-
Notifications
You must be signed in to change notification settings - Fork 0
370 lines (278 loc) · 12.2 KB
/
runner-reference-python.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
name: github-action-runner-reference-python
on:
workflow_dispatch:
# remove all permission, just checking whats on the runner
permissions: {}
defaults:
run:
# when the `shell` is explicitly set, the following options are automically applied:
# `set -eo pipefail`
# These options are NOT applied by default (https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference)
#
# The output of `ps faux` on linux shows that the .bash_profile and .bashrc file is ignored
# ps faux ==> /usr/bin/bash --noprofile --norc -e -o pipefail <job script>.sh
shell: bash
env:
# just for fun
PY_CMD: python
jobs:
dump-it-out:
name: "${{ matrix.os}} python-version:${{matrix.python-version}} dump out"
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
#- macos-10.15 # python => python2.x
#- macos-11 # python => python2.x
#- macos-12 # python => python3.x
- macos-13
- macos-14
#- ubuntu-20.04 # python => python3.x
- ubuntu-22.04 # python => python3.x
- ubuntu-24.04
python-version:
- "python"
- "python3"
#- "3.9"
#- "3.10"
#- "3.11"
- "3.12"
steps:
- name: set python command actions/setup-python@v5
run: |
echo "Starting actions/setup-python"
echo ""
# these EnvVars are available when the workflow has the appropriate perms
# curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL" | jq '@base64'
# some interesting Git Vars/Config values
GIT_TRACE2=1 git var -l
# see what happens when checking a repo I don't own
GIT_TRACE2=1 git ls-remote --symref https://github.com/dev-sec/cis-dil-benchmark HEAD
echo "formatting Github Context with jq"
jq . <<<$'${{ toJSON(github) }}'
echo ""
# this encodes the entire json object which means decoding this output shows
# the actual secret (not sure how to comment this part out w/o removing the `$`
# jq '. | @base64' <<<'{{ toJSON(github) }}'
echo ""
echo "context: env"
jq . <<<$'${{ toJSON(env) }}'
echo ""
echo "context: secret"
jq . <<<$'${{ toJSON(secrets) }}'
echo ""
echo "context: job"
jq . <<<$'${{ toJSON(job) }}'
echo ""
echo "context: strategy"
jq . <<<$'${{ toJSON(strategy) }}'
if: matrix.python-version == 'python3'
# only do this on 1 run/OS
# only run the action on 'python' or 'python3'
- name: use setup actions if needed
uses: actions/setup-python@v5
id: setup-python
with:
python-version: ${{ matrix.python-version }}
allow-prereleases: true
check-latest: true
if: ${{ !endsWith(matrix.python-version, 'python') }}
# this is a fucking mess, but I wanted a pretty summary for each job with the highlevel info
# more detailed info can be seen in the job log output.
#
# abusing the fuck out of heredocs and the $GITHUB_STEP_SUMMARY, if something breaks, its prob this. have fun.
# TODO: create a helper script/cli tool to make this less stupid
# I want _all_ the output in the job logs, but only _some_ of the output in GITHUB_ACTION_SUMMARY with proper
# GitHub Flavored Markdown syntax highlighting
- name: test shell params
id: test-shell-param
run: |
env
echo ""
echo "which python"
ls -la $(which python)
echo ""
type -a python
echo ""
type -a python3
echo ""
#ls -la /usr/local/bin/python* 2>&1
#echo ""
#echo "/usr/local/bin/python --version --version"
#/usr/local/bin/python --version --version 2>&1 || true
shell: bash -el {0}
- name: generate job summaries in markdown (this is gross)
id: python-gross
run: |
env
type -a python
type -a python3
python3 --version --version
ls -la $(dirname $GITHUB_STEP_SUMMARY)
# use python3.X (meaning use a python version not configured by actions/setup-python@v4)
# only using the action/setup-python when `python-version` is either 'python' or 'python3'
#
# feel like this action makes figuring out random python/env shit even harder in some cases
py_cmd='${{ matrix.python-version }}'
if [[ "${py_cmd#python}" == $py_cmd ]]
then
echo $py_cmd
py_cmd="python${py_cmd}"
echo $py_cmd
py_cmd="${py_cmd%-dev}"
echo $py_cmd
fi
SYSTEM_PROFILER_CMD="sudo lshw -short"
SYSTEM_PROFILER_OUT="System Profile Holder"
RELEASE_INFO_CMD="cat /etc/os-release"
RELEASE_INFO_OUT="Luckily..."
if [[ $RUNNER_OS == macOS ]]
then
SYSTEM_PROFILER_CMD="system_profiler -detailLevel mini SPHardwareDataType"
RELEASE_INFO_CMD="sw_vers"
fi
SYSTEM_PROFILER_OUT=$($SYSTEM_PROFILER_CMD)
RELEASE_INFO_OUT=$($RELEASE_INFO_CMD)
cat >> $GITHUB_STEP_SUMMARY <<EOF
# ImageOS/ImageVersion: ${ImageOS}/${ImageVersion}
### martrix.python-version: ${{matrix.python-version}}
EOF
cat >> $GITHUB_STEP_SUMMARY <<'OPEN_FENCE'
### System Profile
```console
OPEN_FENCE
tee -a $GITHUB_STEP_SUMMARY <<EOF
$ $RELEASE_INFO_CMD
$RELEASE_INFO_OUT
$ $SYSTEM_PROFILER_CMD
$(echo "$SYSTEM_PROFILER_OUT" | grep -vE '(processor|memory) *.(None|empty)')
EOF
tee -a $GITHUB_STEP_SUMMARY <<'CLOSE_FENCE'
```
CLOSE_FENCE
cat >> $GITHUB_STEP_SUMMARY <<'EOF'
### python version
```console
EOF
tee -a $GITHUB_STEP_SUMMARY <<EOF
# python <3.4 outputs version on stderr, just gonna redirect on all the commands
# TIL: https://bugs.python.org/issue18338
$ $py_cmd --version --version 2>&1
$($py_cmd --version --version 2>&1)
# python exact command
$ python --version --version 2>&1
$(python --version --version 2>&1)
# matrix version
$ type -a $py_cmd
$(type -a "$py_cmd")
# raw python version
$ type -a python
$(type -a python)
$ ls -la which '$py_cmd'
$(export py_cmd_path="$(which $py_cmd)"; ls -la $py_cmd_path 2>&1)
# on some ubuntu versions
$ ls -la /bin/python*
$(ls -la /bin/python* 2>&1)
$ ls -la /usr/bin/python*
$(ls -la /usr/bin/python* 2>&1)
$ ls -la /usr/local/bin/python*
$(ls -la /usr/local/bin/python* 2>&1)
$ /usr/local/bin/python --version --version 2>&1
$(/usr/local/bin/python --version --version 2>&1)
# on macOS
$ find /Users/runner/hostedtoolcache -type f -path "**/bin/python*" -print
$(find /Users/runner/hostedtoolcache -type f -path "**/bin/python*" -print)
EOF
tee -a $GITHUB_STEP_SUMMARY <<EOF
# check sys.executable
# sometimes `python` will point to python2.X
$ $py_cmd -c "from __future__ import print_function; import sys; print('{}'.format(sys.executable))" 2>&1
$($py_cmd -c "from __future__ import print_function; import sys; print('{}'.format(sys.executable))" 2>&1)
# compare to setup-python step
$ ls -la '${{ steps.setup-python.outputs.python-path }}'
$(ls -la '${{ steps.setup-python.outputs.python-path }}' 2>&1)
# check venv python3
$ $py_cmd -m venv .venv && source .venv/bin/activate; python3 -c "import sys; print(sys.executable)" 2>&1
$($py_cmd -m venv .venv && source .venv/bin/activate; python3 -c "import sys; print(sys.executable)" 2>&1)
# check pip config
$ $py_cmd -m pip debug
$($py_cmd -m pip debug 2>&1)
# check virtual env config
$ source .venv/bin/activate && python3 -m pip debug 2>&1
$(source .venv/bin/activate && python3 -m pip debug 2>&1)
# check site
$ $py_cmd -m site 2>&1
$($py_cmd -m site 2>&1)
# check venv site
$ $py_cmd -m site 2>&1
$(source .venv/bin/activate && $py_cmd -m site 2>&1)
# TODO: add conditional for macOS
# came across this anthonywritescode: https://www.youtube.com/watch?v=Kg8s2YV-aFE&list=WL
# where he explains that setting SYSTEM_VERSION_COMPAT env var is needed to get the correct platform version
#
# This wasn't something I remember seeing locally or when poking around previously on the runners.
# Basically trimmed down/combined my other workflows to repro and check.
#
# See Also: see https://gist.github.com/deric4/af90cc848c4915df803ce33ab1e5356e
# (some notes reminding me I was too stupid to figure out how/what needed to change for minor python version
# to be scoped in pre-commit virtualenv for python hooks (was having probs with black and developing a custom hook tolint changes
# to a geojson file to enforce right-hand-rule https://datatracker.ietf.org/doc/html/rfc7946#section-3.1.6
# and validating projection conversions. Most of the modules I tested required running with `python3-intel64` on my local M1. Ended up implementing a pure python implementation
# but... I don't really trust it.
#
#
# NOTE:
# as of 10/11/22 (tested on macos-{10.15,11,12} )it looks like this only happens macos-11+ when using a python version setup/managed by
# the actions/setup-python@v4 (maybe prev vers too) action.
# All the runner images have a `python3` commmand already installed
$ $py_cmd -c "import platform; print(platform.mac_ver())" 2>&1
$($py_cmd -c "import platform; print(platform.mac_ver())" 2>&1)
EOF
tee -a $GITHUB_STEP_SUMMARY <<'EOF'
```
EOF
tee -a $GITHUB_STEP_SUMMARY <<'OPEN_FENCE'
<details>
<summary>
### sysconfig output
</summary>
```console
OPEN_FENCE
tee -a $GITHUB_STEP_SUMMARY <<EOF
$ $py_cmd -msysconfig
$($py_cmd -msysconfig)
EOF
cat >> $GITHUB_STEP_SUMMARY <<'CLOSE_FENCE'
```
</details>
CLOSE_FENCE
tee -a $GITHUB_STEP_SUMMARY <<'OPEN_FENCE'
<details>
<summary>
### venv sysconfig output
</summary>
```console
OPEN_FENCE
tee -a $GITHUB_STEP_SUMMARY <<EOF
$ source .venv/bin/activate && python3 -msysconfig 2>&1
$(source .venv/bin/activate && $py_cmd -msysconfig 2>&1)
EOF
cat >> $GITHUB_STEP_SUMMARY <<'CLOSE_FENCE'
```
</details>
CLOSE_FENCE
tee -a $GITHUB_STEP_SUMMARY <<'OPEN_FENCE'
<details>
<summary>
### environment variables
</summary>
```console
OPEN_FENCE
tee -a $GITHUB_STEP_SUMMARY <<EOF
$ jq -n --sort-keys 'env'
$(jq -n --sort-keys 'env')
EOF
cat >> $GITHUB_STEP_SUMMARY <<'CLOSE_FENCE'
```
</details>
CLOSE_FENCE