Merge branch 'master' into tox-remove-py39

Author: deacon-mp

.github/workflows/quality.yml

@@ -6,6 +6,8 @@ on:
       - master
   pull_request:
     types: [opened, synchronize, reopened, ready_for_review]
+  pull_request_target:
+    types: [opened, synchronize, reopened, ready_for_review]  # added for fork PRs
   workflow_dispatch:
 
 permissions:
@@ -21,8 +23,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          # - python-version: 3.9
-          #   toxenv: py39,style,coverage-ci
           - python-version: 3.10.9
             toxenv: py310,style,coverage-ci
           - python-version: 3.11
@@ -34,29 +34,96 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
         with:
           submodules: recursive
-          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+          fetch-depth: 0  # shallow clones should be disabled for analysis
+
       - name: Setup python
         uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c
         with:
           python-version: ${{ matrix.python-version }}
+
       - name: Setup Node.js
         uses: actions/setup-node@v3
         with:
           node-version: '20'
+
       - name: Install dependencies
         run: |
           pip install --upgrade virtualenv
           pip install tox
           npm --prefix plugins/magma install
           npm --prefix plugins/magma run build
+
       - name: Run tests
         env:
           TOXENV: ${{ matrix.toxenv }}
         run: tox
+
       - name: Override Coverage Source Path for Sonar
-        run: sed -i "s/<source>\/home\/runner\/work\/caldera\/caldera/<source>\/github\/workspace/g" /home/runner/work/caldera/caldera/coverage.xml
+        run: sed -i "s#<source>/home/runner/work/caldera/caldera#<source>/github/workspace#g" /home/runner/work/caldera/caldera/coverage.xml
+
+      # --- Sonar scan for pushes and same-repo PRs only ---
       - name: SonarQube Scan
+        if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false }}
+        uses: SonarSource/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # needed for PR info
+          SONAR_TOKEN:  ${{ secrets.SONAR_TOKEN }}
+        # Uncomment if your sonar-project.properties is in a subfolder:
+        # with:
+        #   args: |
+        #     -Dsonar.projectBaseDir=caldera
+
+  # --- Sonar scan for forked PRs (runs safely with pull_request_target) ---
+  sonar_fork_pr:
+    runs-on: ubuntu-latest
+    if: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.fork }}
+    permissions:
+      contents: read
+      pull-requests: write   # remove if you don't want PR comments
+    steps:
+      - name: Checkout base repo
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.base.sha }}
+          fetch-depth: 0
+  
+      - name: Checkout PR HEAD (fork)
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          ref: ${{ github.event.pull_request.head.sha }}
+          path: pr
+          fetch-depth: 0
+          submodules: recursive
+  
+      # Detect where the sonar-project.properties actually is (pr/ or pr/caldera)
+      - name: Detect Sonar base dir
+        id: detect
+        run: |
+          set -euo pipefail
+          if [ -f pr/caldera/sonar-project.properties ]; then
+            echo "base=pr/caldera" >> "$GITHUB_OUTPUT"
+          elif [ -f pr/sonar-project.properties ]; then
+            echo "base=pr" >> "$GITHUB_OUTPUT"
+          else
+            echo "No sonar-project.properties found under pr/ or pr/caldera"
+            echo "base=pr" >> "$GITHUB_OUTPUT"   # fallback to repo root
+          fi
+          echo "Using base dir: $(grep '^base=' "$GITHUB_OUTPUT" | cut -d= -f2)"
+          echo "Has SONAR_TOKEN? $([ -n "${SONAR_TOKEN:-}" ] && echo yes || echo no)"
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+  
+      # If your project key/org are NOT in the properties file, uncomment and set below
+      - name: SonarQube Scan (fork PR)
         uses: SonarSource/[email protected]
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # SONAR_HOST_URL: https://sonarcloud.io  # set if you’re self-hosted or non-default
+        with:
+          projectBaseDir: ${{ steps.detect.outputs.base }}
+          args: |
+            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
+            -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }}
+            -Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }}

app/api/v2/managers/operation_api_manager.py

@@ -102,6 +102,7 @@ async def create_potential_link(self, operation_id: str, data: dict, access: Bas
                                               file_svc=self.services['file_svc']))
         executor = self.build_executor(data=data.pop('executor', {}), agent=agent)
         ability = self.build_ability(data=data.pop('ability', {}), executor=executor)
+        await self._call_ability_plugin_hooks(ability, executor)
         link = Link.load(dict(command=encoded_command, plaintext_command=encoded_command, paw=agent.paw, ability=ability, executor=executor,
                               status=operation.link_status(), score=data.get('score', 0), jitter=data.get('jitter', 0),
                               cleanup=data.get('cleanup', 0), pin=data.get('pin', 0),
@@ -171,6 +172,13 @@ async def _construct_and_dump_source(self, source_id: str):
             source = (await self.services['data_svc'].locate('sources', match=dict(name='basic')))
         return SourceSchema().dump(source[0])
 
+    async def _call_ability_plugin_hooks(self, ability, executor):
+        """Calls any plugin hooks (at runtime) that exist for the ability and executor."""
+        if (hasattr(executor, 'HOOKS') and executor.HOOKS and
+                hasattr(executor, 'language') and executor.language and
+                executor.language in executor.HOOKS):
+            await executor.HOOKS[executor.language](ability, executor)
+
     async def validate_operation_state(self, data: dict, existing: Operation = None):
         if not existing:
             if data.get('state') in Operation.get_finished_states():

app/service/planning_svc.py

@@ -351,9 +351,7 @@ async def _generate_new_links(self, operation, agent, abilities, link_status):
             executor = await agent.get_preferred_executor(ability)
             if not executor:
                 continue
-
-            if executor.HOOKS and executor.language and executor.language in executor.HOOKS:
-                await executor.HOOKS[executor.language](ability, executor)
+            await self._call_ability_plugin_hooks(ability, executor)
             if executor.command:
                 link = Link.load(dict(command=self.encode_string(executor.test), paw=agent.paw, score=0,
                                       ability=ability, executor=executor, status=link_status,
@@ -392,6 +390,13 @@ async def _generate_cleanup_links(self, operation, agent, link_status):
                     links.append(lnk)
         return links
 
+    async def _call_ability_plugin_hooks(self, ability, executor):
+        """Calls any plugin hooks (at runtime) that exist for the ability and executor."""
+        if (hasattr(executor, 'HOOKS') and executor.HOOKS and
+                hasattr(executor, 'language') and executor.language and
+                executor.language in executor.HOOKS):
+            await executor.HOOKS[executor.language](ability, executor)
+
     @staticmethod
     async def _apply_adjustments(operation, links):
         """Apply operation source ability adjustments to links