icesat2py · weiji14 · May 23, 2025 · Sep 17, 2024 · Sep 25, 2024 · Sep 26, 2024
diff --git a/.all-contributorsrc b/.all-contributorsrc
@@ -505,6 +505,15 @@
         "test",
         "infra"
       ]
+    },
+    {
+      "login": "chuckwondo",
+      "name": "Chuck Daniels",
+      "avatar_url": "https://avatars.githubusercontent.com/u/5607545?v=4",
+      "profile": "https://developmentseed.org/",
+      "contributions": [
+        "infra"
+      ]
     }
   ],
   "contributorsPerLine": 7,

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -11,3 +11,6 @@ updates:
           - "*"  # Group all Actions updates into a single larger pull request
     schedule:
       interval: monthly
+    ignore:
+      - dependency-name: "sangonzal/repository-traffic-action"
+        versions: "v1"
diff --git a/.github/workflows/download_test.yml b/.github/workflows/download_test.yml
@@ -0,0 +1,34 @@
+name: "Integration Download test"
+# NOTE: This runs only integration tests that download data,
+# as denoted by the pytest downloads_data mark.
+
+on:
+  push:
+    branches:
+      - "main"  # Releases
+      - "development"  # Feature PR merges
+
+jobs:
+  test:
+    name: "Download Data Tests"
+    runs-on: "ubuntu-latest"
+
+    steps:
+      - uses: "actions/checkout@v4"
+
+      - uses: "./.github/actions/install-icepyx"
+        with:
+          python-version: "3.12"
+
+      - name: "Run download tests"
+        env:
+          EARTHDATA_LOGIN: "icepyx_devteam"
+          EARTHDATA_PASSWORD: "${{ secrets.EARTHDATA_PASSWORD }}"
+          NSIDC_LOGIN: "${{ secrets.EARTHDATA_PASSWORD }}"
+        run: |
+          pytest icepyx/tests/integration --verbose --cov app -m "downloads_data"
+
+      - name: "Upload coverage report"
+        uses: "codecov/[email protected]"
+        with:
+          token: "${{ secrets.CODECOV_TOKEN }}"
diff --git a/.github/workflows/integration_test.yml b/.github/workflows/integration_test.yml
@@ -1,49 +1,68 @@
 name: "Integration test"
-# NOTE: We're just running the tests that require earthdata login here; we
-#       don't distinguish between unit and integration tests yet.
+# NOTE: This runs all integration tests except those that download data.
+# It will not automatically run integration tests (some of which require auth)
+# on PRs from forks.
+# Integration tests that download data are run separately.
+
 
 on:
+  pull_request:
+    branches:
+      - "main"         # Release PRs
+      - "development"  # Feature PRs
   push:
     branches:
-      - "main"  # Releases
+      - "main"         # Releases
       - "development"  # Feature PR merges
-  pull_request:
-    branches:
-      - "main"  # Release PRs
-  workflow_dispatch:
-    inputs:
-      ref:
-        description: "The ref to test"
-        type: "string"
 
+# When this workflow is queued, automatically cancel any previous running
+# or pending jobs from the same branch
+concurrency:
+  group: "integration-tests-${{ github.ref }}"
+  cancel-in-progress: true
 
 jobs:
   test:
     name: "Integration test"
-    # Do not run on PRs from forks:
-    if: "${{ !github.event.pull_request.head.repo.fork }}"
     runs-on: "ubuntu-latest"
 
     steps:
-      - uses: "actions/checkout@v4"
+      - name: "Fetch user permission"
+        id: "permission"
+        uses: "actions-cool/check-user-permission@v2"
         with:
-          fetch-depth: 0
-          ref: "${{ inputs.ref }}"
+          require: "write"
+          username: "${{ github.triggering_actor }}"
+
+      - name: "Check user permission"
+        if: "${{ steps.permission.outputs.require-result == 'false' }}"
+        # If the triggering actor does not have write permission (i.e., this is a
+        # PR from a fork), then we exit, otherwise most of the integration tests will
+        # fail because they require access to secrets.  In this case, a maintainer
+        # will need to make sure the PR looks safe, and if so, manually re-run the
+        # failed pull_request_target jobs.
+        run: |
+          echo "User **${{ github.triggering_actor }}** does not have permission to run integration tests." >> $GITHUB_STEP_SUMMARY
+          echo "A maintainer must perform a security review and re-run this build, if the code is safe." >> $GITHUB_STEP_SUMMARY
+          echo "See [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/resources/github-actions-preventing-pwn-requests)." >> $GITHUB_STEP_SUMMARY
+          exit 1
+
+      - name: "Checkout source"
+        uses: "actions/checkout@v4"
 
       - uses: "./.github/actions/install-icepyx"
         with:
           python-version: "3.12"
 
-      - name: "Run tests"
+      - name: "Run auth tests"
         env:
+          EARTHDATA_USERNAME: "icepyx_devteam"
           EARTHDATA_PASSWORD: "${{ secrets.EARTHDATA_PASSWORD }}"
           NSIDC_LOGIN: "${{ secrets.EARTHDATA_PASSWORD }}"
         run: |
-          pytest icepyx/ --verbose --cov app \
-            icepyx/tests/test_behind_NSIDC_API_login.py \
-            icepyx/tests/test_auth.py
+          pytest -s icepyx/tests/integration --verbose --cov app
 
       - name: "Upload coverage report"
-        uses: "codecov/codecov-action@v4.5.0"
+        uses: "codecov/codecov-action@v5.4.0"
         with:
           token: "${{ secrets.CODECOV_TOKEN }}"
diff --git a/.github/workflows/linter_actions.yml b/.github/workflows/linter_actions.yml
@@ -14,6 +14,4 @@ jobs:
       # Use the Ruff linter to annotate code style / best-practice issues
       # NOTE: More config provided in pyproject.toml
       - name: Lint and annotate PR
-        uses: chartboost/ruff-action@v1
-        with:
-          args: "check . --output-format github"
+        uses: astral-sh/ruff-action@v3
diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml
@@ -30,7 +30,7 @@ jobs:
     - name: Set up Python
       uses: actions/setup-python@v5
       with:
-        python-version: 3.9
+        python-version: 3.11
 
     - name: Install dependencies
       run: python -m pip install build setuptools wheel

diff --git a/.github/workflows/typecheck.yml b/.github/workflows/typecheck.yml
@@ -0,0 +1,29 @@
+name: Typecheck
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - development
+
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install package and test dependencies
+        run: |
+          python -m pip install .[complete]
+          python -m pip install -r requirements-dev.txt
+
+      - uses: jakebailey/pyright-action@v2
diff --git a/.github/workflows/unit_test.yml b/.github/workflows/unit_test.yml
@@ -8,6 +8,17 @@ on:
     branches:
       - "main"
       - "development"
+  workflow_run:
+    workflows: [Update UML diagrams]
+    types:
+      - completed
+
+
+# When this workflow is queued, automatically cancel any previous running
+# or pending jobs from the same branch
+concurrency:
+  group: "unit-tests-${{ github.ref }}"
+  cancel-in-progress: true
 
 
 jobs:
@@ -17,8 +28,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: ["3.9", "3.12"] #NOTE: min and max Python versions supported by icepyx
-
+        python-version: ["3.11", "3.13"] #NOTE: min and max Python versions supported by icepyx
     steps:
       - uses: "actions/checkout@v4"
         with:
@@ -30,11 +40,9 @@ jobs:
 
       - name: "Run tests"
         run: |
-          pytest icepyx/ --verbose --cov app \
-            --ignore=icepyx/tests/test_behind_NSIDC_API_login.py \
-            --ignore=icepyx/tests/test_auth.py
+          pytest icepyx/tests/unit --verbose --cov app
 
       - name: "Upload coverage report"
-        uses: "codecov/codecov-action@v4.5.0"
+        uses: "codecov/codecov-action@v5.4.0"
         with:
           token: "${{ secrets.CODECOV_TOKEN }}"
diff --git a/.gitignore b/.gitignore
@@ -120,6 +120,9 @@ venv.bak/
 *.zarr
 *.tif
 
+# harmony orders
+.order_restart
+
 # data file exception for tracking info
 !clones.csv
 !views.csv

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v5.0.0
     hooks:
       - id: check-toml
       - id: check-yaml
@@ -19,21 +19,21 @@ repos:
       - id: requirements-txt-fixer
 
   - repo: https://github.com/codespell-project/codespell
-    rev: v2.3.0
+    rev: v2.4.1
     hooks:
       - id: codespell
         additional_dependencies:
           - tomli
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.6.3
+    rev: v0.9.9
     hooks:
       - id: ruff
         args: ["--fix", "--show-fixes"]
       - id: ruff-format
 
   - repo: https://github.com/abravalheri/validate-pyproject
-    rev: v0.19
+    rev: v0.23
     hooks:
       - id: validate-pyproject