25441711719

Committed 06 May 2026 02:31PM UTC coverage: 92.915%. Remained the same

Build # 25441711719

Build Type

push

github

Committed by

web-flow

Commit Message

use sha pin (with comment) format for generated actions (#23312)

Per the GitHub Action best practices we recently enabled at #23249, we
should pin each action to a SHA so that the reference is actually
immutable.

This will -- I hope -- knock out a large chunk of the 421 alerts we
currently get from zizmor. The next followup would then be upgrades and
harmonizing the generated and none-generated pins.

Notice: This idea was suggested by Claude while going over pinact output
and I was surprised to see that post processing the yaml wasn't too
gross.

Coverage Stats

92206 of 99237 relevant lines covered (92.91%)

4.04 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

100.0

/src/python/pants/backend/python/packaging/pyoxidizer/config.py

# Copyright 2022 Pants project contributors (see CONTRIBUTORS.md).
# Licensed under the Apache License, Version 2.0 (see LICENSE).

from __future__ import annotations

from dataclasses import dataclass
from string import Template
from textwrap import indent

DEFAULT_TEMPLATE = """
def make_exe():
    dist = default_python_distribution()
    policy = dist.make_python_packaging_policy()
    policy.extension_module_filter = "no-copyleft"

    # Note: Adding this for pydantic and libs that have the "unable to load from memory" error
    # https://github.com/indygreg/PyOxidizer/issues/438
    policy.resources_location_fallback = "filesystem-relative:lib"

    python_config = dist.make_python_interpreter_config()

    $RUN_MODULE

    exe = dist.to_python_executable(
        name="$NAME",
        packaging_policy=policy,
        config=python_config,
    )

    exe.add_python_resources(exe.pip_install($WHEELS))
    $UNCLASSIFIED_RESOURCE_INSTALLATION

    return exe

def make_embedded_resources(exe):
    return exe.to_embedded_resources()

def make_install(exe):
    # Create an object that represents our installed application file layout.
    files = FileManifest()
    # Add the generated executable to our install layout in the root directory.
    files.add_python_resource(".", exe)
    return files

register_target("exe", make_exe)
register_target("resources", make_embedded_resources, depends=["exe"], default_build_script=True)
register_target("install", make_install, depends=["exe"], default=True)
resolve_targets()
"""

UNCLASSIFIED_RESOURCES_TEMPLATE = """
for resource in exe.pip_install($UNCLASSIFIED_RESOURCES):
    resource.add_location = "filesystem-relative:lib"
    exe.add_python_resource(resource)
"""


@dataclass(frozen=True)
class PyOxidizerConfig:
    executable_name: str
    wheels: list[str]
    entry_point: str | None = None
    template: str | None = None
    unclassified_resources: list[str] | None = None

    @property
    def run_module(self) -> str:
        return (
            f"python_config.run_module = '{self.entry_point}'"
            if self.entry_point is not None
            else ""
        )

    def render(self) -> str:
        unclassified_resource_snippet = ""
        if self.unclassified_resources is not None:
            unclassified_resource_snippet = Template(
                UNCLASSIFIED_RESOURCES_TEMPLATE
            ).safe_substitute(UNCLASSIFIED_RESOURCES=self.unclassified_resources)

            unclassified_resource_snippet = indent(unclassified_resource_snippet, "    ")

        template = Template(self.template or DEFAULT_TEMPLATE)
        return template.safe_substitute(
            NAME=self.executable_name,
            WHEELS=self.wheels,
            RUN_MODULE=self.run_module,
            UNCLASSIFIED_RESOURCE_INSTALLATION=unclassified_resource_snippet,
        )

1	# Copyright 2022 Pants project contributors (see CONTRIBUTORS.md).
2	# Licensed under the Apache License, Version 2.0 (see LICENSE).
3
4	from __future__ import annotations	1✔
5
6	from dataclasses import dataclass	1✔
7	from string import Template	1✔
8	from textwrap import indent	1✔
9
10	DEFAULT_TEMPLATE = """	1✔
11	def make_exe():
12	dist = default_python_distribution()
13	policy = dist.make_python_packaging_policy()
14	policy.extension_module_filter = "no-copyleft"
15
16	# Note: Adding this for pydantic and libs that have the "unable to load from memory" error
17	# https://github.com/indygreg/PyOxidizer/issues/438
18	policy.resources_location_fallback = "filesystem-relative:lib"
19
20	python_config = dist.make_python_interpreter_config()
21
22	$RUN_MODULE
23
24	exe = dist.to_python_executable(
25	name="$NAME",
26	packaging_policy=policy,
27	config=python_config,
28	)
29
30	exe.add_python_resources(exe.pip_install($WHEELS))
31	$UNCLASSIFIED_RESOURCE_INSTALLATION
32
33	return exe
34
35	def make_embedded_resources(exe):
36	return exe.to_embedded_resources()
37
38	def make_install(exe):
39	# Create an object that represents our installed application file layout.
40	files = FileManifest()
41	# Add the generated executable to our install layout in the root directory.
42	files.add_python_resource(".", exe)
43	return files
44
45	register_target("exe", make_exe)
46	register_target("resources", make_embedded_resources, depends=["exe"], default_build_script=True)
47	register_target("install", make_install, depends=["exe"], default=True)
48	resolve_targets()
49	"""
50
51	UNCLASSIFIED_RESOURCES_TEMPLATE = """	1✔
52	for resource in exe.pip_install($UNCLASSIFIED_RESOURCES):
53	resource.add_location = "filesystem-relative:lib"
54	exe.add_python_resource(resource)
55	"""
56
57
58	@dataclass(frozen=True)	1✔
59	class PyOxidizerConfig:	1✔
60	executable_name: str	1✔
61	wheels: list[str]	1✔
62	entry_point: str \| None = None	1✔
63	template: str \| None = None	1✔
64	unclassified_resources: list[str] \| None = None	1✔
65
66	@property	1✔
67	def run_module(self) -> str:	1✔
68	return (	1✔
69	f"python_config.run_module = '{self.entry_point}'"
70	if self.entry_point is not None
71	else ""
72	)
73
74	def render(self) -> str:	1✔
75	unclassified_resource_snippet = ""	1✔
76	if self.unclassified_resources is not None:	1✔
77	unclassified_resource_snippet = Template(	1✔
78	UNCLASSIFIED_RESOURCES_TEMPLATE
79	).safe_substitute(UNCLASSIFIED_RESOURCES=self.unclassified_resources)
80
81	unclassified_resource_snippet = indent(unclassified_resource_snippet, " ")	1✔
82
83	template = Template(self.template or DEFAULT_TEMPLATE)	1✔
84	return template.safe_substitute(	1✔
85	NAME=self.executable_name,
86	WHEELS=self.wheels,
87	RUN_MODULE=self.run_module,
88	UNCLASSIFIED_RESOURCE_INSTALLATION=unclassified_resource_snippet,
89	)

pantsbuild / pants / 25441711719

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous