From c41627957c4021ca7626bf662ee1ad1bbe2140cb Mon Sep 17 00:00:00 2001 From: tison Date: Thu, 15 Jan 2026 17:14:57 +0800 Subject: [PATCH 1/7] ci: coalesce styles Signed-off-by: tison --- .github/workflows/codeql-analysis.yml | 17 +-- .github/workflows/depsreview.yaml | 12 +- .../{install_test.yml => install-tests.yml} | 32 ++-- .github/workflows/integration-tests.yml | 17 +-- .github/workflows/main.yml | 141 ++++++------------ .github/workflows/publish_dev_artifact.yml | 18 +-- .github/workflows/publish_pricing_to_s3.yml | 23 +-- 7 files changed, 88 insertions(+), 172 deletions(-) rename .github/workflows/{install_test.yml => install-tests.yml} (72%) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e3cbafc756..100522b1ab 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,4 +1,4 @@ -name: "CodeQL Analysis" +name: CodeQL Analysis on: push: @@ -22,24 +22,15 @@ jobs: security-events: write # for github/codeql-action/autobuild to send a status report name: Analyze runs-on: ubuntu-latest - timeout-minutes: 12 - - strategy: - fail-fast: false - matrix: - language: [ 'python' ] + timeout-minutes: 15 steps: - - name: Checkout repository - uses: actions/checkout@master - + - uses: actions/checkout@v6 - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: - languages: ${{ matrix.language }} - + languages: python - name: Autobuild uses: github/codeql-action/autobuild@v3 - - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/depsreview.yaml b/.github/workflows/depsreview.yaml index cfd4e8de44..26958ac754 100644 --- a/.github/workflows/depsreview.yaml +++ b/.github/workflows/depsreview.yaml @@ -1,9 +1,8 @@ -name: 'Dependency Review' +name: Dependency Review on: pull_request: - branches: - - trunk + branches: [ trunk ] permissions: contents: read # for actions/checkout to fetch code @@ -16,12 +15,11 @@ jobs: dependency-review: name: Dependency Review runs-on: ubuntu-latest + timeout-minutes: 15 steps: - - name: 'Checkout Repository' - uses: actions/checkout@v4 - - - name: 'Dependency Review' + - uses: actions/checkout@v6 + - name: Dependency Review uses: actions/dependency-review-action@v4 # TODO: We really want one check for direct prod dependencies where we # only allows ASF, MIT, BSD and nother one for testing / dev diff --git a/.github/workflows/install_test.yml b/.github/workflows/install-tests.yml similarity index 72% rename from .github/workflows/install_test.yml rename to .github/workflows/install-tests.yml index 7a2a0dd2d7..32dae1c8b9 100644 --- a/.github/workflows/install_test.yml +++ b/.github/workflows/install-tests.yml @@ -13,36 +13,27 @@ permissions: jobs: install_and_verify: name: Install - runs-on: ${{ matrix.os }} - timeout-minutes: 2 + runs-on: ubuntu-latest + timeout-minutes: 5 strategy: fail-fast: false matrix: - os: - - "ubuntu-latest" python_version: - - 3.7 - - 3.8 - - 3.9 + - "3.6" + - "3.7" + - "3.8" + - "3.9" - "3.10" - "3.11" - "pypy-3.7" - "pypy-3.8" - "pypy-3.9" - include: - # python 3.6 is not supported with ubuntu-latest anymore so we need to - # use ubuntu 20.04 - - python_version: 3.6 - os: ubuntu-20.04 steps: - - uses: actions/checkout@master - with: - fetch-depth: 1 - + - uses: actions/checkout@v6 - name: Use Python ${{ matrix.python_version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python_version }} @@ -58,13 +49,10 @@ jobs: verify_checksums: name: Verify Artifacts Checksum runs-on: ubuntu-latest - timeout-minutes: 2 + timeout-minutes: 5 steps: - - uses: actions/checkout@master - with: - fetch-depth: 1 - + - uses: actions/checkout@v6 - name: Verify Checksums run: | LAST_STABLE_VERSION=$(curl -s --fail https://pypi.org/pypi/apache-libcloud/json | jq ".releases | to_entries | last | .key" -r) diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index f2140c7a55..f8ddd815c5 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -4,11 +4,9 @@ name: Integration Tests on: push: - branches: - - trunk + branches: [ trunk ] pull_request: - branches: - - trunk + branches: [ trunk ] schedule: - cron: '0 1 * * *' @@ -32,15 +30,12 @@ jobs: strategy: matrix: - python_version: [3.9] + python_version: [ 3.9 ] steps: - - uses: actions/checkout@master - with: - fetch-depth: 1 - + - uses: actions/checkout@v6 - name: Use Python ${{ matrix.python_version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python_version }} @@ -50,7 +45,7 @@ jobs: sudo DEBIAN_FRONTEND=noninteractive apt-get install -yq gcc libvirt-dev - name: Cache Python Dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('requirements-tests.txt', 'integration/storage/requirements.txt') }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 48a51f35d9..4760263f76 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -44,12 +44,9 @@ jobs: - ubuntu-latest steps: - - uses: actions/checkout@master - with: - fetch-depth: 1 - + - uses: actions/checkout@v6 - name: Use Python ${{ matrix.python_version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python_version }} @@ -59,7 +56,7 @@ jobs: sudo DEBIAN_FRONTEND=noninteractive apt-get install -yq gcc libvirt-dev - name: Cache Python Dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('requirements-tests.txt', '') }} @@ -67,17 +64,14 @@ jobs: ${{ runner.os }}-pip- - name: Install Python Dependencies - run: | - pip install -r requirements-ci.txt + run: pip install -r requirements-ci.txt - name: Run unit tests tox target - run: | - tox -e py${{ matrix.python_version }} + run: tox -e py${{ matrix.python_version }} - name: Run dist install checks tox target if: ${{ matrix.python_version != 'pypy-3.9' && matrix.python_version != 'pypy-3.10' }} - run: | - tox -e py${{ matrix.python_version }}-dist,py${{ matrix.python_version }}-dist-wheel + run: tox -e py${{ matrix.python_version }}-dist,py${{ matrix.python_version }}-dist-wheel code_coverage: name: Generate Code Coverage @@ -85,15 +79,12 @@ jobs: strategy: matrix: - python_version: [3.9] + python_version: [ 3.9 ] steps: - - uses: actions/checkout@master - with: - fetch-depth: 1 - + - uses: actions/checkout@v6 - name: Use Python ${{ matrix.python_version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python_version }} @@ -103,7 +94,7 @@ jobs: sudo DEBIAN_FRONTEND=noninteractive apt-get install -yq graphviz gcc libvirt-dev - name: Cache Python Dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('requirements-tests.txt') }} @@ -111,12 +102,10 @@ jobs: ${{ runner.os }}-pip- - name: Install Python Dependencies - run: | - pip install -r requirements-ci.txt + run: pip install -r requirements-ci.txt - name: Run Checks - run: | - tox -e coverage-ci + run: tox -e coverage-ci - name: Upload Coverage to codecov.io uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 @@ -133,15 +122,12 @@ jobs: strategy: matrix: - python_version: [3.9] + python_version: [ 3.9 ] steps: - - uses: actions/checkout@master - with: - fetch-depth: 1 - + - uses: actions/checkout@v6 - name: Use Python ${{ matrix.python_version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python_version }} @@ -151,7 +137,7 @@ jobs: sudo DEBIAN_FRONTEND=noninteractive apt-get install -yq graphviz gcc libvirt-dev - name: Cache Python Dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('requirements-lint.txt') }} @@ -159,16 +145,13 @@ jobs: ${{ runner.os }}-pip- - name: Install Python Dependencies - run: | - pip install -r requirements-ci.txt + run: pip install -r requirements-ci.txt - name: Run shellcheck - run: | - shellcheck dist/*.sh contrib/*.sh + run: shellcheck dist/*.sh contrib/*.sh - name: Run Python Checks - run: | - tox -e black-check,isort-check,pyupgrade,checks,import-timings,lint,pylint,mypy + run: tox -e black-check,isort-check,pyupgrade,checks,import-timings,lint,pylint,mypy build_test_release_artifact: name: Build and Test Release Artifact @@ -176,20 +159,17 @@ jobs: strategy: matrix: - python_version: [3.9] + python_version: [ 3.9 ] steps: - - uses: actions/checkout@master - with: - fetch-depth: 1 - + - uses: actions/checkout@v6 - name: Use Python ${{ matrix.python_version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python_version }} - name: Cache Python Dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('requirements-lint.txt') }} @@ -253,17 +233,12 @@ jobs: strategy: matrix: - python_version: [3.9] + python_version: [ 3.9 ] steps: - - uses: actions/checkout@master - with: - fetch-depth: 1 - + - uses: actions/checkout@v6 - name: Build Testing Docker Image - run: | - docker build -f contrib/Dockerfile -t libcloud_runtest_img . - + run: docker build -f contrib/Dockerfile -t libcloud_runtest_img . - name: Verify Image Works # This step runs checks under various Python versions and it's slow so # we only run it on nightly basis @@ -273,29 +248,26 @@ jobs: security_checks: name: Run Security Checks - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest strategy: matrix: - python_version: [3.9] + python_version: [ 3.9 ] steps: - - uses: actions/checkout@master - with: - fetch-depth: 1 - + - uses: actions/checkout@v6 - name: Install OS / deb dependencies run: | sudo DEBIAN_FRONTEND=noninteractive apt-get update sudo DEBIAN_FRONTEND=noninteractive apt-get install -yq gcc libvirt-dev - name: Use Python ${{ matrix.python_version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python_version }} - name: Cache Python Dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('requirements-lint.txt') }} @@ -303,8 +275,7 @@ jobs: ${{ runner.os }}-pip- - name: Install Python Dependencies - run: | - pip install -r requirements-ci.txt + run: pip install -r requirements-ci.txt - name: Install Library Into Virtualenv run: | @@ -324,8 +295,7 @@ jobs: PYSEC-2023-228 - name: Cleanup - run: | - rm -rf venv/ || true + run: rm -rf venv/ || true - name: Run Pip Audit Check On All Development And Test Dependencies uses: ./.github/actions/gh-action-pip-audit/ # v1.0.0 @@ -336,8 +306,7 @@ jobs: GHSA-r9hx-vwmv-q579 - name: Run Bandit Check - run: | - tox -e bandit + run: tox -e bandit micro-benchmarks: name: Micro Benchmarks @@ -345,15 +314,12 @@ jobs: strategy: matrix: - python_version: [3.9] + python_version: [ 3.9 ] steps: - - uses: actions/checkout@master - with: - fetch-depth: 1 - + - uses: actions/checkout@v6 - name: Use Python ${{ matrix.python_version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python_version }} @@ -363,7 +329,7 @@ jobs: sudo DEBIAN_FRONTEND=noninteractive apt-get install -yq graphviz gcc libvirt-dev - name: Cache Python Dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('requirements-tests.txt') }} @@ -371,12 +337,10 @@ jobs: ${{ runner.os }}-pip- - name: Install Python Dependencies - run: | - pip install -r requirements-ci.txt + run: pip install -r requirements-ci.txt - name: Run Micro Benchmarks - run: | - tox -e micro-benchmarks + run: tox -e micro-benchmarks docs: name: Build and upload Documentation @@ -384,30 +348,25 @@ jobs: strategy: matrix: - python_version: [3.9] + python_version: [ 3.9 ] steps: - - name: Print Environment Info - id: printenv - run: | - printenv | sort - - - uses: actions/checkout@master - with: - fetch-depth: 1 - + - uses: actions/checkout@v6 - name: Use Python ${{ matrix.python_version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python_version }} + - name: Print Environment Info + run: printenv | sort + - name: Install OS / deb dependencies run: | sudo DEBIAN_FRONTEND=noninteractive apt-get update sudo DEBIAN_FRONTEND=noninteractive apt-get install -yq graphviz gcc libvirt-dev - name: Cache Python Dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('requirements-docs.txt') }} @@ -415,12 +374,10 @@ jobs: ${{ runner.os }}-pip- - name: Install Python Dependencies - run: | - pip install -r requirements-ci.txt + run: pip install -r requirements-ci.txt - name: Build Docs - run: | - tox -e docs + run: tox -e docs - name: Trigger ReadTheDocs build if: ${{ github.ref_name == 'trunk' }} diff --git a/.github/workflows/publish_dev_artifact.yml b/.github/workflows/publish_dev_artifact.yml index 9c2e12a263..f8e1f31a33 100644 --- a/.github/workflows/publish_dev_artifact.yml +++ b/.github/workflows/publish_dev_artifact.yml @@ -23,20 +23,14 @@ jobs: timeout-minutes: 5 steps: - - name: Print Environment Info - id: printenv - run: | - printenv | sort - - - uses: actions/checkout@master - with: - fetch-depth: 1 - + - uses: actions/checkout@v6 - name: Use Python ${{ matrix.python_version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: 3.9 + - name: Print Environment Info + run: printenv | sort - name: Install Dependencies run: | pip install --upgrade pip @@ -52,7 +46,7 @@ jobs: ls -la dist | grep .whl - name: Store dev artifacts - .tar.gz - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: libcloud-dev-tarball retention-days: 60 @@ -61,7 +55,7 @@ jobs: dist/*.tar.gz - name: Store dev artifacts - .whl - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: libcloud-dev-wheel retention-days: 60 diff --git a/.github/workflows/publish_pricing_to_s3.yml b/.github/workflows/publish_pricing_to_s3.yml index 681acc8505..fc8e44204b 100644 --- a/.github/workflows/publish_pricing_to_s3.yml +++ b/.github/workflows/publish_pricing_to_s3.yml @@ -17,34 +17,27 @@ jobs: strategy: matrix: - python_version: [3.9] + python_version: [ 3.9 ] steps: - - name: Print Environment Info - id: printenv - run: | - printenv | sort - - - uses: actions/checkout@master - with: - fetch-depth: 1 - + - uses: actions/checkout@v6 - name: Use Python ${{ matrix.python_version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python_version }} + - name: Print Environment Info + run: printenv | sort + - name: Install Python Dependencies - run: | - pip install -r requirements-ci.txt + run: pip install -r requirements-ci.txt - name: Generate and publish pricing data env: GCE_API_KEY: ${{ secrets.GCE_API_KEY }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_SECRET: ${{ secrets.AWS_ACCESS_KEY_SECRET }} - run: | - script -e -c "tox -escrape-and-publish-provider-prices" + run: script -e -c "tox -escrape-and-publish-provider-prices" - name: Verify files can be downloaded # Verify that the permissions are correct and files can be downloaded publicly From f6f00ea24264544935230494966106b3a20c8e7a Mon Sep 17 00:00:00 2001 From: tison Date: Thu, 15 Jan 2026 18:10:43 +0800 Subject: [PATCH 2/7] Update .github/workflows/main.yml --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4760263f76..64e588d2d8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -252,7 +252,7 @@ jobs: strategy: matrix: - python_version: [ 3.9 ] + python_version: [ 3.10 ] steps: - uses: actions/checkout@v6 From 03d4b6ab046c8a1265119f7f8a9fc8ec07500a71 Mon Sep 17 00:00:00 2001 From: tison Date: Thu, 15 Jan 2026 18:20:16 +0800 Subject: [PATCH 3/7] Update .github/workflows/main.yml Co-authored-by: Miguel Caballer Fernandez --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 64e588d2d8..469a6b8f8e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -252,7 +252,7 @@ jobs: strategy: matrix: - python_version: [ 3.10 ] + python_version: [ "3.10" ] steps: - uses: actions/checkout@v6 From fc52cce2d39503248b5194f196be659d9d8f473d Mon Sep 17 00:00:00 2001 From: tison Date: Thu, 15 Jan 2026 20:44:23 +0800 Subject: [PATCH 4/7] Update .github/workflows/main.yml Co-authored-by: Miguel Caballer Fernandez --- .github/workflows/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 469a6b8f8e..c5e6567474 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -275,7 +275,9 @@ jobs: ${{ runner.os }}-pip- - name: Install Python Dependencies - run: pip install -r requirements-ci.txt + run: | + pip install --upgrade pip + pip install -r requirements-ci.txt - name: Install Library Into Virtualenv run: | From 2bf13470c2a4251b50f8ae817f7b23e12fc3f854 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Fernandez Date: Thu, 15 Jan 2026 15:30:56 +0100 Subject: [PATCH 5/7] Refactor Python dependency installation in CI workflow Simplified Python dependency installation step. --- .github/workflows/main.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c5e6567474..f08def1dcc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -275,14 +275,13 @@ jobs: ${{ runner.os }}-pip- - name: Install Python Dependencies - run: | - pip install --upgrade pip - pip install -r requirements-ci.txt + run: pip install -r requirements-ci.txt - name: Install Library Into Virtualenv run: | python -m venv venv/ source venv/bin/activate + python -m pip install --upgrade pip python -m pip install . - name: Run Pip Audit Check On Main Library Dependencies From fcfa56a4b1c9d0d92a5ee3bf7342bf3c56d87e76 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Fernandez Date: Thu, 15 Jan 2026 15:51:46 +0100 Subject: [PATCH 6/7] Add 'bandit' to Python 3.10 environment in tox.ini --- tox.ini | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tox.ini b/tox.ini index 7c2ebbb491..d6288b5479 100644 --- a/tox.ini +++ b/tox.ini @@ -27,9 +27,9 @@ basepython = pypypy3.10: pypy3.10 pypypy-3.10: pypy3.10 pypyjion: pyjion - {docs,checks,black,black-check,lint,pylint,bandit,mypy,micro-benchmarks,coverage,import-timings,isort,isort-check,pyupgrade}: python3.9 + {docs,checks,black,black-check,lint,pylint,mypy,micro-benchmarks,coverage,import-timings,isort,isort-check,pyupgrade}: python3.9 {py3.9,py3.9-dist,py3.9-dist-wheel,py3.9-windows,integration-storage}: python3.9 - {py3.10,py3.10-dist,py3.10-dist-wheel}: python3.10 + {py3.10,py3.10-dist,py3.10-dist-wheel,bandit}: python3.10 {py3.11,py3.11-dist,py3.11-dist-wheel}: python3.11 {py3.12,py3.12-dist,py3.12-dist-wheel}: python3.12 {py3.13-dev,py3.13-dev-dist,py3.13-dev-dist-wheel}: python3.13 From 0f167f30c5cfaa3e4b477d3314c23e90a473f317 Mon Sep 17 00:00:00 2001 From: tison Date: Fri, 16 Jan 2026 18:02:07 +0800 Subject: [PATCH 7/7] revert to head Signed-off-by: tison --- .github/workflows/codeql-analysis.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 100522b1ab..1b6d2c748e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,4 +1,4 @@ -name: CodeQL Analysis +name: "CodeQL Analysis" on: push: @@ -24,12 +24,17 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 15 + strategy: + fail-fast: false + matrix: + language: [ 'python' ] + steps: - uses: actions/checkout@v6 - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: - languages: python + languages: ${{ matrix.language }} - name: Autobuild uses: github/codeql-action/autobuild@v3 - name: Perform CodeQL Analysis