New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Edgetest action #195
Edgetest action #195
Conversation
Whitesource failing isn't a huge surprise. It is using Python 3.7 for the scanning which doesn't support the latest |
whitesource is using python 3.7 or edgetest? we were able to remediate the same whitesource failure by dropping 3.7 in #164 |
Whitesource is using 3.7. The edgetest action is using Python 3.9 for its workflow. If you look at the whitesource run:
I've confirmed with WS that there is no way to configure the bot to use anything but 3.7 at this moment with their free/public offering. |
@ryanSoley so it seems like WS is unable to use the Edit: That might not be it actually. I have a forked repo where I removed the |
@fdosani that makes sense if it has to do with the file type. on your fork, it may be because the requirements.txt file doesn't specifically say somewhat unrelated - does edgetest only work with setup.cfg, and not setup.py? does that PEP you referenced say people should avoid setup.py? |
I don't think it says to avoid it explicity. The main this to avoid is all the boiler plate code from my understanding. I know @ak-gupta looked into this PEP a lot more and maybe can comment. It does feel nicer and yes edgetest favours |
@ryanSoley not sure if you are comfortable merging this in or if you wanted to do something different here? I'm not 100% sure why whitesource passed before, but I know this is an issue for our repos and also a couple of other within the c1 org. Happy to discuss further. |
is it passing now because we're out of scans? how do you deal with the failures on your repos? do you wait until it runs out of scans and passes by default or just merge over the failed CI? I'd prefer not to reintroduce the failure and have to deal with it in future builds if its going to block PRs from being merged |
I think we just disposition the finds to say its an issue with WS and then close them. The OSPO is aware of the issue and is working on a alternative solution to try out. |
@fdosani have you tried bumping all the 3.7 references in here to 3.8? that's essentially how I stopped it from happening on rubicon earlier. since the main setup on rubicon was allowing things to use 3.7 there were deeply nested dependencies that were ending up with 3.7 and the bad numpy version |
I prefer |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@shania-m and I just reviewed - looking good! just a few questions
also - if you have a moment to check something out for me - I think I noticed a bug while testing (not one you introduced). all that to say can you try a |
@ryanSoley request changes have been done, let me know if there is anything else you'd like me to address. Thanks again for the review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks great! thanks for adding it in 🎉
What
edgetest
action to ensure the basic requirements are up to date given the tests pass.How to Test