ci: Run tests before publish #5009
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| name: Test built wheels | ||
| runs-on: ${{ matrix.os }} | ||
| needs: build | ||
| if: ${{ inputs.run_tests }} | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| os: [ubuntu-latest] | ||
| runner: [native, ray] | ||
| arch: [x86_64] | ||
| python-version: ['3.9', '3.11'] | ||
| env: | ||
| package-name: daft | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Download built wheels | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| pattern: wheels-* | ||
| merge-multiple: true | ||
| path: dist | ||
| - name: Set up Python ${{ matrix.python-version }} | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: ${{ matrix.python-version }} | ||
| - name: Setup Virtual Env | ||
| run: | | ||
| python -m venv venv | ||
| echo "$GITHUB_WORKSPACE/venv/bin" >> $GITHUB_PATH | ||
| - name: Install wheel and test dependencies | ||
| uses: nick-fields/retry@v3 | ||
| with: | ||
| timeout_minutes: 10 | ||
| max_attempts: 3 | ||
| retry_wait_seconds: 10 | ||
| command: | | ||
| source venv/bin/activate | ||
| pip install ray pytest pandas dist/*${{ matrix.arch }}*.whl --force-reinstall | ||
| rm -rf daft | ||
| - name: Run dataframe tests | ||
| run: | | ||
| source venv/bin/activate | ||
| DAFT_RUNNER=${{ matrix.runner }} pytest tests/dataframe --durations=50 |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 8 days ago
To fix the problem, add an explicit permissions block at the top level of the workflow file. This block will establish the least privilege required for all jobs in the workflow unless overridden at the job level. For standard CI/CD workflows (build, test, upload/download artifacts, checkout code), contents: read is sufficient. Place the permissions block below the name: and run-name: and above on: on line 3. This provides security and avoids excessive privileges for the GITHUB_TOKEN. No need to modify any individual jobs, as the root-level block applies to all jobs unless overridden.
| @@ -1,5 +1,7 @@ | ||
| name: Build Daft wheel | ||
| run-name: 'Build Daft wheel for ${{ inputs.os }}-${{ inputs.arch }}-lts=${{ inputs.lts }}-lto=${{ inputs.use_lto }}' | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| workflow_call: |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #5009 +/- ##
==========================================
+ Coverage 76.47% 76.61% +0.13%
==========================================
Files 934 936 +2
Lines 128764 128819 +55
==========================================
+ Hits 98471 98692 +221
+ Misses 30293 30127 -166 🚀 New features to boost your workflow:
|
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Summary
This PR enhances the CI/CD pipeline by adding a quality gate that tests built wheels before publishing them to PyPI and S3. The changes implement optional testing functionality across multiple workflows and improve test robustness to handle missing optional dependencies.
The core enhancement is in the GitHub workflows: build-wheel.yml now includes a test-wheels job that can be optionally enabled via a run_tests parameter. When enabled, this job downloads the built wheels and runs the tests/dataframe test suite across Python 3.9 and 3.11 with both native and Ray runners on Ubuntu. The publish-pypi.yml workflow now sets run_tests: true by default, ensuring wheels are validated before reaching end users. The publish-dev-s3.yml workflow adds the same capability as an optional parameter.
To support reliable testing in CI environments, several test files were updated to handle optional dependencies more gracefully. Files like test_logical_type.py, test_repr.py, and others now use pytest.importorskip('PIL') instead of direct PIL imports, ensuring tests are skipped rather than failing when PIL is unavailable. Similarly, test_creation.py was updated to conditionally define PyExtType and skip tests when PyArrow's PyExtensionType is not available. The integration test configuration in conftest.py was optimized with lazy imports for boto3, numpy, s3fs, and PIL to improve startup performance.
Additional improvements include environment variables to disable analytics and progress bars during CI execution, and enhanced test conditions in test_aggregations.py to ensure proper runner-specific behavior validation. These changes integrate seamlessly with the existing build matrix across different operating systems and architectures while adding this crucial validation step.
Context used:
Rule - Import statements should be placed at the top of the file rather than inline within functions or methods. (link)
8 files reviewed, no comments
Yeah to make sure we didn't accidentally add dependencies. These tests run on a fresh env with pip installed daft. A lot of the other tests have testing dependencies. I guess we can add 'importorskip' to all of them, but i thought just dataframe is good enough, better than nothing, for now. |
## Changes Made Test the built wheel with `tests/dataframe` before publishing. Successful run https://github.com/Eventual-Inc/Daft/actions/runs/17419058418 ## Related Issues <!-- Link to related GitHub issues, e.g., "Closes Eventual-Inc#123" --> ## Checklist - [ ] Documented in API Docs (if applicable) - [ ] Documented in User Guide (if applicable) - [ ] If adding a new documentation page, doc is added to `docs/mkdocs.yml` navigation - [ ] Documentation builds and is formatted properly (tag @/ccmao1130 for docs review)
Changes Made
Test the built wheel with
tests/dataframebefore publishing.Successful run https://github.com/Eventual-Inc/Daft/actions/runs/17419058418
Related Issues
Checklist
docs/mkdocs.ymlnavigation