Skip to content

DOC: Document Remote Code Execution risk for Dataframe.query and comp… #2

DOC: Document Remote Code Execution risk for Dataframe.query and comp…

DOC: Document Remote Code Execution risk for Dataframe.query and comp… #2

Workflow file for this run

name: Unit Tests
on:
push:
branches:
- main
- 2.2.x
pull_request:
branches:
- main
- 2.2.x
paths-ignore:
- "doc/**"
- "web/**"
permissions:
contents: read
defaults:
run:
shell: bash -el {0}
jobs:
ubuntu:
runs-on: ubuntu-22.04
timeout-minutes: 90
strategy:
matrix:
env_file: [actions-39.yaml, actions-310.yaml, actions-311.yaml, actions-312.yaml]
# Prevent the include jobs from overriding other jobs
pattern: [""]
include:
- name: "Downstream Compat"
env_file: actions-311-downstream_compat.yaml
pattern: "not slow and not network and not single_cpu"
pytest_target: "pandas/tests/test_downstream.py"
- name: "Minimum Versions"
env_file: actions-39-minimum_versions.yaml
pattern: "not slow and not network and not single_cpu"
- name: "Locale: it_IT"
env_file: actions-311.yaml
pattern: "not slow and not network and not single_cpu"
extra_apt: "language-pack-it"
# Use the utf8 version as the default, it has no bad side-effect.
lang: "it_IT.utf8"
lc_all: "it_IT.utf8"
# Also install it_IT (its encoding is ISO8859-1) but do not activate it.
# It will be temporarily activated during tests with locale.setlocale
extra_loc: "it_IT"
- name: "Locale: zh_CN"
env_file: actions-311.yaml
pattern: "not slow and not network and not single_cpu"
extra_apt: "language-pack-zh-hans"
# Use the utf8 version as the default, it has no bad side-effect.
lang: "zh_CN.utf8"
lc_all: "zh_CN.utf8"
# Also install zh_CN (its encoding is gb2312) but do not activate it.
# It will be temporarily activated during tests with locale.setlocale
extra_loc: "zh_CN"
- name: "Pypy"
env_file: actions-pypy-39.yaml
pattern: "not slow and not network and not single_cpu"
test_args: "--max-worker-restart 0"
- name: "Numpy Dev"
env_file: actions-311-numpydev.yaml
pattern: "not slow and not network and not single_cpu"
test_args: "-W error::DeprecationWarning -W error::FutureWarning"
- name: "Pyarrow Nightly"
env_file: actions-311-pyarrownightly.yaml
pattern: "not slow and not network and not single_cpu"
fail-fast: false
name: ${{ matrix.name || format('ubuntu-latest {0}', matrix.env_file) }}
env:
PATTERN: ${{ matrix.pattern }}
LANG: ${{ matrix.lang || 'C.UTF-8' }}
LC_ALL: ${{ matrix.lc_all || '' }}
PANDAS_CI: ${{ matrix.pandas_ci || '1' }}
TEST_ARGS: ${{ matrix.test_args || '' }}
PYTEST_WORKERS: ${{ matrix.pytest_workers || 'auto' }}
PYTEST_TARGET: ${{ matrix.pytest_target || 'pandas' }}
NPY_PROMOTION_STATE: ${{ matrix.env_file == 'actions-311-numpydev.yaml' && 'weak' || 'legacy' }}
# Clipboard tests
QT_QPA_PLATFORM: offscreen
concurrency:
# https://github.community/t/concurrecy-not-work-for-push/183068/7
group: ${{ github.event_name == 'push' && github.run_number || github.ref }}-${{ matrix.env_file }}-${{ matrix.pattern }}-${{ matrix.extra_apt || '' }}}
cancel-in-progress: true
services:
mysql:
image: mysql:8.0.33
env:
MYSQL_ALLOW_EMPTY_PASSWORD: yes
MYSQL_DATABASE: pandas
options: >-
--health-cmd "mysqladmin ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 3306:3306
postgres:
image: postgres:13
env:
PGUSER: postgres
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: pandas
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
moto:
image: motoserver/moto:4.1.13
env:
AWS_ACCESS_KEY_ID: foobar_key
AWS_SECRET_ACCESS_KEY: foobar_secret
ports:
- 5000:5000
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Extra installs
run: sudo apt-get update && sudo apt-get install -y ${{ matrix.extra_apt }}
if: ${{ matrix.extra_apt }}
- name: Generate extra locales
# These extra locales will be available for locale.setlocale() calls in tests
run: sudo locale-gen ${{ matrix.extra_loc }}
if: ${{ matrix.extra_loc }}
- name: Set up Conda
uses: ./.github/actions/setup-conda
with:
environment-file: ci/deps/${{ matrix.env_file }}
- name: Build Pandas
id: build
uses: ./.github/actions/build_pandas
with:
meson_args: ${{ matrix.meson_args }}
cflags_adds: ${{ matrix.cflags_adds }}
- name: Test (not single_cpu)
uses: ./.github/actions/run-tests
if: ${{ matrix.name != 'Pypy' }}
env:
# Set pattern to not single_cpu if not already set
PATTERN: ${{ env.PATTERN == '' && 'not single_cpu' || matrix.pattern }}
- name: Test (single_cpu)
uses: ./.github/actions/run-tests
env:
PATTERN: 'single_cpu'
PYTEST_WORKERS: 0
if: ${{ matrix.pattern == '' && (always() && steps.build.outcome == 'success')}}
macos-windows:
timeout-minutes: 90
strategy:
matrix:
# Note: Don't use macOS latest since macos 14 appears to be arm64 only
os: [macos-13, macos-14, windows-latest]
env_file: [actions-39.yaml, actions-310.yaml, actions-311.yaml, actions-312.yaml]
fail-fast: false
runs-on: ${{ matrix.os }}
name: ${{ format('{0} {1}', matrix.os, matrix.env_file) }}
concurrency:
# https://github.community/t/concurrecy-not-work-for-push/183068/7
group: ${{ github.event_name == 'push' && github.run_number || github.ref }}-${{ matrix.env_file }}-${{ matrix.os }}
cancel-in-progress: true
env:
PANDAS_CI: 1
PYTEST_TARGET: pandas
PATTERN: "not slow and not db and not network and not single_cpu"
PYTEST_WORKERS: 'auto'
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Conda
uses: ./.github/actions/setup-conda
with:
environment-file: ci/deps/${{ matrix.env_file }}
- name: Build Pandas
uses: ./.github/actions/build_pandas
- name: Test
uses: ./.github/actions/run-tests
Linux-32-bit:
runs-on: ubuntu-22.04
container:
image: quay.io/pypa/manylinux2014_i686
options: --platform linux/386
steps:
- name: Checkout pandas Repo
# actions/checkout does not work since it requires node
run: |
git config --global --add safe.directory $PWD
if [ $GITHUB_EVENT_NAME != pull_request ]; then
git clone --recursive --branch=$GITHUB_REF_NAME https://github.com/${GITHUB_REPOSITORY}.git $GITHUB_WORKSPACE
git reset --hard $GITHUB_SHA
else
git clone --recursive https://github.com/${GITHUB_REPOSITORY}.git $GITHUB_WORKSPACE
git fetch origin $GITHUB_REF:my_ref_name
git checkout $GITHUB_BASE_REF
git -c user.email="[email protected]" merge --no-commit my_ref_name
fi
- name: Build environment and Run Tests
# https://github.com/numpy/numpy/issues/24703#issuecomment-1722379388
run: |
/opt/python/cp311-cp311/bin/python -m venv ~/virtualenvs/pandas-dev
. ~/virtualenvs/pandas-dev/bin/activate
python -m pip install --no-cache-dir -U pip wheel setuptools meson[ninja]==1.2.1 meson-python==0.13.1
python -m pip install numpy --config-settings=setup-args="-Dallow-noblas=true"
python -m pip install --no-cache-dir versioneer[toml] cython python-dateutil pytz pytest>=7.3.2 pytest-xdist>=2.2.0 hypothesis>=6.46.1
python -m pip install --no-cache-dir --no-build-isolation -e . --config-settings=setup-args="--werror"
python -m pip list --no-cache-dir
export PANDAS_CI=1
python -m pytest -m 'not slow and not network and not clipboard and not single_cpu' pandas --junitxml=test-data.xml
concurrency:
# https://github.community/t/concurrecy-not-work-for-push/183068/7
group: ${{ github.event_name == 'push' && github.run_number || github.ref }}-32bit
cancel-in-progress: true
Linux-Musl:
runs-on: ubuntu-22.04
container:
image: quay.io/pypa/musllinux_1_1_x86_64
steps:
- name: Checkout pandas Repo
# actions/checkout does not work since it requires node
run: |
git config --global --add safe.directory $PWD
if [ $GITHUB_EVENT_NAME != pull_request ]; then
git clone --recursive --branch=$GITHUB_REF_NAME https://github.com/${GITHUB_REPOSITORY}.git $GITHUB_WORKSPACE
git reset --hard $GITHUB_SHA
else
git clone --recursive https://github.com/${GITHUB_REPOSITORY}.git $GITHUB_WORKSPACE
git fetch origin $GITHUB_REF:my_ref_name
git checkout $GITHUB_BASE_REF
git -c user.email="[email protected]" merge --no-commit my_ref_name
fi
- name: Configure System Packages
run: |
apk update
apk add musl-locales
- name: Build environment
run: |
/opt/python/cp311-cp311/bin/python -m venv ~/virtualenvs/pandas-dev
. ~/virtualenvs/pandas-dev/bin/activate
python -m pip install --no-cache-dir -U pip wheel setuptools meson-python==0.13.1 meson[ninja]==1.2.1
python -m pip install --no-cache-dir versioneer[toml] cython numpy python-dateutil pytz pytest>=7.3.2 pytest-xdist>=2.2.0 hypothesis>=6.46.1
python -m pip install --no-cache-dir --no-build-isolation -e . --config-settings=setup-args="--werror"
python -m pip list --no-cache-dir
- name: Run Tests
run: |
. ~/virtualenvs/pandas-dev/bin/activate
export PANDAS_CI=1
python -m pytest -m 'not slow and not network and not clipboard and not single_cpu' pandas --junitxml=test-data.xml
concurrency:
# https://github.community/t/concurrecy-not-work-for-push/183068/7
group: ${{ github.event_name == 'push' && github.run_number || github.ref }}-musl
cancel-in-progress: true
python-dev:
# This job may or may not run depending on the state of the next
# unreleased Python version. DO NOT DELETE IT.
#
# In general, this will remain frozen(present, but not running) until:
# - The next unreleased Python version has released beta 1
# - This version should be available on GitHub Actions.
# - Our required build/runtime dependencies(numpy, pytz, Cython, python-dateutil)
# support that unreleased Python version.
# To unfreeze, comment out the ``if: false`` condition, and make sure you update
# the name of the workflow and Python version in actions/setup-python ``python-version:``
#
# After it has been unfrozen, this file should remain unfrozen(present, and running) until:
# - The next Python version has been officially released.
# OR
# - Most/All of our optional dependencies support the next Python version AND
# - The next Python version has released a rc(we are guaranteed a stable ABI).
# To freeze this file, uncomment out the ``if: false`` condition, and migrate the jobs
# to the corresponding posix/windows-macos/sdist etc. workflows.
# Feel free to modify this comment as necessary.
if: false # Uncomment this to freeze the workflow, comment it to unfreeze
defaults:
run:
shell: bash -eou pipefail {0}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
# Separate out macOS 13 and 14, since macOS 14 is arm64 only
os: [ubuntu-22.04, macOS-13, macOS-14, windows-latest]
timeout-minutes: 90
concurrency:
# https://github.community/t/concurrecy-not-work-for-push/183068/7
group: ${{ github.event_name == 'push' && github.run_number || github.ref }}-${{ matrix.os }}-${{ matrix.pytest_target }}-dev
cancel-in-progress: true
env:
PYTEST_WORKERS: "auto"
PANDAS_CI: 1
PATTERN: "not slow and not network and not clipboard and not single_cpu"
PYTEST_TARGET: pandas
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python Dev Version
uses: actions/setup-python@v5
with:
python-version: '3.12-dev'
- name: Build Environment
run: |
python --version
python -m pip install --upgrade pip setuptools wheel meson[ninja]==1.2.1 meson-python==0.13.1
python -m pip install --pre --extra-index-url https://pypi.anaconda.org/scientific-python-nightly-wheels/simple numpy
python -m pip install versioneer[toml]
python -m pip install python-dateutil pytz tzdata cython hypothesis>=6.46.1 pytest>=7.3.2 pytest-xdist>=2.2.0 pytest-cov
python -m pip install -ve . --no-build-isolation --no-index --no-deps --config-settings=setup-args="--werror"
python -m pip list
- name: Run Tests
uses: ./.github/actions/run-tests
emscripten:
# Note: the Python version, Emscripten toolchain version are determined
# by the Pyodide version. The appropriate versions can be found in the
# Pyodide repodata.json "info" field, or in the Makefile.envs file:
# https://github.com/pyodide/pyodide/blob/stable/Makefile.envs#L2
# The Node.js version can be determined via Pyodide:
# https://pyodide.org/en/stable/usage/index.html#node-js
name: Pyodide build
runs-on: ubuntu-22.04
concurrency:
# https://github.community/t/concurrecy-not-work-for-push/183068/7
group: ${{ github.event_name == 'push' && github.run_number || github.ref }}-wasm
cancel-in-progress: true
steps:
- name: Checkout pandas Repo
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python for Pyodide
id: setup-python
uses: actions/setup-python@v5
with:
python-version: '3.11.3'
- name: Set up Emscripten toolchain
uses: mymindstorm/setup-emsdk@v14
with:
version: '3.1.46'
actions-cache-folder: emsdk-cache
- name: Install pyodide-build
run: pip install "pyodide-build==0.25.1"
- name: Build pandas for Pyodide
run: |
pyodide build
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '18'
- name: Set up Pyodide virtual environment
run: |
pyodide venv .venv-pyodide
source .venv-pyodide/bin/activate
pip install dist/*.whl
- name: Test pandas for Pyodide
env:
PANDAS_CI: 1
run: |
source .venv-pyodide/bin/activate
pip install pytest hypothesis
# do not import pandas from the checked out repo
cd ..
python -c 'import pandas as pd; pd.test(extra_args=["-m not clipboard and not single_cpu and not slow and not network and not db"])'