From 75f9c9c003fa1cf4cad9219b1c0e2f78a3f75b97 Mon Sep 17 00:00:00 2001 From: Matthew Watkins Date: Thu, 5 Feb 2026 06:18:54 +0000 Subject: [PATCH 1/4] Feat: Add path_prefix output for downstream actions When using path_prefix to build projects in subdirectories, downstream actions like python-test-action, python-audit-action, and python-sbom-action also need the same path_prefix value. This change outputs path_prefix so workflows can pass it to later jobs via needs.python-build.outputs.path_prefix. Fixes: lfreleng-actions/python-build-action#138 Co-Authored-By: Claude Signed-off-by: Matthew Watkins --- README.md | 54 +++++++++++++++++++++++++++++++++++++++++++++++------ action.yaml | 3 +++ 2 files changed, 51 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index ce31024..5b519f1 100644 --- a/README.md +++ b/README.md @@ -201,12 +201,54 @@ permissions: -| Variable Name | Description | -| -------------------- | ---------------------------------------------- | -| build_python_version | Python version used to perform build | -| matrix_json | Project supported Python versions as JSON | -| artefact_name | Project name used for build artefacts | -| artefact_path | Full path to build artefacts directory | +| Variable Name | Description | +| -------------------- | ------------------------------------------------- | +| build_python_version | Python version used to perform build | +| matrix_json | Project supported Python versions as JSON | +| artefact_name | Project name used for build artefacts | +| artefact_path | Full path to build artefacts directory | +| path_prefix | Path prefix to Python project (for downstream) | + + + +### Using path_prefix with Downstream Actions + +When your Python project lives in a subdirectory (not the repository +root), you must pass `path_prefix` to both this action and any downstream +actions like `python-test-action`, `python-audit-action`, and +`python-sbom-action`. The `path_prefix` output makes this easier by passing +the value through for use in later jobs: + + + +```yaml +jobs: + python-build: + runs-on: ubuntu-latest + outputs: + matrix_json: "${{ steps.python-build.outputs.matrix_json }}" + path_prefix: "${{ steps.python-build.outputs.path_prefix }}" + steps: + - uses: actions/checkout@v4 + - name: 'Build Python project' + id: python-build + uses: lfreleng-actions/python-build-action@main + with: + path_prefix: 'my-python-project/' + + python-tests: + runs-on: ubuntu-latest + needs: python-build + strategy: + matrix: "${{ fromJSON(needs.python-build.outputs.matrix_json) }}" + steps: + - uses: actions/checkout@v4 + - name: 'Run tests' + uses: lfreleng-actions/python-test-action@main + with: + python_version: ${{ matrix.python-version }} + path_prefix: ${{ needs.python-build.outputs.path_prefix }} +``` diff --git a/action.yaml b/action.yaml index 44ac138..e5048e1 100644 --- a/action.yaml +++ b/action.yaml @@ -110,6 +110,9 @@ outputs: artefact_path: description: 'Full path to build artefacts directory' value: ${{ steps.build_summary.outputs.artefact_path }} + path_prefix: + description: 'Path prefix to Python project (pass to downstream actions)' + value: ${{ inputs.path_prefix }} runs: using: 'composite' From 99dde5d240b5166836cbb95c24dea449e77bc367 Mon Sep 17 00:00:00 2001 From: Matthew Watkins Date: Thu, 5 Feb 2026 11:00:01 +0000 Subject: [PATCH 2/4] Fix: Make Git unshallow conditional Co-Authored-By: Claude Signed-off-by: Matthew Watkins --- action.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/action.yaml b/action.yaml index e5048e1..07c9195 100644 --- a/action.yaml +++ b/action.yaml @@ -180,7 +180,11 @@ runs: # Fetch tags to support dynamic versioning # ...but NOT when a tag push triggered the build path_prefix="${{ inputs.path_prefix }}" - git -C "$path_prefix" fetch --unshallow + # Only unshallow if the repository is a shallow clone + if git -C "$path_prefix" rev-parse --is-shallow-repository | grep -q true; then + echo "Unshallowing repository ⏩" + git -C "$path_prefix" fetch --unshallow + fi git -C "$path_prefix" fetch --tags origin ||\ { echo "Error: git fetch --tags failed" >&2; exit 1; } echo "Dynamic versioning: fetched repository tags 💬" \ From 37d0ec1293f8a5e2385e63d1718f3883398aa4a9 Mon Sep 17 00:00:00 2001 From: Matthew Watkins Date: Thu, 5 Feb 2026 11:11:24 +0000 Subject: [PATCH 3/4] Chore: Remove spurious shell set commands These appear to have been accidentally committed after a debugging sessions. Mostly they added nothing, since the overlap with some GitHub defaults, and were added to steps containing no pipe symbols. Co-Authored-By: Claude Signed-off-by: Matthew Watkins --- action.yaml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/action.yaml b/action.yaml index 07c9195..5f7caf6 100644 --- a/action.yaml +++ b/action.yaml @@ -120,7 +120,6 @@ runs: - name: 'Setup action/environment' shell: bash run: | - set -euo pipefail # Setup action/environment # Set input variables @@ -176,7 +175,6 @@ runs: if: github.ref_type != 'tag' && steps.metadata.outputs.python_versioning_type == 'dynamic' shell: bash run: | - set -euo pipefail # Fetch tags to support dynamic versioning # ...but NOT when a tag push triggered the build path_prefix="${{ inputs.path_prefix }}" @@ -194,7 +192,6 @@ runs: if: inputs.tag != '' shell: bash run: | - set -euo pipefail # Explicit build versioning echo "Explicit build versioning: ${{ inputs.tag }} 💬" \ >> "$GITHUB_STEP_SUMMARY" @@ -218,7 +215,6 @@ runs: id: python_version shell: bash run: | - set -euo pipefail # Determine Python version for build if [ -n "${{ inputs.python_version }}" ]; then python_version="${{ inputs.python_version }}" @@ -281,7 +277,6 @@ runs: - name: 'Install build dependencies' shell: bash run: | - set -euo pipefail # Install build dependencies echo 'Installing Python build dependencies...' python -m pip install --disable-pip-version-check \ @@ -314,7 +309,6 @@ runs: shell: bash run: | # Build with TOX - set -euo pipefail echo "Building with tox: some inputs/options may be disregarded ⚠️" path_prefix="${{ inputs.path_prefix }}" @@ -337,7 +331,6 @@ runs: if: inputs.tox_build != 'true' shell: bash run: | - set -euo pipefail # Build Python project path_prefix="${{ inputs.path_prefix }}" artefact_path="${{ inputs.artefact_path }}" @@ -381,7 +374,6 @@ runs: if: inputs.auditwheel == 'true' && inputs.build_formats != 'sdist' shell: bash run: | - set -euo pipefail # Repair wheels to manylinux format for PyPI compatibility path_prefix="${{ inputs.path_prefix }}" artefact_path="${{ inputs.artefact_path }}" @@ -446,7 +438,6 @@ runs: shell: bash # yamllint disable rule:line-length run: | - set -euo pipefail # Build outputs/summary path_prefix="${{ inputs.path_prefix }}" artefact_path="${{ inputs.artefact_path }}" @@ -493,7 +484,6 @@ runs: if: inputs.sigstore_sign == 'true' shell: bash run: | - set -euo pipefail # Add heading to separate signing from attestations echo '### Sigstore Signing ✍🏼' >> "$GITHUB_STEP_SUMMARY" @@ -503,7 +493,6 @@ runs: shell: bash # yamllint disable rule:line-length run: | - set -euo pipefail # Build list of files to sign based on build_formats files_to_sign=() From 753656ef45e20444e2b5867269e8a3ac09879627 Mon Sep 17 00:00:00 2001 From: Matthew Watkins Date: Thu, 5 Feb 2026 11:18:18 +0000 Subject: [PATCH 4/4] Fix: Improve error handling following copilot feedback Co-Authored-By: Claude Signed-off-by: Matthew Watkins --- action.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/action.yaml b/action.yaml index 5f7caf6..80cefe8 100644 --- a/action.yaml +++ b/action.yaml @@ -179,7 +179,9 @@ runs: # ...but NOT when a tag push triggered the build path_prefix="${{ inputs.path_prefix }}" # Only unshallow if the repository is a shallow clone - if git -C "$path_prefix" rev-parse --is-shallow-repository | grep -q true; then + shallow_repo=$(git -C "$path_prefix" rev-parse --is-shallow-repository 2>/dev/null) || \ + { echo "Error: git rev-parse --is-shallow-repository failed" >&2; exit 1; } + if [ "$shallow_repo" = "true" ]; then echo "Unshallowing repository ⏩" git -C "$path_prefix" fetch --unshallow fi