Skip to content
Pull Request CI

Update Pants internal Python to 3.14 #27790

Sign in to view logs

Update Pants internal Python to 3.14

Update Pants internal Python to 3.14 #27790

Workflow file for this run

.github/workflows/test.yaml at a12d757
# GENERATED, DO NOT EDIT!
# To change, edit `src/python/pants_release/generate_github_workflows.py` and run:
# ./pants run src/python/pants_release/generate_github_workflows.py
concurrency:
cancel-in-progress: true
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
env:
HONEYCOMB_API_KEY: --DISABLED--
PANTS_CONFIG_FILES: +['pants.ci.toml']
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: 'False'
RUST_BACKTRACE: all
jobs:
bootstrap_pants_linux_arm64:
env:
PANTS_REMOTE_CACHE_READ: 'false'
PANTS_REMOTE_CACHE_WRITE: 'false'
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Bootstrap Pants, test Rust (Linux-ARM64)
needs:
- classify_changes
runs-on:
- self-hosted
- runs-on
- runner=4cpu-linux-arm64
- image=ubuntu22-full-arm64-python3.7-3.13
- run-id=${{ github.run_id }}
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- name: Install Protoc
uses: arduino/setup-protoc@9b1ee5b22b0a3f1feb8c2ff99b32c89b3c3191e9
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: 23.x
- name: Set rustup profile
run: rustup set profile default
- name: Cache Rust toolchain
uses: actions/cache@v4
with:
key: Linux-ARM64-rustup-${{ hashFiles('src/rust/rust-toolchain') }}-v2
path: |
~/.rustup/toolchains/1.89.0-*
~/.rustup/update-hashes
~/.rustup/settings.toml
- name: Cache Cargo
uses: Swatinem/[email protected]
with:
cache-bin: 'false'
shared-key: engine
workspaces: src/rust
- id: get-engine-hash
name: Get native engine hash
run: echo "hash=$(./build-support/bin/rust/print_engine_hash.sh)" >> $GITHUB_OUTPUT
shell: bash
- name: Cache native engine
uses: actions/cache@v4
with:
key: Linux-ARM64-engine-${{ steps.get-engine-hash.outputs.hash }}-v1
path: |-
src/python/pants/bin/native_client
src/python/pants/bin/sandboxer
src/python/pants/engine/internals/native_engine.so
src/python/pants/engine/internals/native_engine.so.metadata
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Bootstrap Pants
run: ./pants version > ${{ runner.temp }}/_pants_version.stdout && [[ -s ${{ runner.temp }}/_pants_version.stdout ]]
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Run smoke tests
run: |
./pants list ::
./pants roots
./pants help goals
./pants help targets
./pants help subsystems
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-bootstrap-Linux-ARM64
overwrite: 'true'
path: .pants.d/workdir/*.log
- name: Upload native binaries
uses: actions/upload-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.Linux-ARM64
path: |-
src/python/pants/bin/native_client
src/python/pants/bin/sandboxer
src/python/pants/engine/internals/native_engine.so
src/python/pants/engine/internals/native_engine.so.metadata
- env:
TMPDIR: ${{ runner.temp }}
if: needs.classify_changes.outputs.rust == 'true'
name: Test Rust
run: ./cargo test --locked --tests -- --nocapture
timeout-minutes: 60
bootstrap_pants_linux_x86_64:
env:
PANTS_REMOTE_CACHE_READ: 'false'
PANTS_REMOTE_CACHE_WRITE: 'false'
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Bootstrap Pants, test and lint Rust (Linux-x86_64)
needs:
- classify_changes
runs-on:
- ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- name: Set up Python 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
uses: actions/setup-python@v5
with:
python-version: |-
3.7
3.8
3.9
3.10
3.11
3.12
3.13
3.14
- name: Install Protoc
uses: arduino/setup-protoc@9b1ee5b22b0a3f1feb8c2ff99b32c89b3c3191e9
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: 23.x
- name: Set rustup profile
run: rustup set profile default
- name: Cache Rust toolchain
uses: actions/cache@v4
with:
key: Linux-x86_64-rustup-${{ hashFiles('src/rust/rust-toolchain') }}-v2
path: |
~/.rustup/toolchains/1.89.0-*
~/.rustup/update-hashes
~/.rustup/settings.toml
- name: Cache Cargo
uses: Swatinem/[email protected]
with:
cache-bin: 'false'
shared-key: engine
workspaces: src/rust
- id: get-engine-hash
name: Get native engine hash
run: echo "hash=$(./build-support/bin/rust/print_engine_hash.sh)" >> $GITHUB_OUTPUT
shell: bash
- name: Cache native engine
uses: actions/cache@v4
with:
key: Linux-x86_64-engine-${{ steps.get-engine-hash.outputs.hash }}-v1
path: |-
src/python/pants/bin/native_client
src/python/pants/bin/sandboxer
src/python/pants/engine/internals/native_engine.so
src/python/pants/engine/internals/native_engine.so.metadata
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Bootstrap Pants
run: ./pants version > ${{ runner.temp }}/_pants_version.stdout && [[ -s ${{ runner.temp }}/_pants_version.stdout ]]
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Run smoke tests
run: |
./pants list ::
./pants roots
./pants help goals
./pants help targets
./pants help subsystems
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-bootstrap-Linux-x86_64
overwrite: 'true'
path: .pants.d/workdir/*.log
- name: Upload native binaries
uses: actions/upload-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.Linux-x86_64
path: |-
src/python/pants/bin/native_client
src/python/pants/bin/sandboxer
src/python/pants/engine/internals/native_engine.so
src/python/pants/engine/internals/native_engine.so.metadata
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Validate CI config
run: |
./pants run src/python/pants_release/generate_github_workflows.py -- --check
- env:
TMPDIR: ${{ runner.temp }}
if: needs.classify_changes.outputs.rust == 'true'
name: Test and lint Rust
run: |-
sudo apt-get install -y pkg-config fuse libfuse-dev
./build-support/bin/check_rust_pre_commit.sh
./cargo test --locked --all --tests --benches -- --nocapture
./cargo doc
timeout-minutes: 60
bootstrap_pants_macos13_x86_64:
env:
PANTS_REMOTE_CACHE_READ: 'false'
PANTS_REMOTE_CACHE_WRITE: 'false'
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Bootstrap Pants, test Rust (macOS13-x86_64)
needs:
- classify_changes
runs-on:
- self-hosted
- macos-13
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- name: Install Protoc
uses: arduino/setup-protoc@9b1ee5b22b0a3f1feb8c2ff99b32c89b3c3191e9
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: 23.x
- name: Set rustup profile
run: rustup set profile default
- name: Cache Rust toolchain
uses: actions/cache@v4
with:
key: macOS13-x86_64-rustup-${{ hashFiles('src/rust/rust-toolchain') }}-v2
path: |
~/.rustup/toolchains/1.89.0-*
~/.rustup/update-hashes
~/.rustup/settings.toml
- name: Cache Cargo
uses: Swatinem/[email protected]
with:
cache-bin: 'false'
shared-key: engine
workspaces: src/rust
- id: get-engine-hash
name: Get native engine hash
run: echo "hash=$(./build-support/bin/rust/print_engine_hash.sh)" >> $GITHUB_OUTPUT
shell: bash
- name: Cache native engine
uses: actions/cache@v4
with:
key: macOS13-x86_64-engine-${{ steps.get-engine-hash.outputs.hash }}-v1
path: |-
src/python/pants/bin/native_client
src/python/pants/bin/sandboxer
src/python/pants/engine/internals/native_engine.so
src/python/pants/engine/internals/native_engine.so.metadata
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Bootstrap Pants
run: ./pants version > ${{ runner.temp }}/_pants_version.stdout && [[ -s ${{ runner.temp }}/_pants_version.stdout ]]
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Run smoke tests
run: |
./pants list ::
./pants roots
./pants help goals
./pants help targets
./pants help subsystems
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-bootstrap-macOS13-x86_64
overwrite: 'true'
path: .pants.d/workdir/*.log
- name: Upload native binaries
uses: actions/upload-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.macOS13-x86_64
path: |-
src/python/pants/bin/native_client
src/python/pants/bin/sandboxer
src/python/pants/engine/internals/native_engine.so
src/python/pants/engine/internals/native_engine.so.metadata
- env:
TMPDIR: ${{ runner.temp }}
if: needs.classify_changes.outputs.rust == 'true'
name: Test Rust
run: ./cargo test --locked --tests -- --nocapture
timeout-minutes: 60
bootstrap_pants_macos14_arm64:
env:
PANTS_REMOTE_CACHE_READ: 'false'
PANTS_REMOTE_CACHE_WRITE: 'false'
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Bootstrap Pants, test Rust (macOS14-ARM64)
needs:
- classify_changes
runs-on:
- macos-14
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- name: Set up Python 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
uses: actions/setup-python@v5
with:
python-version: |-
3.9
3.10
3.11
3.12
3.13
3.14
- name: Install Protoc
uses: arduino/setup-protoc@9b1ee5b22b0a3f1feb8c2ff99b32c89b3c3191e9
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: 23.x
- name: Set rustup profile
run: rustup set profile default
- name: Cache Rust toolchain
uses: actions/cache@v4
with:
key: macOS14-ARM64-rustup-${{ hashFiles('src/rust/rust-toolchain') }}-v2
path: |
~/.rustup/toolchains/1.89.0-*
~/.rustup/update-hashes
~/.rustup/settings.toml
- name: Cache Cargo
uses: Swatinem/[email protected]
with:
cache-bin: 'false'
shared-key: engine
workspaces: src/rust
- id: get-engine-hash
name: Get native engine hash
run: echo "hash=$(./build-support/bin/rust/print_engine_hash.sh)" >> $GITHUB_OUTPUT
shell: bash
- name: Cache native engine
uses: actions/cache@v4
with:
key: macOS14-ARM64-engine-${{ steps.get-engine-hash.outputs.hash }}-v1
path: |-
src/python/pants/bin/native_client
src/python/pants/bin/sandboxer
src/python/pants/engine/internals/native_engine.so
src/python/pants/engine/internals/native_engine.so.metadata
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Bootstrap Pants
run: ./pants version > ${{ runner.temp }}/_pants_version.stdout && [[ -s ${{ runner.temp }}/_pants_version.stdout ]]
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Run smoke tests
run: |
./pants list ::
./pants roots
./pants help goals
./pants help targets
./pants help subsystems
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-bootstrap-macOS14-ARM64
overwrite: 'true'
path: .pants.d/workdir/*.log
- name: Upload native binaries
uses: actions/upload-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.macOS14-ARM64
path: |-
src/python/pants/bin/native_client
src/python/pants/bin/sandboxer
src/python/pants/engine/internals/native_engine.so
src/python/pants/engine/internals/native_engine.so.metadata
- env:
TMPDIR: ${{ runner.temp }}
if: needs.classify_changes.outputs.rust == 'true'
name: Test Rust
run: ./cargo test --locked --tests -- --nocapture
timeout-minutes: 60
build_wheels_linux_arm64:
container:
image: quay.io/pypa/manylinux_2_28_aarch64:latest
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
MODE: debug
PANTS_REMOTE_CACHE_READ: 'false'
PANTS_REMOTE_CACHE_WRITE: 'false'
if: ((github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.release == 'true' || needs.classify_changes.outputs.ci_config == 'true')) && (needs.classify_changes.outputs.no_code != 'true')
name: Build wheels (Linux-ARM64)
needs:
- classify_changes
permissions:
attestations: write
contents: write
id-token: write
runs-on:
- self-hosted
- runs-on
- runner=4cpu-linux-arm64
- image=ubuntu22-full-arm64-python3.7-3.13
- run-id=${{ github.run_id }}
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- name: Configure Git
run: git config --global safe.directory "$GITHUB_WORKSPACE"
- name: Install rustup
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -v -y --default-toolchain none
echo "${HOME}/.cargo/bin" >> $GITHUB_PATH
- name: Install Rust toolchain
run: |
# Set the default toolchain. Installs the toolchain if it is not already installed.
rustup default 1.89.0
cargo version
- name: Expose Pythons
run: |
echo "/opt/python/cp37-cp37m/bin" >> $GITHUB_PATH
echo "/opt/python/cp38-cp38/bin" >> $GITHUB_PATH
echo "/opt/python/cp39-cp39/bin" >> $GITHUB_PATH
echo "/opt/python/cp310-cp310/bin" >> $GITHUB_PATH
echo "/opt/python/cp311-cp311/bin" >> $GITHUB_PATH
echo "/opt/python/cp312-cp312/bin" >> $GITHUB_PATH
echo "/opt/python/cp313-cp313/bin" >> $GITHUB_PATH
echo "/opt/python/cp314-cp314/bin" >> $GITHUB_PATH
- name: Install Protoc
uses: arduino/setup-protoc@9b1ee5b22b0a3f1feb8c2ff99b32c89b3c3191e9
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: 23.x
- name: Install Python headers
run: yum install -y python3.14-devel
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Build wheels
run: ./pants run src/python/pants_release/release.py -- build-wheels
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Build Pants PEX
run: ./pants package src/python/pants:pants-pex
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-wheels-and-pex-Linux-ARM64
overwrite: 'true'
path: .pants.d/workdir/*.log
timeout-minutes: 90
build_wheels_linux_x86_64:
container:
image: quay.io/pypa/manylinux_2_28_x86_64:latest
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
MODE: debug
PANTS_REMOTE_CACHE_READ: 'false'
PANTS_REMOTE_CACHE_WRITE: 'false'
if: ((github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.release == 'true' || needs.classify_changes.outputs.ci_config == 'true')) && (needs.classify_changes.outputs.no_code != 'true')
name: Build wheels (Linux-x86_64)
needs:
- classify_changes
permissions:
attestations: write
contents: write
id-token: write
runs-on:
- ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- name: Configure Git
run: git config --global safe.directory "$GITHUB_WORKSPACE"
- name: Install rustup
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -v -y --default-toolchain none
echo "${HOME}/.cargo/bin" >> $GITHUB_PATH
- name: Install Rust toolchain
run: |
# Set the default toolchain. Installs the toolchain if it is not already installed.
rustup default 1.89.0
cargo version
- name: Expose Pythons
run: |
echo "/opt/python/cp37-cp37m/bin" >> $GITHUB_PATH
echo "/opt/python/cp38-cp38/bin" >> $GITHUB_PATH
echo "/opt/python/cp39-cp39/bin" >> $GITHUB_PATH
echo "/opt/python/cp310-cp310/bin" >> $GITHUB_PATH
echo "/opt/python/cp311-cp311/bin" >> $GITHUB_PATH
echo "/opt/python/cp312-cp312/bin" >> $GITHUB_PATH
echo "/opt/python/cp313-cp313/bin" >> $GITHUB_PATH
echo "/opt/python/cp314-cp314/bin" >> $GITHUB_PATH
- name: Install Protoc
uses: arduino/setup-protoc@9b1ee5b22b0a3f1feb8c2ff99b32c89b3c3191e9
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: 23.x
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.25.3
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.24.9
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_PROCESS_EXECUTION_LOCAL_PARALLELISM: '1'
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Build wheels
run: ./pants run src/python/pants_release/release.py -- build-wheels
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_PROCESS_EXECUTION_LOCAL_PARALLELISM: '1'
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Build Pants PEX
run: ./pants package src/python/pants:pants-pex
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-wheels-and-pex-Linux-x86_64
overwrite: 'true'
path: .pants.d/workdir/*.log
timeout-minutes: 90
build_wheels_macos13_x86_64:
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: false
MODE: debug
PANTS_REMOTE_CACHE_READ: 'false'
PANTS_REMOTE_CACHE_WRITE: 'false'
if: ((github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.release == 'true' || needs.classify_changes.outputs.ci_config == 'true')) && (needs.classify_changes.outputs.no_code != 'true')
name: Build wheels (macOS13-x86_64)
needs:
- classify_changes
permissions:
attestations: write
contents: write
id-token: write
runs-on:
- self-hosted
- macos-13
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- name: Install Protoc
uses: arduino/setup-protoc@9b1ee5b22b0a3f1feb8c2ff99b32c89b3c3191e9
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: 23.x
- name: Set rustup profile
run: rustup set profile default
- name: Cache Rust toolchain
uses: actions/cache@v4
with:
key: macOS13-x86_64-rustup-${{ hashFiles('src/rust/rust-toolchain') }}-v2
path: |
~/.rustup/toolchains/1.89.0-*
~/.rustup/update-hashes
~/.rustup/settings.toml
- name: Cache Cargo
uses: Swatinem/[email protected]
with:
cache-bin: 'false'
shared-key: engine
workspaces: src/rust
- name: Install Protoc
uses: arduino/setup-protoc@9b1ee5b22b0a3f1feb8c2ff99b32c89b3c3191e9
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: 23.x
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.25.3
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.24.9
- env:
ARCHFLAGS: -arch x86_64
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
_PYTHON_HOST_PLATFORM: macosx-13.0-x86_64
name: Build wheels
run: ./pants run src/python/pants_release/release.py -- build-wheels
- env:
ARCHFLAGS: -arch x86_64
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
_PYTHON_HOST_PLATFORM: macosx-13.0-x86_64
name: Build Pants PEX
run: ./pants package src/python/pants:pants-pex
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-wheels-and-pex-macOS13-x86_64
overwrite: 'true'
path: .pants.d/workdir/*.log
timeout-minutes: 90
build_wheels_macos14_arm64:
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: false
MODE: debug
PANTS_REMOTE_CACHE_READ: 'false'
PANTS_REMOTE_CACHE_WRITE: 'false'
if: ((github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.release == 'true' || needs.classify_changes.outputs.ci_config == 'true')) && (needs.classify_changes.outputs.no_code != 'true')
name: Build wheels (macOS14-ARM64)
needs:
- classify_changes
permissions:
attestations: write
contents: write
id-token: write
runs-on:
- macos-14
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- name: Set up Python 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
uses: actions/setup-python@v5
with:
python-version: |-
3.9
3.10
3.11
3.12
3.13
3.14
- name: Install Protoc
uses: arduino/setup-protoc@9b1ee5b22b0a3f1feb8c2ff99b32c89b3c3191e9
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: 23.x
- name: Set rustup profile
run: rustup set profile default
- name: Cache Rust toolchain
uses: actions/cache@v4
with:
key: macOS14-ARM64-rustup-${{ hashFiles('src/rust/rust-toolchain') }}-v2
path: |
~/.rustup/toolchains/1.89.0-*
~/.rustup/update-hashes
~/.rustup/settings.toml
- name: Cache Cargo
uses: Swatinem/[email protected]
with:
cache-bin: 'false'
shared-key: engine
workspaces: src/rust
- name: Install Protoc
uses: arduino/setup-protoc@9b1ee5b22b0a3f1feb8c2ff99b32c89b3c3191e9
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: 23.x
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.25.3
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.24.9
- env:
ARCHFLAGS: -arch arm64
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
_PYTHON_HOST_PLATFORM: macosx-14.0-arm64
name: Build wheels
run: ./pants run src/python/pants_release/release.py -- build-wheels
- env:
ARCHFLAGS: -arch arm64
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
_PYTHON_HOST_PLATFORM: macosx-14.0-arm64
name: Build Pants PEX
run: ./pants package src/python/pants:pants-pex
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-wheels-and-pex-macOS14-ARM64
overwrite: 'true'
path: .pants.d/workdir/*.log
timeout-minutes: 90
build_windows11_x86_64:
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Test in-progress Windows support
needs:
- classify_changes
runs-on:
- windows-2025
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- name: Install MSYS2
uses: msys2/setup-msys2@v2
with:
install: base-devel mingw-w64-x86_64-toolchain mingw-w64-ucrt-x86_64-nasm mingw-w64-x86_64-cmake mingw-w64-ucrt-x86_64-protobuf
msystem: UCRT64
- name: Set Up Rust Toolchain
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
rust-src-dir: src/rust
target: x86_64-pc-windows-gnu
toolchain: stable
- name: Check and Test Rust Code
run: |
# $GITHUB_PATH affects the regular Windows path, not the MSYS2 path,
# so we must modify the MSYS2 PATH directly in each step that needs it.
export PATH=$PATH:$(cygpath $USERPROFILE)/.cargo/bin
cd src/rust
cargo check -p stdio
cargo test -p stdio
shell: msys2 {0}
timeout-minutes: 60
check_release_notes:
if: github.repository_owner == 'pantsbuild'
name: Ensure PR has release notes
needs:
- classify_changes
runs-on:
- ubuntu-22.04
steps:
- env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
if: github.event_name == 'pull_request' && !needs.classify_changes.outputs.notes
name: Ensure appropriate label
uses: mheap/[email protected]
with:
count: 1
labels: release-notes:not-required, category:internal
message: |2
Please do one of:
- add release notes to the appropriate file in `docs/notes`
- label this PR with `release-notes:not-required` if it does not need them (for
instance, if this is fixing a minor typo in documentation)
- label this PR with `category:internal` if it's an internal change
Feel free to ask a maintainer for help if you are not sure what is appropriate!
mode: minimum
classify_changes:
if: github.repository_owner == 'pantsbuild'
name: Classify changes
outputs:
ci_config: ${{ steps.classify.outputs.ci_config }}
dev_utils: ${{ steps.classify.outputs.dev_utils }}
docs: ${{ steps.classify.outputs.docs }}
no_code: ${{ steps.classify.outputs.no_code }}
notes: ${{ steps.classify.outputs.notes }}
other: ${{ steps.classify.outputs.other }}
release: ${{ steps.classify.outputs.release }}
rust: ${{ steps.classify.outputs.rust }}
runs-on:
- ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- id: classify
name: Classify changed files
run: |
if [[ -z $GITHUB_EVENT_PULL_REQUEST_BASE_SHA ]]; then
# push: compare to the immediate parent, which should already be fetched
# (checkout's fetch_depth defaults to 10)
comparison_sha=$(git rev-parse HEAD^)
else
# pull request: compare to the base branch, ensuring that commit exists
git fetch --depth=1 "$GITHUB_EVENT_PULL_REQUEST_BASE_SHA"
comparison_sha="$GITHUB_EVENT_PULL_REQUEST_BASE_SHA"
fi
echo "comparison_sha=$comparison_sha"
change_labels=$(git diff --name-only "$comparison_sha" HEAD | python build-support/bin/classify_changed_files.py)
echo "Change Labels:"
for i in ${change_labels}; do
echo "${i}=true" | tee -a $GITHUB_OUTPUT
done
coveralls_done:
if: (always()) && (needs.classify_changes.outputs.no_code != 'true')
name: Coveralls Done
needs:
- test_python_linux_x86_64_0
- test_python_linux_x86_64_1
- test_python_linux_x86_64_2
- test_python_linux_x86_64_3
- test_python_linux_x86_64_4
- test_python_linux_x86_64_5
- test_python_linux_x86_64_6
- test_python_linux_x86_64_7
- test_python_linux_x86_64_8
- test_python_linux_x86_64_9
- test_python_linux_arm64
- test_python_macos13_x86_64
- test_python_macos14_arm64
- classify_changes
runs-on:
- ubuntu-22.04
steps:
- uses: coverallsapp/github-action@v2
with:
fail-on-error: false
parallel-finished: true
lint_python:
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Lint Python and Shell
needs:
- bootstrap_pants_linux_x86_64
- classify_changes
runs-on:
- ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
name: Launch bazel-remote
run: |
mkdir -p ~/bazel-remote
if [[ -z "${AWS_ACCESS_KEY_ID}" ]]; then
CACHE_WRITE=false
# If no secret read/write creds, use hard-coded read-only creds, so that
# cross-fork PRs can at least read from the cache.
# These creds are hard-coded here in this public repo, which makes the bucket
# world-readable. But since putting raw AWS tokens in a public repo, even
# deliberately, is icky, we base64-them. This will at least help hide from
# automated scanners that look for checked in AWS keys.
# Not that it would be terrible if we were scanned, since this is public
# on purpose, but it's best not to draw attention.
AWS_ACCESS_KEY_ID=$(echo 'QUtJQVY2QTZHN1JRVkJJUVM1RUEK' | base64 -d)
AWS_SECRET_ACCESS_KEY=$(echo 'd3dOQ1k1eHJJWVVtejZBblV6M0l1endXV0loQWZWcW9GZlVjMDlKRwo=' | base64 -d)
else
CACHE_WRITE=true
fi
docker run --detach -u 1001:1000 -v ~/bazel-remote:/data -p 9092:9092 buchgr/bazel-remote-cache:v2.4.1 --s3.auth_method=access_key --s3.access_key_id="${AWS_ACCESS_KEY_ID}" --s3.secret_access_key="${AWS_SECRET_ACCESS_KEY}" --s3.bucket=cache.pantsbuild.org --s3.endpoint=s3.us-east-1.amazonaws.com --max_size 30
echo "PANTS_REMOTE_STORE_ADDRESS=grpc://localhost:9092" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_READ=true" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_WRITE=${CACHE_WRITE}" >> "$GITHUB_ENV"
- name: Set up Python 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
uses: actions/setup-python@v5
with:
python-version: |-
3.7
3.8
3.9
3.10
3.11
3.12
3.13
3.14
- name: Download native binaries
uses: actions/download-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.Linux-x86_64
path: src/python/pants
- name: Make native-client runnable
run: chmod +x src/python/pants/bin/native_client
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Lint
run: |
./pants lint check ::
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-lint-Linux-x86_64
overwrite: 'true'
path: .pants.d/workdir/*.log
timeout-minutes: 30
merge_ok:
if: always()
name: Merge OK
needs:
- set_merge_ok
runs-on:
- ubuntu-22.04
steps:
- run: |
merge_ok="${{ needs.set_merge_ok.outputs.merge_ok }}"
if [[ "${merge_ok}" == "true" ]]; then
echo "Merge OK"
exit 0
else
echo "Merge NOT OK"
exit 1
fi
set_merge_ok:
if: always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled')
name: Set Merge OK
needs:
- classify_changes
- check_release_notes
- bootstrap_pants_linux_arm64
- bootstrap_pants_linux_x86_64
- bootstrap_pants_macos13_x86_64
- bootstrap_pants_macos14_arm64
- build_wheels_linux_arm64
- build_wheels_linux_x86_64
- build_wheels_macos13_x86_64
- build_wheels_macos14_arm64
- build_windows11_x86_64
- check_release_notes
- classify_changes
- coveralls_done
- lint_python
- test_python_linux_arm64
- test_python_linux_x86_64_0
- test_python_linux_x86_64_1
- test_python_linux_x86_64_2
- test_python_linux_x86_64_3
- test_python_linux_x86_64_4
- test_python_linux_x86_64_5
- test_python_linux_x86_64_6
- test_python_linux_x86_64_7
- test_python_linux_x86_64_8
- test_python_linux_x86_64_9
- test_python_macos13_x86_64
- test_python_macos14_arm64
outputs:
merge_ok: ${{ steps.set_merge_ok.outputs.merge_ok }}
runs-on:
- ubuntu-22.04
steps:
- id: set_merge_ok
run: echo 'merge_ok=true' >> ${GITHUB_OUTPUT}
test_python_linux_arm64:
env: {}
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Test Python (Linux-ARM64)
needs:
- bootstrap_pants_linux_arm64
- classify_changes
runs-on:
- self-hosted
- runs-on
- runner=4cpu-linux-arm64
- image=ubuntu22-full-arm64-python3.7-3.13
- run-id=${{ github.run_id }}
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- name: Install AdoptJDK
uses: actions/setup-java@v4
with:
distribution: adopt
java-version: '11'
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.25.3
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.24.9
- name: Download native binaries
uses: actions/download-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.Linux-ARM64
path: src/python/pants
- name: Make native-client runnable
run: chmod +x src/python/pants/bin/native_client
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Run Python tests
run: |
./pants --tag=+platform_specific_behavior test :: -- -m platform_specific_behavior
- continue-on-error: true
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
if: always()
name: Upload test reports
run: |
export S3_DST=s3://logs.pantsbuild.org/test/reports/Linux-ARM64/$(git show --no-patch --format=%cd --date=format:%Y-%m-%d)/${GITHUB_REF_NAME//\//_}/${GITHUB_RUN_ID}/${GITHUB_RUN_ATTEMPT}/${GITHUB_JOB}
echo "Uploading test reports to ${S3_DST}"
./pants run ./src/python/pants_release/copy_to_s3.py -- --src-prefix=dist/test/reports --dst-prefix=${S3_DST} --path=""
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-python-test-Linux-ARM64
overwrite: 'true'
path: .pants.d/workdir/*.log
- continue-on-error: true
if: always()
name: Report coverage to coveralls.io
uses: coverallsapp/github-action@v2
with:
allow-empty: true
fail-on-error: false
file: dist/coverage/python/coverage.xml
flag-name: test_python_linux_arm64
format: cobertura
parallel: true
timeout-minutes: 90
test_python_linux_x86_64_0:
env:
PANTS_PROCESS_EXECUTION_LOCAL_PARALLELISM: '1'
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Test Python (Linux-x86_64) Shard 0/10
needs:
- bootstrap_pants_linux_x86_64
- classify_changes
runs-on:
- ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
name: Launch bazel-remote
run: |
mkdir -p ~/bazel-remote
if [[ -z "${AWS_ACCESS_KEY_ID}" ]]; then
CACHE_WRITE=false
# If no secret read/write creds, use hard-coded read-only creds, so that
# cross-fork PRs can at least read from the cache.
# These creds are hard-coded here in this public repo, which makes the bucket
# world-readable. But since putting raw AWS tokens in a public repo, even
# deliberately, is icky, we base64-them. This will at least help hide from
# automated scanners that look for checked in AWS keys.
# Not that it would be terrible if we were scanned, since this is public
# on purpose, but it's best not to draw attention.
AWS_ACCESS_KEY_ID=$(echo 'QUtJQVY2QTZHN1JRVkJJUVM1RUEK' | base64 -d)
AWS_SECRET_ACCESS_KEY=$(echo 'd3dOQ1k1eHJJWVVtejZBblV6M0l1endXV0loQWZWcW9GZlVjMDlKRwo=' | base64 -d)
else
CACHE_WRITE=true
fi
docker run --detach -u 1001:1000 -v ~/bazel-remote:/data -p 9092:9092 buchgr/bazel-remote-cache:v2.4.1 --s3.auth_method=access_key --s3.access_key_id="${AWS_ACCESS_KEY_ID}" --s3.secret_access_key="${AWS_SECRET_ACCESS_KEY}" --s3.bucket=cache.pantsbuild.org --s3.endpoint=s3.us-east-1.amazonaws.com --max_size 30
echo "PANTS_REMOTE_STORE_ADDRESS=grpc://localhost:9092" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_READ=true" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_WRITE=${CACHE_WRITE}" >> "$GITHUB_ENV"
- name: Install AdoptJDK
uses: actions/setup-java@v4
with:
distribution: adopt
java-version: '11'
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.25.3
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.24.9
- if: runner.os == 'Linux'
name: Download Apache `thrift` binary (Linux)
run: |
mkdir -p "${HOME}/.thrift"
curl --fail -L https://binaries.pantsbuild.org/bin/thrift/linux/x86_64/0.15.0/thrift -o "${HOME}/.thrift/thrift"
chmod +x "${HOME}/.thrift/thrift"
echo "${HOME}/.thrift" >> $GITHUB_PATH
- name: Set up Python 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
uses: actions/setup-python@v5
with:
python-version: |-
3.7
3.8
3.9
3.10
3.11
3.12
3.13
3.14
- name: Download native binaries
uses: actions/download-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.Linux-x86_64
path: src/python/pants
- name: Make native-client runnable
run: chmod +x src/python/pants/bin/native_client
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Run Python test shard 0/10
run: |
./pants test --shard=0/10 ::
- continue-on-error: true
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
if: always()
name: Upload test reports
run: |
export S3_DST=s3://logs.pantsbuild.org/test/reports/Linux-x86_64/$(git show --no-patch --format=%cd --date=format:%Y-%m-%d)/${GITHUB_REF_NAME//\//_}/${GITHUB_RUN_ID}/${GITHUB_RUN_ATTEMPT}/${GITHUB_JOB}
echo "Uploading test reports to ${S3_DST}"
./pants run ./src/python/pants_release/copy_to_s3.py -- --src-prefix=dist/test/reports --dst-prefix=${S3_DST} --path=""
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-python-test-0_10-Linux-x86_64
overwrite: 'true'
path: .pants.d/workdir/*.log
- continue-on-error: true
if: always()
name: Report coverage to coveralls.io
uses: coverallsapp/github-action@v2
with:
allow-empty: true
fail-on-error: false
file: dist/coverage/python/coverage.xml
flag-name: test_python_linux_x86_64_0/10
format: cobertura
parallel: true
timeout-minutes: 90
test_python_linux_x86_64_1:
env:
PANTS_PROCESS_EXECUTION_LOCAL_PARALLELISM: '1'
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Test Python (Linux-x86_64) Shard 1/10
needs:
- bootstrap_pants_linux_x86_64
- classify_changes
runs-on:
- ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
name: Launch bazel-remote
run: |
mkdir -p ~/bazel-remote
if [[ -z "${AWS_ACCESS_KEY_ID}" ]]; then
CACHE_WRITE=false
# If no secret read/write creds, use hard-coded read-only creds, so that
# cross-fork PRs can at least read from the cache.
# These creds are hard-coded here in this public repo, which makes the bucket
# world-readable. But since putting raw AWS tokens in a public repo, even
# deliberately, is icky, we base64-them. This will at least help hide from
# automated scanners that look for checked in AWS keys.
# Not that it would be terrible if we were scanned, since this is public
# on purpose, but it's best not to draw attention.
AWS_ACCESS_KEY_ID=$(echo 'QUtJQVY2QTZHN1JRVkJJUVM1RUEK' | base64 -d)
AWS_SECRET_ACCESS_KEY=$(echo 'd3dOQ1k1eHJJWVVtejZBblV6M0l1endXV0loQWZWcW9GZlVjMDlKRwo=' | base64 -d)
else
CACHE_WRITE=true
fi
docker run --detach -u 1001:1000 -v ~/bazel-remote:/data -p 9092:9092 buchgr/bazel-remote-cache:v2.4.1 --s3.auth_method=access_key --s3.access_key_id="${AWS_ACCESS_KEY_ID}" --s3.secret_access_key="${AWS_SECRET_ACCESS_KEY}" --s3.bucket=cache.pantsbuild.org --s3.endpoint=s3.us-east-1.amazonaws.com --max_size 30
echo "PANTS_REMOTE_STORE_ADDRESS=grpc://localhost:9092" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_READ=true" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_WRITE=${CACHE_WRITE}" >> "$GITHUB_ENV"
- name: Install AdoptJDK
uses: actions/setup-java@v4
with:
distribution: adopt
java-version: '11'
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.25.3
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.24.9
- if: runner.os == 'Linux'
name: Download Apache `thrift` binary (Linux)
run: |
mkdir -p "${HOME}/.thrift"
curl --fail -L https://binaries.pantsbuild.org/bin/thrift/linux/x86_64/0.15.0/thrift -o "${HOME}/.thrift/thrift"
chmod +x "${HOME}/.thrift/thrift"
echo "${HOME}/.thrift" >> $GITHUB_PATH
- name: Set up Python 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
uses: actions/setup-python@v5
with:
python-version: |-
3.7
3.8
3.9
3.10
3.11
3.12
3.13
3.14
- name: Download native binaries
uses: actions/download-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.Linux-x86_64
path: src/python/pants
- name: Make native-client runnable
run: chmod +x src/python/pants/bin/native_client
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Run Python test shard 1/10
run: |
./pants test --shard=1/10 ::
- continue-on-error: true
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
if: always()
name: Upload test reports
run: |
export S3_DST=s3://logs.pantsbuild.org/test/reports/Linux-x86_64/$(git show --no-patch --format=%cd --date=format:%Y-%m-%d)/${GITHUB_REF_NAME//\//_}/${GITHUB_RUN_ID}/${GITHUB_RUN_ATTEMPT}/${GITHUB_JOB}
echo "Uploading test reports to ${S3_DST}"
./pants run ./src/python/pants_release/copy_to_s3.py -- --src-prefix=dist/test/reports --dst-prefix=${S3_DST} --path=""
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-python-test-1_10-Linux-x86_64
overwrite: 'true'
path: .pants.d/workdir/*.log
- continue-on-error: true
if: always()
name: Report coverage to coveralls.io
uses: coverallsapp/github-action@v2
with:
allow-empty: true
fail-on-error: false
file: dist/coverage/python/coverage.xml
flag-name: test_python_linux_x86_64_1/10
format: cobertura
parallel: true
timeout-minutes: 90
test_python_linux_x86_64_2:
env:
PANTS_PROCESS_EXECUTION_LOCAL_PARALLELISM: '1'
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Test Python (Linux-x86_64) Shard 2/10
needs:
- bootstrap_pants_linux_x86_64
- classify_changes
runs-on:
- ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
name: Launch bazel-remote
run: |
mkdir -p ~/bazel-remote
if [[ -z "${AWS_ACCESS_KEY_ID}" ]]; then
CACHE_WRITE=false
# If no secret read/write creds, use hard-coded read-only creds, so that
# cross-fork PRs can at least read from the cache.
# These creds are hard-coded here in this public repo, which makes the bucket
# world-readable. But since putting raw AWS tokens in a public repo, even
# deliberately, is icky, we base64-them. This will at least help hide from
# automated scanners that look for checked in AWS keys.
# Not that it would be terrible if we were scanned, since this is public
# on purpose, but it's best not to draw attention.
AWS_ACCESS_KEY_ID=$(echo 'QUtJQVY2QTZHN1JRVkJJUVM1RUEK' | base64 -d)
AWS_SECRET_ACCESS_KEY=$(echo 'd3dOQ1k1eHJJWVVtejZBblV6M0l1endXV0loQWZWcW9GZlVjMDlKRwo=' | base64 -d)
else
CACHE_WRITE=true
fi
docker run --detach -u 1001:1000 -v ~/bazel-remote:/data -p 9092:9092 buchgr/bazel-remote-cache:v2.4.1 --s3.auth_method=access_key --s3.access_key_id="${AWS_ACCESS_KEY_ID}" --s3.secret_access_key="${AWS_SECRET_ACCESS_KEY}" --s3.bucket=cache.pantsbuild.org --s3.endpoint=s3.us-east-1.amazonaws.com --max_size 30
echo "PANTS_REMOTE_STORE_ADDRESS=grpc://localhost:9092" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_READ=true" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_WRITE=${CACHE_WRITE}" >> "$GITHUB_ENV"
- name: Install AdoptJDK
uses: actions/setup-java@v4
with:
distribution: adopt
java-version: '11'
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.25.3
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.24.9
- if: runner.os == 'Linux'
name: Download Apache `thrift` binary (Linux)
run: |
mkdir -p "${HOME}/.thrift"
curl --fail -L https://binaries.pantsbuild.org/bin/thrift/linux/x86_64/0.15.0/thrift -o "${HOME}/.thrift/thrift"
chmod +x "${HOME}/.thrift/thrift"
echo "${HOME}/.thrift" >> $GITHUB_PATH
- name: Set up Python 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
uses: actions/setup-python@v5
with:
python-version: |-
3.7
3.8
3.9
3.10
3.11
3.12
3.13
3.14
- name: Download native binaries
uses: actions/download-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.Linux-x86_64
path: src/python/pants
- name: Make native-client runnable
run: chmod +x src/python/pants/bin/native_client
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Run Python test shard 2/10
run: |
./pants test --shard=2/10 ::
- continue-on-error: true
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
if: always()
name: Upload test reports
run: |
export S3_DST=s3://logs.pantsbuild.org/test/reports/Linux-x86_64/$(git show --no-patch --format=%cd --date=format:%Y-%m-%d)/${GITHUB_REF_NAME//\//_}/${GITHUB_RUN_ID}/${GITHUB_RUN_ATTEMPT}/${GITHUB_JOB}
echo "Uploading test reports to ${S3_DST}"
./pants run ./src/python/pants_release/copy_to_s3.py -- --src-prefix=dist/test/reports --dst-prefix=${S3_DST} --path=""
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-python-test-2_10-Linux-x86_64
overwrite: 'true'
path: .pants.d/workdir/*.log
- continue-on-error: true
if: always()
name: Report coverage to coveralls.io
uses: coverallsapp/github-action@v2
with:
allow-empty: true
fail-on-error: false
file: dist/coverage/python/coverage.xml
flag-name: test_python_linux_x86_64_2/10
format: cobertura
parallel: true
timeout-minutes: 90
test_python_linux_x86_64_3:
env:
PANTS_PROCESS_EXECUTION_LOCAL_PARALLELISM: '1'
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Test Python (Linux-x86_64) Shard 3/10
needs:
- bootstrap_pants_linux_x86_64
- classify_changes
runs-on:
- ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
name: Launch bazel-remote
run: |
mkdir -p ~/bazel-remote
if [[ -z "${AWS_ACCESS_KEY_ID}" ]]; then
CACHE_WRITE=false
# If no secret read/write creds, use hard-coded read-only creds, so that
# cross-fork PRs can at least read from the cache.
# These creds are hard-coded here in this public repo, which makes the bucket
# world-readable. But since putting raw AWS tokens in a public repo, even
# deliberately, is icky, we base64-them. This will at least help hide from
# automated scanners that look for checked in AWS keys.
# Not that it would be terrible if we were scanned, since this is public
# on purpose, but it's best not to draw attention.
AWS_ACCESS_KEY_ID=$(echo 'QUtJQVY2QTZHN1JRVkJJUVM1RUEK' | base64 -d)
AWS_SECRET_ACCESS_KEY=$(echo 'd3dOQ1k1eHJJWVVtejZBblV6M0l1endXV0loQWZWcW9GZlVjMDlKRwo=' | base64 -d)
else
CACHE_WRITE=true
fi
docker run --detach -u 1001:1000 -v ~/bazel-remote:/data -p 9092:9092 buchgr/bazel-remote-cache:v2.4.1 --s3.auth_method=access_key --s3.access_key_id="${AWS_ACCESS_KEY_ID}" --s3.secret_access_key="${AWS_SECRET_ACCESS_KEY}" --s3.bucket=cache.pantsbuild.org --s3.endpoint=s3.us-east-1.amazonaws.com --max_size 30
echo "PANTS_REMOTE_STORE_ADDRESS=grpc://localhost:9092" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_READ=true" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_WRITE=${CACHE_WRITE}" >> "$GITHUB_ENV"
- name: Install AdoptJDK
uses: actions/setup-java@v4
with:
distribution: adopt
java-version: '11'
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.25.3
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.24.9
- if: runner.os == 'Linux'
name: Download Apache `thrift` binary (Linux)
run: |
mkdir -p "${HOME}/.thrift"
curl --fail -L https://binaries.pantsbuild.org/bin/thrift/linux/x86_64/0.15.0/thrift -o "${HOME}/.thrift/thrift"
chmod +x "${HOME}/.thrift/thrift"
echo "${HOME}/.thrift" >> $GITHUB_PATH
- name: Set up Python 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
uses: actions/setup-python@v5
with:
python-version: |-
3.7
3.8
3.9
3.10
3.11
3.12
3.13
3.14
- name: Download native binaries
uses: actions/download-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.Linux-x86_64
path: src/python/pants
- name: Make native-client runnable
run: chmod +x src/python/pants/bin/native_client
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Run Python test shard 3/10
run: |
./pants test --shard=3/10 ::
- continue-on-error: true
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
if: always()
name: Upload test reports
run: |
export S3_DST=s3://logs.pantsbuild.org/test/reports/Linux-x86_64/$(git show --no-patch --format=%cd --date=format:%Y-%m-%d)/${GITHUB_REF_NAME//\//_}/${GITHUB_RUN_ID}/${GITHUB_RUN_ATTEMPT}/${GITHUB_JOB}
echo "Uploading test reports to ${S3_DST}"
./pants run ./src/python/pants_release/copy_to_s3.py -- --src-prefix=dist/test/reports --dst-prefix=${S3_DST} --path=""
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-python-test-3_10-Linux-x86_64
overwrite: 'true'
path: .pants.d/workdir/*.log
- continue-on-error: true
if: always()
name: Report coverage to coveralls.io
uses: coverallsapp/github-action@v2
with:
allow-empty: true
fail-on-error: false
file: dist/coverage/python/coverage.xml
flag-name: test_python_linux_x86_64_3/10
format: cobertura
parallel: true
timeout-minutes: 90
test_python_linux_x86_64_4:
env:
PANTS_PROCESS_EXECUTION_LOCAL_PARALLELISM: '1'
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Test Python (Linux-x86_64) Shard 4/10
needs:
- bootstrap_pants_linux_x86_64
- classify_changes
runs-on:
- ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
name: Launch bazel-remote
run: |
mkdir -p ~/bazel-remote
if [[ -z "${AWS_ACCESS_KEY_ID}" ]]; then
CACHE_WRITE=false
# If no secret read/write creds, use hard-coded read-only creds, so that
# cross-fork PRs can at least read from the cache.
# These creds are hard-coded here in this public repo, which makes the bucket
# world-readable. But since putting raw AWS tokens in a public repo, even
# deliberately, is icky, we base64-them. This will at least help hide from
# automated scanners that look for checked in AWS keys.
# Not that it would be terrible if we were scanned, since this is public
# on purpose, but it's best not to draw attention.
AWS_ACCESS_KEY_ID=$(echo 'QUtJQVY2QTZHN1JRVkJJUVM1RUEK' | base64 -d)
AWS_SECRET_ACCESS_KEY=$(echo 'd3dOQ1k1eHJJWVVtejZBblV6M0l1endXV0loQWZWcW9GZlVjMDlKRwo=' | base64 -d)
else
CACHE_WRITE=true
fi
docker run --detach -u 1001:1000 -v ~/bazel-remote:/data -p 9092:9092 buchgr/bazel-remote-cache:v2.4.1 --s3.auth_method=access_key --s3.access_key_id="${AWS_ACCESS_KEY_ID}" --s3.secret_access_key="${AWS_SECRET_ACCESS_KEY}" --s3.bucket=cache.pantsbuild.org --s3.endpoint=s3.us-east-1.amazonaws.com --max_size 30
echo "PANTS_REMOTE_STORE_ADDRESS=grpc://localhost:9092" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_READ=true" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_WRITE=${CACHE_WRITE}" >> "$GITHUB_ENV"
- name: Install AdoptJDK
uses: actions/setup-java@v4
with:
distribution: adopt
java-version: '11'
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.25.3
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.24.9
- if: runner.os == 'Linux'
name: Download Apache `thrift` binary (Linux)
run: |
mkdir -p "${HOME}/.thrift"
curl --fail -L https://binaries.pantsbuild.org/bin/thrift/linux/x86_64/0.15.0/thrift -o "${HOME}/.thrift/thrift"
chmod +x "${HOME}/.thrift/thrift"
echo "${HOME}/.thrift" >> $GITHUB_PATH
- name: Set up Python 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
uses: actions/setup-python@v5
with:
python-version: |-
3.7
3.8
3.9
3.10
3.11
3.12
3.13
3.14
- name: Download native binaries
uses: actions/download-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.Linux-x86_64
path: src/python/pants
- name: Make native-client runnable
run: chmod +x src/python/pants/bin/native_client
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Run Python test shard 4/10
run: |
./pants test --shard=4/10 ::
- continue-on-error: true
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
if: always()
name: Upload test reports
run: |
export S3_DST=s3://logs.pantsbuild.org/test/reports/Linux-x86_64/$(git show --no-patch --format=%cd --date=format:%Y-%m-%d)/${GITHUB_REF_NAME//\//_}/${GITHUB_RUN_ID}/${GITHUB_RUN_ATTEMPT}/${GITHUB_JOB}
echo "Uploading test reports to ${S3_DST}"
./pants run ./src/python/pants_release/copy_to_s3.py -- --src-prefix=dist/test/reports --dst-prefix=${S3_DST} --path=""
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-python-test-4_10-Linux-x86_64
overwrite: 'true'
path: .pants.d/workdir/*.log
- continue-on-error: true
if: always()
name: Report coverage to coveralls.io
uses: coverallsapp/github-action@v2
with:
allow-empty: true
fail-on-error: false
file: dist/coverage/python/coverage.xml
flag-name: test_python_linux_x86_64_4/10
format: cobertura
parallel: true
timeout-minutes: 90
test_python_linux_x86_64_5:
env:
PANTS_PROCESS_EXECUTION_LOCAL_PARALLELISM: '1'
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Test Python (Linux-x86_64) Shard 5/10
needs:
- bootstrap_pants_linux_x86_64
- classify_changes
runs-on:
- ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
name: Launch bazel-remote
run: |
mkdir -p ~/bazel-remote
if [[ -z "${AWS_ACCESS_KEY_ID}" ]]; then
CACHE_WRITE=false
# If no secret read/write creds, use hard-coded read-only creds, so that
# cross-fork PRs can at least read from the cache.
# These creds are hard-coded here in this public repo, which makes the bucket
# world-readable. But since putting raw AWS tokens in a public repo, even
# deliberately, is icky, we base64-them. This will at least help hide from
# automated scanners that look for checked in AWS keys.
# Not that it would be terrible if we were scanned, since this is public
# on purpose, but it's best not to draw attention.
AWS_ACCESS_KEY_ID=$(echo 'QUtJQVY2QTZHN1JRVkJJUVM1RUEK' | base64 -d)
AWS_SECRET_ACCESS_KEY=$(echo 'd3dOQ1k1eHJJWVVtejZBblV6M0l1endXV0loQWZWcW9GZlVjMDlKRwo=' | base64 -d)
else
CACHE_WRITE=true
fi
docker run --detach -u 1001:1000 -v ~/bazel-remote:/data -p 9092:9092 buchgr/bazel-remote-cache:v2.4.1 --s3.auth_method=access_key --s3.access_key_id="${AWS_ACCESS_KEY_ID}" --s3.secret_access_key="${AWS_SECRET_ACCESS_KEY}" --s3.bucket=cache.pantsbuild.org --s3.endpoint=s3.us-east-1.amazonaws.com --max_size 30
echo "PANTS_REMOTE_STORE_ADDRESS=grpc://localhost:9092" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_READ=true" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_WRITE=${CACHE_WRITE}" >> "$GITHUB_ENV"
- name: Install AdoptJDK
uses: actions/setup-java@v4
with:
distribution: adopt
java-version: '11'
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.25.3
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.24.9
- if: runner.os == 'Linux'
name: Download Apache `thrift` binary (Linux)
run: |
mkdir -p "${HOME}/.thrift"
curl --fail -L https://binaries.pantsbuild.org/bin/thrift/linux/x86_64/0.15.0/thrift -o "${HOME}/.thrift/thrift"
chmod +x "${HOME}/.thrift/thrift"
echo "${HOME}/.thrift" >> $GITHUB_PATH
- name: Set up Python 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
uses: actions/setup-python@v5
with:
python-version: |-
3.7
3.8
3.9
3.10
3.11
3.12
3.13
3.14
- name: Download native binaries
uses: actions/download-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.Linux-x86_64
path: src/python/pants
- name: Make native-client runnable
run: chmod +x src/python/pants/bin/native_client
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Run Python test shard 5/10
run: |
./pants test --shard=5/10 ::
- continue-on-error: true
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
if: always()
name: Upload test reports
run: |
export S3_DST=s3://logs.pantsbuild.org/test/reports/Linux-x86_64/$(git show --no-patch --format=%cd --date=format:%Y-%m-%d)/${GITHUB_REF_NAME//\//_}/${GITHUB_RUN_ID}/${GITHUB_RUN_ATTEMPT}/${GITHUB_JOB}
echo "Uploading test reports to ${S3_DST}"
./pants run ./src/python/pants_release/copy_to_s3.py -- --src-prefix=dist/test/reports --dst-prefix=${S3_DST} --path=""
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-python-test-5_10-Linux-x86_64
overwrite: 'true'
path: .pants.d/workdir/*.log
- continue-on-error: true
if: always()
name: Report coverage to coveralls.io
uses: coverallsapp/github-action@v2
with:
allow-empty: true
fail-on-error: false
file: dist/coverage/python/coverage.xml
flag-name: test_python_linux_x86_64_5/10
format: cobertura
parallel: true
timeout-minutes: 90
test_python_linux_x86_64_6:
env:
PANTS_PROCESS_EXECUTION_LOCAL_PARALLELISM: '1'
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Test Python (Linux-x86_64) Shard 6/10
needs:
- bootstrap_pants_linux_x86_64
- classify_changes
runs-on:
- ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
name: Launch bazel-remote
run: |
mkdir -p ~/bazel-remote
if [[ -z "${AWS_ACCESS_KEY_ID}" ]]; then
CACHE_WRITE=false
# If no secret read/write creds, use hard-coded read-only creds, so that
# cross-fork PRs can at least read from the cache.
# These creds are hard-coded here in this public repo, which makes the bucket
# world-readable. But since putting raw AWS tokens in a public repo, even
# deliberately, is icky, we base64-them. This will at least help hide from
# automated scanners that look for checked in AWS keys.
# Not that it would be terrible if we were scanned, since this is public
# on purpose, but it's best not to draw attention.
AWS_ACCESS_KEY_ID=$(echo 'QUtJQVY2QTZHN1JRVkJJUVM1RUEK' | base64 -d)
AWS_SECRET_ACCESS_KEY=$(echo 'd3dOQ1k1eHJJWVVtejZBblV6M0l1endXV0loQWZWcW9GZlVjMDlKRwo=' | base64 -d)
else
CACHE_WRITE=true
fi
docker run --detach -u 1001:1000 -v ~/bazel-remote:/data -p 9092:9092 buchgr/bazel-remote-cache:v2.4.1 --s3.auth_method=access_key --s3.access_key_id="${AWS_ACCESS_KEY_ID}" --s3.secret_access_key="${AWS_SECRET_ACCESS_KEY}" --s3.bucket=cache.pantsbuild.org --s3.endpoint=s3.us-east-1.amazonaws.com --max_size 30
echo "PANTS_REMOTE_STORE_ADDRESS=grpc://localhost:9092" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_READ=true" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_WRITE=${CACHE_WRITE}" >> "$GITHUB_ENV"
- name: Install AdoptJDK
uses: actions/setup-java@v4
with:
distribution: adopt
java-version: '11'
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.25.3
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.24.9
- if: runner.os == 'Linux'
name: Download Apache `thrift` binary (Linux)
run: |
mkdir -p "${HOME}/.thrift"
curl --fail -L https://binaries.pantsbuild.org/bin/thrift/linux/x86_64/0.15.0/thrift -o "${HOME}/.thrift/thrift"
chmod +x "${HOME}/.thrift/thrift"
echo "${HOME}/.thrift" >> $GITHUB_PATH
- name: Set up Python 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
uses: actions/setup-python@v5
with:
python-version: |-
3.7
3.8
3.9
3.10
3.11
3.12
3.13
3.14
- name: Download native binaries
uses: actions/download-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.Linux-x86_64
path: src/python/pants
- name: Make native-client runnable
run: chmod +x src/python/pants/bin/native_client
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Run Python test shard 6/10
run: |
./pants test --shard=6/10 ::
- continue-on-error: true
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
if: always()
name: Upload test reports
run: |
export S3_DST=s3://logs.pantsbuild.org/test/reports/Linux-x86_64/$(git show --no-patch --format=%cd --date=format:%Y-%m-%d)/${GITHUB_REF_NAME//\//_}/${GITHUB_RUN_ID}/${GITHUB_RUN_ATTEMPT}/${GITHUB_JOB}
echo "Uploading test reports to ${S3_DST}"
./pants run ./src/python/pants_release/copy_to_s3.py -- --src-prefix=dist/test/reports --dst-prefix=${S3_DST} --path=""
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-python-test-6_10-Linux-x86_64
overwrite: 'true'
path: .pants.d/workdir/*.log
- continue-on-error: true
if: always()
name: Report coverage to coveralls.io
uses: coverallsapp/github-action@v2
with:
allow-empty: true
fail-on-error: false
file: dist/coverage/python/coverage.xml
flag-name: test_python_linux_x86_64_6/10
format: cobertura
parallel: true
timeout-minutes: 90
test_python_linux_x86_64_7:
env:
PANTS_PROCESS_EXECUTION_LOCAL_PARALLELISM: '1'
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Test Python (Linux-x86_64) Shard 7/10
needs:
- bootstrap_pants_linux_x86_64
- classify_changes
runs-on:
- ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
name: Launch bazel-remote
run: |
mkdir -p ~/bazel-remote
if [[ -z "${AWS_ACCESS_KEY_ID}" ]]; then
CACHE_WRITE=false
# If no secret read/write creds, use hard-coded read-only creds, so that
# cross-fork PRs can at least read from the cache.
# These creds are hard-coded here in this public repo, which makes the bucket
# world-readable. But since putting raw AWS tokens in a public repo, even
# deliberately, is icky, we base64-them. This will at least help hide from
# automated scanners that look for checked in AWS keys.
# Not that it would be terrible if we were scanned, since this is public
# on purpose, but it's best not to draw attention.
AWS_ACCESS_KEY_ID=$(echo 'QUtJQVY2QTZHN1JRVkJJUVM1RUEK' | base64 -d)
AWS_SECRET_ACCESS_KEY=$(echo 'd3dOQ1k1eHJJWVVtejZBblV6M0l1endXV0loQWZWcW9GZlVjMDlKRwo=' | base64 -d)
else
CACHE_WRITE=true
fi
docker run --detach -u 1001:1000 -v ~/bazel-remote:/data -p 9092:9092 buchgr/bazel-remote-cache:v2.4.1 --s3.auth_method=access_key --s3.access_key_id="${AWS_ACCESS_KEY_ID}" --s3.secret_access_key="${AWS_SECRET_ACCESS_KEY}" --s3.bucket=cache.pantsbuild.org --s3.endpoint=s3.us-east-1.amazonaws.com --max_size 30
echo "PANTS_REMOTE_STORE_ADDRESS=grpc://localhost:9092" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_READ=true" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_WRITE=${CACHE_WRITE}" >> "$GITHUB_ENV"
- name: Install AdoptJDK
uses: actions/setup-java@v4
with:
distribution: adopt
java-version: '11'
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.25.3
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.24.9
- if: runner.os == 'Linux'
name: Download Apache `thrift` binary (Linux)
run: |
mkdir -p "${HOME}/.thrift"
curl --fail -L https://binaries.pantsbuild.org/bin/thrift/linux/x86_64/0.15.0/thrift -o "${HOME}/.thrift/thrift"
chmod +x "${HOME}/.thrift/thrift"
echo "${HOME}/.thrift" >> $GITHUB_PATH
- name: Set up Python 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
uses: actions/setup-python@v5
with:
python-version: |-
3.7
3.8
3.9
3.10
3.11
3.12
3.13
3.14
- name: Download native binaries
uses: actions/download-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.Linux-x86_64
path: src/python/pants
- name: Make native-client runnable
run: chmod +x src/python/pants/bin/native_client
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Run Python test shard 7/10
run: |
./pants test --shard=7/10 ::
- continue-on-error: true
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
if: always()
name: Upload test reports
run: |
export S3_DST=s3://logs.pantsbuild.org/test/reports/Linux-x86_64/$(git show --no-patch --format=%cd --date=format:%Y-%m-%d)/${GITHUB_REF_NAME//\//_}/${GITHUB_RUN_ID}/${GITHUB_RUN_ATTEMPT}/${GITHUB_JOB}
echo "Uploading test reports to ${S3_DST}"
./pants run ./src/python/pants_release/copy_to_s3.py -- --src-prefix=dist/test/reports --dst-prefix=${S3_DST} --path=""
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-python-test-7_10-Linux-x86_64
overwrite: 'true'
path: .pants.d/workdir/*.log
- continue-on-error: true
if: always()
name: Report coverage to coveralls.io
uses: coverallsapp/github-action@v2
with:
allow-empty: true
fail-on-error: false
file: dist/coverage/python/coverage.xml
flag-name: test_python_linux_x86_64_7/10
format: cobertura
parallel: true
timeout-minutes: 90
test_python_linux_x86_64_8:
env:
PANTS_PROCESS_EXECUTION_LOCAL_PARALLELISM: '1'
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Test Python (Linux-x86_64) Shard 8/10
needs:
- bootstrap_pants_linux_x86_64
- classify_changes
runs-on:
- ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
name: Launch bazel-remote
run: |
mkdir -p ~/bazel-remote
if [[ -z "${AWS_ACCESS_KEY_ID}" ]]; then
CACHE_WRITE=false
# If no secret read/write creds, use hard-coded read-only creds, so that
# cross-fork PRs can at least read from the cache.
# These creds are hard-coded here in this public repo, which makes the bucket
# world-readable. But since putting raw AWS tokens in a public repo, even
# deliberately, is icky, we base64-them. This will at least help hide from
# automated scanners that look for checked in AWS keys.
# Not that it would be terrible if we were scanned, since this is public
# on purpose, but it's best not to draw attention.
AWS_ACCESS_KEY_ID=$(echo 'QUtJQVY2QTZHN1JRVkJJUVM1RUEK' | base64 -d)
AWS_SECRET_ACCESS_KEY=$(echo 'd3dOQ1k1eHJJWVVtejZBblV6M0l1endXV0loQWZWcW9GZlVjMDlKRwo=' | base64 -d)
else
CACHE_WRITE=true
fi
docker run --detach -u 1001:1000 -v ~/bazel-remote:/data -p 9092:9092 buchgr/bazel-remote-cache:v2.4.1 --s3.auth_method=access_key --s3.access_key_id="${AWS_ACCESS_KEY_ID}" --s3.secret_access_key="${AWS_SECRET_ACCESS_KEY}" --s3.bucket=cache.pantsbuild.org --s3.endpoint=s3.us-east-1.amazonaws.com --max_size 30
echo "PANTS_REMOTE_STORE_ADDRESS=grpc://localhost:9092" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_READ=true" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_WRITE=${CACHE_WRITE}" >> "$GITHUB_ENV"
- name: Install AdoptJDK
uses: actions/setup-java@v4
with:
distribution: adopt
java-version: '11'
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.25.3
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.24.9
- if: runner.os == 'Linux'
name: Download Apache `thrift` binary (Linux)
run: |
mkdir -p "${HOME}/.thrift"
curl --fail -L https://binaries.pantsbuild.org/bin/thrift/linux/x86_64/0.15.0/thrift -o "${HOME}/.thrift/thrift"
chmod +x "${HOME}/.thrift/thrift"
echo "${HOME}/.thrift" >> $GITHUB_PATH
- name: Set up Python 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
uses: actions/setup-python@v5
with:
python-version: |-
3.7
3.8
3.9
3.10
3.11
3.12
3.13
3.14
- name: Download native binaries
uses: actions/download-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.Linux-x86_64
path: src/python/pants
- name: Make native-client runnable
run: chmod +x src/python/pants/bin/native_client
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Run Python test shard 8/10
run: |
./pants test --shard=8/10 ::
- continue-on-error: true
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
if: always()
name: Upload test reports
run: |
export S3_DST=s3://logs.pantsbuild.org/test/reports/Linux-x86_64/$(git show --no-patch --format=%cd --date=format:%Y-%m-%d)/${GITHUB_REF_NAME//\//_}/${GITHUB_RUN_ID}/${GITHUB_RUN_ATTEMPT}/${GITHUB_JOB}
echo "Uploading test reports to ${S3_DST}"
./pants run ./src/python/pants_release/copy_to_s3.py -- --src-prefix=dist/test/reports --dst-prefix=${S3_DST} --path=""
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-python-test-8_10-Linux-x86_64
overwrite: 'true'
path: .pants.d/workdir/*.log
- continue-on-error: true
if: always()
name: Report coverage to coveralls.io
uses: coverallsapp/github-action@v2
with:
allow-empty: true
fail-on-error: false
file: dist/coverage/python/coverage.xml
flag-name: test_python_linux_x86_64_8/10
format: cobertura
parallel: true
timeout-minutes: 90
test_python_linux_x86_64_9:
env:
PANTS_PROCESS_EXECUTION_LOCAL_PARALLELISM: '1'
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Test Python (Linux-x86_64) Shard 9/10
needs:
- bootstrap_pants_linux_x86_64
- classify_changes
runs-on:
- ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
name: Launch bazel-remote
run: |
mkdir -p ~/bazel-remote
if [[ -z "${AWS_ACCESS_KEY_ID}" ]]; then
CACHE_WRITE=false
# If no secret read/write creds, use hard-coded read-only creds, so that
# cross-fork PRs can at least read from the cache.
# These creds are hard-coded here in this public repo, which makes the bucket
# world-readable. But since putting raw AWS tokens in a public repo, even
# deliberately, is icky, we base64-them. This will at least help hide from
# automated scanners that look for checked in AWS keys.
# Not that it would be terrible if we were scanned, since this is public
# on purpose, but it's best not to draw attention.
AWS_ACCESS_KEY_ID=$(echo 'QUtJQVY2QTZHN1JRVkJJUVM1RUEK' | base64 -d)
AWS_SECRET_ACCESS_KEY=$(echo 'd3dOQ1k1eHJJWVVtejZBblV6M0l1endXV0loQWZWcW9GZlVjMDlKRwo=' | base64 -d)
else
CACHE_WRITE=true
fi
docker run --detach -u 1001:1000 -v ~/bazel-remote:/data -p 9092:9092 buchgr/bazel-remote-cache:v2.4.1 --s3.auth_method=access_key --s3.access_key_id="${AWS_ACCESS_KEY_ID}" --s3.secret_access_key="${AWS_SECRET_ACCESS_KEY}" --s3.bucket=cache.pantsbuild.org --s3.endpoint=s3.us-east-1.amazonaws.com --max_size 30
echo "PANTS_REMOTE_STORE_ADDRESS=grpc://localhost:9092" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_READ=true" >> "$GITHUB_ENV"
echo "PANTS_REMOTE_CACHE_WRITE=${CACHE_WRITE}" >> "$GITHUB_ENV"
- name: Install AdoptJDK
uses: actions/setup-java@v4
with:
distribution: adopt
java-version: '11'
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.25.3
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.24.9
- if: runner.os == 'Linux'
name: Download Apache `thrift` binary (Linux)
run: |
mkdir -p "${HOME}/.thrift"
curl --fail -L https://binaries.pantsbuild.org/bin/thrift/linux/x86_64/0.15.0/thrift -o "${HOME}/.thrift/thrift"
chmod +x "${HOME}/.thrift/thrift"
echo "${HOME}/.thrift" >> $GITHUB_PATH
- name: Set up Python 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
uses: actions/setup-python@v5
with:
python-version: |-
3.7
3.8
3.9
3.10
3.11
3.12
3.13
3.14
- name: Download native binaries
uses: actions/download-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.Linux-x86_64
path: src/python/pants
- name: Make native-client runnable
run: chmod +x src/python/pants/bin/native_client
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Run Python test shard 9/10
run: |
./pants test --shard=9/10 ::
- continue-on-error: true
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
if: always()
name: Upload test reports
run: |
export S3_DST=s3://logs.pantsbuild.org/test/reports/Linux-x86_64/$(git show --no-patch --format=%cd --date=format:%Y-%m-%d)/${GITHUB_REF_NAME//\//_}/${GITHUB_RUN_ID}/${GITHUB_RUN_ATTEMPT}/${GITHUB_JOB}
echo "Uploading test reports to ${S3_DST}"
./pants run ./src/python/pants_release/copy_to_s3.py -- --src-prefix=dist/test/reports --dst-prefix=${S3_DST} --path=""
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-python-test-9_10-Linux-x86_64
overwrite: 'true'
path: .pants.d/workdir/*.log
- continue-on-error: true
if: always()
name: Report coverage to coveralls.io
uses: coverallsapp/github-action@v2
with:
allow-empty: true
fail-on-error: false
file: dist/coverage/python/coverage.xml
flag-name: test_python_linux_x86_64_9/10
format: cobertura
parallel: true
timeout-minutes: 90
test_python_macos13_x86_64:
env:
ARCHFLAGS: -arch x86_64
_PYTHON_HOST_PLATFORM: macosx-13.0-x86_64
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Test Python (macOS13-x86_64)
needs:
- bootstrap_pants_macos13_x86_64
- classify_changes
runs-on:
- self-hosted
- macos-13
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- name: Install AdoptJDK
uses: actions/setup-java@v4
with:
distribution: adopt
java-version: '11'
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.25.3
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.24.9
- name: Download native binaries
uses: actions/download-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.macOS13-x86_64
path: src/python/pants
- name: Make native-client runnable
run: chmod +x src/python/pants/bin/native_client
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Run Python tests
run: |
./pants --tag=+platform_specific_behavior test :: -- -m platform_specific_behavior
- continue-on-error: true
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
if: always()
name: Upload test reports
run: |
export S3_DST=s3://logs.pantsbuild.org/test/reports/macOS13-x86_64/$(git show --no-patch --format=%cd --date=format:%Y-%m-%d)/${GITHUB_REF_NAME//\//_}/${GITHUB_RUN_ID}/${GITHUB_RUN_ATTEMPT}/${GITHUB_JOB}
echo "Uploading test reports to ${S3_DST}"
./pants run ./src/python/pants_release/copy_to_s3.py -- --src-prefix=dist/test/reports --dst-prefix=${S3_DST} --path=""
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-python-test-macOS13-x86_64
overwrite: 'true'
path: .pants.d/workdir/*.log
- continue-on-error: true
if: always()
name: Report coverage to coveralls.io
uses: coverallsapp/github-action@v2
with:
allow-empty: true
fail-on-error: false
file: dist/coverage/python/coverage.xml
flag-name: test_python_macos13_x86_64
format: cobertura
parallel: true
timeout-minutes: 90
test_python_macos14_arm64:
env:
ARCHFLAGS: -arch arm64
_PYTHON_HOST_PLATFORM: macosx-14.0-arm64
if: (github.repository_owner == 'pantsbuild') && (needs.classify_changes.outputs.no_code != 'true')
name: Test Python (macOS14-ARM64)
needs:
- bootstrap_pants_macos14_arm64
- classify_changes
runs-on:
- macos-14
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 10
- name: Install AdoptJDK
uses: actions/setup-java@v4
with:
distribution: adopt
java-version: '11'
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.25.3
- name: Install Go
uses: actions/setup-go@7bc60db215a8b16959b0b5cccfdc95950d697b25
with:
go-version: 1.24.9
- name: Set up Python 3.9, 3.10, 3.11, 3.12, 3.13, 3.14
uses: actions/setup-python@v5
with:
python-version: |-
3.9
3.10
3.11
3.12
3.13
3.14
- name: Download native binaries
uses: actions/download-artifact@v4
with:
name: native_binaries.${{ matrix.python-version }}.macOS14-ARM64
path: src/python/pants
- name: Make native-client runnable
run: chmod +x src/python/pants/bin/native_client
- env:
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
name: Run Python tests
run: |
./pants --tag=+platform_specific_behavior test :: -- -m platform_specific_behavior
- continue-on-error: true
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY || '--DISABLED--' }}
PANTS_SHOALSOFT_OPENTELEMETRY_ENABLED: ${{ vars.OPENTELEMETRY_ENABLED || 'False' }}
if: always()
name: Upload test reports
run: |
export S3_DST=s3://logs.pantsbuild.org/test/reports/macOS14-ARM64/$(git show --no-patch --format=%cd --date=format:%Y-%m-%d)/${GITHUB_REF_NAME//\//_}/${GITHUB_RUN_ID}/${GITHUB_RUN_ATTEMPT}/${GITHUB_JOB}
echo "Uploading test reports to ${S3_DST}"
./pants run ./src/python/pants_release/copy_to_s3.py -- --src-prefix=dist/test/reports --dst-prefix=${S3_DST} --path=""
- continue-on-error: true
if: always()
name: Upload pants.log
uses: actions/upload-artifact@v4
with:
name: logs-python-test-macOS14-ARM64
overwrite: 'true'
path: .pants.d/workdir/*.log
- continue-on-error: true
if: always()
name: Report coverage to coveralls.io
uses: coverallsapp/github-action@v2
with:
allow-empty: true
fail-on-error: false
file: dist/coverage/python/coverage.xml
flag-name: test_python_macos14_arm64
format: cobertura
parallel: true
timeout-minutes: 90
name: Pull Request CI
'on':
pull_request: {}
push:
branches:
- main
- 2.*.x