkout: |
@@ -98,20 +112,21 @@ jobs:
 
           # Instructions
 
-          ## 1. Fetch and Analyze PR
+          ## 1. Fetch PR and Review Against Style Guide
           - Use `fetch_diff` tool to fetch the PR diff
-          - Carefully examine all changes in the diff
-
-          ## 2. Review Against Style Guide
           - Read `dev/guides/python.md` thoroughly
-          - Check for violations of the style guide
+          - Carefully examine ONLY the changed lines (added or modified) in the diff
+          - Check for style guide violations ONLY in these changed lines
+          - Ignore unchanged/context lines and pre-existing code
 
-          ## 3. Decision Point
+          ## 2. Decision Point
           - If NO issues found -> Skip remaining steps
-          - If issues found -> Continue to step 4
+          - If issues found -> Continue to step 3
 
-          ## 4. Add Review Comments
+          ## 3. Add Review Comments
           - Use `add_pr_review_comment` tool for each issue found
+          - ONLY comment on lines that are marked as added (+) or modified in the diff
+          - Never comment on unchanged context lines or pre-existing code
           - Comment parameters:
             - Single-line: Set `subject_type` to `LINE`, specify `line`
             - Multi-line: Set `subject_type` to `LINE`, specify both `start_line` and `line`
@@ -128,4 +143,4 @@ jobs:
           PR_URL: ${{ github.event.issue.pull_request.html_url || github.event.pull_request.html_url}}
         run: |
           # Use timeout in case codex hangs
-          timeout 3m ./codex exec --skip-git-repo-check "Can you review $PR_URL?" || true
+          timeout 5m ./codex exec --skip-git-repo-check "Can you review $PR_URL?" || true

github-actions/mlflow/tracing.yaml

@@ -56,6 +56,7 @@ jobs:
             --ignore tests/tracing/utils/test_otlp.py \
             --ignore tests/tracing/test_assessment.py \
             --ignore tests/tracing/test_otel_logging.py \
+            --ignore tests/tracing/processor/test_otel_metrics.py \
             --import-mode=importlib
 
   # TODO: Add a job to run autologging tests against integrated libraries (latest versions)