Merge branch 'master' into fix-tabs-order-in-pdf

.asf.yaml

@@ -53,6 +53,9 @@ github:
     merge: false
     rebase: false
 
+  ghp_branch:  gh-pages
+  ghp_path: /
+
   protected_branches:
     master:
       required_status_checks:
@@ -69,22 +72,27 @@ github:
           - cypress-matrix (3, chrome)
           - cypress-matrix (4, chrome)
           - cypress-matrix (5, chrome)
+          - dependency-review
           - frontend-build
           - pre-commit (current)
-          - pre-commit (next)
           - pre-commit (previous)
           - test-mysql
           - test-postgres (current)
-          - test-postgres (next)
           - test-postgres-hive
           - test-postgres-presto
           - test-sqlite
           - unit-tests (current)
-          - unit-tests (next)
 
       required_pull_request_reviews:
         dismiss_stale_reviews: false
         require_code_owner_reviews: true
         required_approving_review_count: 1
 
       required_signatures: false
+    gh-pages:
+      required_pull_request_reviews:
+        dismiss_stale_reviews: false
+        require_code_owner_reviews: true
+        required_approving_review_count: 1
+
+      required_signatures: false

.dockerignore

@@ -34,14 +34,15 @@
 **/*.sqllite
 **/*.swp
 **/.terser-plugin-cache/
-**/.storybook/
 **/node_modules/
 
 tests/
 docs/
 install/
 superset-frontend/cypress-base/
 superset-frontend/coverage/
+superset-frontend/.temp_cache/
 superset/static/assets/
 superset-websocket/dist/
 venv
+.venv

.gitattributes

@@ -1,2 +1,3 @@
 docker/**/*.sh text eol=lf
 *.svg binary
+*.ipynb binary

.github/CODEOWNERS

@@ -12,21 +12,21 @@
 
 # Notify Helm Chart maintainers about changes in it
 
-/helm/superset/ @craig-rueda @dpgaspar @villebro
+/helm/superset/ @craig-rueda @dpgaspar @villebro @nytai @michael-s-molina @mistercrunch @rusackas
 
 # Notify E2E test maintainers of changes
 
-/superset-frontend/cypress-base/ @jinghua-qa @geido @eschutho @rusackas @betodealmeida
+/superset-frontend/cypress-base/ @sadpandajoe @geido @eschutho @rusackas @betodealmeida
 
 # Notify PMC members of changes to GitHub Actions
 
-/.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @john-bodley @kgabryje @dpgaspar
+/.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar
 
-# Notify PMC members of changes to required Github Actions
+# Notify PMC members of changes to required GitHub Actions
 
-/.asf.yaml @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @john-bodley @kgabryje @dpgaspar
+/.asf.yaml @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar
 
-# Maps are a finnicky contribution process we care about
+# Maps are a finicky contribution process we care about
 
 **/*.geojson @villebro @rusackas
 /superset-frontend/plugins/legacy-plugin-chart-country-map/ @villebro @rusackas

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -41,8 +41,8 @@ body:
       label: Superset version
       options:
         - master / latest-dev
+        - "4.1.1"
         - "4.0.2"
-        - "3.1.3"
     validations:
       required: true
   - type: dropdown

.github/actions/change-detector/label-draft-pr.yml

@@ -0,0 +1,23 @@
+name: Label Draft PRs
+on:
+  pull_request:
+    types:
+      - opened
+      - converted_to_draft
+jobs:
+  label-draft:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if the PR is a draft
+        id: check-draft
+        uses: actions/github-script@v6
+        with:
+          script: |
+            const isDraft = context.payload.pull_request.draft;
+            core.setOutput('isDraft', isDraft);
+      - name: Add `review:draft` Label
+        if: steps.check-draft.outputs.isDraft == 'true'
+        uses: actions-ecosystem/action-add-labels@v1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          labels: "review:draft"

.github/actions/setup-backend/action.yml

@@ -43,11 +43,14 @@ runs:
       run: |
         if [ "${{ inputs.install-superset }}" = "true" ]; then
           sudo apt-get update && sudo apt-get -y install libldap2-dev libsasl2-dev
-          pip install --upgrade pip setuptools wheel
+          pip install --upgrade pip setuptools wheel uv
+
           if [ "${{ inputs.requirements-type }}" = "dev" ]; then
-            pip install -r requirements/development.txt
+            uv pip install --system -r requirements/development.txt
           elif [ "${{ inputs.requirements-type }}" = "base" ]; then
-            pip install -r requirements/base.txt
+            uv pip install --system -r requirements/base.txt
           fi
+
+          uv pip install --system -e .
         fi
       shell: bash

.github/actions/setup-docker/action.yml

@@ -0,0 +1,69 @@
+name: "Setup Docker Environment"
+description: "Reusable steps for setting up QEMU, Docker Buildx, DockerHub login, Supersetbot, and optionally Docker Compose"
+inputs:
+  build:
+    description: "Used for building?"
+    required: false
+    default: "false"
+  dockerhub-user:
+    description: "DockerHub username"
+    required: false
+  dockerhub-token:
+    description: "DockerHub token"
+    required: false
+  install-docker-compose:
+    description: "Flag to install Docker Compose"
+    required: false
+    default: "true"
+  login-to-dockerhub:
+    description: "Whether you want to log into dockerhub"
+    required: false
+    default: "true"
+outputs: {}
+runs:
+  using: "composite"
+  steps:
+
+    - name: Set up QEMU
+      if: ${{ inputs.build == 'true' }}
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      if: ${{ inputs.build == 'true' }}
+      uses: docker/setup-buildx-action@v3
+
+    - name: Try to login to DockerHub
+      if: ${{ inputs.login-to-dockerhub == 'true' }}
+      continue-on-error: true
+      uses: docker/login-action@v3
+      with:
+        username: ${{ inputs.dockerhub-user }}
+        password: ${{ inputs.dockerhub-token }}
+
+    - name: Install Docker Compose
+      if: ${{ inputs.install-docker-compose == 'true' }}
+      shell: bash
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y ca-certificates curl
+        sudo install -m 0755 -d /etc/apt/keyrings
+
+        # Download and save the Docker GPG key in the correct format
+        curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+
+        # Ensure the key file is readable
+        sudo chmod a+r /etc/apt/keyrings/docker.gpg
+
+        # Add the Docker repository using the correct key
+        echo \
+          "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+          $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+          sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+        # Update package lists and install Docker Compose plugin
+        sudo apt update
+        sudo apt install -y docker-compose-plugin
+
+    - name: Docker Version Info
+      shell: bash
+      run: docker info

.github/dependabot.yml

@@ -22,8 +22,7 @@ updates:
 
 
   # - package-ecosystem: "pip"
-  # NOTE: as dependabot isn't compatible with our python
-  # dependency setup (pip-compile-multi), we'll be using
+  # NOTE: as dependabot isn't compatible with our usage of `uv pip compile` we're using
   # `supersetbot` instead
 
   - package-ecosystem: "npm"

.github/workflows/bump-python-package.yml

@@ -14,10 +14,16 @@ on:
         required: true
         description: Max number of PRs to open (0 for no limit)
         default: 5
+      extra-flags:
+        required: false
+        default: --only-base
+        description: Additional flags to pass to the bump-python command
+  #schedule:
+  #  - cron: '0 0 * * *'  # Runs daily at midnight UTC
 
 jobs:
   bump-python-package:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       actions: write
       contents: write
@@ -39,8 +45,8 @@ jobs:
         with:
           python-version: "3.10"
 
-      - name: Install pip-compile-multi
-        run: pip install pip-compile-multi
+      - name: Install uv
+        run: pip install uv
 
       - name: supersetbot bump-python -p "${{ github.event.inputs.package }}"
         env:
@@ -59,10 +65,13 @@ jobs:
             GROUP_OPT="-g ${{ github.event.inputs.group }}"
           fi
 
+          EXTRA_FLAGS="${{ github.event.inputs.extra-flags }}"
+
           supersetbot bump-python \
             --verbose \
             --use-current-repo \
             --include-subpackages \
             --limit ${{ github.event.inputs.limit }} \
             $PACKAGE_OPT \
-            $GROUP_OPT
+            $GROUP_OPT \
+            $EXTRA_FLAGS

.github/workflows/cancel_duplicates.yml

@@ -9,7 +9,7 @@ on:
 jobs:
   cancel-duplicate-runs:
     name: Cancel duplicate workflow runs
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       actions: write
       contents: read

.github/workflows/check-python-deps.yml

@@ -0,0 +1,44 @@
+name: Check python dependencies
+
+on:
+  push:
+    branches:
+      - "master"
+      - "[0-9].[0-9]*"
+  pull_request:
+    types: [synchronize, opened, reopened, ready_for_review]
+
+# cancel previous workflow jobs for PRs
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  check-python-deps:
+    runs-on: ubuntu-22.04
+    steps:
+
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          submodules: recursive
+          depth: 1
+
+      - name: Setup Python
+        if: steps.check.outputs.python
+        uses: ./.github/actions/setup-backend/
+
+      - name: Run uv
+        if: steps.check.outputs.python
+        run: ./scripts/uv-pip-compile.sh
+
+      - name: Check for uncommitted changes
+        run: |
+          if [[ -n "$(git diff)" ]]; then
+            echo "ERROR: The pinned dependencies are not up-to-date."
+            echo "Please run './scripts/uv-pip-compile.sh' and commit the changes."
+            exit 1
+          else
+            echo "Pinned dependencies are up-to-date."
+          fi

.github/workflows/check_db_migration_confict.yml

@@ -19,7 +19,7 @@ concurrency:
 jobs:
   check_db_migration_conflict:
     name: Check DB migration conflict
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       contents: read
       pull-requests: write

.github/workflows/codeql-analysis.yml

@@ -17,7 +17,7 @@ concurrency:
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       actions: read
       contents: read

.github/workflows/dependency-review.yml

@@ -5,14 +5,26 @@
 # Source repository: https://github.com/actions/dependency-review-action
 # Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
 name: "Dependency Review"
-on: [pull_request]
+on:
+  push:
+    branches:
+      - "master"
+      - "[0-9].[0-9]*"
+  pull_request:
+    types: [synchronize, opened, reopened, ready_for_review]
+
+# cancel previous workflow jobs for PRs
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: true
 
 permissions:
   contents: read
 
 jobs:
   dependency-review:
-    runs-on: ubuntu-22.04
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-24.04
     steps:
       - name: "Checkout Repository"
         uses: actions/checkout@v4
@@ -32,4 +44,25 @@ jobs:
           #   license: https://applitools.com/legal/open-source-terms-of-use/
           # pkg:npm/[email protected]
           #   selecting BSD-3-Clause licensing terms for node-forge to ensure compatibility with Apache
-          allow-dependencies-licenses: pkg:npm/[email protected], pkg:npm/applitools/core, pkg:npm/applitools/core-base, pkg:npm/applitools/css-tree, pkg:npm/applitools/ec-client, pkg:npm/applitools/eg-socks5-proxy-server, pkg:npm/applitools/eyes, pkg:npm/applitools/eyes-cypress, pkg:npm/applitools/nml-client, pkg:npm/applitools/tunnel-client, pkg:npm/applitools/utils, pkg:npm/[email protected], pkg:npm/rgbcolor
+          allow-dependencies-licenses: pkg:npm/[email protected], pkg:npm/applitools/core, pkg:npm/applitools/core-base, pkg:npm/applitools/css-tree, pkg:npm/applitools/ec-client, pkg:npm/applitools/eg-socks5-proxy-server, pkg:npm/applitools/eyes, pkg:npm/applitools/eyes-cypress, pkg:npm/applitools/nml-client, pkg:npm/applitools/tunnel-client, pkg:npm/applitools/utils, pkg:npm/[email protected], pkg:npm/rgbcolor, pkg:npm/[email protected]
+
+  python-dependency-liccheck:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: "Checkout Repository"
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: ./.github/actions/setup-backend/
+        with:
+          requirements-type: base
+
+      - name: "Set up liccheck"
+        run: |
+          uv pip install --system liccheck
+      - name: "Run liccheck"
+        run: |
+          # run the checks
+          liccheck -R output.txt
+          # Print the report
+          cat output.txt