Skip to content

DEP: pin internal scripts' dependencies with PEP 723 metadata and pipx run #291

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
astrofrog merged 2 commits into from
Jul 7, 2025
Merged

DEP: pin internal scripts' dependencies with PEP 723 metadata and pipx run #291

astrofrog merged 2 commits into from
Jul 7, 2025

Conversation

@neutrinoceros
Copy link
Contributor

@neutrinoceros neutrinoceros commented Jul 6, 2025

I noticed that pip, click, pyyaml and packaging were not pinned anywhere, which seemed awkward given the amount of effort that already went into making these workflows as secure and reproducible as possible, so I added script-level PEP 723 metadata and used uv (to my knowledge, the only tool supporting this standard at the moment) to leverage it. uv should be regarded as an implementation detail here, as other tools might emerge (or exist already ?) that allow this streamlined workflow where scripts are their own source of truth.

@neutrinoceros
Copy link
Contributor Author

neutrinoceros commented Jul 6, 2025

This seems to break test_tox.yml currently. I'll need to circle back to dig into it.

@Cadair
Copy link
Member

Cadair commented Jul 6, 2025

fwiw pipx also supports that metadata afaik.

@neutrinoceros neutrinoceros changed the title DEP: pin internal scripts' dependencies with PEP 723 metadata and uv run DEP: pin internal scripts' dependencies with PEP 723 metadata and pipx run Jul 7, 2025
@neutrinoceros
Copy link
Contributor Author

neutrinoceros commented Jul 7, 2025

Thanks ! trying with pipx run

@neutrinoceros
Copy link
Contributor Author

neutrinoceros commented Jul 7, 2025

It seems to break the same way, so I think I still need to understand what's broken, but I'd like to keep pipx as it's simpler to set up in CI (by virtue of being included in actions/setup-python)

@neutrinoceros
Copy link
Contributor Author

neutrinoceros commented Jul 7, 2025
edited
Loading

Ok I think I got it. The mistake was actually from #286 and already showed on main example logs. The fix is thus independent from my work here and I'll split it out into its own PR.

update: this is #292

Cadair
Cadair reviewed Jul 7, 2025
View reviewed changes
.github/workflows/tox.yml
TOX_MATRIX_SCRIPT: aW1wb3J0IGpzb24KaW1wb3J0IG9zCmltcG9ydCByZQoKaW1wb3J0IGNsaWNrCmltcG9ydCB5YW1sCmZyb20gcGFja2FnaW5nLnZlcnNpb24gaW1wb3J0IEludmFsaWRWZXJzaW9uLCBWZXJzaW9uCgoKQGNsaWNrLmNvbW1hbmQoKQpAY2xpY2sub3B0aW9uKCItLWVudnMiLCBkZWZhdWx0PSIiKQpAY2xpY2sub3B0aW9uKCItLWxpYnJhcmllcyIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tcG9zYXJncyIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tdG94ZGVwcyIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tdG94YXJncyIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tcHl0ZXN0IiwgZGVmYXVsdD0idHJ1ZSIpCkBjbGljay5vcHRpb24oIi0tcHl0ZXN0LXJlc3VsdHMtc3VtbWFyeSIsIGRlZmF1bHQ9ImZhbHNlIikKQGNsaWNrLm9wdGlvbigiLS1jb3ZlcmFnZSIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tY29uZGEiLCBkZWZhdWx0PSJhdXRvIikKQGNsaWNrLm9wdGlvbigiLS1zZXRlbnYiLCBkZWZhdWx0PSIiKQpAY2xpY2sub3B0aW9uKCItLWRpc3BsYXkiLCBkZWZhdWx0PSJmYWxzZSIpCkBjbGljay5vcHRpb24oIi0tY2FjaGUtcGF0aCIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tY2FjaGUta2V5IiwgZGVmYXVsdD0iIikKQGNsaWNrLm9wdGlvbigiLS1jYWNoZS1yZXN0b3JlLWtleXMiLCBkZWZhdWx0PSIiKQpAY2xpY2sub3B0aW9uKCItLWFydGlmYWN0LXBhdGgiLCBkZWZhdWx0PSIiKQpAY2xpY2sub3B0aW9uKCItLXJ1bnMtb24iLCBkZWZhdWx0PSIiKQpAY2xpY2sub3B0aW9uKCItLWRlZmF1bHQtcHl0aG9uIiwgZGVmYXVsdD0iIikKQGNsaWNrLm9wdGlvbigiLS10aW1lb3V0LW1pbnV0ZXMiLCBkZWZhdWx0PSIzNjAiKQpkZWYgbG9hZF90b3hfdGFyZ2V0cyhlbnZzLCBsaWJyYXJpZXMsIHBvc2FyZ3MsIHRveGRlcHMsIHRveGFyZ3MsIHB5dGVzdCwgcHl0ZXN0X3Jlc3VsdHNfc3VtbWFyeSwKICAgICAgICAgICAgICAgICAgICAgY292ZXJhZ2UsIGNvbmRhLCBzZXRlbnYsIGRpc3BsYXksIGNhY2hlX3BhdGgsIGNhY2hlX2tleSwKICAgICAgICAgICAgICAgICAgICAgY2FjaGVfcmVzdG9yZV9rZXlzLCBhcnRpZmFjdF9wYXRoLCBydW5zX29uLCBkZWZhdWx0X3B5dGhvbiwgdGltZW91dF9taW51dGVzKToKICAgICIiIlNjcmlwdCB0byBsb2FkIHRveCB0YXJnZXRzIGZvciBHaXRIdWIgQWN0aW9ucyB3b3JrZmxvdy4iIiIKICAgICMgTG9hZCBlbnZzIGNvbmZpZwogICAgZW52cyA9IHlhbWwubG9hZChlbnZzLCBMb2FkZXI9eWFtbC5CYXNlTG9hZGVyKQogICAgcHJpbnQoanNvbi5kdW1wcyhlbnZzLCBpbmRlbnQ9MikpCgogICAgIyBMb2FkIGdsb2JhbCBsaWJyYXJpZXMgY29uZmlnCiAgICBnbG9iYWxfbGlicmFyaWVzID0gewogICAgICAgICJicmV3IjogW10sCiAgICAgICAgImJyZXctY2FzayI6IFtdLAogICAgICAgICJhcHQiOiBbXSwKICAgICAgICAiY2hvY28iOiBbXSwKICAgIH0KICAgIGxpYnJhcmllcyA9IHlhbWwubG9hZChsaWJyYXJpZXMsIExvYWRlcj15YW1sLkJhc2VMb2FkZXIpCiAgICBpZiBsaWJyYXJpZXMgaXMgbm90IE5vbmU6CiAgICAgICAgZ2xvYmFsX2xpYnJhcmllcy51cGRhdGUobGlicmFyaWVzKQogICAgcHJpbnQoanNvbi5kdW1wcyhnbG9iYWxfbGlicmFyaWVzLCBpbmRlbnQ9MikpCgogICAgIyBEZWZhdWx0IGltYWdlcyB0byB1c2UgZm9yIHJ1bm5lcnMKICAgIGRlZmF1bHRfcnVuc19vbiA9IHsKICAgICAgICAibGludXgiOiAidWJ1bnR1LWxhdGVzdCIsCiAgICAgICAgIm1hY29zIjogIm1hY29zLWxhdGVzdCIsCiAgICAgICAgIndpbmRvd3MiOiAid2luZG93cy1sYXRlc3QiLAogICAgfQogICAgY3VzdG9tX3J1bnNfb24gPSB5YW1sLmxvYWQocnVuc19vbiwgTG9hZGVyPXlhbWwuQmFzZUxvYWRlcikKICAgIGlmIGlzaW5zdGFuY2UoY3VzdG9tX3J1bnNfb24sIGRpY3QpOgogICAgICAgIGRlZmF1bHRfcnVuc19vbi51cGRhdGUoY3VzdG9tX3J1bnNfb24pCiAgICBwcmludChqc29uLmR1bXBzKGRlZmF1bHRfcnVuc19vbiwgaW5kZW50PTIpKQoKICAgICMgRGVmYXVsdCBzdHJpbmcgcGFyYW1ldGVycyB3aGljaCBjYW4gYmUgb3ZlcndyaXR0ZW4gYnkgZWFjaCBlbnYKICAgIHN0cmluZ19wYXJhbWV0ZXJzID0gewogICAgICAgICJwb3NhcmdzIjogcG9zYXJncywKICAgICAgICAidG94ZGVwcyI6IHRveGRlcHMsCiAgICAgICAgInRveGFyZ3MiOiB0b3hhcmdzLAogICAgICAgICJweXRlc3QiOiBweXRlc3QsCiAgICAgICAgInB5dGVzdC1yZXN1bHRzLXN1bW1hcnkiOiBweXRlc3RfcmVzdWx0c19zdW1tYXJ5LAogICAgICAgICJjb3ZlcmFnZSI6IGNvdmVyYWdlLAogICAgICAgICJjb25kYSI6IGNvbmRhLAogICAgICAgICJzZXRlbnYiOiBzZXRlbnYsCiAgICAgICAgImRpc3BsYXkiOiBkaXNwbGF5LAogICAgICAgICJjYWNoZS1wYXRoIjogY2FjaGVfcGF0aCwKICAgICAgICAiY2FjaGUta2V5IjogY2FjaGVfa2V5LAogICAgICAgICJjYWNoZS1yZXN0b3JlLWtleXMiOiBjYWNoZV9yZXN0b3JlX2tleXMsCiAgICAgICAgImFydGlmYWN0LXBhdGgiOiBhcnRpZmFjdF9wYXRoLAogICAgICAgICJ0aW1lb3V0LW1pbnV0ZXMiOiB0aW1lb3V0X21pbnV0ZXMsCiAgICB9CgogICAgIyBDcmVhdGUgbWF0cml4CiAgICBtYXRyaXggPSB7ImluY2x1ZGUiOiBbXX0KICAgIGZvciBlbnYgaW4gZW52czoKICAgICAgICBtYXRyaXhbImluY2x1ZGUiXS5hcHBlbmQoZ2V0X21hdHJpeF9pdGVtKAogICAgICAgICAgICBlbnYsCiAgICAgICAgICAgIGdsb2JhbF9saWJyYXJpZXM9Z2xvYmFsX2xpYnJhcmllcywKICAgICAgICAgICAgZ2xvYmFsX3N0cmluZ19wYXJhbWV0ZXJzPXN0cmluZ19wYXJhbWV0ZXJzLAogICAgICAgICAgICBydW5zX29uPWRlZmF1bHRfcnVuc19vbiwKICAgICAgICAgICAgZGVmYXVsdF9weXRob249ZGVmYXVsdF9weXRob24sCiAgICAgICAgKSkKCiAgICAjIE91dHB1dCBtYXRyaXgKICAgIHByaW50KGpzb24uZHVtcHMobWF0cml4LCBpbmRlbnQ9MikpCiAgICB3aXRoIG9wZW4ob3MuZW52aXJvblsiR0lUSFVCX09VVFBVVCJdLCAiYSIpIGFzIGY6CiAgICAgICAgZi53cml0ZShmIm1hdHJpeD17anNvbi5kdW1wcyhtYXRyaXgpfVxuIikKCgpkZWYgZ2V0X21hdHJpeF9pdGVtKGVudiwgZ2xvYmFsX2xpYnJhcmllcywgZ2xvYmFsX3N0cmluZ19wYXJhbWV0ZXJzLAogICAgICAgICAgICAgICAgICAgIHJ1bnNfb24sIGRlZmF1bHRfcHl0aG9uKToKCiAgICAjIGRlZmluZSBzcGVjIGZvciBlYWNoIG1hdHJpeCBpbmNsdWRlICgrIGdsb2JhbF9zdHJpbmdfcGFyYW1ldGVycykKICAgIGl0ZW0gPSB7CiAgICAgICAgIm9zIjogTm9uZSwKICAgICAgICAidG94ZW52IjogTm9uZSwKICAgICAgICAicHl0aG9uX3ZlcnNpb24iOiBOb25lLAogICAgICAgICJuYW1lIjogTm9uZSwKICAgICAgICAicHl0ZXN0X2ZsYWciOiBOb25lLAogICAgICAgICJsaWJyYXJpZXNfYnJldyI6IE5vbmUsCiAgICAgICAgImxpYnJhcmllc19icmV3X2Nhc2siOiBOb25lLAogICAgICAgICJsaWJyYXJpZXNfYXB0IjogTm9uZSwKICAgICAgICAibGlicmFyaWVzX2Nob2NvIjogTm9uZSwKICAgICAgICAiY2FjaGUtcGF0aCI6IE5vbmUsCiAgICAgICAgImNhY2hlLWtleSI6IE5vbmUsCiAgICAgICAgImNhY2hlLXJlc3RvcmUta2V5cyI6IE5vbmUsCiAgICAgICAgImFydGlmYWN0LW5hbWUiOiBOb25lLAogICAgICAgICJhcnRpZmFjdC1wYXRoIjogTm9uZSwKICAgICAgICAidGltZW91dC1taW51dGVzIjogTm9uZSwKICAgIH0KICAgIGZvciBzdHJpbmdfcGFyYW0sIGRlZmF1bHQgaW4gZ2xvYmFsX3N0cmluZ19wYXJhbWV0ZXJzLml0ZW1zKCk6CiAgICAgICAgZW52X3ZhbHVlID0gZW52LmdldChzdHJpbmdfcGFyYW0pCiAgICAgICAgaXRlbVtzdHJpbmdfcGFyYW1dID0gZGVmYXVsdCBpZiBlbnZfdmFsdWUgaXMgTm9uZSBlbHNlIGVudl92YWx1ZQoKICAgICMgc2V0IG9zIGFuZCB0b3hlbnYKICAgIGZvciBrLCB2IGluIHJ1bnNfb24uaXRlbXMoKToKICAgICAgICBpZiBrIGluIGVudjoKICAgICAgICAgICAgcGxhdGZvcm0gPSBrCiAgICAgICAgICAgIGl0ZW1bIm9zIl0gPSBlbnYuZ2V0KCJydW5zLW9uIiwgdikKICAgICAgICAgICAgaXRlbVsidG94ZW52Il0gPSBlbnZba10KICAgIGFzc2VydCBpdGVtWyJvcyJdIGlzIG5vdCBOb25lIGFuZCBpdGVtWyJ0b3hlbnYiXSBpcyBub3QgTm9uZQoKICAgICMgc2V0IHB5dGhvbl92ZXJzaW9uCiAgICBweXRob25fdmVyc2lvbiA9IGVudi5nZXQoInB5dGhvbi12ZXJzaW9uIikKICAgIG0gPSByZS5zZWFyY2goIl5weSgyfDMpKFswLTldK3Q/KSIsIGl0ZW1bInRveGVudiJdKQogICAgaWYgcHl0aG9uX3ZlcnNpb24gaXMgbm90IE5vbmU6CiAgICAgICAgaXRlbVsicHl0aG9uX3ZlcnNpb24iXSA9IHB5dGhvbl92ZXJzaW9uCiAgICBlbGlmIG0gaXMgbm90IE5vbmU6CiAgICAgICAgbWFqb3IsIG1pbm9yID0gbS5ncm91cHMoKQogICAgICAgIGl0ZW1bInB5dGhvbl92ZXJzaW9uIl0gPSBmInttYWpvcn0ue21pbm9yfSIKICAgIGVsc2U6CiAgICAgICAgaXRlbVsicHl0aG9uX3ZlcnNpb24iXSA9IGVudi5nZXQoImRlZmF1bHRfcHl0aG9uIikgb3IgZGVmYXVsdF9weXRob24KCiAgICAjIGlmIFB5dGhvbiBpcyA8My4xMCB3ZSBjYW4ndCB1c2UgbWFjb3MtbGF0ZXN0IHdoaWNoIGlzIGFybTY0CiAgICB0cnk6CiAgICAgICAgaWYgVmVyc2lvbihpdGVtWyJweXRob25fdmVyc2lvbiJdKSA8IFZlcnNpb24oJzMuMTAnKSBhbmQgaXRlbVsib3MiXSA9PSAibWFjb3MtbGF0ZXN0IjoKICAgICAgICAgICAgaXRlbVsib3MiXSA9ICJtYWNvcy0xMyIKICAgIGV4Y2VwdCBJbnZhbGlkVmVyc2lvbjoKICAgICAgICAjIHB5dGhvbl92ZXJzaW9uIG1pZ2h0IGJlIGZvciBleGFtcGxlICdweXB5LTMuMTAnIHdoaWNoIHdvbid0IHBhcnNlCiAgICAgICAgcGFzcwoKICAgICMgc2V0IG5hbWUKICAgIGl0ZW1bIm5hbWUiXSA9IGVudi5nZXQoIm5hbWUiKSBvciBmJ3tpdGVtWyJ0b3hlbnYiXX0gKHtpdGVtWyJvcyJdfSknCgogICAgIyBzZXQgYXJ0aWZhY3QtbmFtZSAocmVwbGFjZSBpbnZhbGlkIHBhdGggY2hhcmFjdGVycykKICAgIGl0ZW1bImFydGlmYWN0LW5hbWUiXSA9IHJlLnN1YihyIltcXCAvOjw+fCo/XCInXSIsICItIiwgaXRlbVsibmFtZSJdKQogICAgaXRlbVsiYXJ0aWZhY3QtbmFtZSJdID0gcmUuc3ViKHIiLSsiLCAiLSIsIGl0ZW1bImFydGlmYWN0LW5hbWUiXSkKCiAgICAjIHNldCBweXRlc3RfZmxhZwogICAgaXRlbVsicHl0ZXN0X2ZsYWciXSA9ICIiCiAgICBzZXAgPSByIlxcIiBpZiBwbGF0Zm9ybSA9PSAid2luZG93cyIgZWxzZSAiLyIKICAgIGlmIGl0ZW1bInB5dGVzdCJdID09ICJ0cnVlIiBhbmQgImNvZGVjb3YiIGluIGl0ZW0uZ2V0KCJjb3ZlcmFnZSIsICIiKToKICAgICAgICBpdGVtWyJweXRlc3RfZmxhZyJdICs9ICgKICAgICAgICAgICAgcmYiLS1jb3YtcmVwb3J0PXhtbDoke3tHSVRIVUJfV09SS1NQQUNFfX17c2VwfWNvdmVyYWdlLnhtbCAiKQogICAgaWYgaXRlbVsicHl0ZXN0Il0gPT0gInRydWUiIGFuZCBpdGVtWyJweXRlc3QtcmVzdWx0cy1zdW1tYXJ5Il0gPT0gInRydWUiOgogICAgICAgIGl0ZW1bInB5dGVzdF9mbGFnIl0gKz0gcmYiLS1qdW5pdHhtbCAke3tHSVRIVUJfV09SS1NQQUNFfX17c2VwfXJlc3VsdHMueG1sICIKCiAgICAjIHNldCBsaWJyYXJpZXMKICAgIGVudl9saWJyYXJpZXMgPSBlbnYuZ2V0KCJsaWJyYXJpZXMiKQogICAgaWYgaXNpbnN0YW5jZShlbnZfbGlicmFyaWVzLCBzdHIpIGFuZCBsZW4oZW52X2xpYnJhcmllcy5zdHJpcCgpKSA9PSAwOgogICAgICAgIGVudl9saWJyYXJpZXMgPSB7fSAgIyBubyBsaWJyYXJpZXMgcmVxdWVzdGVkIGZvciBlbnZpcm9ubWVudAogICAgbGlicmFyaWVzID0gZ2xvYmFsX2xpYnJhcmllcyBpZiBlbnZfbGlicmFyaWVzIGlzIE5vbmUgZWxzZSBlbnZfbGlicmFyaWVzCiAgICBmb3IgbWFuYWdlciBpbiBbImJyZXciLCAiYnJld19jYXNrIiwgImFwdCIsICJjaG9jbyJdOgogICAgICAgIGl0ZW1bZiJsaWJyYXJpZXNfe21hbmFnZXJ9Il0gPSAiICIuam9pbihsaWJyYXJpZXMuZ2V0KG1hbmFnZXIsIFtdKSkKCiAgICAjIHNldCAiYXV0byIgY29uZGEgdmFsdWUKICAgIGlmIGl0ZW1bImNvbmRhIl0gPT0gImF1dG8iOgogICAgICAgIGl0ZW1bImNvbmRhIl0gPSAidHJ1ZSIgaWYgImNvbmRhIiBpbiBpdGVtWyJ0b3hlbnYiXSBlbHNlICJmYWxzZSIKCiAgICAjIGluamVjdCB0b3hkZXBzIGZvciBjb25kYQogICAgaWYgaXRlbVsiY29uZGEiXSA9PSAidHJ1ZSIgYW5kICJ0b3gtY29uZGEiIG5vdCBpbiBpdGVtWyJ0b3hkZXBzIl0ubG93ZXIoKToKICAgICAgICBpdGVtWyJ0b3hkZXBzIl0gPSAoInRveC1jb25kYSAiICsgaXRlbVsidG94ZGVwcyJdKS5zdHJpcCgpCgogICAgIyBtYWtlIHRpbWVvdXQtbWludXRlcyBhIG51bWJlcgogICAgaXRlbVsidGltZW91dC1taW51dGVzIl0gPSBpbnQoaXRlbVsidGltZW91dC1taW51dGVzIl0pCgogICAgIyB2ZXJpZnkgdmFsdWVzCiAgICBhc3NlcnQgaXRlbVsicHl0ZXN0Il0gaW4geyJ0cnVlIiwgImZhbHNlIn0KICAgIGFzc2VydCBpdGVtWyJjb25kYSJdIGluIHsidHJ1ZSIsICJmYWxzZSJ9CiAgICBhc3NlcnQgaXRlbVsiZGlzcGxheSJdIGluIHsidHJ1ZSIsICJmYWxzZSJ9CgogICAgcmV0dXJuIGl0ZW0KCgppZiBfX25hbWVfXyA9PSAiX19tYWluX18iOgogICAgbG9hZF90b3hfdGFyZ2V0cygpCg==
TOX_MATRIX_SCRIPT: IyAvLy8gc2NyaXB0CiMgcmVxdWlyZXMtcHl0aG9uID0gIj09My4xMiIKIyBkZXBlbmRlbmNpZXMgPSBbCiMgICAgICJjbGljaz09OC4yLjEiLAojICAgICAicGFja2FnaW5nPT0yNS4wIiwKIyAgICAgInB5eWFtbD09Ni4wLjIiLAojIF0KIyAvLy8KaW1wb3J0IGpzb24KaW1wb3J0IG9zCmltcG9ydCByZQoKaW1wb3J0IGNsaWNrCmltcG9ydCB5YW1sCmZyb20gcGFja2FnaW5nLnZlcnNpb24gaW1wb3J0IEludmFsaWRWZXJzaW9uLCBWZXJzaW9uCgoKQGNsaWNrLmNvbW1hbmQoKQpAY2xpY2sub3B0aW9uKCItLWVudnMiLCBkZWZhdWx0PSIiKQpAY2xpY2sub3B0aW9uKCItLWxpYnJhcmllcyIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tcG9zYXJncyIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tdG94ZGVwcyIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tdG94YXJncyIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tcHl0ZXN0IiwgZGVmYXVsdD0idHJ1ZSIpCkBjbGljay5vcHRpb24oIi0tcHl0ZXN0LXJlc3VsdHMtc3VtbWFyeSIsIGRlZmF1bHQ9ImZhbHNlIikKQGNsaWNrLm9wdGlvbigiLS1jb3ZlcmFnZSIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tY29uZGEiLCBkZWZhdWx0PSJhdXRvIikKQGNsaWNrLm9wdGlvbigiLS1zZXRlbnYiLCBkZWZhdWx0PSIiKQpAY2xpY2sub3B0aW9uKCItLWRpc3BsYXkiLCBkZWZhdWx0PSJmYWxzZSIpCkBjbGljay5vcHRpb24oIi0tY2FjaGUtcGF0aCIsIGRlZmF1bHQ9IiIpCkBjbGljay5vcHRpb24oIi0tY2FjaGUta2V5IiwgZGVmYXVsdD0iIikKQGNsaWNrLm9wdGlvbigiLS1jYWNoZS1yZXN0b3JlLWtleXMiLCBkZWZhdWx0PSIiKQpAY2xpY2sub3B0aW9uKCItLWFydGlmYWN0LXBhdGgiLCBkZWZhdWx0PSIiKQpAY2xpY2sub3B0aW9uKCItLXJ1bnMtb24iLCBkZWZhdWx0PSIiKQpAY2xpY2sub3B0aW9uKCItLWRlZmF1bHQtcHl0aG9uIiwgZGVmYXVsdD0iIikKQGNsaWNrLm9wdGlvbigiLS10aW1lb3V0LW1pbnV0ZXMiLCBkZWZhdWx0PSIzNjAiKQpkZWYgbG9hZF90b3hfdGFyZ2V0cyhlbnZzLCBsaWJyYXJpZXMsIHBvc2FyZ3MsIHRveGRlcHMsIHRveGFyZ3MsIHB5dGVzdCwgcHl0ZXN0X3Jlc3VsdHNfc3VtbWFyeSwKICAgICAgICAgICAgICAgICAgICAgY292ZXJhZ2UsIGNvbmRhLCBzZXRlbnYsIGRpc3BsYXksIGNhY2hlX3BhdGgsIGNhY2hlX2tleSwKICAgICAgICAgICAgICAgICAgICAgY2FjaGVfcmVzdG9yZV9rZXlzLCBhcnRpZmFjdF9wYXRoLCBydW5zX29uLCBkZWZhdWx0X3B5dGhvbiwgdGltZW91dF9taW51dGVzKToKICAgICIiIlNjcmlwdCB0byBsb2FkIHRveCB0YXJnZXRzIGZvciBHaXRIdWIgQWN0aW9ucyB3b3JrZmxvdy4iIiIKICAgICMgTG9hZCBlbnZzIGNvbmZpZwogICAgZW52cyA9IHlhbWwubG9hZChlbnZzLCBMb2FkZXI9eWFtbC5CYXNlTG9hZGVyKQogICAgcHJpbnQoanNvbi5kdW1wcyhlbnZzLCBpbmRlbnQ9MikpCgogICAgIyBMb2FkIGdsb2JhbCBsaWJyYXJpZXMgY29uZmlnCiAgICBnbG9iYWxfbGlicmFyaWVzID0gewogICAgICAgICJicmV3IjogW10sCiAgICAgICAgImJyZXctY2FzayI6IFtdLAogICAgICAgICJhcHQiOiBbXSwKICAgICAgICAiY2hvY28iOiBbXSwKICAgIH0KICAgIGxpYnJhcmllcyA9IHlhbWwubG9hZChsaWJyYXJpZXMsIExvYWRlcj15YW1sLkJhc2VMb2FkZXIpCiAgICBpZiBsaWJyYXJpZXMgaXMgbm90IE5vbmU6CiAgICAgICAgZ2xvYmFsX2xpYnJhcmllcy51cGRhdGUobGlicmFyaWVzKQogICAgcHJpbnQoanNvbi5kdW1wcyhnbG9iYWxfbGlicmFyaWVzLCBpbmRlbnQ9MikpCgogICAgIyBEZWZhdWx0IGltYWdlcyB0byB1c2UgZm9yIHJ1bm5lcnMKICAgIGRlZmF1bHRfcnVuc19vbiA9IHsKICAgICAgICAibGludXgiOiAidWJ1bnR1LWxhdGVzdCIsCiAgICAgICAgIm1hY29zIjogIm1hY29zLWxhdGVzdCIsCiAgICAgICAgIndpbmRvd3MiOiAid2luZG93cy1sYXRlc3QiLAogICAgfQogICAgY3VzdG9tX3J1bnNfb24gPSB5YW1sLmxvYWQocnVuc19vbiwgTG9hZGVyPXlhbWwuQmFzZUxvYWRlcikKICAgIGlmIGlzaW5zdGFuY2UoY3VzdG9tX3J1bnNfb24sIGRpY3QpOgogICAgICAgIGRlZmF1bHRfcnVuc19vbi51cGRhdGUoY3VzdG9tX3J1bnNfb24pCiAgICBwcmludChqc29uLmR1bXBzKGRlZmF1bHRfcnVuc19vbiwgaW5kZW50PTIpKQoKICAgICMgRGVmYXVsdCBzdHJpbmcgcGFyYW1ldGVycyB3aGljaCBjYW4gYmUgb3ZlcndyaXR0ZW4gYnkgZWFjaCBlbnYKICAgIHN0cmluZ19wYXJhbWV0ZXJzID0gewogICAgICAgICJwb3NhcmdzIjogcG9zYXJncywKICAgICAgICAidG94ZGVwcyI6IHRveGRlcHMsCiAgICAgICAgInRveGFyZ3MiOiB0b3hhcmdzLAogICAgICAgICJweXRlc3QiOiBweXRlc3QsCiAgICAgICAgInB5dGVzdC1yZXN1bHRzLXN1bW1hcnkiOiBweXRlc3RfcmVzdWx0c19zdW1tYXJ5LAogICAgICAgICJjb3ZlcmFnZSI6IGNvdmVyYWdlLAogICAgICAgICJjb25kYSI6IGNvbmRhLAogICAgICAgICJzZXRlbnYiOiBzZXRlbnYsCiAgICAgICAgImRpc3BsYXkiOiBkaXNwbGF5LAogICAgICAgICJjYWNoZS1wYXRoIjogY2FjaGVfcGF0aCwKICAgICAgICAiY2FjaGUta2V5IjogY2FjaGVfa2V5LAogICAgICAgICJjYWNoZS1yZXN0b3JlLWtleXMiOiBjYWNoZV9yZXN0b3JlX2tleXMsCiAgICAgICAgImFydGlmYWN0LXBhdGgiOiBhcnRpZmFjdF9wYXRoLAogICAgICAgICJ0aW1lb3V0LW1pbnV0ZXMiOiB0aW1lb3V0X21pbnV0ZXMsCiAgICB9CgogICAgIyBDcmVhdGUgbWF0cml4CiAgICBtYXRyaXggPSB7ImluY2x1ZGUiOiBbXX0KICAgIGZvciBlbnYgaW4gZW52czoKICAgICAgICBtYXRyaXhbImluY2x1ZGUiXS5hcHBlbmQoZ2V0X21hdHJpeF9pdGVtKAogICAgICAgICAgICBlbnYsCiAgICAgICAgICAgIGdsb2JhbF9saWJyYXJpZXM9Z2xvYmFsX2xpYnJhcmllcywKICAgICAgICAgICAgZ2xvYmFsX3N0cmluZ19wYXJhbWV0ZXJzPXN0cmluZ19wYXJhbWV0ZXJzLAogICAgICAgICAgICBydW5zX29uPWRlZmF1bHRfcnVuc19vbiwKICAgICAgICAgICAgZGVmYXVsdF9weXRob249ZGVmYXVsdF9weXRob24sCiAgICAgICAgKSkKCiAgICAjIE91dHB1dCBtYXRyaXgKICAgIHByaW50KGpzb24uZHVtcHMobWF0cml4LCBpbmRlbnQ9MikpCiAgICB3aXRoIG9wZW4ob3MuZW52aXJvblsiR0lUSFVCX09VVFBVVCJdLCAiYSIpIGFzIGY6CiAgICAgICAgZi53cml0ZShmIm1hdHJpeD17anNvbi5kdW1wcyhtYXRyaXgpfVxuIikKCgpkZWYgZ2V0X21hdHJpeF9pdGVtKGVudiwgZ2xvYmFsX2xpYnJhcmllcywgZ2xvYmFsX3N0cmluZ19wYXJhbWV0ZXJzLAogICAgICAgICAgICAgICAgICAgIHJ1bnNfb24sIGRlZmF1bHRfcHl0aG9uKToKCiAgICAjIGRlZmluZSBzcGVjIGZvciBlYWNoIG1hdHJpeCBpbmNsdWRlICgrIGdsb2JhbF9zdHJpbmdfcGFyYW1ldGVycykKICAgIGl0ZW0gPSB7CiAgICAgICAgIm9zIjogTm9uZSwKICAgICAgICAidG94ZW52IjogTm9uZSwKICAgICAgICAicHl0aG9uX3ZlcnNpb24iOiBOb25lLAogICAgICAgICJuYW1lIjogTm9uZSwKICAgICAgICAicHl0ZXN0X2ZsYWciOiBOb25lLAogICAgICAgICJsaWJyYXJpZXNfYnJldyI6IE5vbmUsCiAgICAgICAgImxpYnJhcmllc19icmV3X2Nhc2siOiBOb25lLAogICAgICAgICJsaWJyYXJpZXNfYXB0IjogTm9uZSwKICAgICAgICAibGlicmFyaWVzX2Nob2NvIjogTm9uZSwKICAgICAgICAiY2FjaGUtcGF0aCI6IE5vbmUsCiAgICAgICAgImNhY2hlLWtleSI6IE5vbmUsCiAgICAgICAgImNhY2hlLXJlc3RvcmUta2V5cyI6IE5vbmUsCiAgICAgICAgImFydGlmYWN0LW5hbWUiOiBOb25lLAogICAgICAgICJhcnRpZmFjdC1wYXRoIjogTm9uZSwKICAgICAgICAidGltZW91dC1taW51dGVzIjogTm9uZSwKICAgIH0KICAgIGZvciBzdHJpbmdfcGFyYW0sIGRlZmF1bHQgaW4gZ2xvYmFsX3N0cmluZ19wYXJhbWV0ZXJzLml0ZW1zKCk6CiAgICAgICAgZW52X3ZhbHVlID0gZW52LmdldChzdHJpbmdfcGFyYW0pCiAgICAgICAgaXRlbVtzdHJpbmdfcGFyYW1dID0gZGVmYXVsdCBpZiBlbnZfdmFsdWUgaXMgTm9uZSBlbHNlIGVudl92YWx1ZQoKICAgICMgc2V0IG9zIGFuZCB0b3hlbnYKICAgIGZvciBrLCB2IGluIHJ1bnNfb24uaXRlbXMoKToKICAgICAgICBpZiBrIGluIGVudjoKICAgICAgICAgICAgcGxhdGZvcm0gPSBrCiAgICAgICAgICAgIGl0ZW1bIm9zIl0gPSBlbnYuZ2V0KCJydW5zLW9uIiwgdikKICAgICAgICAgICAgaXRlbVsidG94ZW52Il0gPSBlbnZba10KICAgIGFzc2VydCBpdGVtWyJvcyJdIGlzIG5vdCBOb25lIGFuZCBpdGVtWyJ0b3hlbnYiXSBpcyBub3QgTm9uZQoKICAgICMgc2V0IHB5dGhvbl92ZXJzaW9uCiAgICBweXRob25fdmVyc2lvbiA9IGVudi5nZXQoInB5dGhvbi12ZXJzaW9uIikKICAgIG0gPSByZS5zZWFyY2goIl5weSgyfDMpKFswLTldK3Q/KSIsIGl0ZW1bInRveGVudiJdKQogICAgaWYgcHl0aG9uX3ZlcnNpb24gaXMgbm90IE5vbmU6CiAgICAgICAgaXRlbVsicHl0aG9uX3ZlcnNpb24iXSA9IHB5dGhvbl92ZXJzaW9uCiAgICBlbGlmIG0gaXMgbm90IE5vbmU6CiAgICAgICAgbWFqb3IsIG1pbm9yID0gbS5ncm91cHMoKQogICAgICAgIGl0ZW1bInB5dGhvbl92ZXJzaW9uIl0gPSBmInttYWpvcn0ue21pbm9yfSIKICAgIGVsc2U6CiAgICAgICAgaXRlbVsicHl0aG9uX3ZlcnNpb24iXSA9IGVudi5nZXQoImRlZmF1bHRfcHl0aG9uIikgb3IgZGVmYXVsdF9weXRob24KCiAgICAjIGlmIFB5dGhvbiBpcyA8My4xMCB3ZSBjYW4ndCB1c2UgbWFjb3MtbGF0ZXN0IHdoaWNoIGlzIGFybTY0CiAgICB0cnk6CiAgICAgICAgaWYgVmVyc2lvbihpdGVtWyJweXRob25fdmVyc2lvbiJdKSA8IFZlcnNpb24oJzMuMTAnKSBhbmQgaXRlbVsib3MiXSA9PSAibWFjb3MtbGF0ZXN0IjoKICAgICAgICAgICAgaXRlbVsib3MiXSA9ICJtYWNvcy0xMyIKICAgIGV4Y2VwdCBJbnZhbGlkVmVyc2lvbjoKICAgICAgICAjIHB5dGhvbl92ZXJzaW9uIG1pZ2h0IGJlIGZvciBleGFtcGxlICdweXB5LTMuMTAnIHdoaWNoIHdvbid0IHBhcnNlCiAgICAgICAgcGFzcwoKICAgICMgc2V0IG5hbWUKICAgIGl0ZW1bIm5hbWUiXSA9IGVudi5nZXQoIm5hbWUiKSBvciBmJ3tpdGVtWyJ0b3hlbnYiXX0gKHtpdGVtWyJvcyJdfSknCgogICAgIyBzZXQgYXJ0aWZhY3QtbmFtZSAocmVwbGFjZSBpbnZhbGlkIHBhdGggY2hhcmFjdGVycykKICAgIGl0ZW1bImFydGlmYWN0LW5hbWUiXSA9IHJlLnN1YihyIltcXCAvOjw+fCo/XCInXSIsICItIiwgaXRlbVsibmFtZSJdKQogICAgaXRlbVsiYXJ0aWZhY3QtbmFtZSJdID0gcmUuc3ViKHIiLSsiLCAiLSIsIGl0ZW1bImFydGlmYWN0LW5hbWUiXSkKCiAgICAjIHNldCBweXRlc3RfZmxhZwogICAgaXRlbVsicHl0ZXN0X2ZsYWciXSA9ICIiCiAgICBzZXAgPSByIlxcIiBpZiBwbGF0Zm9ybSA9PSAid2luZG93cyIgZWxzZSAiLyIKICAgIGlmIGl0ZW1bInB5dGVzdCJdID09ICJ0cnVlIiBhbmQgImNvZGVjb3YiIGluIGl0ZW0uZ2V0KCJjb3ZlcmFnZSIsICIiKToKICAgICAgICBpdGVtWyJweXRlc3RfZmxhZyJdICs9ICgKICAgICAgICAgICAgcmYiLS1jb3YtcmVwb3J0PXhtbDoke3tHSVRIVUJfV09SS1NQQUNFfX17c2VwfWNvdmVyYWdlLnhtbCAiKQogICAgaWYgaXRlbVsicHl0ZXN0Il0gPT0gInRydWUiIGFuZCBpdGVtWyJweXRlc3QtcmVzdWx0cy1zdW1tYXJ5Il0gPT0gInRydWUiOgogICAgICAgIGl0ZW1bInB5dGVzdF9mbGFnIl0gKz0gcmYiLS1qdW5pdHhtbCAke3tHSVRIVUJfV09SS1NQQUNFfX17c2VwfXJlc3VsdHMueG1sICIKCiAgICAjIHNldCBsaWJyYXJpZXMKICAgIGVudl9saWJyYXJpZXMgPSBlbnYuZ2V0KCJsaWJyYXJpZXMiKQogICAgaWYgaXNpbnN0YW5jZShlbnZfbGlicmFyaWVzLCBzdHIpIGFuZCBsZW4oZW52X2xpYnJhcmllcy5zdHJpcCgpKSA9PSAwOgogICAgICAgIGVudl9saWJyYXJpZXMgPSB7fSAgIyBubyBsaWJyYXJpZXMgcmVxdWVzdGVkIGZvciBlbnZpcm9ubWVudAogICAgbGlicmFyaWVzID0gZ2xvYmFsX2xpYnJhcmllcyBpZiBlbnZfbGlicmFyaWVzIGlzIE5vbmUgZWxzZSBlbnZfbGlicmFyaWVzCiAgICBmb3IgbWFuYWdlciBpbiBbImJyZXciLCAiYnJld19jYXNrIiwgImFwdCIsICJjaG9jbyJdOgogICAgICAgIGl0ZW1bZiJsaWJyYXJpZXNfe21hbmFnZXJ9Il0gPSAiICIuam9pbihsaWJyYXJpZXMuZ2V0KG1hbmFnZXIsIFtdKSkKCiAgICAjIHNldCAiYXV0byIgY29uZGEgdmFsdWUKICAgIGlmIGl0ZW1bImNvbmRhIl0gPT0gImF1dG8iOgogICAgICAgIGl0ZW1bImNvbmRhIl0gPSAidHJ1ZSIgaWYgImNvbmRhIiBpbiBpdGVtWyJ0b3hlbnYiXSBlbHNlICJmYWxzZSIKCiAgICAjIGluamVjdCB0b3hkZXBzIGZvciBjb25kYQogICAgaWYgaXRlbVsiY29uZGEiXSA9PSAidHJ1ZSIgYW5kICJ0b3gtY29uZGEiIG5vdCBpbiBpdGVtWyJ0b3hkZXBzIl0ubG93ZXIoKToKICAgICAgICBpdGVtWyJ0b3hkZXBzIl0gPSAoInRveC1jb25kYSAiICsgaXRlbVsidG94ZGVwcyJdKS5zdHJpcCgpCgogICAgIyBtYWtlIHRpbWVvdXQtbWludXRlcyBhIG51bWJlcgogICAgaXRlbVsidGltZW91dC1taW51dGVzIl0gPSBpbnQoaXRlbVsidGltZW91dC1taW51dGVzIl0pCgogICAgIyB2ZXJpZnkgdmFsdWVzCiAgICBhc3NlcnQgaXRlbVsicHl0ZXN0Il0gaW4geyJ0cnVlIiwgImZhbHNlIn0KICAgIGFzc2VydCBpdGVtWyJjb25kYSJdIGluIHsidHJ1ZSIsICJmYWxzZSJ9CiAgICBhc3NlcnQgaXRlbVsiZGlzcGxheSJdIGluIHsidHJ1ZSIsICJmYWxzZSJ9CgogICAgcmV0dXJuIGl0ZW0KCgppZiBfX25hbWVfXyA9PSAiX19tYWluX18iOgogICAgbG9hZF90b3hfdGFyZ2V0cygpCg==
- run: cat tox_matrix.py
- id: set-outputs
Copy link
Member

@Cadair Cadair Jul 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like you want a pipx run below here?

Copy link
Contributor Author

@neutrinoceros neutrinoceros Jul 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, thanks !

Cadair
Cadair reviewed Jul 7, 2025
View reviewed changes
.github/workflows/tox.yml Outdated
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: '3.12'
- run: python -m pip install PyYAML click packaging
Copy link
Member

@Cadair Cadair Jul 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need these installs if we are pipx running?

Copy link
Contributor Author

@neutrinoceros neutrinoceros Jul 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indeed we don't. Thank you for catching this !

@neutrinoceros neutrinoceros marked this pull request as ready for review July 7, 2025 10:53
@Cadair
Copy link
Member

Cadair commented Jul 7, 2025

I don't suppose dependabot speaks PEP 723 yet?

@neutrinoceros
Copy link
Contributor Author

neutrinoceros commented Jul 7, 2025

indeed it doesn't, but there's an open ticket for it: dependabot/dependabot-core#11946

@Cadair
Copy link
Member

Cadair commented Jul 7, 2025

Thanks a lot @neutrinoceros I think this is lovely improvement, nice to use a new Python feature.

I'll let either @ConorMacBride or @astrofrog take a second look

@Cadair Cadair requested review from ConorMacBride and astrofrog July 7, 2025 14:42
astrofrog
astrofrog approved these changes Jul 7, 2025
View reviewed changes
Copy link
Contributor

@astrofrog astrofrog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@astrofrog astrofrog merged commit 7da3aff into OpenAstronomy:main Jul 7, 2025
77 checks passed
@neutrinoceros neutrinoceros deleted the pep723 branch July 7, 2025 15:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@astrofrog astrofrog astrofrog approved these changes

@Cadair Cadair Cadair approved these changes

@ConorMacBride ConorMacBride Awaiting requested review from ConorMacBride

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@neutrinoceros @Cadair @astrofrog