Skip to content
Open
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .github/workflows/python_lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -58,28 +58,28 @@
- name: Check code format
run: poetry run ruff format --diff .

mypy-check:
name: MyPy Check
pyrefly-check:
name: Pyrefly Check
runs-on: ubuntu-latest
steps:
# Common steps:
- name: Checkout code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Set up Poetry
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
with:
poetry-version: "2.2.0"
- name: Set up Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: '3.10'
- name: Set up Poetry
uses: Gr1N/setup-poetry@48b0f77c8c1b1b19cb962f0f00dff7b4be8f81ec # v9
with:
poetry-version: "2.2.0"
- name: Install dependencies
run: poetry install

# Job-specifc step(s):
- name: Check MyPy typing
run: poetry run mypy .
- name: Check Pyrefly typing
run: poetry run pyrefly check

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 11 days ago

To fix the problem, we should explicitly add a permissions key with the correct minimal privileges required for this workflow. Since all jobs in this workflow only need to check out code and run local linting/formatting commands, they only require read access to the repository contents. The fix can be implemented by adding permissions: contents: read at the root level of the workflow, ensuring the minimal privileges are granted for all jobs. No step in any job requires broader permissions. This change should be added above the jobs: key (line 12), preferably near the top of the YAML file for visibility.


Suggested changeset 1
.github/workflows/python_lint.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/python_lint.yml b/.github/workflows/python_lint.yml
--- a/.github/workflows/python_lint.yml
+++ b/.github/workflows/python_lint.yml
@@ -9,6 +9,8 @@
 env:
   AIRBYTE_ANALYTICS_ID: ${{ vars.AIRBYTE_ANALYTICS_ID }}
 
+permissions:
+  contents: read
 jobs:
   ruff-lint-check:
     name: Ruff Lint Check
EOF
@@ -9,6 +9,8 @@
env:
AIRBYTE_ANALYTICS_ID: ${{ vars.AIRBYTE_ANALYTICS_ID }}

permissions:
contents: read
jobs:
ruff-lint-check:
name: Ruff Lint Check
Copilot is powered by AI and may make mistakes. Always verify output.
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ venv.bak/
# mkdocs documentation
/site

# mypy
# Type checkers (mypy, pyrefly)
.mypy_cache/
.dmypy.json
dmypy.json
Expand Down
133 changes: 28 additions & 105 deletions poetry.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

88 changes: 34 additions & 54 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -61,14 +61,13 @@ deptry = "^0.21.1"
docker = "^7.1.0"
faker = "^21.0.0"
freezegun = "^1.4.0"
mypy = "^1.11.2"
pyrefly = ">=0.25.0"
pandas-stubs = "^2.1.4.231218"
pdoc = "^14.3.0"
poethepoet = ">=0.26.1,<0.32.0"
pytest = "^8.2.0"
pytest-docker = "^3.1.1"
pytest-mock = "^3.14.0"
pytest-mypy = "^0.10.3"
pytest-timeout = "^2.3.1"
responses = "^0.25.0"
ruff = "^0.8.2"
Expand Down Expand Up @@ -117,58 +116,39 @@ filterwarnings = [ # syntax: "action:message_regex:category:module:line"
# [tool.ruff]
# Ruff moved to dedicated config file: `.ruff.toml`

[tool.mypy]
# Platform configuration
python_version = "3.10"
# imports related
ignore_missing_imports = true
follow_imports = "silent"
# None and Optional handling
no_implicit_optional = true
strict_optional = true
# Configuring warnings
warn_unused_configs = true
warn_redundant_casts = true
warn_unused_ignores = true
warn_no_return = true
warn_unreachable = true
warn_return_any = false
# Untyped definitions and calls
check_untyped_defs = true
disallow_untyped_calls = false
disallow_untyped_defs = true
disallow_incomplete_defs = true
disallow_untyped_decorators = false
# Disallow dynamic typing
disallow_subclassing_any = true
disallow_any_unimported = false
disallow_any_expr = false
disallow_any_decorated = false
disallow_any_explicit = false
disallow_any_generics = false
# Miscellaneous strictness flags
allow_untyped_globals = false
allow_redefinition = false
local_partial_types = false
implicit_reexport = true
strict_equality = true
# Configuring error messages
show_error_context = false
show_column_numbers = false
show_error_codes = true
exclude = [
"tests/integration_tests/fixtures/source-broken",
"tests/integration_tests/fixtures/source-test",
"docs",
"tests",
]

[[tool.mypy.overrides]]
ignore_missing_imports = true # No stubs yet (😢)
module = [
"airbyte_protocol",
"airbyte_protocol.models",
[tool.pyrefly]
python-version = "3.10"
project-includes = ["airbyte"]
project-excludes = [
"tests/integration_tests/fixtures/source-broken/**",
"tests/integration_tests/fixtures/source-test/**",
"docs/**",
"tests/**",
]
# Match mypy's default behavior of not checking unannotated function bodies
untyped-def-behavior = "skip-and-infer-return-any"
# Respect mypy-style ignore comments
permissive-ignores = true

[tool.pyrefly.errors]
# Suppress errors for gradual migration from mypy to pyrefly
# These error kinds can be re-enabled incrementally to improve type safety
# See: https://pyrefly.org/en/docs/error-kinds/
import-error = false
redundant-cast = false
missing-attribute = false
bad-argument-type = false
invalid-yield = false
implicit-import = false
bad-override = false
index-error = false
unsupported-operation = false
bad-return = false
unknown-name = false
no-matching-overload = false
bad-assignment = false
not-iterable = false
unbound-name = false

[tool.pyright]
pythonVersion = "3.10"
Expand All @@ -190,7 +170,7 @@ coverage-report = { shell = "coverage report" }
coverage-html = { shell = "coverage html -d htmlcov && open htmlcov/index.html" }
coverage-reset = { shell = "coverage erase" }

check = { shell = "ruff check . && mypy . && pytest --collect-only -qq" }
check = { shell = "ruff check . && pyrefly check && pytest --collect-only -qq" }

docs-generate = {env = {PDOC_ALLOW_EXEC = "1"}, cmd = "python -m docs.generate run"}
docs-preview = {shell = "poe docs-generate && open docs/generated/index.html"}
Expand Down
10 changes: 5 additions & 5 deletions tests/lint_tests/test_mypy.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,16 @@

@pytest.mark.linting
def test_mypy_typing():
# Run the check command
# Run the pyrefly check command
check_result = subprocess.run(
["poetry", "run", "mypy", "."],
["poetry", "run", "pyrefly", "check"],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)

# Assert that the Ruff command exited without errors (exit code 0)
# Assert that the Pyrefly command exited without errors (exit code 0)
assert check_result.returncode == 0, (
"MyPy checks failed:\n"
"Pyrefly checks failed:\n"
+ f"{check_result.stdout.decode()}\n{check_result.stderr.decode()}\n\n"
+ "Run `poetry run mypy .` to see all failures."
+ "Run `poetry run pyrefly check` to see all failures."
)
Loading