25441711719

Committed 06 May 2026 02:31PM UTC coverage: 92.915%. Remained the same

Build # 25441711719

Build Type

push

github

Committed by

web-flow

Commit Message

use sha pin (with comment) format for generated actions (#23312)

Per the GitHub Action best practices we recently enabled at #23249, we
should pin each action to a SHA so that the reference is actually
immutable.

This will -- I hope -- knock out a large chunk of the 421 alerts we
currently get from zizmor. The next followup would then be upgrades and
harmonizing the generated and none-generated pins.

Notice: This idea was suggested by Claude while going over pinact output
and I was surprised to see that post processing the yaml wasn't too
gross.

Coverage Stats

92206 of 99237 relevant lines covered (92.91%)

4.04 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

100.0

/src/python/pants/backend/docker/package_types.py

# Copyright 2021 Pants project contributors (see CONTRIBUTORS.md).
# Licensed under the Apache License, Version 2.0 (see LICENSE).

from __future__ import annotations

from dataclasses import dataclass
from enum import StrEnum, auto

from pants.core.goals.package import BuiltPackageArtifact
from pants.engine.addresses import Address
from pants.util.strutil import bullet_list, pluralize


class DockerPushOnPackageBehavior(StrEnum):
    """Controls whether Docker images can push to registries during packaging."""

    ALLOW = auto()
    IGNORE = auto()
    WARN = auto()
    ERROR = auto()


class DockerPushOnPackageException(Exception):
    """Exception raised when a Docker image would push but push behavior is ERROR."""

    def __init__(self, address: Address):
        super().__init__(
            f"The docker_image target {address} would push to a registry but "
            f'`[docker].push_on_package` is set to "error".'
        )


@dataclass(frozen=True)
class BuiltDockerImage(BuiltPackageArtifact):
    # We don't really want a default for this field, but the superclass has a field with
    # a default, so all subsequent fields must have one too. The `create()` method below
    # will ensure that this field is properly populated in practice.
    image_id: str = ""
    tags: tuple[str, ...] = ()

    @classmethod
    def create(
        cls, image_id: str, tags: tuple[str, ...], metadata_filename: str
    ) -> BuiltDockerImage:
        tags_string = tags[0] if len(tags) == 1 else f"\n{bullet_list(tags)}"
        return cls(
            image_id=image_id,
            tags=tags,
            relpath=metadata_filename,
            extra_log_lines=(
                f"Built docker {pluralize(len(tags), 'image', False)}: {tags_string}",
                f"Docker image ID: {image_id}",
            ),
        )

1	# Copyright 2021 Pants project contributors (see CONTRIBUTORS.md).
2	# Licensed under the Apache License, Version 2.0 (see LICENSE).
3
4	from __future__ import annotations	10✔
5
6	from dataclasses import dataclass	10✔
7	from enum import StrEnum, auto	10✔
8
9	from pants.core.goals.package import BuiltPackageArtifact	10✔
10	from pants.engine.addresses import Address	10✔
11	from pants.util.strutil import bullet_list, pluralize	10✔
12
13
14	class DockerPushOnPackageBehavior(StrEnum):	10✔
15	"""Controls whether Docker images can push to registries during packaging."""
16
17	ALLOW = auto()	10✔
18	IGNORE = auto()	10✔
19	WARN = auto()	10✔
20	ERROR = auto()	10✔
21
22
23	class DockerPushOnPackageException(Exception):	10✔
24	"""Exception raised when a Docker image would push but push behavior is ERROR."""
25
26	def __init__(self, address: Address):	10✔
27	super().__init__(	1✔
28	f"The docker_image target {address} would push to a registry but "
29	f'`[docker].push_on_package` is set to "error".'
30	)
31
32
33	@dataclass(frozen=True)	10✔
34	class BuiltDockerImage(BuiltPackageArtifact):	10✔
35	# We don't really want a default for this field, but the superclass has a field with
36	# a default, so all subsequent fields must have one too. The `create()` method below
37	# will ensure that this field is properly populated in practice.
38	image_id: str = ""	10✔
39	tags: tuple[str, ...] = ()	10✔
40
41	@classmethod	10✔
42	def create(	10✔
43	cls, image_id: str, tags: tuple[str, ...], metadata_filename: str
44	) -> BuiltDockerImage:
45	tags_string = tags[0] if len(tags) == 1 else f"\n{bullet_list(tags)}"	5✔
46	return cls(	5✔
47	image_id=image_id,
48	tags=tags,
49	relpath=metadata_filename,
50	extra_log_lines=(
51	f"Built docker {pluralize(len(tags), 'image', False)}: {tags_string}",
52	f"Docker image ID: {image_id}",
53	),
54	)

pantsbuild / pants / 25441711719

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous