Merge branch 'master' into phillip/241216-fix-pyarrow-version

.asf.yaml

@@ -72,6 +72,7 @@ github:
           - cypress-matrix (3, chrome)
           - cypress-matrix (4, chrome)
           - cypress-matrix (5, chrome)
+          - dependency-review
           - frontend-build
           - pre-commit (current)
           - pre-commit (next)

.dockerignore

@@ -42,6 +42,7 @@ docs/
 install/
 superset-frontend/cypress-base/
 superset-frontend/coverage/
+superset-frontend/.temp_cache/
 superset/static/assets/
 superset-websocket/dist/
 venv

.github/CODEOWNERS

@@ -16,17 +16,17 @@
 
 # Notify E2E test maintainers of changes
 
-/superset-frontend/cypress-base/ @jinghua-qa @geido @eschutho @rusackas @betodealmeida
+/superset-frontend/cypress-base/ @sadpandajoe @geido @eschutho @rusackas @betodealmeida
 
 # Notify PMC members of changes to GitHub Actions
 
-/.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @john-bodley @kgabryje @dpgaspar
+/.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar
 
 # Notify PMC members of changes to required GitHub Actions
 
-/.asf.yaml @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @john-bodley @kgabryje @dpgaspar
+/.asf.yaml @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar
 
-# Maps are a finnicky contribution process we care about
+# Maps are a finicky contribution process we care about
 
 **/*.geojson @villebro @rusackas
 /superset-frontend/plugins/legacy-plugin-chart-country-map/ @villebro @rusackas

.github/actions/setup-backend/action.yml

@@ -44,10 +44,13 @@ runs:
         if [ "${{ inputs.install-superset }}" = "true" ]; then
           sudo apt-get update && sudo apt-get -y install libldap2-dev libsasl2-dev
           pip install --upgrade pip setuptools wheel uv
+
           if [ "${{ inputs.requirements-type }}" = "dev" ]; then
             uv pip install --system -r requirements/development.txt
           elif [ "${{ inputs.requirements-type }}" = "base" ]; then
             uv pip install --system -r requirements/base.txt
           fi
+
+          uv pip install --system -e .
         fi
       shell: bash

.github/actions/setup-docker/action.yml

@@ -0,0 +1,69 @@
+name: "Setup Docker Environment"
+description: "Reusable steps for setting up QEMU, Docker Buildx, DockerHub login, Supersetbot, and optionally Docker Compose"
+inputs:
+  build:
+    description: "Used for building?"
+    required: false
+    default: "false"
+  dockerhub-user:
+    description: "DockerHub username"
+    required: false
+  dockerhub-token:
+    description: "DockerHub token"
+    required: false
+  install-docker-compose:
+    description: "Flag to install Docker Compose"
+    required: false
+    default: "true"
+  login-to-dockerhub:
+    description: "Whether you want to log into dockerhub"
+    required: false
+    default: "true"
+outputs: {}
+runs:
+  using: "composite"
+  steps:
+
+    - name: Set up QEMU
+      if: ${{ inputs.build == 'true' }}
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      if: ${{ inputs.build == 'true' }}
+      uses: docker/setup-buildx-action@v3
+
+    - name: Try to login to DockerHub
+      if: ${{ inputs.login-to-dockerhub == 'true' }}
+      continue-on-error: true
+      uses: docker/login-action@v3
+      with:
+        username: ${{ inputs.dockerhub-user }}
+        password: ${{ inputs.dockerhub-token }}
+
+    - name: Install Docker Compose
+      if: ${{ inputs.install-docker-compose == 'true' }}
+      shell: bash
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y ca-certificates curl
+        sudo install -m 0755 -d /etc/apt/keyrings
+
+        # Download and save the Docker GPG key in the correct format
+        curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+
+        # Ensure the key file is readable
+        sudo chmod a+r /etc/apt/keyrings/docker.gpg
+
+        # Add the Docker repository using the correct key
+        echo \
+          "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+          $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+          sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+        # Update package lists and install Docker Compose plugin
+        sudo apt update
+        sudo apt install -y docker-compose-plugin
+
+    - name: Docker Version Info
+      shell: bash
+      run: docker info

.github/dependabot.yml

@@ -22,8 +22,7 @@ updates:
 
 
   # - package-ecosystem: "pip"
-  # NOTE: as dependabot isn't compatible with our python
-  # dependency setup (pip-compile-multi), we'll be using
+  # NOTE: as dependabot isn't compatible with our usage of `uv pip compile` we're using
   # `supersetbot` instead
 
   - package-ecosystem: "npm"

.github/workflows/bump-python-package.yml

@@ -45,8 +45,8 @@ jobs:
         with:
           python-version: "3.10"
 
-      - name: Install pip-compile-multi
-        run: pip install pip-compile-multi
+      - name: Install uv
+        run: pip install uv
 
       - name: supersetbot bump-python -p "${{ github.event.inputs.package }}"
         env:

.github/workflows/check-python-deps.yml

@@ -0,0 +1,44 @@
+name: Check python dependencies
+
+on:
+  push:
+    branches:
+      - "master"
+      - "[0-9].[0-9]*"
+  pull_request:
+    types: [synchronize, opened, reopened, ready_for_review]
+
+# cancel previous workflow jobs for PRs
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  check-python-deps:
+    runs-on: ubuntu-22.04
+    steps:
+
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          submodules: recursive
+          depth: 1
+
+      - name: Setup Python
+        if: steps.check.outputs.python
+        uses: ./.github/actions/setup-backend/
+
+      - name: Run uv
+        if: steps.check.outputs.python
+        run: ./scripts/uv-pip-compile.sh
+
+      - name: Check for uncommitted changes
+        run: |
+          if [[ -n "$(git diff)" ]]; then
+            echo "ERROR: The pinned dependencies are not up-to-date."
+            echo "Please run './scripts/uv-pip-compile.sh' and commit the changes."
+            exit 1
+          else
+            echo "Pinned dependencies are up-to-date."
+          fi

.github/workflows/dependency-review.yml

@@ -5,13 +5,25 @@
 # Source repository: https://github.com/actions/dependency-review-action
 # Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
 name: "Dependency Review"
-on: [pull_request]
+on:
+  push:
+    branches:
+      - "master"
+      - "[0-9].[0-9]*"
+  pull_request:
+    types: [synchronize, opened, reopened, ready_for_review]
+
+# cancel previous workflow jobs for PRs
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: true
 
 permissions:
   contents: read
 
 jobs:
   dependency-review:
+    if: github.event_name == 'pull_request'
     runs-on: ubuntu-22.04
     steps:
       - name: "Checkout Repository"
@@ -33,3 +45,24 @@ jobs:
           # pkg:npm/[email protected]
           #   selecting BSD-3-Clause licensing terms for node-forge to ensure compatibility with Apache
           allow-dependencies-licenses: pkg:npm/[email protected], pkg:npm/applitools/core, pkg:npm/applitools/core-base, pkg:npm/applitools/css-tree, pkg:npm/applitools/ec-client, pkg:npm/applitools/eg-socks5-proxy-server, pkg:npm/applitools/eyes, pkg:npm/applitools/eyes-cypress, pkg:npm/applitools/nml-client, pkg:npm/applitools/tunnel-client, pkg:npm/applitools/utils, pkg:npm/[email protected], pkg:npm/rgbcolor, pkg:npm/[email protected]
+
+  python-dependency-liccheck:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: "Checkout Repository"
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: ./.github/actions/setup-backend/
+        with:
+          requirements-type: base
+
+      - name: "Set up liccheck"
+        run: |
+          uv pip install --system liccheck
+      - name: "Run liccheck"
+        run: |
+          # run the checks
+          liccheck -R output.txt
+          # Print the report
+          cat output.txt

.github/workflows/docker.yml

@@ -15,20 +15,20 @@ concurrency:
 
 jobs:
   setup_matrix:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     outputs:
       matrix_config: ${{ steps.set_matrix.outputs.matrix_config }}
     steps:
       - id: set_matrix
         run: |
-          MATRIX_CONFIG=$(if [ "${{ github.event_name }}" == "pull_request" ]; then echo '["dev"]'; else echo '["dev", "lean", "py310", "websocket", "dockerize", "py311"]'; fi)
+          MATRIX_CONFIG=$(if [ "${{ github.event_name }}" == "pull_request" ]; then echo '["dev", "lean"]'; else echo '["dev", "lean", "py310", "websocket", "dockerize", "py311"]'; fi)
           echo "matrix_config=${MATRIX_CONFIG}" >> $GITHUB_OUTPUT
           echo $GITHUB_OUTPUT
 
   docker-build:
     name: docker-build
     needs: setup_matrix
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     strategy:
       matrix:
         build_preset: ${{fromJson(needs.setup_matrix.outputs.matrix_config)}}
@@ -50,21 +50,13 @@ jobs:
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Set up QEMU
+      - name: Setup Docker Environment
         if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
-        uses: docker/setup-buildx-action@v3
-
-      - name: Try to login to DockerHub
-        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
-        continue-on-error: true
-        uses: docker/login-action@v3
+        uses: ./.github/actions/setup-docker
         with:
-          username: ${{ secrets.DOCKERHUB_USER }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
+          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
+          build: "true"
 
       - name: Setup supersetbot
         if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
@@ -84,7 +76,30 @@ jobs:
           fi
 
           supersetbot docker \
+            --push \
             --preset ${{ matrix.build_preset }} \
             --context "$EVENT" \
             --context-ref "$RELEASE" $FORCE_LATEST \
+            --extra-flags "--build-arg INCLUDE_CHROMIUM=false" \
             $PLATFORM_ARG
+
+      - name: Docker pull
+        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
+        run:  docker pull apache/superset:GHA-${GITHUB_RUN_ID}
+
+      - name: Print docker stats
+        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
+        run: |
+          IMAGE_ID=$(docker images --filter "label=sha=${{ github.sha }}" --format "{{.ID}}" | head -n 1)
+          echo "SHA: ${{ github.sha }}"
+          echo "IMAGE: $IMAGE_ID"
+          docker images $IMAGE_ID
+          docker history $IMAGE_ID
+
+      - name: docker-compose sanity check
+        if: (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker) && (matrix.build_preset == 'dev' || matrix.build_preset == 'lean')
+        shell: bash
+        run: |
+          export SUPERSET_BUILD_TARGET=${{ matrix.build_preset }}
+          docker compose build superset-init --build-arg DEV_MODE=false --build-arg INCLUDE_CHROMIUM=false
+          docker compose up superset-init --exit-code-from superset-init

.github/workflows/ephemeral-env.yml

@@ -27,6 +27,9 @@ jobs:
     outputs:
       slash-command: ${{ steps.eval-body.outputs.result }}
       feature-flags: ${{ steps.eval-feature-flags.outputs.result }}
+    env:
+      DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
 
     steps:
     - name: Debug
@@ -139,31 +142,24 @@ jobs:
           ref: ${{ steps.get-sha.outputs.sha }}
           persist-credentials: false
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+      - name: Setup Docker Environment
+        uses: ./.github/actions/setup-docker
+        with:
+          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
+          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
+          build: "true"
+          install-docker-compose: "false"
 
       - name: Setup supersetbot
         uses: ./.github/actions/setup-supersetbot/
 
-      - name: Try to login to DockerHub
-        if: steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker
-        continue-on-error: true
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USER }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
       - name: Build ephemeral env image
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          username: ${{ secrets.DOCKERHUB_USER }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
         run: |
           supersetbot docker \
+            --push \
+            --load \
             --preset ci \
             --platform  linux/amd64 \
             --context-ref "$RELEASE" \