Merge branch 'master' into david-leifker-patch-3

Author: david-leifker

.github/scripts/check_gradle_lockfiles.py

@@ -0,0 +1,153 @@
+#!/usr/bin/env python3
+"""Validate that gradle.lockfile files are up-to-date with current dependencies.
+
+This script uses Gradle's built-in dependency resolution to regenerate lockfiles
+and checks if they differ from the committed versions.
+"""
+
+import subprocess
+import sys
+import os
+
+
+def run_command(cmd: list[str], check: bool = True) -> subprocess.CompletedProcess:
+    """Run a shell command and return the result."""
+    return subprocess.run(
+        cmd,
+        capture_output=True,
+        text=True,
+        check=check,
+    )
+
+
+def check_for_changes_in_gradle_files() -> bool:
+    """Check if any build.gradle or gradle.lockfile files were changed."""
+    try:
+        # Get all changed files (staged + unstaged)
+        result = run_command(["git", "diff", "--name-only", "HEAD"])
+        unstaged = set(result.stdout.strip().split("\n")) if result.stdout.strip() else set()
+
+        result = run_command(["git", "diff", "--name-only", "--cached"])
+        staged = set(result.stdout.strip().split("\n")) if result.stdout.strip() else set()
+
+        changed_files = unstaged.union(staged)
+
+        # Check if any gradle files were modified
+        gradle_files = [
+            f for f in changed_files
+            if f.endswith("build.gradle")
+            or f.endswith("build.gradle.kts")
+            or f.endswith("gradle.lockfile")
+            or "gradle.properties" in f
+            or "gradle/wrapper" in f
+        ]
+
+        return len(gradle_files) > 0
+    except subprocess.CalledProcessError:
+        # If we can't determine, assume we should check
+        return True
+
+
+def regenerate_lockfiles() -> tuple[bool, str]:
+    """Regenerate all lockfiles using Gradle.
+
+    Returns:
+        Tuple of (success, error_message)
+    """
+    print("Regenerating lockfiles to verify they are up-to-date...")
+    print("Running: ./gradlew resolveAndLockAll --write-locks")
+
+    try:
+        result = run_command(
+            ["./gradlew", "resolveAndLockAll", "--write-locks", "-x", "generateGitPropertiesGlobal"],
+            check=False
+        )
+
+        if result.returncode != 0:
+            return False, f"Failed to regenerate lockfiles:\n{result.stderr}"
+
+        return True, ""
+    except Exception as e:
+        return False, f"Error running Gradle: {str(e)}"
+
+
+def check_for_lockfile_diffs() -> tuple[bool, list[str]]:
+    """Check if any lockfiles have differences after regeneration.
+
+    Returns:
+        Tuple of (has_diffs, list_of_changed_files)
+    """
+    try:
+        result = run_command(
+            ["git", "diff", "--name-only", "**gradle.lockfile"],
+            check=False
+        )
+
+        if result.returncode == 0 and result.stdout.strip():
+            changed_lockfiles = [
+                f for f in result.stdout.strip().split("\n")
+                if f.endswith("gradle.lockfile")
+            ]
+            return True, changed_lockfiles
+
+        return False, []
+    except subprocess.CalledProcessError:
+        return False, []
+
+
+def restore_lockfiles():
+    """Restore lockfiles to their original state."""
+    print("Restoring lockfiles to original state...")
+    try:
+        run_command(["git", "checkout", "**gradle.lockfile"], check=False)
+    except:
+        pass
+
+
+def main():
+    """Main validation function."""
+    print("Checking gradle lockfile updates...")
+
+    # Check if we're in a git repository
+    result = run_command(["git", "rev-parse", "--git-dir"], check=False)
+    if result.returncode != 0:
+        print("Not in a git repository. Skipping lockfile check.")
+        return 0
+
+    # Check if any gradle-related files changed
+    if not check_for_changes_in_gradle_files():
+        print("✓ No gradle files changed. Skipping lockfile verification.")
+        return 0
+
+    # Regenerate lockfiles
+    success, error = regenerate_lockfiles()
+    if not success:
+        print(f"\n❌ ERROR: {error}")
+        return 1
+
+    # Check for differences
+    has_diffs, changed_files = check_for_lockfile_diffs()
+
+    # Always restore lockfiles to original state
+    restore_lockfiles()
+
+    if has_diffs:
+        print("\n❌ ERROR: Dependency lockfiles are out of date!\n")
+        print("The following lockfiles need to be updated:\n")
+        for file in changed_files:
+            print(f"  • {file}")
+
+        print("\nYour build.gradle changes affect dependency resolution, but the")
+        print("corresponding lockfiles were not updated.\n")
+        print("To fix this, run:")
+        print("  ./gradlew resolveAndLockAll --write-locks\n")
+        print("Then commit the updated gradle.lockfile files along with your changes.")
+
+        return 1
+
+    print("✓ All gradle lockfiles are up-to-date.")
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())

.github/scripts/generate_pre_commit.py

@@ -193,7 +193,7 @@ def _generate_lint_fix_hook(self, project: Project) -> dict:
         return {
             "id": f"{project.project_id}-lint-fix",
             "name": f"{project.path} Lint Fix",
-            "entry": f"./gradlew {project.gradle_path}:lintFix",
+            "entry": f"./gradlew {project.gradle_path}:lintFix -x generateGitPropertiesGlobal",
             "language": "system",
             "files": f"^{project.path}/.*\\.(py|toml)$",
             "pass_filenames": False,
@@ -204,7 +204,7 @@ def _generate_spotless_hook(self, project: Project) -> dict:
         return {
             "id": f"{project.project_id}-spotless",
             "name": f"{project.path} Spotless Apply",
-            "entry": f"./gradlew {project.gradle_path}:spotlessApply",
+            "entry": f"./gradlew {project.gradle_path}:spotlessApply -x generateGitPropertiesGlobal",
             "language": "system",
             "files": f"^{project.path}/.*\\.java$",
             "pass_filenames": False,
@@ -215,7 +215,7 @@ def _generate_prettier_hook(self, project: Project) -> dict:
         return {
             "id": f"{project.project_id}-{project.taskName}",
             "name": f"{project.taskName}",
-            "entry": f"./gradlew {project.gradle_path}:{project.taskName}",
+            "entry": f"./gradlew {project.gradle_path}:{project.taskName} -x generateGitPropertiesGlobal",
             "language": "system",
             "files": project.filePattern,
             "pass_filenames": False,

.github/scripts/pre-commit-override.yaml

@@ -3,13 +3,19 @@ repos:
     hooks:
       - id: smoke-test-cypress-lint-fix
         name: smoke-test cypress Lint Fix
-        entry: ./gradlew :smoke-test:cypressLintFix
+        entry: ./gradlew :smoke-test:cypressLintFix -x generateGitPropertiesGlobal
         language: system
         files: ^smoke-test/tests/cypress/.*\.tsx$
         pass_filenames: false
       - id: update-lineage-file
         name: update-lineage-file
-        entry: ./gradlew :metadata-ingestion:lineageGen
+        entry: ./gradlew :metadata-ingestion:lineageGen -x generateGitPropertiesGlobal
         language: system
         files: ^(metadata-ingestion-modules/.*|metadata-models/.*)$
         pass_filenames: false
+      - id: check-gradle-lockfiles
+        name: Check gradle lockfiles are updated
+        entry: python .github/scripts/check_gradle_lockfiles.py
+        language: system
+        files: ^.*build\.gradle(\.kts)?$
+        pass_filenames: false

.github/workflows/code-checks.yml

@@ -7,15 +7,23 @@ on:
       - "metadata-io/**"
       - "datahub-web-react/**"
       - "metadata-service/war/src/main/resources/boot/policies.json"
+      - "**/build.gradle"
+      - "**/build.gradle.kts"
+      - "**/gradle.lockfile"
       - ".github/workflows/code-checks.yml"
+      - ".github/scripts/check_*.py"
   pull_request:
     branches:
       - "**"
     paths:
       - "metadata-io/**"
       - "datahub-web-react/**"
       - "metadata-service/war/src/main/resources/boot/policies.json"
+      - "**/build.gradle"
+      - "**/build.gradle.kts"
+      - "**/gradle.lockfile"
       - ".github/workflows/code-checks.yml"
+      - ".github/scripts/check_*.py"
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
@@ -26,7 +34,12 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        command: ["check_event_type.py", "check_policies.py"]
+        command:
+          [
+            "check_event_type.py",
+            "check_policies.py",
+            "check_gradle_lockfiles.py",
+          ]
     name: run code checks
     runs-on: ubuntu-latest
     steps:

.github/workflows/docker-unified-nightly.yml

@@ -323,6 +323,7 @@ jobs:
           TEST_STRATEGY: ${{ matrix.test_strategy }}
           BATCH_COUNT: "1" # since this workflow runs only on schedule trigger, batching isn't really needed.
           BATCH_NUMBER: "0"
+          PROFILE_NAME: ${{ matrix.profile }}
         run: |
           echo "$DATAHUB_VERSION"
           ./gradlew --stop

.github/workflows/docker-unified.yml

@@ -12,6 +12,7 @@ on:
       - master
       - releases/**
   pull_request:
+    types: [opened, synchronize, reopened, labeled]
     branches:
       - "**"
   release:
@@ -21,15 +22,19 @@ concurrency:
   # Using `github.run_id` (unique val) instead of `github.ref` here
   # because we don't want to cancel this workflow on master only for PRs
   #   as that makes reproducing issues easier
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
+  # Adding github.event.action == labeled as a means to differentiate the trigger due to adding a label -- most labels are
+  # no-ops except for `depot`
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}-${{ github.event.action == 'labeled' }}
   cancel-in-progress: true
 
 env:
   DOCKER_REGISTRY: "acryldata"
   PROFILE_NAME: "${{ github.event.inputs.profileName || 'quickstart-consumers' }}"
 
   DOCKER_CACHE: "DEPOT"
-  DEPOT_PROJECT_ID: "${{ vars.DEPOT_PROJECT_ID }}"
+  DEPOT_PROJECT_ID: "s0gr1cr3jd"
+  HAS_DEPOT_LABEL: ${{ github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'depot') }}
+  IS_FORK: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository }}
   DEPOT_TOKEN: "${{ secrets.DEPOT_TOKEN }}"
 
 permissions:
@@ -39,6 +44,7 @@ permissions:
 jobs:
   setup:
     runs-on: depot-ubuntu-24.04-small
+    if: ${{ github.event_name != 'pull_request' || github.event.action != 'labeled' || github.event.label.name == 'depot' }}
     outputs:
       # TODO: Many of the vars below should not be required anymore.
       tag: ${{ steps.tag.outputs.tag }}
@@ -135,22 +141,25 @@ jobs:
       - name: Determine runner type
         id: set-runner
         # This needs to handle two scenarios:
-        # 1. Running on a PR from a fork. There are some auth issues that prevent us from using depot in that case.
-        #    So, Its easier to just use the regular github actions cache and build all images for each parallel job running smoke test.
-        #    Note, concurrency is lower when using github runners, queue times can be longer, test time is longer due to fewer parallel jobs.
-        # 2. Running on a PR from a branch in the datahub-project org and push/schedule events on master.
+        # 1. Running on a PR from a fork. We use github runners, unless the "depot" label exists -- in which case, we run
+        #    it on depotNote, concurrency is lower when using github runners, queue times can be longer, test time is longer
+        #    due to fewer parallel jobs.
+        # 3. Running on a PR from a branch in the datahub-project org and push/schedule events on master.
         #    Depot is used here for remote container builds in base_build and also for all runners. Depot runners support unlimited concurrency
         #    and hence short queue times and higher parallelism of smoke tests
-
         run: |
-          if [[ "${{ env.DOCKER_CACHE }}" == "DEPOT" && "${{ env.DEPOT_PROJECT_ID }}" != "" ]]; then
+          if [[ "${{ env.DOCKER_CACHE }}" == "DEPOT" && "${{ env.IS_FORK }}" == "false" ]]; then
             echo "build_runner_type=depot-ubuntu-24.04-4" >> "$GITHUB_OUTPUT"
             echo "test_runner_type=depot-ubuntu-24.04-4" >> "$GITHUB_OUTPUT"
             echo "test_runner_type_small=depot-ubuntu-24.04-small" >> "$GITHUB_OUTPUT"
             echo "use_depot_cache=true" >> "$GITHUB_OUTPUT"
           else
             echo "build_runner_type=ubuntu-latest" >> "$GITHUB_OUTPUT"
-            echo "test_runner_type=ubuntu-latest" >> "$GITHUB_OUTPUT"
+            if [[ "${{ env.HAS_DEPOT_LABEL }}" == "true" ]]; then
+              echo "test_runner_type=depot-ubuntu-24.04-4" >> "$GITHUB_OUTPUT"
+            else
+              echo "test_runner_type=ubuntu-latest" >> "$GITHUB_OUTPUT"
+            fi
             echo "test_runner_type_small=ubuntu-latest" >> "$GITHUB_OUTPUT"
             echo "use_depot_cache=false" >> "$GITHUB_OUTPUT"
             # publishing is currently only supported via depot
@@ -392,7 +401,7 @@ jobs:
         # python_batch_count is used to split pytests in the smoke-test (batches of actual test functions)
         # cypress_batch_count is used to split the collection of cypress test specs into batches.
         run: |
-          if [[ "${{ needs.setup.outputs.test_runner_type }}" == "ubuntu-latest" ]]; then
+          if [[ "${{ env.IS_FORK }}" == "true" ]]; then
             echo "cypress_batch_count=5" >> "$GITHUB_OUTPUT"
             echo "python_batch_count=3" >> "$GITHUB_OUTPUT"
           else
@@ -663,7 +672,7 @@ jobs:
 
       - name: Download build Metadata
         if: ${{ needs.setup.outputs.publish == 'true' || needs.setup.outputs.pr-publish == 'true' }}
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           name: build-metadata-${{ needs.setup.outputs.tag }}
           path: ${{ github.workspace }}/build

.github/workflows/update-test-weights.yml

@@ -26,12 +26,12 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "3.10"
 

.github/workflows/verify-quickstart-compose.yml

@@ -16,7 +16,7 @@ jobs:
       THRESHOLD_GB: 4.3
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Generate quickstart compose file
         run: |

.gitignore

@@ -35,6 +35,7 @@ MANIFEST
 .python-version
 Pipfile
 Pipfile.lock
+fix-failing-tests/
 
 # Generated files
 **/bin