From aebd53ac8cfd1b91fe2597f75b839ce2e53c3d54 Mon Sep 17 00:00:00 2001 From: Scartography Date: Sun, 8 Feb 2026 18:25:42 +0100 Subject: [PATCH 01/10] sync workflow triggering and summary logic --- .github/workflows/python-package.yml | 23 +++++++++++++--------- .github/workflows/sync-dependencies.yml | 26 +++++++++++++++++++------ 2 files changed, 34 insertions(+), 15 deletions(-) diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index 2d04016..b4bb0bd 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -2,13 +2,17 @@ name: Python package test on: push: - branches: [main] + branches: ['**'] + tags: ['*'] paths-ignore: - "docs/**" pull_request: branches: [main] paths-ignore: - "docs/**" + - "pyproject.toml" + - "uv.lock" + - "conda/meta.yaml" schedule: - cron: '0 8 * * 1,4' workflow_call: @@ -22,8 +26,6 @@ jobs: lint: name: "๐Ÿ“ Pre-commit / Code Quality" runs-on: ubuntu-latest - # Skip linting when triggered by the Sync Workflow (it just updated locks) - if: github.event_name != 'workflow_call' steps: - uses: actions/checkout@v4 - name: โšก Install uv @@ -184,7 +186,9 @@ jobs: fi uv tool install coverage - mv all-results/.coverage* . + if ls all-results/.coverage* 1> /dev/null 2>&1; then + mv all-results/.coverage* . + fi cat < .coveragerc [run] @@ -199,18 +203,19 @@ jobs: echo "Merging coverage files with path remapping..." # 2๏ธโƒฃ COMBINE & REPORT # We use the rcfile to ensure the mapping is applied during the merge - uv tool run coverage combine --rcfile=.coveragerc + uv tool run coverage combine --append --rcfile=.coveragerc || echo "No extra coverage files to combine." # ENFORCE 85% (or your chosen threshold) - OUTPUT=$(uv tool run coverage report --show-missing --fail-under=85 2>&1) || EXIT_CODE=$? + REPORT_OUTPUT=$(uv tool run coverage report --show-missing --fail-under=85 2>&1) + EXIT_CODE=$? - echo "$OUTPUT" + echo "$REPORT_OUTPUT" echo '```' >> $GITHUB_STEP_SUMMARY - echo "$OUTPUT" >> $GITHUB_STEP_SUMMARY + echo "$REPORT_OUTPUT" >> $GITHUB_STEP_SUMMARY echo '```' >> $GITHUB_STEP_SUMMARY - if [ "${EXIT_CODE:-0}" -ne 0 ]; then + if [ $EXIT_CODE -ne 0 ]; then echo "โŒ **Coverage Failed:** Python 3.13 coverage is below 85%." >> $GITHUB_STEP_SUMMARY exit $EXIT_CODE else diff --git a/.github/workflows/sync-dependencies.yml b/.github/workflows/sync-dependencies.yml index f1247ca..9d5443c 100644 --- a/.github/workflows/sync-dependencies.yml +++ b/.github/workflows/sync-dependencies.yml @@ -10,6 +10,7 @@ on: - "uv.lock" push: branches: [main] + tags: ['*'] paths: - "pyproject.toml" - "uv.lock" @@ -69,12 +70,15 @@ jobs: fi else - # ๐Ÿ’ค CASE 3: Absolutely nothing changed echo "changed=false" >> $GITHUB_OUTPUT echo "### โœ… Everything is Up-to-Date" >> $GITHUB_STEP_SUMMARY echo "No changes detected in \`uv.lock\`." >> $GITHUB_STEP_SUMMARY - echo "๐Ÿ’ค **Action:** Skipping tests and PR creation." >> $GITHUB_STEP_SUMMARY + if [ "${{ github.event_name }}" == "pull_request" ] || [ "${{ startsWith(github.ref, 'refs/tags/') }}" == "true" ]; then + echo "๐Ÿš€ **Action:** Running tests to verify PR/Release state." >> $GITHUB_STEP_SUMMARY + else + echo "๐Ÿ’ค **Action:** Skipping tests and PR creation." >> $GITHUB_STEP_SUMMARY + fi fi - name: ๐Ÿ“ค Upload Updated Deps @@ -88,10 +92,19 @@ jobs: run-tests: needs: sync-and-prepare - if: needs.sync-and-prepare.outputs.sync_needed == 'true' + # Always run tests on Pull Requests and Tags to satisfy mandatory status checks. + # On other events (like schedule), only run if a sync was actually needed. + if: | + always() && + needs.sync-and-prepare.result == 'success' && + ( + needs.sync-and-prepare.outputs.sync_needed == 'true' || + github.event_name == 'pull_request' || + startsWith(github.ref, 'refs/tags/') + ) uses: ./.github/workflows/python-package.yml with: - override-deps-artifact: updated-deps + override-deps-artifact: ${{ needs.sync-and-prepare.outputs.sync_needed == 'true' && 'updated-deps' || '' }} secrets: inherit finalize: @@ -109,6 +122,7 @@ jobs: with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.ref || github.ref }} + token: ${{ secrets.MAPCHETE_PAT_CONTAINER_IMAGES_TOKEN }} - name: ๐Ÿ“ฅ Download Verified Artifacts uses: actions/download-artifact@v4 @@ -125,13 +139,13 @@ jobs: git push origin HEAD:${{ github.event.pull_request.head.ref }} echo "### ๐Ÿš€ PR Updated" >> $GITHUB_STEP_SUMMARY - echo "Pushed verified changes to existing PR." >> $GITHUB_STEP_SUMMARY + echo "Pushed verified changes to existing PR. CI will re-run now." >> $GITHUB_STEP_SUMMARY - name: โž• Create New Pull Request if: github.event_name != 'pull_request' uses: peter-evans/create-pull-request@v7 with: - token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.MAPCHETE_PAT_CONTAINER_IMAGES_TOKEN }} commit-message: "chore: update uv.lock and conda recipe" title: "chore(deps): sync uv and conda" body: | From 7f3da912df0dcfb2dab7baa6383e1e6c150c332e Mon Sep 17 00:00:00 2001 From: Scartography Date: Sun, 8 Feb 2026 18:39:30 +0100 Subject: [PATCH 02/10] unify status check names for branch protection --- .github/workflows/python-package.yml | 7 ++++--- .github/workflows/sync-dependencies.yml | 19 +++++++++---------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index b4bb0bd..93dc1c8 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -10,9 +10,6 @@ on: branches: [main] paths-ignore: - "docs/**" - - "pyproject.toml" - - "uv.lock" - - "conda/meta.yaml" schedule: - cron: '0 8 * * 1,4' workflow_call: @@ -22,6 +19,10 @@ on: required: false type: string +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: lint: name: "๐Ÿ“ Pre-commit / Code Quality" diff --git a/.github/workflows/sync-dependencies.yml b/.github/workflows/sync-dependencies.yml index 9d5443c..ccc6748 100644 --- a/.github/workflows/sync-dependencies.yml +++ b/.github/workflows/sync-dependencies.yml @@ -75,7 +75,7 @@ jobs: echo "### โœ… Everything is Up-to-Date" >> $GITHUB_STEP_SUMMARY echo "No changes detected in \`uv.lock\`." >> $GITHUB_STEP_SUMMARY if [ "${{ github.event_name }}" == "pull_request" ] || [ "${{ startsWith(github.ref, 'refs/tags/') }}" == "true" ]; then - echo "๐Ÿš€ **Action:** Running tests to verify PR/Release state." >> $GITHUB_STEP_SUMMARY + echo "๐Ÿš€ **Action:** Standard tests will verify the state." >> $GITHUB_STEP_SUMMARY else echo "๐Ÿ’ค **Action:** Skipping tests and PR creation." >> $GITHUB_STEP_SUMMARY fi @@ -92,16 +92,15 @@ jobs: run-tests: needs: sync-and-prepare - # Always run tests on Pull Requests and Tags to satisfy mandatory status checks. - # On other events (like schedule), only run if a sync was actually needed. + # Background sync only verification. + # On Pull Requests and Tags, we rely on the direct trigger of the python-package workflow + # to provide consistent status check names for Branch Protection. if: | always() && needs.sync-and-prepare.result == 'success' && - ( - needs.sync-and-prepare.outputs.sync_needed == 'true' || - github.event_name == 'pull_request' || - startsWith(github.ref, 'refs/tags/') - ) + needs.sync-and-prepare.outputs.sync_needed == 'true' && + github.event_name != 'pull_request' && + !startsWith(github.ref, 'refs/tags/') uses: ./.github/workflows/python-package.yml with: override-deps-artifact: ${{ needs.sync-and-prepare.outputs.sync_needed == 'true' && 'updated-deps' || '' }} @@ -111,8 +110,8 @@ jobs: needs: [sync-and-prepare, run-tests] if: | always() && - needs.run-tests.result == 'success' && - needs.sync-and-prepare.outputs.sync_needed == 'true' + needs.sync-and-prepare.outputs.sync_needed == 'true' && + (needs.run-tests.result == 'success' || needs.run-tests.result == 'skipped' ) runs-on: ubuntu-latest permissions: contents: write From 7ae493f7679b6d241baa2e82605701dfcf5c7a5c Mon Sep 17 00:00:00 2001 From: Scartography Date: Sun, 8 Feb 2026 21:35:24 +0100 Subject: [PATCH 03/10] dev commit --- .github/workflows/python-package.yml | 17 +++++------------ .github/workflows/sync-dependencies.yml | 25 ++++++++----------------- 2 files changed, 13 insertions(+), 29 deletions(-) diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index 93dc1c8..fc1502c 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -1,23 +1,19 @@ name: Python package test on: + schedule: + - cron: '0 8 * * 1,4' push: - branches: ['**'] + branches: [main] tags: ['*'] - paths-ignore: - - "docs/**" pull_request: - branches: [main] - paths-ignore: - - "docs/**" - schedule: - - cron: '0 8 * * 1,4' + branches: ['**'] workflow_call: inputs: override-deps-artifact: description: "Name of artifact containing updated lockfiles" required: false - type: string + type: string concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -39,9 +35,6 @@ jobs: setup: name: "๐Ÿ—๏ธ Build Py${{ matrix.python-version }}" needs: lint - if: | - always() && - (needs.lint.result == 'success' || needs.lint.result == 'skipped') runs-on: ubuntu-latest strategy: matrix: diff --git a/.github/workflows/sync-dependencies.yml b/.github/workflows/sync-dependencies.yml index ccc6748..46eeb70 100644 --- a/.github/workflows/sync-dependencies.yml +++ b/.github/workflows/sync-dependencies.yml @@ -3,17 +3,17 @@ name: sync-dependencies on: schedule: - cron: '0 0 * * *' - workflow_dispatch: - pull_request: - paths: - - "pyproject.toml" - - "uv.lock" push: branches: [main] tags: ['*'] + paths: + - "pyproject.toml" + - "uv.lock" + pull_request: paths: - "pyproject.toml" - "uv.lock" + workflow_dispatch: jobs: sync-and-prepare: @@ -70,6 +70,7 @@ jobs: fi else + # ๐Ÿ’ค CASE 3: Absolutely nothing changed echo "changed=false" >> $GITHUB_OUTPUT echo "### โœ… Everything is Up-to-Date" >> $GITHUB_STEP_SUMMARY @@ -92,18 +93,9 @@ jobs: run-tests: needs: sync-and-prepare - # Background sync only verification. - # On Pull Requests and Tags, we rely on the direct trigger of the python-package workflow - # to provide consistent status check names for Branch Protection. - if: | - always() && - needs.sync-and-prepare.result == 'success' && - needs.sync-and-prepare.outputs.sync_needed == 'true' && - github.event_name != 'pull_request' && - !startsWith(github.ref, 'refs/tags/') uses: ./.github/workflows/python-package.yml with: - override-deps-artifact: ${{ needs.sync-and-prepare.outputs.sync_needed == 'true' && 'updated-deps' || '' }} + override-deps-artifact: updated-deps secrets: inherit finalize: @@ -121,7 +113,6 @@ jobs: with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.ref || github.ref }} - token: ${{ secrets.MAPCHETE_PAT_CONTAINER_IMAGES_TOKEN }} - name: ๐Ÿ“ฅ Download Verified Artifacts uses: actions/download-artifact@v4 @@ -138,7 +129,7 @@ jobs: git push origin HEAD:${{ github.event.pull_request.head.ref }} echo "### ๐Ÿš€ PR Updated" >> $GITHUB_STEP_SUMMARY - echo "Pushed verified changes to existing PR. CI will re-run now." >> $GITHUB_STEP_SUMMARY + echo "Pushed verified changes to existing PR." >> $GITHUB_STEP_SUMMARY - name: โž• Create New Pull Request if: github.event_name != 'pull_request' From 609b195f6e0dc8a4532b8195832206978e2b02a4 Mon Sep 17 00:00:00 2001 From: Scartography Date: Sun, 8 Feb 2026 21:56:23 +0100 Subject: [PATCH 04/10] try having PAT in checkout of finalize --- .github/workflows/sync-dependencies.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/sync-dependencies.yml b/.github/workflows/sync-dependencies.yml index 46eeb70..6208179 100644 --- a/.github/workflows/sync-dependencies.yml +++ b/.github/workflows/sync-dependencies.yml @@ -113,6 +113,7 @@ jobs: with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.ref || github.ref }} + token: ${{ secrets.MAPCHETE_PAT_CONTAINER_IMAGES_TOKEN }} - name: ๐Ÿ“ฅ Download Verified Artifacts uses: actions/download-artifact@v4 From 888d90bc3e93933eea927dfb35a43f9efa8338fe Mon Sep 17 00:00:00 2001 From: Scartography Date: Sun, 8 Feb 2026 22:10:47 +0100 Subject: [PATCH 05/10] add retention-days: 1 to deps upload --- .github/workflows/sync-dependencies.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/sync-dependencies.yml b/.github/workflows/sync-dependencies.yml index 6208179..cc973ed 100644 --- a/.github/workflows/sync-dependencies.yml +++ b/.github/workflows/sync-dependencies.yml @@ -87,6 +87,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: updated-deps + retention-days: 1 path: | uv.lock conda/meta.yaml From 7442936792129a10199641b38dca83d9978659bc Mon Sep 17 00:00:00 2001 From: Scartography Date: Sun, 8 Feb 2026 22:42:30 +0100 Subject: [PATCH 06/10] handle if artifacts from sync-depscome in or not --- .github/workflows/python-package.yml | 2 +- .github/workflows/sync-dependencies.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index fc1502c..3da19bb 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -44,7 +44,7 @@ jobs: - uses: actions/checkout@v4 - name: ๐Ÿ“ฅ Apply Dependency Overrides - if: "${{ inputs.override-deps-artifact != '' }}" + if: "${{ inputs.override-deps-artifact != '' && inputs.override-deps-artifact != 'null' }}" uses: actions/download-artifact@v4 with: name: ${{ inputs.override-deps-artifact }} diff --git a/.github/workflows/sync-dependencies.yml b/.github/workflows/sync-dependencies.yml index cc973ed..acb5ff0 100644 --- a/.github/workflows/sync-dependencies.yml +++ b/.github/workflows/sync-dependencies.yml @@ -96,7 +96,7 @@ jobs: needs: sync-and-prepare uses: ./.github/workflows/python-package.yml with: - override-deps-artifact: updated-deps + override-deps-artifact: ${{ needs.sync-and-prepare.outputs.sync_needed == 'true' && 'updated-deps' || 'null' }} secrets: inherit finalize: From ad6aa7404526d063a85370e16dbf82bda4c5c992 Mon Sep 17 00:00:00 2001 From: Scartography Date: Mon, 9 Feb 2026 10:21:06 +0100 Subject: [PATCH 07/10] cleanup deps change after sync-deps --- .github/workflows/python-package.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index 3da19bb..2229b6b 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -89,13 +89,7 @@ jobs: - name: ๐Ÿ“ฅ Download Requirements uses: actions/download-artifact@v4 with: - name: frozen-reqs-${{ matrix.python-version }} - - - name: ๐Ÿ“ฅ Apply Dependency Overrides - if: "${{ inputs.override-deps-artifact != '' }}" - uses: actions/download-artifact@v4 - with: - name: ${{ inputs.override-deps-artifact }} + name: frozen-reqs-${{ matrix.python-version }} - name: โšก Install uv run: | From b4ab03605b8f0fe195c2271c68d5f424b61592af Mon Sep 17 00:00:00 2001 From: Scartography Date: Mon, 9 Feb 2026 10:34:20 +0100 Subject: [PATCH 08/10] skip tests if no changes in sync deps, makes sense right... --- .github/workflows/sync-dependencies.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/sync-dependencies.yml b/.github/workflows/sync-dependencies.yml index acb5ff0..ed780b7 100644 --- a/.github/workflows/sync-dependencies.yml +++ b/.github/workflows/sync-dependencies.yml @@ -94,6 +94,7 @@ jobs: run-tests: needs: sync-and-prepare + if: steps.check.outputs.changed == 'true' uses: ./.github/workflows/python-package.yml with: override-deps-artifact: ${{ needs.sync-and-prepare.outputs.sync_needed == 'true' && 'updated-deps' || 'null' }} From 0d4a9b214fc39a2ad7fb080971e555574875d336 Mon Sep 17 00:00:00 2001 From: Scartography Date: Mon, 9 Feb 2026 10:38:43 +0100 Subject: [PATCH 09/10] fix condition syntax --- .github/workflows/sync-dependencies.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-dependencies.yml b/.github/workflows/sync-dependencies.yml index ed780b7..ca7ed6a 100644 --- a/.github/workflows/sync-dependencies.yml +++ b/.github/workflows/sync-dependencies.yml @@ -94,7 +94,7 @@ jobs: run-tests: needs: sync-and-prepare - if: steps.check.outputs.changed == 'true' + if: needs.sync-and-prepare.outputs.sync_needed == 'true' uses: ./.github/workflows/python-package.yml with: override-deps-artifact: ${{ needs.sync-and-prepare.outputs.sync_needed == 'true' && 'updated-deps' || 'null' }} From adcf33b9c69f1331e533fcf5a00de28051f95813 Mon Sep 17 00:00:00 2001 From: Scartography Date: Mon, 9 Feb 2026 10:45:28 +0100 Subject: [PATCH 10/10] rename Run Split --- .github/workflows/python-package.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index 2229b6b..dc3d2fb 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -103,7 +103,7 @@ jobs: uv pip install -r requirements.txt uv pip install -e ".[test]" --no-deps - - name: ๐Ÿงช Run Split + - name: ๐Ÿงช Run Tests (Split ${{ matrix.split }}/4) env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}