From a0d8cc3417246c619c07b50cb3a2122a426d25a5 Mon Sep 17 00:00:00 2001 From: Popescu V <136721202+popescu-v@users.noreply.github.com> Date: Fri, 3 Jul 2026 12:29:28 +0200 Subject: [PATCH 1/3] Use Ubuntu 24.04 for running non-test jobs on the Pip packaging workflow --- .github/workflows/pip.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pip.yml b/.github/workflows/pip.yml index f1ed4d8b..e60f4584 100644 --- a/.github/workflows/pip.yml +++ b/.github/workflows/pip.yml @@ -25,7 +25,7 @@ concurrency: cancel-in-progress: true jobs: build: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: contents: read steps: @@ -225,6 +225,7 @@ jobs: echo "::error::Python package version $PACKAGE_VERSION does not match Git tag ${{ github.ref_name }}" false fi + # The implementation of a unique release job with multiple conditional steps # for each publishing mode is not chosen # because of the required job environment verified for Trusted Publishing @@ -232,7 +233,7 @@ jobs: # only publish on tag pushes if: github.ref_type == 'tag' && github.repository_owner == 'KhiopsML' needs: [build, test] - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: contents: write steps: @@ -254,7 +255,7 @@ jobs: # only publish on testpypi if requested and on tag pushes if: inputs.pypi-target == 'testpypi' && github.ref_type == 'tag' && github.repository_owner == 'KhiopsML' needs: [build, test] - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: # IMPORTANT: OIDC token mandatory for trusted publishing on TestPyPI and PyPI id-token: write @@ -276,7 +277,7 @@ jobs: # only publish on pypi if requested and on tag pushes if: inputs.pypi-target == 'pypi' && github.ref_type == 'tag' && github.repository_owner == 'KhiopsML' needs: [build, test] - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: # IMPORTANT: OIDC token mandatory for trusted publishing on TestPyPI and PyPI id-token: write From 14a1b992f84d651f51a50a279e300ad496247af8 Mon Sep 17 00:00:00 2001 From: Popescu V <136721202+popescu-v@users.noreply.github.com> Date: Fri, 3 Jul 2026 11:54:38 +0200 Subject: [PATCH 2/3] Check Pip package version / Git tag coherence in a separate job before release Also update the job dependency graph: - have the release jobs depend on the test and version-checking jobs - have the test and version-checking jobs depend on the build job --- .github/workflows/pip.yml | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/.github/workflows/pip.yml b/.github/workflows/pip.yml index e60f4584..c4a03905 100644 --- a/.github/workflows/pip.yml +++ b/.github/workflows/pip.yml @@ -28,6 +28,8 @@ jobs: runs-on: ubuntu-24.04 permissions: contents: read + outputs: + package-version: ${{ steps.build.outputs.PACKAGE_VERSION }} steps: - name: Checkout sources uses: actions/checkout@v4 @@ -36,6 +38,7 @@ jobs: # See issue https://github.com/actions/checkout/issues/701 fetch-depth: 0 - name: Build Pip package + id: build run: | # This is needed so that the Git tag is parsed and the version is retrieved git config --global --add safe.directory $(realpath .) @@ -48,6 +51,10 @@ jobs: # Build the source package (sdist) only python -m build --sdist + + # Get built package version and make it accessible to subsequent jobs + PACKAGE_VERSION=$(python -m build --metadata | jq ".version" | tr -d '"') + echo "PACKAGE_VERSION=$PACKAGE_VERSION" >> "$GITHUB_OUTPUT" - name: Upload the package as artifact uses: actions/upload-artifact@v4 with: @@ -198,29 +205,28 @@ jobs: # The MPI command is not always named mpiexec, but can be orterun etc # (as given by khiops_env) kh-status | grep "MPI command" | grep -vwq "" + + # Deactivate virtualenv if used if [[ "${{ matrix.env.use-virtualenv }}" == "true" ]]; then deactivate fi + check-package-version: + if: github.ref_type == 'tag' + needs: build + runs-on: ubuntu-24.04 + steps: - name: Test package / Git tag version coherence + env: + PACKAGE_VERSION: ${{ needs.build.outputs.package-version }} shell: bash - if: github.ref_type == 'tag' run: | # Don't exit on first error: print relevant error message set +e - # Use a virtualenv if required - if [[ "${{ matrix.env.use-virtualenv }}" == "true" ]]; then - source "$VENV_ACTIVATE_SCRIPT" - fi # Convert pre-release version specification in the Git tag to the Pip # format and check that it matches the Pip package version - PACKAGE_VERSION=$($PYTHON -m pip show khiops | awk 'BEGIN {FS = ": "} $1 ~ /^Version$/ {print $2}') - if [[ "${{ matrix.env.use-virtualenv }}" == "true" ]]; then - deactivate - fi - # Remove any '.' or '-' from the versions to be able to compare them canonically - canonic_tag_name=$(echo "${{ github.ref_name }}" | perl -pe "s/[\.-]//g") - canonic_package_version=$(echo $PACKAGE_VERSION | perl -pe "s/[\.-]//g") - if [[ "$canonic_tag_name" != "$canonic_package_version" ]] + echo "${{ github.ref_name }}" | tr -d '-' | rev | sed -E 's/\.([^0-9].*)/\1/' | rev | \ + grep -wq "$PACKAGE_VERSION" + if [[ $? -ne 0 ]] then echo "::error::Python package version $PACKAGE_VERSION does not match Git tag ${{ github.ref_name }}" false @@ -232,7 +238,7 @@ jobs: release-github: # only publish on tag pushes if: github.ref_type == 'tag' && github.repository_owner == 'KhiopsML' - needs: [build, test] + needs: [test, check-package-version] runs-on: ubuntu-24.04 permissions: contents: write @@ -254,7 +260,7 @@ jobs: release-testpypi: # only publish on testpypi if requested and on tag pushes if: inputs.pypi-target == 'testpypi' && github.ref_type == 'tag' && github.repository_owner == 'KhiopsML' - needs: [build, test] + needs: [test, check-package-version] runs-on: ubuntu-24.04 permissions: # IMPORTANT: OIDC token mandatory for trusted publishing on TestPyPI and PyPI @@ -276,7 +282,7 @@ jobs: release-pypi: # only publish on pypi if requested and on tag pushes if: inputs.pypi-target == 'pypi' && github.ref_type == 'tag' && github.repository_owner == 'KhiopsML' - needs: [build, test] + needs: [test, check-package-version] runs-on: ubuntu-24.04 permissions: # IMPORTANT: OIDC token mandatory for trusted publishing on TestPyPI and PyPI From f4c369cc21fc093c3d5b80304256d3232dc2e4f4 Mon Sep 17 00:00:00 2001 From: Popescu V <136721202+popescu-v@users.noreply.github.com> Date: Fri, 3 Jul 2026 13:15:49 +0200 Subject: [PATCH 3/3] Arrange comments in the test job in a paragraph-oriented way --- .github/workflows/pip.yml | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pip.yml b/.github/workflows/pip.yml index c4a03905..7f5733a6 100644 --- a/.github/workflows/pip.yml +++ b/.github/workflows/pip.yml @@ -34,13 +34,14 @@ jobs: - name: Checkout sources uses: actions/checkout@v4 with: - # Get Git tags so that versioneer can function correctly + # Get Git tags # See issue https://github.com/actions/checkout/issues/701 fetch-depth: 0 - name: Build Pip package id: build run: | - # This is needed so that the Git tag is parsed and the version is retrieved + # This is needed so that the Git tag is parsed and the version is + # retrieved git config --global --add safe.directory $(realpath .) # Upgrade Pip @@ -90,6 +91,7 @@ jobs: apt-get install -y python3 python3-pip python3-venv elif command -v dnf; then dnf install -y python3 python3-pip + # Install findutils on Rocky Linux when xargs cannot be found if ! command -v xargs; then dnf install -y findutils @@ -106,12 +108,14 @@ jobs: VENV_ACTIVATE_SCRIPT="khiops-venv/bin/activate" fi echo "VENV_ACTIVATE_SCRIPT=$VENV_ACTIVATE_SCRIPT" >> "$GITHUB_ENV" + # Setup Python (be portable wrt. python vs python3 in runners and # containers; either python3 or python is present as per the Python # installation step in the Docker container contexts) PYTHON=$(basename $(command -v python3 || command -v python)) echo "PYTHON=$PYTHON" >> "$GITHUB_ENV" - - name: Checkout sources # Checkout the sources to be able to extract the dependencies list + # Checkout the sources to be able to extract the dependencies list + - name: Checkout sources uses: actions/checkout@v4 with: # Get Git tags @@ -137,30 +141,36 @@ jobs: chown -R $(whoami) /github/home/.cache/pip fi - # Install the Khiops Python library - # Use a virtualenv if required if [[ "${{ matrix.env.use-virtualenv }}" == "true" ]]; then $PYTHON -m venv khiops-venv source "$VENV_ACTIVATE_SCRIPT" fi $PYTHON -m pip install --upgrade pip + # Add homogeneous TOML support (Python >= 3.12 has standard tomllib) $PYTHON -c "import tomllib" 2>/dev/null || $PYTHON -m pip install tomli - # First, install all dependencies except khiops-core and khiops-drivers-* + + # Install all dependencies except khiops-* $PYTHON scripts/extract_dependencies_from_pyproject_toml.py -f "pyproject.toml" --exclude-khiops-family > requires-no-khiops.txt [ ! -s requires-no-khiops.txt ] || xargs $PYTHON -m pip install < requires-no-khiops.txt + # On Windows, the `impi-rt` MPI dependency must be installed # separately, from PyPI, because it is not present on TestPyPI if [[ $RUNNER_OS == 'Windows' ]]; then $PYTHON -m pip install impi-rt fi - # khiops-core and khiops-drivers-* must always be installed from TestPyPI in order to avoid distorting usage statistics + + # khiops-core and khiops-drivers-* must always be installed from + # TestPyPI in order to avoid distorting usage statistics $PYTHON scripts/extract_dependencies_from_pyproject_toml.py -f "pyproject.toml" --khiops-family-only > requires-khiops.txt [ ! -s requires-khiops.txt ] || xargs $PYTHON -m pip install --index-url https://test.pypi.org/simple < requires-khiops.txt rm -f requires-khiops.txt requires-no-khiops.txt - # Lastly, install khiops-python + + # Install the khiops package $PYTHON -m pip install khiops*.tar.gz + + # Deactivate virtualenv if used if [[ "${{ matrix.env.use-virtualenv }}" == "true" ]]; then deactivate fi @@ -222,6 +232,7 @@ jobs: run: | # Don't exit on first error: print relevant error message set +e + # Convert pre-release version specification in the Git tag to the Pip # format and check that it matches the Pip package version echo "${{ github.ref_name }}" | tr -d '-' | rev | sed -E 's/\.([^0-9].*)/\1/' | rev | \