CI workflows maintainance work

jmfernandez · jmfernandez · commit 2d11ce89834d · 2026-03-20T20:20:42.000+01:00
diff --git a/.github/workflows/pip-audit.yml b/.github/workflows/pip-audit.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: [ "3.10", "3.11", "3.12", "3.13" ]
+        python-version: [ "3.8", "3.9", "3.10", "3.11", "3.12", "3.13" ]
     name: pip-audit python ${{ matrix.python-version }}
     steps:
       - uses: actions/checkout@v6
@@ -34,8 +34,84 @@ jobs:
         run: |
           source /tmp/PIPAUDIT/bin/activate
           set +e
-          pip-audit --desc=on --progress-spinner=off -r constraints-${{ matrix.python-version }}.txt --no-deps --disable-pip -f markdown -o /tmp/report-before.md
-          refreeze=$?
+          if [ -f constraints-${{ matrix.python-version }}.txt ] ; then
+            pip-audit --desc=on --progress-spinner=off -r constraints-${{ matrix.python-version }}.txt --no-deps --disable-pip -f markdown -o /tmp/report-before.md
+            refreeze=$?
+          else
+            touch /tmp/report-before.md
+            refreeze=1
+          fi
+          set -e
+          
+          if [ "$refreeze" != 0 ] ; then
+            deactivate
+            python -mvenv /tmp/PIPFREEZE
+            source /tmp/PIPFREEZE/bin/activate
+            pip install --upgrade pip wheel
+            pip install -r requirements.txt
+            pip freeze > constraints-${{ matrix.python-version }}.txt
+            
+            # Re-audit the populated environment
+            deactivate
+            source /tmp/PIPAUDIT/bin/activate
+            set +e
+            pip-audit --desc=on --progress-spinner=off -r constraints-${{ matrix.python-version }}.txt --no-deps --disable-pip -f markdown -o /tmp/report-after.md
+            auditres=$?
+            set -e
+            
+            if [ "$auditres" = 0 ] ; then
+              echo "# Fixed dependency issues for Python ${{ matrix.python-version }}" > audit-report-${{ matrix.python-version }}.md
+              cat /tmp/report-before.md >> audit-report-${{ matrix.python-version }}.md
+            else
+              # Time to emit the report
+              echo "# Dependency issues not solved for Python ${{ matrix.python-version }}" > audit-report-${{ matrix.python-version }}.md
+              cat /tmp/report-after.md >> audit-report-${{ matrix.python-version }}.md
+            fi
+            cat audit-report-${{ matrix.python-version }}.md >> "$GITHUB_STEP_SUMMARY"
+          fi
+      - uses: actions/upload-artifact@v7
+        with:
+          name: audit-${{ matrix.python-version }}
+          retention-days: 2
+          path: |
+            constraints-${{ matrix.python-version }}.txt
+            audit-report-${{ matrix.python-version }}.md
+
+  pip-audit-22_04:
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        python-version: [ "3.7" ]
+    name: pip-audit python ${{ matrix.python-version }}
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-python@v6
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: 'pip'
+          cache-dependency-path: |
+            requirements.txt
+          architecture: x64
+      - name: 'Install requirements (standard or constraints ${{ matrix.python-version }})'
+        run: |
+          python -mvenv /tmp/PIPAUDIT
+          source /tmp/PIPAUDIT/bin/activate
+          pip install --upgrade pip wheel
+          pip install pip-audit
+#      - name: 'Freeze Python ${{ matrix.python-version }} constraints'
+#        run: |
+#          pip freeze > constraints-${{ matrix.python-version }}.txt
+      - id: gen-cve-output
+        run: |
+          source /tmp/PIPAUDIT/bin/activate
+          set +e
+          if [ -f constraints-${{ matrix.python-version }}.txt ] ; then
+            pip-audit --desc=on --progress-spinner=off -r constraints-${{ matrix.python-version }}.txt --no-deps --disable-pip -f markdown -o /tmp/report-before.md
+            refreeze=$?
+          else
+            touch /tmp/report-before.md
+            refreeze=1
+          fi
           set -e
           
           if [ "$refreeze" != 0 ] ; then
@@ -79,6 +155,7 @@ jobs:
     name: Pull request with the newly generated contents
     needs:
       - pip-audit
+      - pip-audit-22_04
     steps:
       - name: Get analysis timestamp
         id: timestamp
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -219,6 +219,7 @@ jobs:
         if: steps.move.outputs.skip == 'false'
         with:
           title: Updated constraints (triggered on ${{ steps.timestamp.outputs.timestamp }} by ${{ github.sha }})
+          branch: create-pull-request/patch-constraints
           add-paths: constraints-*.txt
           delete-branch: true
           commit-message: "[create-pull-request] Automatically commit updated contents (constraints)"
