From e41b653f0b5c660abd8f4c4ef6794e39159ed3f3 Mon Sep 17 00:00:00 2001 From: "njzjz-bot[bot]" <48687836+njzjz-bot@users.noreply.github.com> Date: Sat, 24 Jan 2026 05:18:42 +0000 Subject: [PATCH 01/12] ci: use OIDC for codecov-action Replace token-based authentication with OIDC (OpenID Connect) for codecov-action. This is more secure and eliminates the need to manage upload tokens. Changes: - Add use_oidc: true to codecov-action configuration - Add id-token: write permission at workflow level - Remove token parameter from codecov-action (ignored when using OIDC) This improves security and follows codecov-action best practices. Generated by the task: njzjz-bot/njzjz-bot#25. --- .github/workflows/main.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d4826381..38d1b726 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,8 +1,8 @@ name: Python unit-tests on: - - push - - pull_request +- push +- pull_request jobs: build: @@ -32,3 +32,7 @@ jobs: - uses: codecov/codecov-action@v5 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + with: + use_oidc: true +permissions: + id-token: write From cb5a56194c54c1912377fe45c7a2d404182fefb5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jun 2026 02:52:48 +0000 Subject: [PATCH 02/12] Bump actions/setup-python from 5 to 6 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/publish-pypi.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml index 6f0d1030..240dec15 100644 --- a/.github/workflows/publish-pypi.yml +++ b/.github/workflows/publish-pypi.yml @@ -12,7 +12,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.10" - name: Install dependencies @@ -35,7 +35,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.10" - name: Build package From eea652e8cce060c98e4d768092824dbfb40db93f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jun 2026 02:52:51 +0000 Subject: [PATCH 03/12] Bump codecov/codecov-action from 5 to 7 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5 to 7. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v5...v7) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d4826381..3d8a86c3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -29,6 +29,6 @@ jobs: export DFLOW_DEBUG=1 coverage run -m unittest -v -f coverage report - - uses: codecov/codecov-action@v5 + - uses: codecov/codecov-action@v7 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} From b6ac19dfb8bf2ac5d895145878f3d98e15de4b66 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jun 2026 02:52:54 +0000 Subject: [PATCH 04/12] Bump actions/upload-artifact from 4 to 7 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/publish-pypi.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml index 6f0d1030..0f93aa62 100644 --- a/.github/workflows/publish-pypi.yml +++ b/.github/workflows/publish-pypi.yml @@ -43,7 +43,7 @@ jobs: python -m pip install --upgrade pip build python -m build - name: Upload distributions - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: python-package-distributions path: dist/ From 3540416d7714f853343f70383f6f474ab59178e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jun 2026 02:52:56 +0000 Subject: [PATCH 05/12] Bump actions/checkout from 4 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/publish-pypi.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml index 6f0d1030..20018edb 100644 --- a/.github/workflows/publish-pypi.yml +++ b/.github/workflows/publish-pypi.yml @@ -10,7 +10,7 @@ jobs: name: unit tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v5 with: @@ -33,7 +33,7 @@ jobs: needs: test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v5 with: From 17514848ceb670094aabe57d7aafea5936ca8abc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jun 2026 02:52:59 +0000 Subject: [PATCH 06/12] Bump actions/download-artifact from 4 to 8 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 8. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v8) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/publish-pypi.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml index 6f0d1030..7d2c6d9f 100644 --- a/.github/workflows/publish-pypi.yml +++ b/.github/workflows/publish-pypi.yml @@ -61,7 +61,7 @@ jobs: PYPI_API_TOKEN: ${{ secrets.PYPI_API_TOKEN }} steps: - name: Download distributions - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: python-package-distributions path: dist/ From 98987b5a4dc02040996e781f39e5f6414671f18c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jun 2026 02:52:56 +0000 Subject: [PATCH 07/12] Bump docker/setup-buildx-action from 3 to 4 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/publish-docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml index 7539d338..7bd8e760 100644 --- a/.github/workflows/publish-docker.yml +++ b/.github/workflows/publish-docker.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: docker/setup-buildx-action@v3 + - uses: docker/setup-buildx-action@v4 - uses: docker/login-action@v3 with: From 33393d0fed88d414f0c5ef984c90766bc8d8dae8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jun 2026 02:52:59 +0000 Subject: [PATCH 08/12] Bump docker/build-push-action from 6 to 7 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6...v7) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/publish-docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml index 7539d338..ba6f65df 100644 --- a/.github/workflows/publish-docker.yml +++ b/.github/workflows/publish-docker.yml @@ -26,7 +26,7 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: docker/build-push-action@v6 + - uses: docker/build-push-action@v7 with: context: . file: docs/Dockerfile.bohrium From ee13defa9cb9c8824121ce297d96929cdd0a516f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jun 2026 02:53:02 +0000 Subject: [PATCH 09/12] Bump docker/login-action from 3 to 4 Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/publish-docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml index 7539d338..619beba2 100644 --- a/.github/workflows/publish-docker.yml +++ b/.github/workflows/publish-docker.yml @@ -20,7 +20,7 @@ jobs: - uses: docker/setup-buildx-action@v3 - - uses: docker/login-action@v3 + - uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.actor }} From ea3594b584cdd0116502b260da771a22b00ad01a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jun 2026 02:52:51 +0000 Subject: [PATCH 10/12] Bump actions/checkout from 4 to 7 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/publish-docker.yml | 2 +- .github/workflows/publish-pypi.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml index 7539d338..6f6d8a0b 100644 --- a/.github/workflows/publish-docker.yml +++ b/.github/workflows/publish-docker.yml @@ -16,7 +16,7 @@ jobs: publish: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v7 - uses: docker/setup-buildx-action@v3 diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml index 45342bf8..eed1ae9a 100644 --- a/.github/workflows/publish-pypi.yml +++ b/.github/workflows/publish-pypi.yml @@ -10,7 +10,7 @@ jobs: name: unit tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Set up Python uses: actions/setup-python@v6 with: @@ -33,7 +33,7 @@ jobs: needs: test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Set up Python uses: actions/setup-python@v6 with: From 4ad326270d846298fc757976e5093e353c897d8e Mon Sep 17 00:00:00 2001 From: Letian88 Date: Fri, 3 Jul 2026 09:15:49 +0800 Subject: [PATCH 11/12] fix(abacus): use --config flag for phonopy 4.1.0 load mode compatibility phonopy 4.1.0 ignores positional conf file arguments when in 'load mode' (triggered by phonopy_disp.yaml). This caused band.yaml/mesh.yaml to not be generated during the Post step for ABACUS phonon and gruneisen properties. Fix: pass band.conf explicitly via --config flag, which phonopy 4.1.0 correctly reads as a configuration file even in load mode. Tested with Cu FCC (ABACUS DFT, 2x2x2 supercell): - phonon: band.yaml + band.dat + mesh.yaml generated successfully - gruneisen: FORCE_CONSTANTS + mesh.yaml (3 volumes) generated successfully --- apex/core/property/Gruneisen.py | 2 +- apex/core/property/Phonon.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apex/core/property/Gruneisen.py b/apex/core/property/Gruneisen.py index 2bf0462d..f4842f5c 100644 --- a/apex/core/property/Gruneisen.py +++ b/apex/core/property/Gruneisen.py @@ -963,7 +963,7 @@ def _ensure_abacus_volume_outputs( if not os.path.isfile("FORCE_CONSTANTS"): raise FileNotFoundError(f"FORCE_CONSTANTS was not created in {helper_dir}") if not os.path.isfile("mesh.yaml"): - subprocess.check_call(Phonon.phonopy_command("band.conf"), shell=True) + subprocess.check_call(Phonon.phonopy_command("phonopy_disp.yaml --config band.conf"), shell=True) self._write_band_dat() finally: os.chdir(cwd) diff --git a/apex/core/property/Phonon.py b/apex/core/property/Phonon.py index 1951b4f2..f9e317ee 100644 --- a/apex/core/property/Phonon.py +++ b/apex/core/property/Phonon.py @@ -622,7 +622,7 @@ def _compute_lower(self, output_file, all_tasks, all_res): if not os.path.exists("FORCE_SETS"): raise FileNotFoundError("FORCE_SETS was not created") print('FORCE_SETS is created') - subprocess.check_call(self.phonopy_command("band.conf"), shell=True) + subprocess.check_call(self.phonopy_command("phonopy_disp.yaml --config band.conf"), shell=True) self.write_band_dat() elif self.inter_param["type"] == 'vasp': From cbac2a9e93a8c73d9b440d806d39a1361de052b3 Mon Sep 17 00:00:00 2001 From: letian Date: Tue, 7 Jul 2026 17:01:59 +0800 Subject: [PATCH 12/12] test: update phonon/gruneisen mocks for --config phonopy command Align unit tests with the phonopy 4.1.0 load-mode fix that passes band.conf via --config instead of a positional argument. Co-authored-by: Cursor --- tests/test_gruneisen.py | 9 ++++++--- tests/test_phonon.py | 6 +++--- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/tests/test_gruneisen.py b/tests/test_gruneisen.py index 0d1ad82d..d6729a8c 100644 --- a/tests/test_gruneisen.py +++ b/tests/test_gruneisen.py @@ -408,7 +408,7 @@ def fake_check_call(command, shell): Path("FORCE_SETS").write_text("fake force sets\n") elif command == Phonon.phonopy_setup_command("phonopy_disp.yaml --writefc"): Path("FORCE_CONSTANTS").write_text("fake force constants\n") - elif command == Phonon.phonopy_command("band.conf"): + elif command == Phonon.phonopy_command("phonopy_disp.yaml --config band.conf"): strain = loadfn("volume.json")["strain"] if strain < 0: frequencies = [4.2, 8.4] @@ -459,8 +459,11 @@ def fake_run(command, stdout, stderr, text): ]), 3, ) - self.assertEqual(len([cmd for _, cmd in calls if cmd == Phonon.phonopy_command("band.conf")]), 3) - self.assertFalse(any(cmd == "phonopy band.conf --abacus" for _, cmd in calls)) + self.assertEqual( + len([cmd for _, cmd in calls if cmd == Phonon.phonopy_command("phonopy_disp.yaml --config band.conf")]), + 3, + ) + self.assertFalse(any(cmd == "phonopy phonopy_disp.yaml --config band.conf --abacus" for _, cmd in calls)) self.assertTrue((work_dir / "volume.000000" / "mesh.yaml").is_file()) self.assertTrue((work_dir / "volume.000001" / "band.dat").is_file()) self.assertTrue("Temperature(K) SumGammaCv Sign" in ptr) diff --git a/tests/test_phonon.py b/tests/test_phonon.py index b817df5e..b28415e8 100644 --- a/tests/test_phonon.py +++ b/tests/test_phonon.py @@ -340,7 +340,7 @@ def fake_check_call(command, shell): calls.append(command) if command.startswith(Phonon.phonopy_setup_command("-f")): Path("FORCE_SETS").write_text("fake force sets\n") - elif command == Phonon.phonopy_command("band.conf"): + elif command == Phonon.phonopy_command("phonopy_disp.yaml --config band.conf"): Path("band.yaml").write_text("phonon: []\n") try: @@ -349,8 +349,8 @@ def fake_check_call(command, shell): patch.object(Phonon, "write_band_dat", side_effect=self._write_band_dat_for_compute): phonon._compute_lower(str(work_dir / "result.json"), [str(task_dir)], []) self.assertEqual(calls[0], Phonon.phonopy_setup_command("-f task.0*/OUT.ABACUS/running_scf.log")) - self.assertEqual(calls[1], Phonon.phonopy_command("band.conf")) - self.assertFalse(any("--abacus" in command and command.startswith("phonopy band.conf") for command in calls)) + self.assertEqual(calls[1], Phonon.phonopy_command("phonopy_disp.yaml --config band.conf")) + self.assertFalse(any("--abacus" in command and "band.conf" in command for command in calls)) finally: shutil.rmtree(work_dir, ignore_errors=True)