Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix codeql workflow failure #2046

Merged
merged 2 commits into from
Feb 3, 2023
Merged

fix codeql workflow failure #2046

merged 2 commits into from
Feb 3, 2023

Conversation

rshraga
Copy link
Contributor

@rshraga rshraga commented Feb 3, 2023
edited
Loading

The CodeQL workflow has started failing 3 weeks ago. I traced the issue to a change in how setuptools handles warnings in virtualenvs pypa/setuptools#3772 Reverting to an older setuptools package fixes the issue, but I am not sure how to address properly

@rshraga rshraga changed the title fix codeqel workflow failure fix codeql workflow failure Feb 3, 2023
@rshraga rshraga linked an issue Feb 3, 2023 that may be closed by this pull request
Fix CodeQL failure in CI #2044
Closed
@rshraga
Copy link
Contributor Author

rshraga commented Feb 3, 2023

I traced this issue to the setuptools package: pypa/setuptools#3772 Seems this warning has been thrown forever, but starting with setuptools 66 the warning starts throwing an actual exception. The back and forth on that decision is spicy and I am not sure it will get fixed since installation using the setup.py command is not recommended. Workaround is to revert setup tools to 65.7.0 but I am not sure this is wise long term.

@joecummings
Copy link
Contributor

If we just need to get this passing in time for the release, this seems fine as it only affects the setuptools used for running codeql.

How important is codeql to our health signals? @osalpekar ?

@osalpekar
Copy link
Member

If we just need to get this passing in time for the release, this seems fine as it only affects the setuptools used for running codeql.

How important is codeql to our health signals? @osalpekar ?

@joecummings It's a good security check, but likely not the most critical since many other ecosystem libraries and pytorch core don't have this.

@joecummings joecummings merged commit 11cdc27 into main Feb 3, 2023
@rshraga rshraga deleted the fixCodeQL branch February 3, 2023 18:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joecummings joecummings joecummings approved these changes

@Nayef211 Nayef211 Awaiting requested review from Nayef211

@osalpekar osalpekar Awaiting requested review from osalpekar

Assignees
No one assigned
Labels
cla signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix CodeQL failure in CI
4 participants
@rshraga @joecummings @osalpekar @facebook-github-bot