From 099793a9c54aeb916c6012b6a16db3de2b0f9749 Mon Sep 17 00:00:00 2001 From: James Lamb Date: Wed, 14 Jan 2026 15:11:09 -0600 Subject: [PATCH 1/2] enforce pre-commit checks in CI --- .github/actionlint.yaml | 12 +++++++++--- .github/workflows/conda-cpp-build.yaml | 2 +- .github/workflows/conda-cpp-tests.yaml | 3 +-- .github/workflows/conda-python-build.yaml | 2 +- .github/workflows/conda-python-tests.yaml | 3 +-- .github/workflows/custom-job.yaml | 2 +- .github/workflows/pr.yaml | 19 +++++++++++++++++++ .github/workflows/wheels-build.yaml | 2 +- .github/workflows/wheels-test.yaml | 3 +-- .pre-commit-config.yaml | 2 -- 10 files changed, 35 insertions(+), 15 deletions(-) create mode 100644 .github/workflows/pr.yaml diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml index 9cab3c5c..298ec558 100644 --- a/.github/actionlint.yaml +++ b/.github/actionlint.yaml @@ -1,12 +1,18 @@ -# Configuration related to self-hosted runners. +# Avoid warnings about unrecognized runner types. self-hosted-runner: - # Labels of self-hosted runner in array of strings. labels: - linux-amd64-* - linux-arm64-* -# Configuration variables in array of strings defined in your repository or organization. +# Avoid warnings about referencing things in ${{ vars.* }} statements. config-variables: - AWS_REGION - AWS_ROLE_ARN - TELEMETRY_ENABLED + +paths: + .github/workflows/conda-python-tests.yaml: + ignore: + # ${{ secrets.CODECOV_TOKEN }} is valid if a secret like that exists in the calling repo, + # and we're confident that it's there in our repos, so this error can be silenced + - 'property "codecov_token" is not defined in object type' diff --git a/.github/workflows/conda-cpp-build.yaml b/.github/workflows/conda-cpp-build.yaml index 07805852..6d7205fd 100644 --- a/.github/workflows/conda-cpp-build.yaml +++ b/.github/workflows/conda-cpp-build.yaml @@ -195,7 +195,7 @@ jobs: GH_TOKEN: ${{ inputs.alternative-gh-token-secret-name && secrets[inputs.alternative-gh-token-secret-name] || github.token }} # zizmor: ignore[overprovisioned-secrets] - name: C++ build run: | - ulimit -n $(ulimit -Hn) + ulimit -n "$(ulimit -Hn)" $INPUTS_SCRIPT env: INPUTS_SCRIPT: "${{ inputs.script }}" diff --git a/.github/workflows/conda-cpp-tests.yaml b/.github/workflows/conda-cpp-tests.yaml index 9daf026e..e113c26b 100644 --- a/.github/workflows/conda-cpp-tests.yaml +++ b/.github/workflows/conda-cpp-tests.yaml @@ -282,7 +282,6 @@ jobs: local val_str=$3 if test -n "${val_str}"; then if ! test -n "${key_str}"; then - local input_name echo "ERROR: '${input_prefix}-value' non-empty but '${input_prefix}-key' is empty. Set '${input_prefix}-key'." exit 1 fi @@ -294,7 +293,7 @@ jobs: set_env_var '3' '${{ secrets.script-env-secret-3-key }}' '${{ secrets.script-env-secret-3-value }}' - name: C++ tests run: | - ulimit -n $(ulimit -Hn) + ulimit -n "$(ulimit -Hn)" $INPUTS_SCRIPT env: INPUTS_SCRIPT: "${{ inputs.script }}" diff --git a/.github/workflows/conda-python-build.yaml b/.github/workflows/conda-python-build.yaml index f8e60efa..c958c409 100644 --- a/.github/workflows/conda-python-build.yaml +++ b/.github/workflows/conda-python-build.yaml @@ -220,7 +220,7 @@ jobs: - name: Python build id: python-build run: | - ulimit -n $(ulimit -Hn) + ulimit -n "$(ulimit -Hn)" # shellcheck disable=SC1090 source "${INPUTS_SCRIPT}" diff --git a/.github/workflows/conda-python-tests.yaml b/.github/workflows/conda-python-tests.yaml index 1d8a64df..d868db59 100644 --- a/.github/workflows/conda-python-tests.yaml +++ b/.github/workflows/conda-python-tests.yaml @@ -287,7 +287,6 @@ jobs: local val_str=$3 if test -n "${val_str}"; then if ! test -n "${key_str}"; then - local input_name echo "ERROR: '${input_prefix}-value' non-empty but '${input_prefix}-key' is empty. Set '${input_prefix}-key'." exit 1 fi @@ -299,7 +298,7 @@ jobs: set_env_var '3' '${{ secrets.script-env-secret-3-key }}' '${{ secrets.script-env-secret-3-value }}' - name: Python tests run: | - ulimit -n $(ulimit -Hn) + ulimit -n "$(ulimit -Hn)" $INPUTS_SCRIPT env: INPUTS_SCRIPT: "${{ inputs.script }}" diff --git a/.github/workflows/custom-job.yaml b/.github/workflows/custom-job.yaml index 0af5549c..e8b5dc56 100644 --- a/.github/workflows/custom-job.yaml +++ b/.github/workflows/custom-job.yaml @@ -203,7 +203,7 @@ jobs: persist-credentials: false - name: Run script run: | - ulimit -n $(ulimit -Hn) + ulimit -n "$(ulimit -Hn)" $INPUTS_SCRIPT env: # NEEDS alternative-gh-token-secret-name - may require a token with more permissions diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml new file mode 100644 index 00000000..8d3d80c6 --- /dev/null +++ b/.github/workflows/pr.yaml @@ -0,0 +1,19 @@ +name: pr + +concurrency: + group: ci-on-${{ github.event_name }}-from-${{ github.ref_name }} + cancel-in-progress: true + +on: + pull_request: + branches: + - main + +jobs: + checks: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + with: + fetch-depth: 1 + - uses: pre-commit/action@v3.0.1 diff --git a/.github/workflows/wheels-build.yaml b/.github/workflows/wheels-build.yaml index ea36f219..d2c26302 100644 --- a/.github/workflows/wheels-build.yaml +++ b/.github/workflows/wheels-build.yaml @@ -268,7 +268,7 @@ jobs: - name: Build and repair the wheel id: build-wheel run: | - ulimit -n $(ulimit -Hn) + ulimit -n "$(ulimit -Hn)" # shellcheck disable=SC1090 source "${INPUTS_SCRIPT}" diff --git a/.github/workflows/wheels-test.yaml b/.github/workflows/wheels-test.yaml index 3afd0881..04e3f161 100644 --- a/.github/workflows/wheels-test.yaml +++ b/.github/workflows/wheels-test.yaml @@ -312,7 +312,6 @@ jobs: local val_str=$3 if test -n "${val_str}"; then if ! test -n "${key_str}"; then - local input_name echo "ERROR: '${input_prefix}-value' non-empty but '${input_prefix}-key' is empty. Set '${input_prefix}-key'." exit 1 fi @@ -324,7 +323,7 @@ jobs: set_env_var '3' '${{ secrets.script-env-secret-3-key }}' '${{ secrets.script-env-secret-3-value }}' - name: Run tests run: | - ulimit -n $(ulimit -Hn) + ulimit -n "$(ulimit -Hn)" $INPUTS_SCRIPT env: INPUTS_SCRIPT: "${{ inputs.script }}" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b210f81b..5fa41cd1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -26,10 +26,8 @@ repos: hooks: - id: verify-copyright - repo: https://github.com/zizmorcore/zizmor-pre-commit - # Zizmor version. rev: v1.20.0 hooks: - # Run the linter. - id: zizmor exclude: | (?x)^( From 3b6ef1e37febcef95188f39a76de57a9b57a3bf3 Mon Sep 17 00:00:00 2001 From: James Lamb Date: Wed, 14 Jan 2026 15:16:19 -0600 Subject: [PATCH 2/2] remove workflow file --- .github/workflows/pr.yaml | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 .github/workflows/pr.yaml diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml deleted file mode 100644 index 8d3d80c6..00000000 --- a/.github/workflows/pr.yaml +++ /dev/null @@ -1,19 +0,0 @@ -name: pr - -concurrency: - group: ci-on-${{ github.event_name }}-from-${{ github.ref_name }} - cancel-in-progress: true - -on: - pull_request: - branches: - - main - -jobs: - checks: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - with: - fetch-depth: 1 - - uses: pre-commit/action@v3.0.1