Python deps setup #155
Python deps setup #155
Conversation
Daverlo
force-pushed
the
daverlo/python
branch
2 times, most recently
from
7b84fad to
53f29ed
Compare
Update Python scripts for "Python deps setup"
Daverlo
force-pushed
the
daverlo/python
branch
from
53f29ed to
3495596
Compare
There was a problem hiding this comment.
This looks good! I think you should probably get a 👍 from @RasmusWL as well.
I left a few minor comments. I think my main concern is that there are quite a few situations that we want to support (poetry, pip, etc.), and it seems worthwhile to add a test scenario for each of them, and make sure we are indeed handling them correctly.
| @@ -0,0 +1,141 @@ | |||
| #!/usr/bin/env python3 | |||
There was a problem hiding this comment.
Could you add a docstring describing what this script is for and any extra assumptions.
|
|
||
| if python_executable_path is not None: | ||
| print("Setting CODEQL_PYTHON={}".format(python_executable_path)) | ||
| print("::set-env name=CODEQL_PYTHON::{}".format(python_executable_path)) |
There was a problem hiding this comment.
So the main purpose of this script is to do the installation and then set the env variable?
Is it an error if we do not suceed? do we want a different exit code?
|
|
||
|
|
||
| def install_packages() -> str: | ||
| if os.path.exists('poetry.lock'): |
There was a problem hiding this comment.
You are expecting this to run in the checkout folder of the project, right?
| elif version == 3: | ||
| _check_call(['python3', '-m', 'virtualenv', venv_path]) |
There was a problem hiding this comment.
Can get_extractor_version return anything else apart from 2 or 3? If it can, then we do not install the virtual env, right? Is this expected? If it cannot then I would change this into:
| elif version == 3: | |
| _check_call(['python3', '-m', 'virtualenv', venv_path]) | |
| else: | |
| assert version == 3 | |
| _check_call(['python3', '-m', 'virtualenv', venv_path]) |
| # subsequent actions in the current job, and not the current action. | ||
| export PATH="$HOME/.local/bin:$PATH" | ||
|
|
||
| python2 -m pip install --user --upgrade pip setuptools wheel |
There was a problem hiding this comment.
Is it worth checking that you actually have a python2 executable?
There was a problem hiding this comment.
For a long term solution it probably would be worth checking if python2 is not available and install it otherwise. For now I am not too worried -- as long as we have some automated tests that run regularly, that should catch this case right? (what do you think @Daverlo)
| python3 -m pip install --user virtualenv | ||
|
|
||
| # venv is required for installation of poetry or pipenv (I forgot which) | ||
| sudo apt-get install -y python3-venv |
There was a problem hiding this comment.
Ok, I dig up https://github.com/github/codeql-python-team/issues/103#issuecomment-692053819 and it seems we are expecting only the linux cloud runners to use this for now.
I haven't check yet but it would be good to have a comment saying where this should (and should not) work in the init, as that is where you can enable/disable this.
There was a problem hiding this comment.
Thanks for the review @marcogario 👍
The context for the Python scripts (that I wrote) is that it's something I made fairly quickly, and having in mind this should hopefully only be used for a limited time, I didn't invest a lot of effort into making this the highest quality code. I'll fix up some of the most blatant errors and bad coding practices.
| else: | ||
| return buildtools.discover.get_version() |
There was a problem hiding this comment.
I think pylint has a standard rule making the same recommendation as you propose here, but I strongly disagree, since the control flow of the code is much easier to follow with the explicit else (in my opinion).
| # subsequent actions in the current job, and not the current action. | ||
| export PATH="$HOME/.local/bin:$PATH" | ||
|
|
||
| python2 -m pip install --user --upgrade pip setuptools wheel |
There was a problem hiding this comment.
For a long term solution it probably would be worth checking if python2 is not available and install it otherwise. For now I am not too worried -- as long as we have some automated tests that run regularly, that should catch this case right? (what do you think @Daverlo)
| elif version == 3: | ||
| _check_call(['python3', '-m', 'virtualenv', venv_path]) |
|
|
||
|
|
||
| def install_packages() -> str: | ||
| if os.path.exists('poetry.lock'): |
| print('Found Pipfile, will install packages with Pipenv', flush=True) | ||
| return install_packages_with_pipenv() | ||
|
|
||
| version = extractor_version.get_extractor_version(sys.argv[1], quiet=False) |
There was a problem hiding this comment.
We should be passing in codeql_base_dir for sure 👍
We could run get_extractor_version before calling install_packages, I just didn't... if you feel very strongly about this one, let me know.
| print('Found Pipfile, will install packages with Pipenv', flush=True) | ||
| return install_packages_with_pipenv() | ||
|
|
||
| version = extractor_version.get_extractor_version(sys.argv[1], quiet=False) |
There was a problem hiding this comment.
ehh, naming is apparently not too obvious. extractor_version.get_extractor_version returns the Python version the extractor thinks this repo is in.
Co-authored-by: Marco Gario <marcogario@github.com>
|
@Daverlo I comitted directly to the branch with my changes. That means I actually haven't run the script, which is kind of scary. Is it easy to add tests so we know the script is working? (or have they already been added?) |
|
Tests are not going to be too helpful, if it doesn't work we just show a warning, and those are not easily visible. In this action this process failed on purpose https://github.com/dsp-testing/daverlo-djanjo-test/actions/runs/272089425, but you see all green no warning in the actions page https://github.com/dsp-testing/daverlo-djanjo-test/actions and in the pr page https://github.com/dsp-testing/daverlo-djanjo-test/pull/2 I would propose that we run the different tests on the django-test repo (basically update the workflows that I created for https://github.com/github/codeql-python-team/issues/103#issuecomment-663252898 so they run every day). Do you have any suggestion on how can we do better testing? |
I think the typescript wrapper is not too complex. I would expect we can test the python script directly. Ideally these should all complete outputting the env for CODEQL and you can check that. Maybe create a new workflow file for this. |
|
I've added a modified version of the playground workflow for testing the scripts. https://github.com/github/codeql-action/actions/runs/278176450 @RasmusWL That should cover all the cases am I right? |
Nice 👍 Unfortunate about the "expected failures", but not something I will personally worry too much about. This should allow us to catch blatant error in the python script early, which is super good 🎉
Is this still our best approach for something similar for integration tests? |
Yep, but as @marcogario suggested, by testing the scripts we should be quite covered
|
.github/workflows/python-deps.yml
Outdated
| $GITHUB_WORKSPACE/python-setup/install_tools.sh | ||
| echo -e '\n\n\n\n\n' && sleep 0.5 | ||
| cd $GITHUB_WORKSPACE/${{ matrix.test_dir }} | ||
| $GITHUB_WORKSPACE/python-setup/auto_install_packages.py /opt/hostedtoolcache/CodeQL/0.0.0-20200826/x64/codeql/ |
There was a problem hiding this comment.
This will break when we upgrade the bundle version. Can you do a find before to get the version of the bunde against /opt/hostedtoolcache/CodeQL/0.0.0-XXXX/x64/codeql ?
There was a problem hiding this comment.
This used to be set as an environment variable, but last time I had to run my scripts it was removed 😞 so that one is probably on me, although I have no idea of how to properly fix it.
There was a problem hiding this comment.
Daverlo
force-pushed
the
daverlo/python
branch
from
f01a3b3 to
4ce302b
Compare
Here I'm adding the support for the auto-install python dependancies. The PR adds the necessary scripts to the
python-setupfolder. The scripts were developed by @RasmusWLThis process is done in two steps, in the init action we install the necessary tools and try to get the dependencies, in the analyse step we configure the python extractor so it is able to find them.
The whole init process is not done in the runner as we don't want our cli to be messing around with things in the system. For the self hosted runners we don't try to install the tools for similar reasons, but we do try to get the dependencies, and that should work as long as the tools are present in the system.
There is a possibility of disabling this process by setting the input
setup-python-dependenciestofalse.The dependencies can be installed manually, and by providing the
CODEQL_PYTHONenv var in the analyse step the extractor should be able to pick them up. That en var should contain the path to the python executable that has access to the dependencies.This comment contains more details about the different usage possibilities: https://github.com/github/codeql-python-team/issues/103#issuecomment-663252898
Merge / deployment checklist