Mike Kruskal
b28d9d4144
Migrate bazel tests to protobuf-ci.
...
This will allow them to reuse our bazelrc and remote caching setup. This also silences the non-bzlmod windows test that's hitting the windows path length.
PiperOrigin-RevId: 626390416
8 months ago
Adam Cozzette
24fef03259
Add support and partial CI coverage for Python 3.12
...
There's a test run in test_python.yml that is non-trivial to get working with
Python 3.12 due to some refactoring of our Docker images that would be needed.
But this change updates everything else to add coverage for Python 3.12.
The main changes necessary to get the builds working were to upgrade some Pip
packages via requirements.txt, including in a patch to `rules_fuzzing` that I
plan to upstream soon. I also had to take an explicit dependency on
`setuptools`.
I removed tox.ini, since it was outdated and we have not been actively
maintaining it.
PiperOrigin-RevId: 580548224
1 year ago
Mike Kruskal
5f146f8dfe
Enable caching of pip dependencies
...
PiperOrigin-RevId: 578740011
1 year ago
Adam Cozzette
501ececd39
Reorganize upb file structure
...
This change moves almost everything in the `upb/` directory up one level, so
that for example `upb/upb/generated_code_support.h` becomes just
`upb/generated_code_support.h`. The only exceptions I made to this were that I
left `upb/cmake` and `upb/BUILD` where they are, mostly because that avoids
conflict with other files and the current locations seem reasonable for now.
The `python/` directory is a little bit of a challenge because we had to merge
the existing directory there with `upb/python/`. I made `upb/python/BUILD` into
the BUILD file for the merged directory, and it effectively loads the contents
of the other BUILD file via `python/build_targets.bzl`, but I plan to clean
this up soon.
PiperOrigin-RevId: 568651768
1 year ago
Mike Kruskal
4ce04206fc
Update our tests to use a custom checkout action.
...
This will retry up to 3 times if we hit networks flakes updating our submodules. It will also allow us to easily inject other stability fixes to this step in the future.
PiperOrigin-RevId: 568306356
1 year ago
Sandy Zhang
c50e89217d
Require Python >=3.8 and add 3.11 to test matrix
...
Dropping 3.7 support was already announced in https://protobuf.dev/news/2023-07-06/ and meant to be dropped in
https://github.com/protocolbuffers/protobuf/pull/13219 but tests / setup.py were missed.
PiperOrigin-RevId: 567691335
1 year ago
Adam Cozzette
9df1d76970
Prepare to reorganize upb file structure
...
I am getting ready to move almost everything under the upb/ directory up one
level to integrate upb better into its new location in the protobuf repo. This
change makes a few tweaks to prepare for that:
- Delete upb's LICENSE and CONTRIBUTING.md files since we already have similar
files at the top level.
- Rename `//python:python_version` so that it won't conflict later with
`//upb/python:python_version`.
- Move the contents of python/BUILD.bazel out to a Bazel macro to facilitate
merging that BUILD.bazel file with upb/python/BUILD.
PiperOrigin-RevId: 567119840
1 year ago
Sandy Zhang
81068e8e8c
Internal change
...
PiperOrigin-RevId: 566426899
1 year ago
Mike Kruskal
4d6ad56e4a
Migrate to sccache for better CMake caching
...
This hooks up to the changes in https://github.com/protocolbuffers/protobuf-ci/pull/26 . We see a speedup of up to 50% in no-op runs of our slowest CI builds.
PiperOrigin-RevId: 565122690
1 year ago
Adam Cozzette
7286ffceb2
Merge the protobuf and upb Bazel repos
...
A couple weeks ago we moved upb into the protobuf Git repo, and this change
continues the merger of the two repos by making them into a single Bazel repo.
This was mostly a matter of deleting upb's WORKSPACE file and fixing up a bunch
of references to reflect the new structure.
Most of the changes are pretty mechanical, but one thing that needed more
invasive changes was the Python script for generating CMakeLists.txt,
make_cmakelists.py. The WORKSPACE file it relied on no longer exists with this
change, so I updated it to hardcode the information it needed from that file.
PiperOrigin-RevId: 564810016
1 year ago
dependabot[bot]
fa57b05755
Bump actions/setup-python from 4.5.0 to 4.7.0 ( #13766 )
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.5.0 to 4.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/setup-python/releases ">actions/setup-python's releases</a>.</em></p>
<blockquote>
<h2>v4.7.0</h2>
<p>In scope of this release, the support for reading python version from pyproject.toml was added (<a href="https://redirect.github.com/actions/setup-python/pull/669 ">actions/setup-python#669</a>).</p>
<pre lang="yaml"><code> - name: Setup Python
uses: actions/setup-python@v4
with:
python-version-file: pyproject.toml
</code></pre>
<h3>Besides, it includes such changes as:</h3>
<ul>
<li>Bump tough-cookie and <code>@azure/ms-rest-js</code> by <a href="https://github.com/dependabot "><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/697 ">actions/setup-python#697</a></li>
<li>Bump semver from 7.3.8 to 7.5.2 by <a href="https://github.com/dependabot "><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/692 ">actions/setup-python#692</a></li>
<li>Fix typos found by codespell by <a href="https://github.com/DimitriPapadopoulos "><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/650 ">actions/setup-python#650</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/dariocurr "><code>@dariocurr</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/669 ">actions/setup-python#669</a></li>
<li><a href="https://github.com/DimitriPapadopoulos "><code>@DimitriPapadopoulos</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/650 ">actions/setup-python#650</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-python/compare/v4...v4.7.0 ">https://github.com/actions/setup-python/compare/v4...v4.7.0 </a></p>
<h2>v4.6.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix <code>allow-prereleases</code> sample configuration by <a href="https://github.com/mayeut "><code>@mayeut</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/615 ">actions/setup-python#615</a></li>
<li>Fix a incorrect link advanced-usage.md by <a href="https://github.com/siyuan0322 "><code>@siyuan0322</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/657 ">actions/setup-python#657</a></li>
<li>Remove implicit dependency by <a href="https://github.com/nikolai-laevskii "><code>@nikolai-laevskii</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/668 ">actions/setup-python#668</a></li>
<li>Automatic update of configuration files from 05/23/2023 by <a href="https://github.com/github-actions "><code>@github-actions</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/671 ">actions/setup-python#671</a></li>
<li>Add warning for python 2.7 on release/v4 by <a href="https://github.com/dmitry-shibanov "><code>@dmitry-shibanov</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/673 ">actions/setup-python#673</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/siyuan0322 "><code>@siyuan0322</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/657 ">actions/setup-python#657</a></li>
<li><a href="https://github.com/nikolai-laevskii "><code>@nikolai-laevskii</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/668 ">actions/setup-python#668</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-python/compare/v4...v4.6.1 ">https://github.com/actions/setup-python/compare/v4...v4.6.1 </a></p>
<h2>Add allow-prereleases input</h2>
<p>In scope of this release we added a new input (<code>allow-prereleases</code>) to allow <a href="https://redirect.github.com/actions/setup-python/pull/414 ">falling back to pre-release versions of Python when a matching GA version of Python is not available</a></p>
<pre lang="yaml"><code>steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: 3.12
allow-prereleases: true
</code></pre>
<p>Besides, we added such changes as:</p>
<ul>
<li>Fix bug to trim new line for PyPy version: <a href="https://redirect.github.com/actions/setup-python/pull/610 ">actions/setup-python#610</a></li>
<li>Added pip dependency file to generate hash from it: <a href="https://redirect.github.com/actions/setup-python/pull/604 ">actions/setup-python#604</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="61a6322f88
"><code>61a6322</code></a> Fix typos found by codespell (<a href="https://redirect.github.com/actions/setup-python/issues/650 ">#650</a>)</li>
<li><a href="ea5b57fccc
"><code>ea5b57f</code></a> Bump semver from 7.3.8 to 7.5.2 (<a href="https://redirect.github.com/actions/setup-python/issues/692 ">#692</a>)</li>
<li><a href="014d32a830
"><code>014d32a</code></a> Bump tough-cookie and <code>@azure/ms-rest-js</code> (<a href="https://redirect.github.com/actions/setup-python/issues/697 ">#697</a>)</li>
<li><a href="c16c4b8d18
"><code>c16c4b8</code></a> Fix pipenv jobs (<a href="https://redirect.github.com/actions/setup-python/issues/699 ">#699</a>)</li>
<li><a href="0d5da6a89a
"><code>0d5da6a</code></a> Read python version from pyproject.toml (fix <a href="https://redirect.github.com/actions/setup-python/issues/542 ">#542</a>) (<a href="https://redirect.github.com/actions/setup-python/issues/669 ">#669</a>)</li>
<li><a href="3f824b7ca6
"><code>3f824b7</code></a> remove python 2.7 from the tests (<a href="https://redirect.github.com/actions/setup-python/issues/687 ">#687</a>)</li>
<li><a href="bd6b4b6205
"><code>bd6b4b6</code></a> Add warning for python 2.7 (<a href="https://redirect.github.com/actions/setup-python/issues/673 ">#673</a>)</li>
<li><a href="0cbcb9a3d7
"><code>0cbcb9a</code></a> Merge pull request <a href="https://redirect.github.com/actions/setup-python/issues/668 ">#668</a> from akv-platform/disallow-implicit-dependencies</li>
<li><a href="669664dac1
"><code>669664d</code></a> Merge branch 'tool-config-auto-update' into disallow-implicit-dependencies</li>
<li><a href="9cbf792a3c
"><code>9cbf792</code></a> Update configuration files</li>
<li>Additional commits viewable in <a href="d27e3f3d7c...61a6322f88
">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=4.5.0&new-version=4.7.0 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Closes #13766
COPYBARA_INTEGRATE_REVIEW=https://github.com/protocolbuffers/protobuf/pull/13766 from protocolbuffers:dependabot/github_actions/actions/setup-python-4.7.0 5e427982474c6dfb5304e50662f45d585acad73d
PiperOrigin-RevId: 561416587
1 year ago
Adam Cozzette
a2f3fd0367
Upgrade our `emulation` and `tcmalloc` Docker images
...
This will pull in a change allowing us to exclude Bazel targets using the
`-//foo:bar` syntax.
PiperOrigin-RevId: 558149395
1 year ago
Mike Kruskal
fff4905588
Drop support for Bazel 5.
...
This moves all our CI to Bazel 6 and drops the additional parameterization we had on Bazel version.
PiperOrigin-RevId: 551986376
1 year ago
Mike Kruskal
a80daa2a2c
Drop support for Bazel 5.
...
This moves all our CI to Bazel 6 and drops the additional parameterization we had on Bazel version.
PiperOrigin-RevId: 551986376
1 year ago
Joyce
010fde9a18
Set top level permissions to read only on GitHub Workflows ( #12971 )
...
Hi, here is Joyce from Google again.
I'd like starting suggesting the [Token-Permission check](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions ) fix.
Let me know if I might be missing any permission. Thanks!
### Security Reason
This is needed because, by default, github grants write-all permission to all workflows, which could be exploit by an attacker in case of a compromised workflow. Limiting permissions is a simple and effective way to also limit the impact of an eventual compromised workflow.
Thus, it is both a recommendation from [OpenSSF Scorecard](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions ) and the [Github](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions ) to always use credentials that are minimally scoped.
Closes #12971
COPYBARA_INTEGRATE_REVIEW=https://github.com/protocolbuffers/protobuf/pull/12971 from joycebrum:main 6d6dac5678
PiperOrigin-RevId: 537973051
2 years ago
Mike Kruskal
8a07f45293
Add release tests for statically linked binaries
...
For now, this only covers linux on the two architectures we have testing support for. However, it serves as a good sanity check and can be expanded in the future.
PiperOrigin-RevId: 514449399
2 years ago
Mike Kruskal
804ec94a16
Add release tests for statically linked binaries
...
For now, this only covers linux on the two architectures we have testing support for. However, it serves as a good sanity check and can be expanded in the future.
PiperOrigin-RevId: 514449399
2 years ago
Mike Kruskal
8ad6cdd007
Modify release artifacts for protoc to statically link system libraries.
...
Closes #12063
PiperOrigin-RevId: 513034570
2 years ago
Mike Kruskal
723bd4c3c1
Modify release artifacts for protoc to statically link system libraries.
...
Closes #12063
PiperOrigin-RevId: 513034570
2 years ago
Mike Kruskal
ef8ebe6c19
Migrate our shared github actions to a separate repository.
...
This will make PRs from forked repositories significantly less painful, since they'll agree on which version of each action to use. OTOH, we'll have a separate repo that needs to be maintained, and changes to it will need to be coordinated and versioned carefully. This will likely need to be done less often though now that our infrastructure is stable.
PiperOrigin-RevId: 512117705
2 years ago
Mike Kruskal
b7e0f842e9
Remove recursive checkout for purely Bazel tests
...
This will prevent unnecessary network access.
PiperOrigin-RevId: 510444213
2 years ago
Mike Kruskal
f0ef44d1e1
Migrate remaining macOS tests to GHA actions
...
PiperOrigin-RevId: 506744609
2 years ago
Mike Kruskal
a138e54582
Migrate Python and Ruby Linux tests to GHA actions
...
PiperOrigin-RevId: 506449977
2 years ago