chore(deps): bump github/codeql-action from 4.36.1 to 4.36.2 #32448
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check python dependencies | |
| on: | |
| push: | |
| branches: | |
| - "master" | |
| - "[0-9].[0-9]*" | |
| pull_request: | |
| types: [synchronize, opened, reopened, ready_for_review] | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| # cancel previous workflow jobs for PRs | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| check-python-deps: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| submodules: recursive | |
| fetch-depth: 1 | |
| - name: Check for file changes | |
| id: check | |
| uses: ./.github/actions/change-detector/ | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup Python | |
| if: steps.check.outputs.python | |
| uses: ./.github/actions/setup-backend/ | |
| # Authenticate the Docker daemon so the python:slim pull in | |
| # uv-pip-compile.sh uses our (much higher) authenticated rate limit | |
| # instead of the shared-runner anonymous one. Best-effort: on fork PRs the | |
| # secrets are unavailable, so this no-ops and the pull falls back to | |
| # anonymous (covered by the retry loop in the script). | |
| - name: Login to Docker Hub | |
| if: steps.check.outputs.python | |
| continue-on-error: true | |
| uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USER }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Run uv | |
| if: steps.check.outputs.python | |
| run: ./scripts/uv-pip-compile.sh | |
| - name: Check for uncommitted changes | |
| if: steps.check.outputs.python | |
| run: | | |
| echo "Full diff (for logging/debugging):" | |
| git diff | |
| echo "Filtered diff (excluding comments and whitespace):" | |
| filtered_diff=$(git diff -U0 | grep '^[-+]' | grep -vE '^[-+]{3}' | grep -vE '^[-+][[:space:]]*#' | grep -vE '^[-+][[:space:]]*$' || true) | |
| echo "$filtered_diff" | |
| if [[ -n "$filtered_diff" ]]; then | |
| echo | |
| echo "ERROR: The pinned dependencies are not up-to-date." | |
| echo "Please run './scripts/uv-pip-compile.sh' and commit the changes." | |
| echo "More info: https://github.com/apache/superset/tree/master/requirements" | |
| exit 1 | |
| else | |
| echo "Pinned dependencies are up-to-date." | |
| fi |