diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-binaries.yml index e71cb3b0e261d..fa4bd2bd115a5 100644 --- a/.github/workflows/build-binaries.yml +++ b/.github/workflows/build-binaries.yml @@ -53,9 +53,9 @@ jobs: args: --out dist - name: "Test sdist" run: | - pip install dist/${{ env.PACKAGE_NAME }}-*.tar.gz --force-reinstall - ${{ env.MODULE_NAME }} --help - python -m ${{ env.MODULE_NAME }} --help + pip install dist/${PACKAGE_NAME}-*.tar.gz --force-reinstall + "${MODULE_NAME}" --help + python -m "${MODULE_NAME}" --help - name: "Upload sdist" uses: actions/upload-artifact@v4 with: @@ -125,7 +125,7 @@ jobs: args: --release --locked --out dist - name: "Test wheel - aarch64" run: | - pip install dist/${{ env.PACKAGE_NAME }}-*.whl --force-reinstall + pip install dist/${PACKAGE_NAME}-*.whl --force-reinstall ruff --help python -m ruff --help - name: "Upload wheels" @@ -186,9 +186,9 @@ jobs: if: ${{ !startsWith(matrix.platform.target, 'aarch64') }} shell: bash run: | - python -m pip install dist/${{ env.PACKAGE_NAME }}-*.whl --force-reinstall - ${{ env.MODULE_NAME }} --help - python -m ${{ env.MODULE_NAME }} --help + python -m pip install dist/${PACKAGE_NAME}-*.whl --force-reinstall + "${MODULE_NAME}" --help + python -m "${MODULE_NAME}" --help - name: "Upload wheels" uses: actions/upload-artifact@v4 with: @@ -236,9 +236,9 @@ jobs: - name: "Test wheel" if: ${{ startsWith(matrix.target, 'x86_64') }} run: | - pip install dist/${{ env.PACKAGE_NAME }}-*.whl --force-reinstall - ${{ env.MODULE_NAME }} --help - python -m ${{ env.MODULE_NAME }} --help + pip install dist/${PACKAGE_NAME}-*.whl --force-reinstall + "${MODULE_NAME}" --help + python -m "${MODULE_NAME}" --help - name: "Upload wheels" uses: actions/upload-artifact@v4 with: diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index c57b3a0c96d04..382e28a715bf7 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -87,9 +87,10 @@ jobs: outputs: type=image,name=${{ env.RUFF_BASE_IMG }},push-by-digest=true,name-canonical=true,push=${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }} - name: Export digests + env: + digest: ${{ steps.build.outputs.digest }} run: | mkdir -p /tmp/digests - digest="${{ steps.build.outputs.digest }}" touch "/tmp/digests/${digest#sha256:}" - name: Upload digests @@ -143,7 +144,7 @@ jobs: run: | docker buildx imagetools create \ $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.RUFF_BASE_IMG }}@sha256:%s ' *) + $(printf '${RUFF_BASE_IMG}@sha256:%s ' *) docker-publish-extra: name: Publish additional Docker image based on ${{ matrix.image-mapping }} @@ -182,7 +183,7 @@ jobs: # Generate Dockerfile content cat < Dockerfile FROM ${BASE_IMAGE} - COPY --from=${{ env.RUFF_BASE_IMG }}:latest /ruff /usr/local/bin/ruff + COPY --from=${RUFF_BASE_IMG}:latest /ruff /usr/local/bin/ruff ENTRYPOINT [] CMD ["/usr/local/bin/ruff"] EOF @@ -288,4 +289,4 @@ jobs: docker buildx imagetools create \ "${annotations[@]}" \ $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.RUFF_BASE_IMG }}@sha256:%s ' *) + $(printf '${RUFF_BASE_IMG}@sha256:%s ' *) diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index 1192d54dcbe82..0316b256a58a3 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -49,13 +49,11 @@ jobs: - name: "Set branch name" run: | - version="${{ env.version }}" - display_name="${{ env.display_name }}" timestamp="$(date +%s)" # create branch_display_name from display_name by replacing all # characters disallowed in git branch names with hyphens - branch_display_name="$(echo "$display_name" | tr -c '[:alnum:]._' '-' | tr -s '-')" + branch_display_name="$(echo "${display_name}" | tr -c '[:alnum:]._' '-' | tr -s '-')" echo "branch_name=update-docs-$branch_display_name-$timestamp" >> $GITHUB_ENV echo "timestamp=$timestamp" >> $GITHUB_ENV @@ -93,9 +91,7 @@ jobs: run: mkdocs build --strict -f mkdocs.public.yml - name: "Clone docs repo" - run: | - version="${{ env.version }}" - git clone https://${{ secrets.ASTRAL_DOCS_PAT }}@github.com/astral-sh/docs.git astral-docs + run: git clone https://${{ secrets.ASTRAL_DOCS_PAT }}@github.com/astral-sh/docs.git astral-docs - name: "Copy docs" run: rm -rf astral-docs/site/ruff && mkdir -p astral-docs/site && cp -r site/ruff astral-docs/site/ @@ -103,12 +99,10 @@ jobs: - name: "Commit docs" working-directory: astral-docs run: | - branch_name="${{ env.branch_name }}" - git config user.name "astral-docs-bot" git config user.email "176161322+astral-docs-bot@users.noreply.github.com" - git checkout -b $branch_name + git checkout -b "${branch_name}" git add site/ruff git commit -m "Update ruff documentation for $version" @@ -117,12 +111,8 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.ASTRAL_DOCS_PAT }} run: | - version="${{ env.version }}" - display_name="${{ env.display_name }}" - branch_name="${{ env.branch_name }}" - # set the PR title - pull_request_title="Update ruff documentation for $display_name" + pull_request_title="Update ruff documentation for "${display_name}"" # Delete any existing pull requests that are open for this version # by checking against pull_request_title because the new PR will @@ -131,12 +121,12 @@ jobs: xargs -I {} gh pr close {} # push the branch to GitHub - git push origin $branch_name + git push origin "${branch_name}" # create the PR - gh pr create --base main --head $branch_name \ + gh pr create --base main --head "${branch_name}" \ --title "$pull_request_title" \ - --body "Automated documentation update for $display_name" \ + --body "Automated documentation update for "${display_name}"" \ --label "documentation" - name: "Merge Pull Request" @@ -145,9 +135,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.ASTRAL_DOCS_PAT }} run: | - branch_name="${{ env.branch_name }}" - # auto-merge the PR if the build was triggered by a release. Manual builds should be reviewed by a human. # give the PR a few seconds to be created before trying to auto-merge it sleep 10 - gh pr merge --squash $branch_name + gh pr merge --squash "${branch_name}" diff --git a/.github/workflows/sync_typeshed.yaml b/.github/workflows/sync_typeshed.yaml index 30a472e02868f..467f1a8574bc4 100644 --- a/.github/workflows/sync_typeshed.yaml +++ b/.github/workflows/sync_typeshed.yaml @@ -31,7 +31,7 @@ jobs: with: repository: python/typeshed path: typeshed - persist-credentials: true + persist-credentials: false - name: Setup git run: | git config --global user.name typeshedbot diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 959bc2844da39..51ee9bd072266 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -95,8 +95,6 @@ repos: # `release.yml` is autogenerated by `dist`; security issues need to be fixed there # (https://opensource.axo.dev/cargo-dist/) exclude: .github/workflows/release.yml - # We could consider enabling the low-severity warnings, but they're noisy - args: [--min-severity=medium] - repo: https://github.com/python-jsonschema/check-jsonschema rev: 0.30.0