This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new c5049d0b79f Apply zizmor findings (#45408)
c5049d0b79f is described below
commit c5049d0b79f730f8670476d0435df9aca3a22b01
Author: GPK <[email protected]>
AuthorDate: Sun Jan 5 15:52:38 2025 +0000
Apply zizmor findings (#45408)
---
.github/actions/breeze/action.yml | 3 +-
.github/actions/install-pre-commit/action.yml | 10 ++--
.../actions/prepare_breeze_and_image/action.yml | 8 ++-
.github/actions/prepare_single_ci_image/action.yml | 5 +-
.github/workflows/additional-ci-image-checks.yml | 5 +-
.github/workflows/additional-prod-image-tests.yml | 8 ++-
.github/workflows/backport-cli.yml | 23 +++++---
.github/workflows/ci-image-build.yml | 20 +++++--
.github/workflows/ci-image-checks.yml | 11 ++--
.github/workflows/ci.yml | 9 ++--
.github/workflows/generate-constraints.yml | 12 +++--
.github/workflows/helm-tests.yml | 4 +-
.github/workflows/integration-system-tests.yml | 8 ++-
.github/workflows/k8s-tests.yml | 6 ++-
.github/workflows/news-fragment.yml | 8 ++-
.github/workflows/prod-image-build.yml | 13 +++--
.github/workflows/push-image-cache.yml | 26 ++++++---
.github/workflows/release_dockerhub_image.yml | 62 +++++++++++++++-------
.github/workflows/run-unit-tests.yml | 5 +-
.github/workflows/task-sdk-tests.yml | 4 +-
.github/workflows/test-provider-packages.yml | 41 +++++++++-----
.pre-commit-config.yaml | 9 ++++
contributing-docs/08_static_code_checks.rst | 2 +
dev/breeze/doc/images/output_static-checks.svg | 2 +-
dev/breeze/doc/images/output_static-checks.txt | 2 +-
dev/breeze/src/airflow_breeze/pre_commit_ids.py | 1 +
26 files changed, 218 insertions(+), 89 deletions(-)
diff --git a/.github/actions/breeze/action.yml
b/.github/actions/breeze/action.yml
index 0a88f0dc0c2..d7eaa1b088b 100644
--- a/.github/actions/breeze/action.yml
+++ b/.github/actions/breeze/action.yml
@@ -24,8 +24,7 @@ inputs:
default: "3.9"
use-uv:
description: 'Whether to use uv tool'
- required: "true"
- type: "string"
+ required: true
outputs:
host-python-version:
description: Python version used in host
diff --git a/.github/actions/install-pre-commit/action.yml
b/.github/actions/install-pre-commit/action.yml
index abdd3ea98ff..92147d9ee02 100644
--- a/.github/actions/install-pre-commit/action.yml
+++ b/.github/actions/install-pre-commit/action.yml
@@ -36,10 +36,14 @@ runs:
steps:
- name: Install pre-commit, uv, and pre-commit-uv
shell: bash
+ env:
+ UV_VERSION: ${{inputs.uv-version}}
+ PRE_COMMIT_VERSION: ${{inputs.pre-commit-version}}
+ PRE_COMMIT_UV_VERSION: ${{inputs.pre-commit-uv-version}}
run: |
- pip install uv==${{inputs.uv-version}} || true
- uv tool install pre-commit==${{inputs.pre-commit-version}} --with
uv==${{inputs.uv-version}} \
- --with pre-commit-uv==${{inputs.pre-commit-uv-version}}
+ pip install uv==${UV_VERSION} || true
+ uv tool install pre-commit==${PRE_COMMIT_VERSION} --with
uv==${UV_VERSION} \
+ --with pre-commit-uv==${PRE_COMMIT_UV_VERSION}
working-directory: ${{ github.workspace }}
# We need to use tar file with archive to restore all the permissions and
symlinks
- name: "Delete ~.cache"
diff --git a/.github/actions/prepare_breeze_and_image/action.yml
b/.github/actions/prepare_breeze_and_image/action.yml
index 4cfec042c55..e6755444b2f 100644
--- a/.github/actions/prepare_breeze_and_image/action.yml
+++ b/.github/actions/prepare_breeze_and_image/action.yml
@@ -52,7 +52,11 @@ runs:
key: ${{ inputs.image-type }}-image-save-${{ inputs.platform }}-${{
inputs.python }}
path: "/tmp/"
- name: "Load ${{ inputs.image-type }} image ${{ inputs.platform }}:${{
inputs.python }}"
+ env:
+ PLATFORM: ${{ inputs.platform }}
+ PYTHON: ${{ inputs.python }}
+ IMAGE_TYPE: ${{ inputs.image-type }}
run: >
- breeze ${{ inputs.image-type }}-image load
- --platform ${{ inputs.platform }} --python ${{ inputs.python }}
+ breeze ${IMAGE_TYPE}-image load
+ --platform ${PLATFORM} --python ${PYTHON}
shell: bash
diff --git a/.github/actions/prepare_single_ci_image/action.yml
b/.github/actions/prepare_single_ci_image/action.yml
index 9cdb7c6288f..3dde30033aa 100644
--- a/.github/actions/prepare_single_ci_image/action.yml
+++ b/.github/actions/prepare_single_ci_image/action.yml
@@ -42,6 +42,9 @@ runs:
path: "/tmp/"
if: contains(inputs.python-versions-list-as-string, inputs.python)
- name: "Load CI image ${{ inputs.platform }}:${{ inputs.python }}"
- run: breeze ci-image load --platform "${{ inputs.platform }}" --python
"${{ inputs.python }}"
+ env:
+ PLATFORM: ${{ inputs.platform }}
+ PYTHON: ${{ inputs.python }}
+ run: breeze ci-image load --platform "${PLATFORM}" --python "${PYTHON}"
shell: bash
if: contains(inputs.python-versions-list-as-string, inputs.python)
diff --git a/.github/workflows/additional-ci-image-checks.yml
b/.github/workflows/additional-ci-image-checks.yml
index 47d7b59b35f..56cee169762 100644
--- a/.github/workflows/additional-ci-image-checks.yml
+++ b/.github/workflows/additional-ci-image-checks.yml
@@ -146,7 +146,10 @@ jobs:
with:
use-uv: ${{ inputs.use-uv }}
- name: "Login to ghcr.io"
- run: echo "${{ env.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{
github.actor }} --password-stdin
+ env:
+ actor: ${{ github.actor }}
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ run: echo "$GITHUB_TOKEN" | docker login ghcr.io -u "$actor"
--password-stdin
- name: "Check that image builds quickly"
run: breeze shell --max-time 600 --platform "linux/amd64"
diff --git a/.github/workflows/additional-prod-image-tests.yml
b/.github/workflows/additional-prod-image-tests.yml
index 038bd74e0fb..bca5e3a5927 100644
--- a/.github/workflows/additional-prod-image-tests.yml
+++ b/.github/workflows/additional-prod-image-tests.yml
@@ -123,11 +123,15 @@ jobs:
python: ${{ inputs.default-python-version }}
use-uv: ${{ inputs.use-uv }}
- name: "Test examples of PROD image building"
+ env:
+ GITHUB_REPOSITORY: ${{ github.repository }}
+ DEFAULT_BRANCH: ${{ inputs.default-branch }}
+ DEFAULT_PYTHON_VERSION: ${{ inputs.default-python-version }}
run: "
cd ./docker_tests && \
python -m pip install -r requirements.txt && \
- TEST_IMAGE=\"ghcr.io/${{ github.repository }}/${{
inputs.default-branch }}\
- /prod/python${{ inputs.default-python-version }}\" \
+ TEST_IMAGE=\"ghcr.io/$GITHUB_REPOSITORY/$DEFAULT_BRANCH\
+ /prod/python$DEFAULT_PYTHON_VERSION\" \
python -m pytest test_examples_of_prod_image_building.py -n auto
--color=yes"
test-docker-compose-quick-start:
diff --git a/.github/workflows/backport-cli.yml
b/.github/workflows/backport-cli.yml
index 0a091cc7dbc..3706cd65bb0 100644
--- a/.github/workflows/backport-cli.yml
+++ b/.github/workflows/backport-cli.yml
@@ -64,24 +64,28 @@ jobs:
id: execute-backport
env:
GH_AUTH: ${{ secrets.GITHUB_TOKEN }}
+ TARGET_BRANCH: ${{ inputs.target-branch }}
+ COMMIT_SHA: ${{ inputs.commit-sha }}
run: |
git config --global user.email "[email protected]"
git config --global user.name "Your Name"
set +e
{
echo 'cherry_picker_output<<EOF'
- cherry_picker ${{ inputs.commit-sha }} ${{ inputs.target-branch }}
+ cherry_picker ${COMMIT_SHA} ${TARGET_BRANCH}
echo EOF
} >> "${GITHUB_OUTPUT}"
continue-on-error: true
- name: Parse backport output
id: parse-backport-output
+ env:
+ CHERRY_PICKER_OUTPUT: ${{
steps.execute-backport.outputs.cherry_picker_output }}
run: |
set +e
- echo "${{ steps.execute-backport.outputs.cherry_picker_output }}"
+ echo "${CHERRY_PICKER_OUTPUT}"
- url=$(echo "${{ steps.execute-backport.outputs.cherry_picker_output
}}" | \
+ url=$(echo "${CHERRY_PICKER_OUTPUT}" | \
grep -o 'Backport PR created at https://[^ ]*' | \
awk '{print $5}')
@@ -99,17 +103,20 @@ jobs:
GH_TOKEN: ${{ github.token }}
REPOSITORY: ${{ github.repository }}
RUN_ID: ${{ github.run_id }}
+ COMMIT_SHA: ${{ inputs.commit-sha }}
+ TARGET_BRANCH: ${{ inputs.target-branch }}
+ BACKPORT_URL: ${{ steps.parse-backport-output.outputs.backport-url }}
run: |
- COMMIT_INFO_URL="https://api.github.com/repos/${{ github.repository
}}/commits/"
- COMMIT_INFO_URL="${COMMIT_INFO_URL}${{ inputs.commit-sha }}/pulls"
+ COMMIT_INFO_URL="https://api.github.com/repos/$REPOSITORY/commits/";
+ COMMIT_INFO_URL="${COMMIT_INFO_URL}$COMMIT_SHA/pulls"
PR_NUMBER=$(gh api \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
- /repos/${{ github.repository }}/commits/${{ inputs.commit-sha
}}/pulls \
+ /repos/$REPOSITORY/commits/$COMMIT_SHA/pulls \
--jq '.[0].number')
python ./dev/backport/update_backport_status.py \
- ${{ steps.parse-backport-output.outputs.backport-url }} \
- ${{ inputs.commit-sha }} ${{ inputs.target-branch }} \
+ $BACKPORT_URL \
+ $COMMIT_SHA $TARGET_BRANCH \
"$PR_NUMBER"
diff --git a/.github/workflows/ci-image-build.yml
b/.github/workflows/ci-image-build.yml
index 83710d4bc7b..d15c297d82a 100644
--- a/.github/workflows/ci-image-build.yml
+++ b/.github/workflows/ci-image-build.yml
@@ -140,17 +140,22 @@ jobs:
path: "/tmp/"
id: restore-cache-mount
- name: "Import mount-cache ${{ inputs.platform }}:${{
env.PYTHON_MAJOR_MINOR_VERSION }}"
+ env:
+ PYTHON_MAJOR_MINOR_VERSION: ${{ env.PYTHON_MAJOR_MINOR_VERSION }}
run: >
breeze ci-image import-mount-cache
- --cache-file /tmp/ci-cache-mount-save-v2-${{
env.PYTHON_MAJOR_MINOR_VERSION }}.tar.gz
+ --cache-file
/tmp/ci-cache-mount-save-v2-${PYTHON_MAJOR_MINOR_VERSION}.tar.gz
if: steps.restore-cache-mount.outputs.stash-hit == 'true'
- name: "Login to ghcr.io"
- run: echo "${{ env.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{
github.actor }} --password-stdin
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ ACTOR: ${{ github.actor }}
+ run: echo "${GITHUB_TOKEN}" | docker login ghcr.io -u ${ACTOR}
--password-stdin
- name: >
Build ${{ inputs.push-image == 'true' && ' & push ' || '' }}
${{ inputs.platform }}:${{ env.PYTHON_MAJOR_MINOR_VERSION }} image
run: >
- breeze ci-image build --platform "${{ inputs.platform }}"
+ breeze ci-image build --platform "${PLATFORM}"
env:
DOCKER_CACHE: ${{ inputs.docker-cache }}
DISABLE_AIRFLOW_REPO_CACHE: ${{ inputs.disable-airflow-repo-cache }}
@@ -167,8 +172,11 @@ jobs:
GITHUB_USERNAME: ${{ github.actor }}
PUSH: ${{ inputs.push-image }}
VERBOSE: "true"
+ PLATFORM: ${{ inputs.platform }}
- name: "Export CI docker image ${{ env.PYTHON_MAJOR_MINOR_VERSION }}"
- run: breeze ci-image save --platform "${{ inputs.platform }}"
+ env:
+ PLATFORM: ${{ inputs.platform }}
+ run: breeze ci-image save --platform "${PLATFORM}"
if: inputs.upload-image-artifact == 'true'
- name: "Stash CI docker image ${{ env.PYTHON_MAJOR_MINOR_VERSION }}"
uses:
apache/infrastructure-actions/stash/save@c94b890bbedc2fc61466d28e6bd9966bc6c6643c
@@ -179,9 +187,11 @@ jobs:
retention-days: '2'
if: inputs.upload-image-artifact == 'true'
- name: "Export mount cache ${{ inputs.platform }}:${{
env.PYTHON_MAJOR_MINOR_VERSION }}"
+ env:
+ PYTHON_MAJOR_MINOR_VERSION: ${{ env.PYTHON_MAJOR_MINOR_VERSION }}
run: >
breeze ci-image export-mount-cache
- --cache-file /tmp/ci-cache-mount-save-v2-${{
env.PYTHON_MAJOR_MINOR_VERSION }}.tar.gz
+ --cache-file
/tmp/ci-cache-mount-save-v2-${PYTHON_MAJOR_MINOR_VERSION}.tar.gz
if: inputs.upload-mount-cache-artifact == 'true'
- name: "Stash cache mount ${{ inputs.platform }}:${{
env.PYTHON_MAJOR_MINOR_VERSION }}"
uses:
apache/infrastructure-actions/stash/save@c94b890bbedc2fc61466d28e6bd9966bc6c6643c
diff --git a/.github/workflows/ci-image-checks.yml
b/.github/workflows/ci-image-checks.yml
index d9c6a3e5b5b..21c857e7bd7 100644
--- a/.github/workflows/ci-image-checks.yml
+++ b/.github/workflows/ci-image-checks.yml
@@ -228,7 +228,7 @@ jobs:
with:
python-version: ${{steps.breeze.outputs.host-python-version}}
- name: "MyPy checks for ${{ matrix.mypy-check }}"
- run: pre-commit run --color always --verbose --hook-stage manual
${{matrix.mypy-check}} --all-files
+ run: pre-commit run --color always --verbose --hook-stage manual
"$MYPY_CHECK" --all-files
env:
VERBOSE: "false"
COLUMNS: "250"
@@ -236,6 +236,7 @@ jobs:
DEFAULT_BRANCH: ${{ inputs.branch }}
RUFF_FORMAT: "github"
INCLUDE_MYPY_VOLUME: "false"
+ MYPY_CHECK: ${{ matrix.mypy-check }}
build-docs:
timeout-minutes: 150
@@ -276,8 +277,10 @@ jobs:
key: cache-docs-inventory-v1-${{ hashFiles('pyproject.toml') }}
id: restore-docs-inventory-cache
- name: "Building docs with ${{ matrix.flag }} flag"
+ env:
+ DOCS_LIST_AS_STRING: ${{ inputs.docs-list-as-string }}
run: >
- breeze build-docs ${{ inputs.docs-list-as-string }} ${{ matrix.flag
}}
+ breeze build-docs ${DOCS_LIST_AS_STRING} ${{ matrix.flag }}
- name: "Save docs inventory cache"
uses:
apache/infrastructure-actions/stash/save@c94b890bbedc2fc61466d28e6bd9966bc6c6643c
with:
@@ -339,9 +342,11 @@ jobs:
python: ${{ inputs.default-python-version }}
use-uv: ${{ inputs.use-uv }}
- name: "Publish docs"
+ env:
+ DOCS_LIST_AS_STRING: ${{ inputs.docs-list-as-string }}
run: >
breeze release-management publish-docs --override-versioned
--run-in-parallel
- ${{ inputs.docs-list-as-string }}
+ ${DOCS_LIST_AS_STRING}
- name: Check disk space available
run: df -h
- name: "Generate back references for providers"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1cc97067fd4..ef2be0dfde3 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -34,12 +34,6 @@ on: # yamllint disable-line rule:truthy
permissions:
# All other permissions are set to none by default
contents: read
- # Technically read access while waiting for images should be more than
enough. However,
- # there is a bug in GitHub Actions/Packages and in case private repositories
are used, you get a permission
- # denied error when attempting to just pull private image, changing the
token permission to write solves the
- # issue. This is not dangerous, because if it is for "apache/airflow", only
maintainers can push ci.yml
- # changes. If it is for a fork, then the token is read-only anyway.
- packages: write
env:
GITHUB_REPOSITORY: ${{ github.repository }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -228,6 +222,9 @@ jobs:
name: "Additional CI image checks"
needs: [build-info, build-ci-images]
uses: ./.github/workflows/additional-ci-image-checks.yml
+ permissions:
+ contents: read
+ packages: write
if: needs.build-info.outputs.canary-run == 'true'
with:
runs-on-as-json-default: ${{
needs.build-info.outputs.runs-on-as-json-default }}
diff --git a/.github/workflows/generate-constraints.yml
b/.github/workflows/generate-constraints.yml
index d865c34efc4..740310e1cc0 100644
--- a/.github/workflows/generate-constraints.yml
+++ b/.github/workflows/generate-constraints.yml
@@ -99,22 +99,28 @@ jobs:
# from the source code, not from the PyPI because they have
apache-airflow>=X.Y.Z dependency
# And when we prepare them from sources they will have
apache-airflow>=X.Y.Z.dev0
shell: bash
+ env:
+ CHICKEN_EGG_PROVIDERS: ${{ inputs.chicken-egg-providers }}
run: >
breeze release-management prepare-provider-packages
--include-not-ready-providers
--package-format wheel --version-suffix-for-pypi dev0
- ${{ inputs.chicken-egg-providers }}
+ ${CHICKEN_EGG_PROVIDERS}
if: inputs.chicken-egg-providers != ''
- name: "PyPI constraints"
shell: bash
timeout-minutes: 25
+ env:
+ CHICKEN_EGG_PROVIDERS: ${{ inputs.chicken-egg-providers }}
run: >
breeze release-management generate-constraints --run-in-parallel
--airflow-constraints-mode constraints --answer yes
- --chicken-egg-providers "${{ inputs.chicken-egg-providers }}"
--parallelism 3
+ --chicken-egg-providers "${CHICKEN_EGG_PROVIDERS}" --parallelism 3
- name: "Dependency upgrade summary"
shell: bash
+ env:
+ PYTHON_VERSIONS: ${{ env.PYTHON_VERSIONS }}
run: |
- for PYTHON_VERSION in ${{ env.PYTHON_VERSIONS }}; do
+ for PYTHON_VERSION in $PYTHON_VERSIONS; do
echo "Summarizing Python $PYTHON_VERSION"
cat "files/constraints-${PYTHON_VERSION}"/*.md >>
$GITHUB_STEP_SUMMARY || true
done
diff --git a/.github/workflows/helm-tests.yml b/.github/workflows/helm-tests.yml
index 5e3143b8a9e..9dc300c61c0 100644
--- a/.github/workflows/helm-tests.yml
+++ b/.github/workflows/helm-tests.yml
@@ -76,7 +76,9 @@ jobs:
python: ${{ inputs.default-python-version }}
use-uv: ${{ inputs.use-uv }}
- name: "Helm Unit Tests: ${{ matrix.helm-test-package }}"
- run: breeze testing helm-tests --test-type "${{
matrix.helm-test-package }}"
+ env:
+ HELM_TEST_PACKAGE: "${{ matrix.helm-test-package }}"
+ run: breeze testing helm-tests --test-type "${HELM_TEST_PACKAGE}"
tests-helm-release:
timeout-minutes: 80
diff --git a/.github/workflows/integration-system-tests.yml
b/.github/workflows/integration-system-tests.yml
index 5d5773846da..f992b726e30 100644
--- a/.github/workflows/integration-system-tests.yml
+++ b/.github/workflows/integration-system-tests.yml
@@ -101,8 +101,10 @@ jobs:
python: ${{ inputs.default-python-version }}
use-uv: ${{ inputs.use-uv }}
- name: "Integration: core ${{ matrix.integration }}"
+ env:
+ INTEGRATION: "${{ matrix.integration }}"
# yamllint disable rule:line-length
- run: ./scripts/ci/testing/run_integration_tests_with_retry.sh core
"${{ matrix.integration }}"
+ run: ./scripts/ci/testing/run_integration_tests_with_retry.sh core
"${INTEGRATION}"
- name: "Post Tests success"
uses: ./.github/actions/post_tests_success
with:
@@ -148,7 +150,9 @@ jobs:
python: ${{ inputs.default-python-version }}
use-uv: ${{ inputs.use-uv }}
- name: "Integration: providers ${{ matrix.integration }}"
- run: ./scripts/ci/testing/run_integration_tests_with_retry.sh
providers "${{ matrix.integration }}"
+ env:
+ INTEGRATION: "${{ matrix.integration }}"
+ run: ./scripts/ci/testing/run_integration_tests_with_retry.sh
providers "${INTEGRATION}"
- name: "Post Tests success"
uses: ./.github/actions/post_tests_success
with:
diff --git a/.github/workflows/k8s-tests.yml b/.github/workflows/k8s-tests.yml
index 9333d1a0d8d..6f867af65e9 100644
--- a/.github/workflows/k8s-tests.yml
+++ b/.github/workflows/k8s-tests.yml
@@ -72,9 +72,11 @@ jobs:
run: docker run -v "${GITHUB_WORKSPACE}:/workspace" -u 0:0 bash -c "rm
-rf /workspace/*"
- name: "Prepare PYTHON_MAJOR_MINOR_VERSION and KUBERNETES_VERSION"
id: prepare-versions
+ env:
+ KUBERNETES_COMBO: ${{ matrix.kubernetes-combo }}
run: |
- echo "PYTHON_MAJOR_MINOR_VERSION=${{ matrix.kubernetes-combo }}" |
sed 's/-.*//' >> $GITHUB_ENV
- echo "KUBERNETES_VERSION=${{ matrix.kubernetes-combo }}" | sed
's/=[^-]*-/=/' >> $GITHUB_ENV
+ echo "PYTHON_MAJOR_MINOR_VERSION=${KUBERNETES_COMBO}" | sed
's/-.*//' >> $GITHUB_ENV
+ echo "KUBERNETES_VERSION=${KUBERNETES_COMBO}" | sed 's/=[^-]*-/=/'
>> $GITHUB_ENV
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v4
with:
diff --git a/.github/workflows/news-fragment.yml
b/.github/workflows/news-fragment.yml
index 4bcf95e2bba..73e58a01937 100644
--- a/.github/workflows/news-fragment.yml
+++ b/.github/workflows/news-fragment.yml
@@ -37,12 +37,14 @@ jobs:
fetch-depth: 0
- name: Check news fragment existence
+ env:
+ BASE_REF: ${{ github.base_ref }}
run: >
python -m pip install --upgrade uv &&
uv tool run towncrier check
--dir .
--config newsfragments/config.toml
- --compare-with origin/${{ github.base_ref }}
+ --compare-with origin/${BASE_REF}
||
{
printf "\033[1;33mMissing significant newsfragment for PR labeled
with
@@ -54,6 +56,8 @@ jobs:
; }
- name: Check news fragment contains change types
+ env:
+ BASE_REF: ${{ github.base_ref }}
run: >
change_types=(
'DAG changes'
@@ -64,7 +68,7 @@ jobs:
'Plugin changes'
'Dependency change'
)
- news_fragment_content=`git diff origin/${{ github.base_ref }}
newsfragments/*.significant.rst`
+ news_fragment_content=`git diff origin/${BASE_REF}
newsfragments/*.significant.rst`
for type in "${change_types[@]}"; do
if [[ $news_fragment_content != *"$type"* ]]; then
diff --git a/.github/workflows/prod-image-build.yml
b/.github/workflows/prod-image-build.yml
index 1f8905c19fa..d90d1910f93 100644
--- a/.github/workflows/prod-image-build.yml
+++ b/.github/workflows/prod-image-build.yml
@@ -158,9 +158,11 @@ jobs:
inputs.build-provider-packages == 'true'
- name: "Prepare chicken-eggs provider packages"
shell: bash
+ env:
+ CHICKEN_EGG_PROVIDERS: ${{ inputs.chicken-egg-providers }}
run: >
breeze release-management prepare-provider-packages
- --package-format wheel ${{ inputs.chicken-egg-providers }}
+ --package-format wheel ${CHICKEN_EGG_PROVIDERS}
if: >
inputs.upload-package-artifact == 'true' &&
inputs.chicken-egg-providers != ''
@@ -238,7 +240,10 @@ jobs:
name: constraints
path: ./docker-context-files
- name: "Login to ghcr.io"
- run: echo "${{ env.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{
github.actor }} --password-stdin
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ ACTOR: ${{ github.actor }}
+ run: echo "${GITHUB_TOKEN}" | docker login ghcr.io -u ${ACTOR}
--password-stdin
- name: "Build PROD images w/ source providers ${{
env.PYTHON_MAJOR_MINOR_VERSION }}"
shell: bash
run: >
@@ -278,8 +283,10 @@ jobs:
- name: "Verify PROD image ${{ env.PYTHON_MAJOR_MINOR_VERSION }}"
run: breeze prod-image verify
- name: "Export PROD docker image ${{ env.PYTHON_MAJOR_MINOR_VERSION }}"
+ env:
+ PLATFORM: ${{ inputs.platform }}
run: >
- breeze prod-image save --platform "${{ inputs.platform }}"
+ breeze prod-image save --platform "${PLATFORM}"
if: inputs.upload-image-artifact == 'true'
- name: "Stash PROD docker image ${{ env.PYTHON_MAJOR_MINOR_VERSION }}"
uses:
apache/infrastructure-actions/stash/save@c94b890bbedc2fc61466d28e6bd9966bc6c6643c
diff --git a/.github/workflows/push-image-cache.yml
b/.github/workflows/push-image-cache.yml
index 2d125e35066..b1c9d127542 100644
--- a/.github/workflows/push-image-cache.yml
+++ b/.github/workflows/push-image-cache.yml
@@ -129,22 +129,29 @@ jobs:
with:
use-uv: ${{ inputs.use-uv }}
- name: Login to ghcr.io
- run: echo "${{ env.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{
github.actor }} --password-stdin
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ ACTOR: ${{ github.actor }}
+ run: echo "${GITHUB_TOKEN}" | docker login ghcr.io -u ${ACTOR}
--password-stdin
- name: "Push CI latest images: ${{ env.PYTHON_MAJOR_MINOR_VERSION }}
(linux/amd64 only)"
+ env:
+ PLATFORM: ${{ inputs.platform }}
run: >
breeze
ci-image build
--builder airflow_cache
- --platform "${{ inputs.platform }}"
+ --platform "${PLATFORM}"
--push
if: inputs.push-latest-images == 'true' && inputs.platform ==
'linux/amd64'
# yamllint disable-line rule:line-length
- name: "Push CI ${{ inputs.cache-type }} cache:${{
env.PYTHON_MAJOR_MINOR_VERSION }}:${{ inputs.platform }}"
+ env:
+ PLATFORM: ${{ inputs.platform }}
run: >
breeze ci-image build
--builder airflow_cache
--prepare-buildx-cache
- --platform "${{ inputs.platform }}"
+ --platform "${PLATFORM}"
--push
push-prod-image-cache:
@@ -202,25 +209,32 @@ jobs:
name: prod-packages
path: ./docker-context-files
- name: Login to ghcr.io
- run: echo "${{ env.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{
github.actor }} --password-stdin
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ ACTOR: ${{ github.actor }}
+ run: echo "${GITHUB_TOKEN}" | docker login ghcr.io -u ${ACTOR}
--password-stdin
# We only push "AMD" images as it is really only needed for any kind
of automated builds in CI
# and currently there is not an easy way to make multi-platform image
from two separate builds
# and we can do it after we stopped the ARM instance as it is not
needed anymore
- name: "Push PROD latest image: ${{ env.PYTHON_MAJOR_MINOR_VERSION }}
(linux/amd64 ONLY)"
+ env:
+ PLATFORM: ${{ inputs.platform }}
run: >
breeze prod-image build
--builder airflow_cache
--install-packages-from-context
- --platform "${{ inputs.platform }}"
+ --platform "${PLATFORM}"
--airflow-constraints-mode constraints-source-providers
if: inputs.push-latest-images == 'true' && inputs.platform ==
'linux/amd64'
# yamllint disable-line rule:line-length
- name: "Push PROD ${{ inputs.cache-type }} cache: ${{
env.PYTHON_MAJOR_MINOR_VERSION }} ${{ inputs.platform }}"
+ env:
+ PLATFORM: ${{ inputs.platform }}
run: >
breeze prod-image build
--builder airflow_cache
--prepare-buildx-cache
--install-packages-from-context
- --platform "${{ inputs.platform }}"
+ --platform "${PLATFORM}"
--airflow-constraints-mode constraints-source-providers
--push
diff --git a/.github/workflows/release_dockerhub_image.yml
b/.github/workflows/release_dockerhub_image.yml
index f23fdc9974a..b8758146cc1 100644
--- a/.github/workflows/release_dockerhub_image.yml
+++ b/.github/workflows/release_dockerhub_image.yml
@@ -113,7 +113,10 @@ jobs:
echo ${{ secrets.DOCKERHUB_TOKEN }} |
docker login --password-stdin --username ${{ secrets.DOCKERHUB_USER
}}
- name: Login to ghcr.io
- run: echo "${{ env.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{
github.actor }} --password-stdin
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ ACTOR: ${{ github.actor }}
+ run: echo "${GITHUB_TOKEN}" | docker login ghcr.io -u ${ACTOR}
--password-stdin
- name: "Install buildx plugin"
# yamllint disable rule:line-length
run: |
@@ -146,10 +149,12 @@ jobs:
# from the source code, not from the PyPI because they have
apache-airflow>=X.Y.Z dependency
# And when we prepare them from sources they will have
apache-airflow>=X.Y.Z.dev0
shell: bash
+ env:
+ CHICKEN_EGG_PROVIDERS: ${{
needs.build-info.outputs.chicken-egg-providers }}
run: >
breeze release-management prepare-provider-packages
--package-format wheel
- --version-suffix-for-pypi dev0 ${{
needs.build-info.outputs.chicken-egg-providers }}
+ --version-suffix-for-pypi dev0 ${CHICKEN_EGG_PROVIDERS}
if: needs.build-info.outputs.chicken-egg-providers != ''
- name: "Copy dist packages to docker-context files"
shell: bash
@@ -157,42 +162,61 @@ jobs:
if: needs.build-info.outputs.chicken-egg-providers != ''
- name: >
Release regular images: ${{ github.event.inputs.airflowVersion }},
${{ matrix.python-version }}
- run: >
- breeze release-management release-prod-images
- --dockerhub-repo ${{ github.repository }}
- --airflow-version ${{ github.event.inputs.airflowVersion }}
- ${{ needs.build-info.outputs.skipLatest }}
- ${{ needs.build-info.outputs.limitPlatform }}
- --limit-python ${{ matrix.python-version }}
- --chicken-egg-providers "${{
needs.build-info.outputs.chicken-egg-providers }}"
env:
COMMIT_SHA: ${{ github.sha }}
- - name: >
- Release slim images: ${{ github.event.inputs.airflowVersion }}, ${{
matrix.python-version }}
+ REPOSITORY: ${{ github.repository }}
+ PYTHON_VERSION: ${{ matrix.python-version }}
+ AIRFLOW_VERSION: ${{ github.event.inputs.airflowVersion }}
+ SKIP_LATEST: ${{ needs.build-info.outputs.skipLatest }}
+ LIMIT_PLATFORM: ${{ needs.build-info.outputs.limitPlatform }}
+ CHICKEN_EGG_PROVIDERS: ${{
needs.build-info.outputs.chicken-egg-providers }}
run: >
breeze release-management release-prod-images
- --dockerhub-repo ${{ github.repository }}
- --airflow-version ${{ github.event.inputs.airflowVersion }}
- ${{ needs.build-info.outputs.skipLatest }}
- ${{ needs.build-info.outputs.limitPlatform }}
- --limit-python ${{ matrix.python-version }} --slim-images
+ --dockerhub-repo "${REPOSITORY}"
+ --airflow-version "${AIRFLOW_VERSION}"
+ ${SKIP_LATEST}
+ ${LIMIT_PLATFORM}
+ --limit-python ${PYTHON_VERSION}
+ --chicken-egg-providers ${CHICKEN_EGG_PROVIDERS}
+ - name: >
+ Release slim images: ${{ github.event.inputs.airflowVersion }}, ${{
matrix.python-version }}
env:
COMMIT_SHA: ${{ github.sha }}
+ REPOSITORY: ${{ github.repository }}
+ PYTHON_VERSION: ${{ matrix.python-version }}
+ AIRFLOW_VERSION: ${{ github.event.inputs.airflowVersion }}
+ SKIP_LATEST: ${{ needs.build-info.outputs.skipLatest }}
+ LIMIT_PLATFORM: ${{ needs.build-info.outputs.limitPlatform }}
+ run: >
+ breeze release-management release-prod-images
+ --dockerhub-repo "${REPOSITORY}"
+ --airflow-version "${AIRFLOW_VERSION}"
+ ${SKIP_LATEST}
+ ${LIMIT_PLATFORM}
+ --limit-python ${PYTHON_VERSION} --slim-images
- name: >
Verify regular AMD64 image: ${{ github.event.inputs.airflowVersion
}}, ${{ matrix.python-version }}
+ env:
+ PYTHON_VERSION: ${{ matrix.python-version }}
+ AIRFLOW_VERSION: ${{ github.event.inputs.airflowVersion }}
+ REPOSITORY: ${{ github.repository }}
run: >
breeze prod-image verify
--pull
--image-name
-
${{github.repository}}:${{github.event.inputs.airflowVersion}}-python${{matrix.python-version}}
+ ${REPOSITORY}:${AIRFLOW_VERSION}-python${PYTHON_VERSION}
- name: >
Verify slim AMD64 image: ${{ github.event.inputs.airflowVersion }},
${{ matrix.python-version }}
+ env:
+ PYTHON_VERSION: ${{ matrix.python-version }}
+ AIRFLOW_VERSION: ${{ github.event.inputs.airflowVersion }}
+ REPOSITORY: ${{ github.repository }}
run: >
breeze prod-image verify
--pull
--slim-image
--image-name
-
${{github.repository}}:slim-${{github.event.inputs.airflowVersion}}-python${{matrix.python-version}}
+ ${REPOSITORY}:slim-${AIRFLOW_VERSION}-python${PYTHON_VERSION}
- name: "Docker logout"
run: docker logout
if: always()
diff --git a/.github/workflows/run-unit-tests.yml
b/.github/workflows/run-unit-tests.yml
index 609f369f80d..1c24e659d09 100644
--- a/.github/workflows/run-unit-tests.yml
+++ b/.github/workflows/run-unit-tests.yml
@@ -175,7 +175,10 @@ jobs:
- name: >
${{ matrix.test-group}}:${{ inputs.test-scope }} Tests ${{
inputs.test-name }} ${{ matrix.backend-version }}
Py${{ matrix.python-version }}:${{ env.PARALLEL_TEST_TYPES }}
- run: ./scripts/ci/testing/run_unit_tests.sh "${{ matrix.test-group }}"
"${{ inputs.test-scope }}"
+ env:
+ TEST_GROUP: "${{ matrix.test-group }}"
+ TEST_SCOPE: "${{ inputs.test-scope }}"
+ run: ./scripts/ci/testing/run_unit_tests.sh "${TEST_GROUP}"
"${TEST_SCOPE}"
- name: "Post Tests success"
uses: ./.github/actions/post_tests_success
with:
diff --git a/.github/workflows/task-sdk-tests.yml
b/.github/workflows/task-sdk-tests.yml
index 4c6be2acb44..501e880fd3b 100644
--- a/.github/workflows/task-sdk-tests.yml
+++ b/.github/workflows/task-sdk-tests.yml
@@ -87,5 +87,7 @@ jobs:
uv tool install twine && twine check dist/*.whl
- name: >
Run unit tests for Airflow Task SDK:Python ${{ matrix.python-version
}}
+ env:
+ PYTHON_VERSION: "${{ matrix.python-version }}"
run: >
- breeze testing task-sdk-tests --python "${{ matrix.python-version }}"
+ breeze testing task-sdk-tests --python "${PYTHON_VERSION}"
diff --git a/.github/workflows/test-provider-packages.yml
b/.github/workflows/test-provider-packages.yml
index 9543444f3ad..877ff1f1b23 100644
--- a/.github/workflows/test-provider-packages.yml
+++ b/.github/workflows/test-provider-packages.yml
@@ -126,26 +126,31 @@ jobs:
breeze release-management generate-constraints
--airflow-constraints-mode constraints-source-providers --answer yes
- name: "Install and verify wheel provider packages"
+ env:
+ PACKAGE_FORMAT: ${{ matrix.package-format }}
+ PYTHON_MAJOR_MINOR_VERSION: ${env.PYTHON_MAJOR_MINOR_VERSION}
+ AIRFLOW_SKIP_CONSTRAINTS: "${{ inputs.upgrade-to-newer-dependencies
}}"
run: >
breeze release-management verify-provider-packages
--use-packages-from-dist
- --package-format ${{ matrix.package-format }}
- --use-airflow-version ${{ matrix.package-format }}
+ --package-format "${PACKAGE_FORMAT}"
+ --use-airflow-version "${PACKAGE_FORMAT}"
--airflow-constraints-reference default
--providers-constraints-location
-
/files/constraints-${{env.PYTHON_MAJOR_MINOR_VERSION}}/constraints-source-providers-${{env.PYTHON_MAJOR_MINOR_VERSION}}.txt
- env:
- AIRFLOW_SKIP_CONSTRAINTS: "${{ inputs.upgrade-to-newer-dependencies
}}"
+
/files/constraints-${PYTHON_MAJOR_MINOR_VERSION}/constraints-source-providers-${PYTHON_MAJOR_MINOR_VERSION}.txt
if: matrix.package-format == 'wheel'
- name: "Install all sdist provider packages and airflow"
+ env:
+ PACKAGE_FORMAT: ${{ matrix.package-format }}
+ PYTHON_MAJOR_MINOR_VERSION: ${{ env.PYTHON_MAJOR_MINOR_VERSION }}
run: >
breeze release-management install-provider-packages
--use-packages-from-dist
- --package-format ${{ matrix.package-format }}
- --use-airflow-version ${{ matrix.package-format }}
+ --package-format "${PACKAGE_FORMAT}"
+ --use-airflow-version ${PACKAGE_FORMAT}
--airflow-constraints-reference default
--providers-constraints-location
-
/files/constraints-${{env.PYTHON_MAJOR_MINOR_VERSION}}/constraints-source-providers-${{env.PYTHON_MAJOR_MINOR_VERSION}}.txt
+
/files/constraints-${PYTHON_MAJOR_MINOR_VERSION}/constraints-source-providers-${PYTHON_MAJOR_MINOR_VERSION}.txt
--run-in-parallel
if: matrix.package-format == 'sdist'
@@ -191,8 +196,10 @@ jobs:
- name: >
Remove incompatible Airflow
${{ matrix.airflow-version }}:Python ${{ matrix.python-version }}
provider packages
+ env:
+ REMOVE_PROVIDERS: ${{ matrix.remove-providers }}
run: |
- for provider in ${{ matrix.remove-providers }}; do
+ for provider in ${REMOVE_PROVIDERS}; do
echo "Removing incompatible provider: ${provider}"
rm -vf dist/apache_airflow_providers_${provider/./_}*
done
@@ -206,12 +213,14 @@ jobs:
# We do not need to run import check if we run tests, the tests should
cover all the import checks
# automatically
if: matrix.run-tests != 'true'
+ env:
+ AIRFLOW_VERSION: "${{ matrix.airflow-version }}"
run: >
breeze release-management verify-provider-packages
--use-packages-from-dist
--package-format wheel
--use-airflow-version wheel
- --airflow-constraints-reference
constraints-${{matrix.airflow-version}}
+ --airflow-constraints-reference constraints-${AIRFLOW_VERSION}
--providers-skip-constraints
--install-airflow-with-constraints
- name: Check amount of disk space available
@@ -221,13 +230,17 @@ jobs:
Run provider unit tests on
Airflow ${{ matrix.airflow-version }}:Python ${{
matrix.python-version }}
if: matrix.run-tests == 'true'
+ env:
+ PROVIDERS_TEST_TYPES: "${{
inputs.providers-test-types-list-as-string }}"
+ AIRFLOW_VERSION: "${{ matrix.airflow-version }}"
+ REMOVE_PROVIDERS: "${{ matrix.remove-providers }}"
run: >
breeze testing providers-tests --run-in-parallel
- --parallel-test-types "${{
inputs.providers-test-types-list-as-string }}"
+ --parallel-test-types "${PROVIDERS_TEST_TYPES}"
--use-packages-from-dist
--package-format wheel
- --use-airflow-version "${{ matrix.airflow-version }}"
- --airflow-constraints-reference
constraints-${{matrix.airflow-version}}
+ --use-airflow-version "${AIRFLOW_VERSION}"
+ --airflow-constraints-reference constraints-${AIRFLOW_VERSION}
--install-airflow-with-constraints
--providers-skip-constraints
- --skip-providers "${{ matrix.remove-providers }}"
+ --skip-providers "${REMOVE_PROVIDERS}"
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index c5d0d154b88..13886b1e2fb 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -322,6 +322,15 @@ repos:
- --ignore-words=docs/spelling_wordlist.txt
-
--skip=providers/src/airflow/providers/*/*.rst,airflow/www/*.log,docs/*/commits.rst,docs/apache-airflow/tutorial/pipeline_example.csv,*.min.js,*.lock,INTHEWILD.md
- --exclude-file=.codespellignorelines
+ - repo: https://github.com/woodruffw/zizmor-pre-commit
+ rev: v1.0.0
+ hooks:
+ - id: zizmor
+ name: Run zizmor to check for github workflow syntax errors
+ types: [yaml]
+ files: \.github/workflows/.*$|\.github/actions/.*$
+ require_serial: true
+ entry: zizmor
- repo: local
# Note that this is the 2nd "local" repo group in the
.pre-commit-config.yaml file. This is because
# we try to minimise the number of passes that must happen in order to
apply some of the changes
diff --git a/contributing-docs/08_static_code_checks.rst
b/contributing-docs/08_static_code_checks.rst
index 78462afe305..a9938192d2d 100644
--- a/contributing-docs/08_static_code_checks.rst
+++ b/contributing-docs/08_static_code_checks.rst
@@ -399,6 +399,8 @@ require Breeze Docker image to be built locally.
| validate-operators-init | No templated
field logic checks in operator __init__ | |
+-----------------------------------------------------------+--------------------------------------------------------+---------+
| yamllint | Check YAML files
with yamllint | |
++-----------------------------------------------------------+--------------------------------------------------------+---------+
+| zizmor | Run zizmor to
check for github workflow syntax errors | |
+-----------------------------------------------------------+--------------------------------------------------------+---------+
.. END AUTO-GENERATED STATIC CHECK LIST
diff --git a/dev/breeze/doc/images/output_static-checks.svg
b/dev/breeze/doc/images/output_static-checks.svg
index bfea55c495f..8d64e6b7c28 100644
--- a/dev/breeze/doc/images/output_static-checks.svg
+++ b/dev/breeze/doc/images/output_static-checks.svg
@@ -377,7 +377,7 @@
</text><text class="breeze-static-checks-r5" x="0" y="1386.4"
textLength="12.2" clip-path="url(#breeze-static-checks-line-56)">│</text><text
class="breeze-static-checks-r7" x="451.4" y="1386.4" textLength="988.2"
clip-path="url(#breeze-static-checks-line-56)">update-providers-init-py | update-reproducible-source-date-epoch |               </text><text
class="breeze-static-checks-r5" x="1451.8" y="13 [...]
</text><text class="breeze-static-checks-r5" x="0" y="1410.8"
textLength="12.2" clip-path="url(#breeze-static-checks-line-57)">│</text><text
class="breeze-static-checks-r7" x="451.4" y="1410.8" textLength="988.2"
clip-path="url(#breeze-static-checks-line-57)">update-spelling-wordlist-to-be-sorted | update-supported-versions |              </text><text
class="breeze-static-checks-r5" x="1451.8" y="1410.8" [...]
</text><text class="breeze-static-checks-r5" x="0" y="1435.2"
textLength="12.2" clip-path="url(#breeze-static-checks-line-58)">│</text><text
class="breeze-static-checks-r7" x="451.4" y="1435.2" textLength="988.2"
clip-path="url(#breeze-static-checks-line-58)">update-vendored-in-k8s-json-schema | update-version | validate-operators-init |  </text><text
class="breeze-static-checks-r5" x="1451.8" y="1435.2" textLength="12.2"
clip-path="url(#breeze-static-c [...]
-</text><text class="breeze-static-checks-r5" x="0" y="1459.6"
textLength="12.2" clip-path="url(#breeze-static-checks-line-59)">│</text><text
class="breeze-static-checks-r7" x="451.4" y="1459.6" textLength="988.2"
clip-path="url(#breeze-static-checks-line-59)">yamllint)                                     &
[...]
+</text><text class="breeze-static-checks-r5" x="0" y="1459.6"
textLength="12.2" clip-path="url(#breeze-static-checks-line-59)">│</text><text
class="breeze-static-checks-r7" x="451.4" y="1459.6" textLength="988.2"
clip-path="url(#breeze-static-checks-line-59)">yamllint | zizmor)                                  
[...]
</text><text class="breeze-static-checks-r5" x="0" y="1484" textLength="12.2"
clip-path="url(#breeze-static-checks-line-60)">│</text><text
class="breeze-static-checks-r4" x="24.4" y="1484" textLength="268.4"
clip-path="url(#breeze-static-checks-line-60)">--show-diff-on-failure</text><text
class="breeze-static-checks-r6" x="402.6" y="1484" textLength="24.4"
clip-path="url(#breeze-static-checks-line-60)">-s</text><text
class="breeze-static-checks-r1" x="451.4" y="1484" textLength="524.6" c [...]
</text><text class="breeze-static-checks-r5" x="0" y="1508.4"
textLength="12.2" clip-path="url(#breeze-static-checks-line-61)">│</text><text
class="breeze-static-checks-r4" x="24.4" y="1508.4" textLength="292.8"
clip-path="url(#breeze-static-checks-line-61)">--initialize-environment</text><text
class="breeze-static-checks-r1" x="451.4" y="1508.4" textLength="549"
clip-path="url(#breeze-static-checks-line-61)">Initialize environment before running checks.</text><text
c [...]
</text><text class="breeze-static-checks-r5" x="0" y="1532.8"
textLength="12.2" clip-path="url(#breeze-static-checks-line-62)">│</text><text
class="breeze-static-checks-r4" x="24.4" y="1532.8" textLength="353.8"
clip-path="url(#breeze-static-checks-line-62)">--max-initialization-attempts</text><text
class="breeze-static-checks-r1" x="451.4" y="1532.8" textLength="854"
clip-path="url(#breeze-static-checks-line-62)">Maximum number of attempts to initialize env
[...]
diff --git a/dev/breeze/doc/images/output_static-checks.txt
b/dev/breeze/doc/images/output_static-checks.txt
index 38529eb9753..7328cd794da 100644
--- a/dev/breeze/doc/images/output_static-checks.txt
+++ b/dev/breeze/doc/images/output_static-checks.txt
@@ -1 +1 @@
-6239e6a528459f731b6908ce668a8950
+58ba2c35b2dcda00a1937a35be8ec688
diff --git a/dev/breeze/src/airflow_breeze/pre_commit_ids.py
b/dev/breeze/src/airflow_breeze/pre_commit_ids.py
index 8667a2cc4b7..059910f2c3c 100644
--- a/dev/breeze/src/airflow_breeze/pre_commit_ids.py
+++ b/dev/breeze/src/airflow_breeze/pre_commit_ids.py
@@ -154,4 +154,5 @@ PRE_COMMIT_LIST = [
"update-version",
"validate-operators-init",
"yamllint",
+ "zizmor",
]
