[Maintenance][Testing] Bump CI dependencies, Add AddressSanitizer Test#103
Open
stewjb wants to merge 5 commits intospotfiresoftware:mainfrom
Open
[Maintenance][Testing] Bump CI dependencies, Add AddressSanitizer Test#103stewjb wants to merge 5 commits intospotfiresoftware:mainfrom
stewjb wants to merge 5 commits intospotfiresoftware:mainfrom
Conversation
…optional test imports - Bump actions/checkout v4→v5, setup-python v5→v6, upload-artifact v4→v7, download-artifact v4→v8 across build.yaml, pylint.yaml, sbom.yaml. - Add AddressSanitizer job to build.yaml (pinned to Python 3.13, LD_PRELOAD injection, limited to html-testRunner/polars/pillow to avoid pybind11 crashes). - Add concurrency group to cancel superseded runs on push. - Make geopandas/matplotlib/seaborn imports optional in test_sbdf.py so the module loads in environments where those packages are absent; add @skipIf guards to test_read_write_geodata, test_image_matplot, test_image_seaborn. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Author
|
One other thing to consider -- CI runs python 3.9 currently. That is at the end of life, so worth considering dropping it in this PR while doing maintenance. |
…cking - Extend ASan job to also run UBSan (-fsanitize=address,undefined). UBSan shares the libasan.so LD_PRELOAD runtime so no extra preload is needed. Catches signed integer overflow, null pointer dereference, misaligned access, and other C UB in the Cython extension. UBSAN_OPTIONS=print_stacktrace=1:halt_on_error=1 makes CI fail clearly on the first finding with a full stack trace. - Rename job 'asan' → 'sanitizers' and artifact 'test-results-asan' → 'test-results-sanitizers' to reflect the combined coverage. - Add .github/dependabot.yml to auto-PR GitHub Actions version bumps weekly, preventing future Node.js deprecation warnings from going unnoticed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
All actions have been bumped to versions that natively use Node.js 24. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Node 20 stops working June 2026, so bumping the dependencies addresses this issue.
I also added AddressSanitizer to the CI suite. During the polars feature addition, there were some performance gains I saw on the pandas path. One of those was dropping some safeguards in sbdf.pyx (boundscheck=False, wraparound=False, cdivision=True). This comes with some risk can be partially mitigated by running tests within this CI. Ultimately, it's just an additional CI action that doesn't make the current CI actions take any longer, but is helpful if you all do want to use these performance enhancements (coming in a later PR).