From 053d44c9b10c22f86cec06fa61e12d3a13c2b84e Mon Sep 17 00:00:00 2001 From: Yunchu Lee Date: Mon, 19 Feb 2024 11:08:42 +0900 Subject: [PATCH] fix pinned-dependencies issues part 5 --- .github/workflows/code_scan.yml | 11 ++++- .github/workflows/docs.yml | 6 ++- .github/workflows/docs_stable.yml | 6 ++- .github/workflows/pre_merge.yml | 6 ++- .github/workflows/publish.yml | 3 +- .github/workflows/publish_internal.yml | 6 ++- .github/workflows/run_tests_in_tox.yml | 3 +- .github/workflows/run_tests_in_tox_custom.yml | 3 +- requirements/gh-actions.txt | 45 +++++++++++++++++++ 9 files changed, 78 insertions(+), 11 deletions(-) create mode 100644 requirements/gh-actions.txt diff --git a/.github/workflows/code_scan.yml b/.github/workflows/code_scan.yml index d644c7d5751..7fa3c3b0923 100644 --- a/.github/workflows/code_scan.yml +++ b/.github/workflows/code_scan.yml @@ -20,7 +20,10 @@ jobs: with: python-version: "3.10" - name: Install dependencies - run: python -m pip install tox==4.21.1 + run: | + pip install --require-hashes --no-deps -r requirements/gh-actions.txt + pip-compile --generate-hashes -o /tmp/otx-dev-requirements.txt requirements/dev.txt + pip install --require-hashes --no-deps -r /tmp/otx-dev-requirements.txt - name: Trivy Scanning env: TRIVY_DOWNLOAD_URL: ${{ vars.TRIVY_DOWNLOAD_URL }} @@ -43,7 +46,11 @@ jobs: with: python-version: "3.10" - name: Install dependencies - run: python -m pip install tox==4.21.1 + run: | + pip install --require-hashes --no-deps -r requirements/gh-actions.txt + pip-compile --generate-hashes -o /tmp/otx-dev-requirements.txt requirements/dev.txt + pip install --require-hashes --no-deps -r /tmp/otx-dev-requirements.txt + rm /tmp/otx-dev-requirements.txt - name: Bandit Scanning run: tox -e bandit-scan - name: Upload Bandit artifact diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index d94d0b738ae..afd8064ae23 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -21,7 +21,11 @@ jobs: with: python-version: "3.10" - name: Install dependencies - run: python -m pip install -r requirements/dev.txt + run: | + pip install --require-hashes --no-deps -r requirements/gh-actions.txt + pip-compile --generate-hashes -o /tmp/otx-dev-requirements.txt requirements/dev.txt + pip install --require-hashes --no-deps -r /tmp/otx-dev-requirements.txt + rm /tmp/otx-dev-requirements.txt - name: Build-Docs run: tox -e build-doc - name: Create gh-pages branch diff --git a/.github/workflows/docs_stable.yml b/.github/workflows/docs_stable.yml index 1a6c5e58733..cfb98be200e 100644 --- a/.github/workflows/docs_stable.yml +++ b/.github/workflows/docs_stable.yml @@ -22,7 +22,11 @@ jobs: with: python-version: "3.10" - name: Install dependencies - run: python -m pip install -r requirements/dev.txt + run: | + pip install --require-hashes --no-deps -r requirements/gh-actions.txt + pip-compile --generate-hashes -o /tmp/otx-dev-requirements.txt requirements/dev.txt + pip install --require-hashes --no-deps -r /tmp/otx-dev-requirements.txt + rm /tmp/otx-dev-requirements.txt - name: Build-Docs run: tox -e build-doc - name: Create gh-pages branch diff --git a/.github/workflows/pre_merge.yml b/.github/workflows/pre_merge.yml index fd2cbddbe12..bc3d01c662a 100644 --- a/.github/workflows/pre_merge.yml +++ b/.github/workflows/pre_merge.yml @@ -31,9 +31,10 @@ jobs: python-version: "3.10" - name: Install dependencies run: | - pip install pip-tools==7.3.0 + pip install --require-hashes --no-deps -r requirements/gh-actions.txt pip-compile --generate-hashes -o /tmp/otx-dev-requirements.txt requirements/dev.txt pip install --require-hashes --no-deps -r /tmp/otx-dev-requirements.txt + rm /tmp/otx-dev-requirements.txt - name: Code quality checks run: tox -vv -e pre-commit-all-py310-pt1 Unit-Test: @@ -79,9 +80,10 @@ jobs: python-version: "3.8" - name: Install dependencies run: | - pip install pip-tools==7.3.0 + pip install --require-hashes --no-deps -r requirements/gh-actions.txt pip-compile --generate-hashes -o /tmp/otx-dev-requirements.txt requirements/dev.txt pip install --require-hashes --no-deps -r /tmp/otx-dev-requirements.txt + rm /tmp/otx-dev-requirements.txt - name: Run unit test run: tox -vv -e unittest-all-py38-pt1 - name: Upload coverage artifact diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 776b9507352..81f1719b431 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -33,9 +33,10 @@ jobs: python-version: "3.10" - name: Install pypa/build run: | - pip install pip-tools==7.3.0 + pip install --require-hashes --no-deps -r requirements/gh-actions.txt pip-compile --generate-hashes -o /tmp/otx-publish-requirements.txt requirements/publish.txt pip install --require-hashes --no-deps -r /tmp/otx-publish-requirements.txt + rm /tmp/otx-publish-requirements.txt - name: Build sdist run: python -m build --sdist - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 diff --git a/.github/workflows/publish_internal.yml b/.github/workflows/publish_internal.yml index 802ba7b10a5..d3574b73377 100644 --- a/.github/workflows/publish_internal.yml +++ b/.github/workflows/publish_internal.yml @@ -31,9 +31,10 @@ jobs: python-version: "3.10" - name: Install pypa/build run: | - pip install pip-tools==7.3.0 + pip install --require-hashes --no-deps -r requirements/gh-actions.txt pip-compile --generate-hashes -o /tmp/otx-publish-requirements.txt requirements/publish.txt pip install --require-hashes --no-deps -r /tmp/otx-publish-requirements.txt + rm /tmp/otx-publish-requirements.txt - name: Build sdist run: python -m build --sdist - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 @@ -56,9 +57,10 @@ jobs: python-version: "3.10" - name: Install dependencies run: | - pip install pip-tools==7.3.0 + pip install --require-hashes --no-deps -r requirements/gh-actions.txt pip-compile --generate-hashes -o /tmp/otx-publish-requirements.txt requirements/publish.txt pip install --require-hashes --no-deps -r /tmp/otx-publish-requirements.txt + rm /tmp/otx-publish-requirements.txt - name: Download artifacts uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: diff --git a/.github/workflows/run_tests_in_tox.yml b/.github/workflows/run_tests_in_tox.yml index 1adc0c2c641..470040f854e 100644 --- a/.github/workflows/run_tests_in_tox.yml +++ b/.github/workflows/run_tests_in_tox.yml @@ -52,9 +52,10 @@ jobs: python-version: ${{ inputs.python-version }} - name: Install dependencies run: | - pip install pip-tools==7.3.0 + pip install --require-hashes --no-deps -r requirements/gh-actions.txt pip-compile --generate-hashes -o /tmp/otx-dev-requirements.txt requirements/dev.txt pip install --require-hashes --no-deps -r /tmp/otx-dev-requirements.txt + rm /tmp/otx-dev-requirements.txt - name: Run Tests env: MLFLOW_TRACKING_SERVER_URI: ${{ vars.MLFLOW_TRACKING_SERVER_URI }} diff --git a/.github/workflows/run_tests_in_tox_custom.yml b/.github/workflows/run_tests_in_tox_custom.yml index 8bb28ade61a..3fb84957b6e 100644 --- a/.github/workflows/run_tests_in_tox_custom.yml +++ b/.github/workflows/run_tests_in_tox_custom.yml @@ -58,9 +58,10 @@ jobs: python-version: ${{ inputs.python-version }} - name: Install dependencies run: | - pip install pip-tools==7.3.0 + pip install --require-hashes --no-deps -r requirements/gh-actions.txt pip-compile --generate-hashes -o /tmp/otx-dev-requirements.txt requirements/dev.txt pip install --require-hashes --no-deps -r /tmp/otx-dev-requirements.txt + rm /tmp/otx-dev-requirements.txt - name: Run Tests env: MLFLOW_TRACKING_SERVER_URI: ${{ vars.MLFLOW_TRACKING_SERVER_URI }} diff --git a/requirements/gh-actions.txt b/requirements/gh-actions.txt new file mode 100644 index 00000000000..33029eb1409 --- /dev/null +++ b/requirements/gh-actions.txt @@ -0,0 +1,45 @@ +# +# This file is autogenerated by pip-compile with Python 3.10 +# by the following command: +# +# pip-compile --generate-hashes --output-file=requirements.txt requirements/gh-actions.txt +# +build==1.0.3 \ + --hash=sha256:538aab1b64f9828977f84bc63ae570b060a8ed1be419e7870b8b4fc5e6ea553b \ + --hash=sha256:589bf99a67df7c9cf07ec0ac0e5e2ea5d4b37ac63301c4986d1acb126aa83f8f + # via pip-tools +click==8.1.7 \ + --hash=sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28 \ + --hash=sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de + # via pip-tools +packaging==23.2 \ + --hash=sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5 \ + --hash=sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7 + # via build +pip-tools==7.4.0 \ + --hash=sha256:a92a6ddfa86ff389fe6ace381d463bc436e2c705bd71d52117c25af5ce867bb7 \ + --hash=sha256:b67432fd0759ed834c5367f9e0ce8c95441acecfec9c8e24b41aca166757adf0 + # via -r requirements/gh-actions.txt +pyproject-hooks==1.0.0 \ + --hash=sha256:283c11acd6b928d2f6a7c73fa0d01cb2bdc5f07c57a2eeb6e83d5e56b97976f8 \ + --hash=sha256:f271b298b97f5955d53fb12b72c1fb1948c22c1a6b70b315c54cedaca0264ef5 + # via + # build + # pip-tools +tomli==2.0.1 \ + --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \ + --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f + # via + # build + # pip-tools + # pyproject-hooks +wheel==0.42.0 \ + --hash=sha256:177f9c9b0d45c47873b619f5b650346d632cdc35fb5e4d25058e09c9e581433d \ + --hash=sha256:c45be39f7882c9d34243236f2d63cbd58039e360f85d0913425fbd7ceea617a8 + # via pip-tools + +# WARNING: The following packages were not pinned, but pip requires them to be +# pinned when the requirements file includes hashes and the requirement is not +# satisfied by a package already installed. Consider using the --allow-unsafe flag. +# pip +# setuptools \ No newline at end of file