search

motioneye-project / motioneye

A web frontend for the motion daemon.
GNU General Public License v3.0
3.94k stars 650 forks source link

[CI] Workflow update and alignment #2883

Closed MichaIng closed 9 months ago

MichaIng commented 9 months ago

I actually just wanted to (hopefully) fix the satefy test, which fails since somehow pip install --update pip does not install the latest pip version in this workflow.

MichaIng commented 9 months ago

@cclauss since you added the safety workflow. Do you have an idea why it is still failing? Previously pip install --upgrade pip seems to not have upgraded pip, which is strange in its own. However, with the added check-latest: true, the setup-python action upgrades to latest Python point release and upgrades pip to 23.3.1. It does so for the intended instance in /opt/hostedtoolcache/Python/3.12.1/x64/lib/python3.12/site-packages, and two added -V commands show that pip as well as python3 -m pip do call this very same pip version. safety says it checks packages in /opt/hostedtoolcache/Python/3.12.1/x64/lib/python3.12/site-packages, which we undoubtedly know contains the one upgraded pip instance which is called by the pip command. So how the hack can safety still find a pip 23.2.1? Even upgrading the global system instance of pip via sudo does not change something about this.

Of course we could tell it to ignore pip, but I would like to understand what's going on 😄.

EDIT: Sadly safety does not seem to have a verbose flag to e.g. show which checked package it found where.

MichaIng commented 9 months ago

There it is:

drwxr-xr-x+  5 runner docker    4096 Dec 10 18:59 pip
drwxr-xr-x+  2 runner docker    4096 Dec 10 18:59 pip-23.2.1.dist-info
drwxrwxrwx+  2 runner docker    4096 Dec 10 18:59 pip-23.3.1.dist-info

For whatever reason, there is an additional pip-23.2.1.dist-info metadata directory left, which is for whatever reason not removed with the pip upgrade, regardless which way. We can remove it manually for now.