π§ͺ Validate Guix python-click #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: π§ͺ Validate Guix python-click | |
| "on": | |
| workflow_dispatch: | |
| # Temporary workflow to validate the python-click 8.4.1 bump proposed at | |
| # https://codeberg.org/guix/guix/pulls/8928 | |
| # It prints the full rebuild scope (guix refresh --list-dependent python-click), | |
| # then builds python-click and a sample of high-signal dependents with | |
| # --keep-going, recording each resulting /gnu/store hash. Reviewers can use a | |
| # run to see every affected package and to reproduce and compare the hashes. | |
| # It does not attempt a full world rebuild. | |
| # Delete after the PR is merged upstream. | |
| permissions: {} | |
| jobs: | |
| validate: | |
| name: Build python-click and dependents | |
| runs-on: ubuntu-24.04 | |
| env: | |
| GUIX_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Install Guix | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install --yes --quiet guix | |
| - name: Pull Guix from fork channel | |
| run: | | |
| cat > /tmp/channels.scm << 'CHANNELS' | |
| (list | |
| (channel | |
| (name 'guix) | |
| (url "https://codeberg.org/tutu967/guix.git") | |
| (branch "python-click-8.4.1"))) | |
| CHANNELS | |
| # guix pull intermittently fails on transient substitute or git/SSL | |
| # errors; retry a few times before giving up. | |
| for attempt in 1 2 3; do | |
| echo "guix pull attempt ${attempt}..." | |
| if guix pull --channels=/tmp/channels.scm --disable-authentication --fallback --verbosity=0; then | |
| break | |
| fi | |
| [ "${attempt}" -eq 3 ] && { echo "guix pull failed after 3 attempts"; exit 1; } | |
| echo "retrying in 30s..." | |
| sleep 30 | |
| done | |
| echo "$HOME/.config/guix/current/bin" >> "$GITHUB_PATH" | |
| - name: Report rebuild scope | |
| run: | | |
| # Full list of affected packages, to the log (searchable) and summary. | |
| echo "Packages depending on python-click (full rebuild scope):" | |
| guix refresh --list-dependent python-click 2>&1 | tee /tmp/dependents.txt || true | |
| { | |
| echo "## Rebuild scope (guix refresh --list-dependent python-click)" | |
| echo "" | |
| echo '```' | |
| cat /tmp/dependents.txt | |
| echo '```' | |
| } >> "${GITHUB_STEP_SUMMARY}" | |
| - name: Lint python-click | |
| run: | | |
| { | |
| echo "## guix lint" | |
| echo "" | |
| } >> "${GITHUB_STEP_SUMMARY}" | |
| lint_output=$(guix lint python-click 2>&1 \ | |
| | grep -v -E "^fetching CVE database|Software Heritage" \ | |
| | grep -v -E "^guix lint: warning: failed to get list of CVE vulnerabilities" \ | |
| | grep -v -E "^guix lint: warning: GitHub rate limit exceeded" \ | |
| | grep -v -E "^hint: You can raise the rate limit" \ | |
| | grep -v -E "^variable to a token obtained from" \ | |
| | grep -v -E "^your GitHub account\." \ | |
| | grep -v -E "^Alternatively, you can wait until" \ | |
| | grep -v -E "^\`generic-git' updater instead\." \ | |
| | grep -v -E ": can be upgraded to .*[-.]?(rc|alpha|beta|dev|a|b)[0-9]*\.?[0-9]*$" \ | |
| | sed '/^$/d') || true | |
| if [ -n "${lint_output}" ]; then | |
| echo "${lint_output}" | |
| { | |
| echo "- β οΈ \`python-click\`" | |
| echo '```' | |
| echo "${lint_output}" | |
| echo '```' | |
| } >> "${GITHUB_STEP_SUMMARY}" | |
| exit 1 | |
| else | |
| echo "- β \`python-click\`" >> "${GITHUB_STEP_SUMMARY}" | |
| fi | |
| - name: Build python-click and dependents | |
| if: always() | |
| run: | | |
| set -o pipefail | |
| # python-click first (the bumped package, runs its own test suite), | |
| # then a sample of high-signal click consumers present in python-team. | |
| packages=( | |
| python-click | |
| python-cloup | |
| python-black | |
| python-flask | |
| python-rich-click | |
| python-typer | |
| python-celery | |
| python-dask | |
| python-uvicorn | |
| python-mkdocs | |
| ) | |
| { | |
| echo "" | |
| echo "## guix build" | |
| echo "" | |
| } >> "${GITHUB_STEP_SUMMARY}" | |
| failed=0 | |
| for pkg in "${packages[@]}"; do | |
| echo "--- Building ${pkg} ---" | |
| log=$(mktemp) | |
| # Capture the /gnu/store output path (stdout) for the hash, keep the | |
| # build log (stderr) for diagnosis. --keep-going matches the | |
| # reviewer's ``guix build -k`` and surfaces every failure. | |
| if out=$(guix build --keep-going "${pkg}" 2>"${log}"); then | |
| echo "${out}" | |
| hash=$(printf '%s\n' "${out}" | head --lines=1) | |
| echo "- β \`${pkg}\`: \`${hash}\`" >> "${GITHUB_STEP_SUMMARY}" | |
| else | |
| # Show every FAILED line plus the last 200 lines for diagnosis. | |
| grep -E "^FAILED|^ERROR|short test summary|^=+ .* in [0-9]" "${log}" || true | |
| echo "--- last 200 lines ---" | |
| tail --lines=200 "${log}" | |
| echo "- β \`${pkg}\`" >> "${GITHUB_STEP_SUMMARY}" | |
| failed=$((failed + 1)) | |
| fi | |
| rm -f "${log}" | |
| done | |
| echo "" >> "${GITHUB_STEP_SUMMARY}" | |
| echo "**${failed} failed** out of ${#packages[@]} packages." >> "${GITHUB_STEP_SUMMARY}" | |
| if [ "${failed}" -gt 0 ]; then | |
| exit 1 | |
| fi |