{"id":48154517,"url":"https://github.com/spack/review-helpers","last_synced_at":"2026-04-04T17:15:25.853Z","repository":{"id":346472586,"uuid":"1189884287","full_name":"spack/review-helpers","owner":"spack","description":"Experimental repository for Spack review-related helpers.","archived":false,"fork":false,"pushed_at":"2026-03-25T01:41:21.000Z","size":26,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-25T02:03:43.048Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/spack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":"COPYRIGHT","agents":null,"dco":null,"cla":null}},"created_at":"2026-03-23T19:03:27.000Z","updated_at":"2026-03-25T01:41:25.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/spack/review-helpers","commit_stats":null,"previous_names":["spack/review-helpers"],"tags_count":null,"template":false,"template_full_name":"spack/spack-repo-template","purl":"pkg:github/spack/review-helpers","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spack%2Freview-helpers","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spack%2Freview-helpers/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spack%2Freview-helpers/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spack%2Freview-helpers/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/spack","download_url":"https://codeload.github.com/spack/review-helpers/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spack%2Freview-helpers/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31407644,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T10:20:44.708Z","status":"ssl_error","status_checked_at":"2026-04-04T10:20:06.846Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-04T17:15:20.516Z","updated_at":"2026-04-04T17:15:25.845Z","avatar_url":"https://github.com/spack.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# review-helpers\n\nReview-helpers is an *experimental* set of scripts that can be useful for automatically confirming easy-to-check changes in package-related pull requests (PRs).\n\nThe scripts can be used to confirm:\n\n* `homepage` URL resolves to a valid, accessible site;\n* `version` directive arguments (e.g., `sha256`, `branch`, `tag`, `commit`) match what is in the repository; and\n* all listed `maintainers` for the packages are notified either by being listed under `Reviewers` or added in a PR comment.\n\nDue to restrictions, not all accounts listed in the `maintainers` directives of the modified packages will necessarily make it to the GitHub `Reviewers` list.\nSo compiling this information for a PR can help should you want to notify the missing  maintainers that there has been a change to one or more of their packages.\n\n\u003e [!WARNING]\n\u003e These checks do *not* represent everything that should be considered during a PR review.\n\u003e Refer to the [Package Review Guide](https://spack.readthedocs.io/en/latest/package_review_guide.html) for more information.\n\n\u003e [!NOTE]\n\u003e The scripts here were originally developed when packages were part of the [spack/spack](https://github.com/spack/spack) repository, but evolved to support packages in [spack-packages](https://github.com/spack/spack-packages).\n\u003e They are snapshots of the files from the original [llnl/spack-tools](https://github.com/llnl/spack-tools) (private) repository.\n\n\n## Features\n\nThis repository provides helpers for checking easy-to-automate aspects of pull request changes involving new and/or updated spack packages.\nThe focus is on confirming `homepage`s and `version` directives (e.g., branches, commits, tags, and sha256 hashes) and identifying maintainers.\nKnowing the maintainers for affected packages can be helpful in determining the extent to which a PR needs additional reviews.\nFor example, a PR submitted from someone who is not a maintainer of the packages will likely need additional reviews from the maintainer.\nThere is more information on this in the [Package Review Guide](https://spack.readthedocs.io/en/latest/package_review_guide.html).\n\n\u003e [!WARNING]\n\u003e The original repository precedes the introduction in CI of checksum verification so does not use the same processes.\n\u003e This feature can be leveraged to more easily check older version directives and as an aid to debugging URL-related changes.\n\n\n## Prerequisites\n\nA current installation of [Spack](https://spack.io) **and** this repository are required.\n\n\n## Setup\n\nThe amount of set up required to check a pull request (PR) depends on the nature of the changes.\n\n*At a minimum* you will need to set up the Spack environment by sourcing the appropriate [setup-env shell script](https://spack.readthedocs.io/en/latest/getting_started.html) **and** add the absolute path to `PYTHONPATH` for the `src` subdirectory here.\nYou will also want to be in your `spack/spack-packages` clone when you run the scripts.\n\nBeyond that, you'll want to check out the appropriate branch depending on the PR.\nSimple changes, such as just adding new `version` directives, can usually be performed from the `develop` (or equivalent) branch of the package repository.\nHowever, changes to key properties (e.g., `git`, `url`) or a new or modified `url_for_version` method will likely require first checking out the PR.\nThe same goes for changes to implicit, or derived, `url`s such as `PythonPackage`'s [pypi property](https://spack.readthedocs.io/en/latest/build_systems/pythonpackage.html#).\n\n\n## Running the scripts\n\nYou can run the scripts two ways:\n\n* provide the PR number, or\n* provide the name of a package\n\nThe first considers changes for **all files in the PR** while the second processes the (locally available) version of the package.\n\n\n### Why two options?\n\nChecks of simple additions of `version` directives will likely work using the `develop` branch of the [spack/spack](https://github.com/spack/spack) repository.\nHowever, URL-related changes can invalidate the `sha256`s of older `version` directives so you might need to check out the PR first.\nIn which case, you could run the following to check out PR #1234:\n\n```\n$ spack-python /path/to/review-helpers/bin/fetch_pr_branch.py 1234\n```\n\nThe local branch name will be `1234`.\n\nThe PR number is used for the local branch name to help reviewers who also contribute to Spack distinguished from their personal branches.\nThis makes identify review branches for removal (using `git branch -D \u003cPR-number\u003e`) a *lot* easier.\n\n\n### New or significantly modified packages\n\nChecking `homepage`s and `version` directives of PRs that include new or significantly modified packages can be done using a single script.\n\nFor example, suppose you want to review [spack-packages](https://github.com/spack/spack-packages) PR #1663.\nWhile under the clone's root, you can run:\n\n```\n$ spack-python /path/to/review-helpers/bin/check_versions.py 1663\n\nProcessing PR #1663\n\n... Omitting progress reporting ...\n\nPackage Summary:\n\n  protobuf (hyoklee):\n      version 32.1:  confirmed sha256 (checksum)\n\n  py_binary (Adam J. Stewart (13)):\n      confirmed homepage: https://github.com/ofek/binary\n      version 1.0.2:  confirmed sha256 (checksum)\n\n  py_google_cloud_bigquery (Adam J. Stewart (17)):\n      confirmed homepage: https://github.com/googleapis/python-bigquery\n      version 3.38.0:  confirmed sha256 (checksum)\n\n  py_google_cloud_core (Adam J. Stewart (11)):\n      version 2.4.1:  confirmed sha256 (checksum)\n\n  py_grpcio (Adam J. Stewart (68), Harmen Stoppels (5), Teague Sterling (6)):\n      version 1.75.0:  confirmed sha256 (checksum)\n\n  py_grpcio_status (Adam J. Stewart (13), Teague Sterling (5)):\n      confirmed homepage: https://grpc.io/\n      version 1.75.0:  confirmed sha256 (checksum)\n\n  py_protobuf (Adam J. Stewart (30), Teague Sterling (2)):\n      confirmed homepage: https://developers.google.com/protocol-buffers/\n      version 6.32.1:  confirmed sha256 (checksum)\n\n  py_pypinfo (Adam J. Stewart (17)):\n      confirmed homepage: https://github.com/ofek/pypinfo\n      version 22.0.0:  confirmed sha256 (checksum)\n\n  py_tinyrecord (Adam J. Stewart (9)):\n      confirmed homepage: https://github.com/eugene-eeo/tinyrecord\n      version 0.2.0:  confirmed sha256 (checksum)\n\nProcessed 6 homepage packages\n\nProcessed 9 version packages, 9 versions\n```\n\n\u003e [!NOTE]\n\u003e The appearance of `(checksum)` means the version's `sha256` was confirmed using `spack checksum`.\n\n\u003e [!TIP]\n\u003e **What am I looking for here?**\n\u003e I make sure the `version` directives and `homepage`s are `confirmed`; the homepage (ideally) uses `https`; and, if there are maintainers, that they either appear under `Reviewers` in the PR or have been \"notified\" in a comment.\n\n\n### New `version` directives only\n\nIf the only change involves adding new `version` directives, then you can generally run the `check_versions.py` script without checking out the PR.\nThe exception is if a `url` argument is provided in a `version` directive.\nEach package, its maintainers (or contributors in the last year), and the results of the associated version checks will be output.\n\nFor example, suppose you want to review [spack-packages](https://github.com/spack/spack-packages) PR #3958.\nYou can run:\n\n```\n$ spack-python /path/to/review-helpers/bin/check_versions.py 3906\n\nProcessing PR #3958\n\nduckdb (glentner, teaguesterling):\n  version 1.5.1:  confirmed sha256 (checksum)\n\nPackage Summary:\n\n  duckdb (glentner, teaguesterling):\n      version 1.5.1:  confirmed sha256 (checksum)\n```\n\nThe PR only has the `duckdb` package. Its maintainers are `glentner` and `teaguesterling`. And, since `(checksum)` is shown, `spack checksum` was used to confirm the `sha256`.\n\nIf the package didn't have maintainers, the output would show a list of GitHub accounts that have contributed to the package in the last year.\nFor example,\n\n```\n$ spack-python /path/to/review-helpers/bin/check_versions.py 3906\n\nProcessing PR #3906\n\n... omitting redundant output since a single package ...\n\nPackage Summary:\n\n  samrai (Lina Muryanto (163), Harmen Stoppels (2), Adam J. Stewart (3), Massimiliano Culpo (3)):\n      version 4.5.0:  confirmed commit\n\t\t\tconfirmed tag\n      version 4.3.0:  confirmed commit\n\t\t\tconfirmed tag\n      version 2022.2.9:  confirmed commit\n      version 2021.11.4:  confirmed commit\n      version 2021.2.16:  confirmed commit\n      version 3.12.0:  confirmed sha256 (checksum)\n      version 3.11.5:  confirmed sha256 (checksum)\n      version 3.11.4:  confirmed sha256 (checksum)\n      version 3.11.2:  confirmed sha256 (checksum)\n      version 3.11.1:  confirmed sha256 (checksum)\n      version 3.10.0:  confirmed sha256 (checksum)\n      version 3.9.1:  confirmed sha256 (checksum)\n      version 3.8.0:  confirmed sha256 (checksum)\n      version 3.7.3:  confirmed sha256 (checksum)\n      version 3.7.2:  confirmed sha256 (checksum)\n      version 2.4.4:  confirmed sha256 (checksum)\n\nProcessed 1 version package, 16 versions\n```\n\nshows contributor names instead of maintainers and, in parentheses, the maximum number of lines contributed in the last year.\n\nThe reason for showing the maximum numbers of lines contributed is to give a rough indication of their interest in the package, where a few lines could represent the addition of a new `version` directive.\nThis information was relevant when, in the absence of package maintainers, we suggested people run `spack blame` to find others who may still care about the package.\n\n\u003e [!NOTE]\n\u003e If you get `Unable to fully confirm` errors, make sure you have the branch checked out.\n\u003e If the errors continue, the package may be a manual download.\n\u003e Review the CI checksum verification check to see if it processed the versions.\n\u003e You could also run `spack checksum` manually.\n\n\u003e [!TIP]\n\u003e **What am I looking for here?**\n\u003e I make sure the version directives are `confirmed` and, if there are maintainers, that they either appear under `Reviewers` in the PR or have been \"notified\" in a comment.\n\n\n### New homepages only\n\nIf the only changes involve adding or updating `homepage` property(ies), then you can run the `check_homepages.py` script without checking out the PR.\nEach package, its maintainers (or contributors in the last year), and the results of checking for the existence of the homepages will be output.\n\nFor example, suppose you want to check homepage changes for PR #1840:\n\n```\n$ spack-python /path/to/review-helpers/bin/check_homepages.py 1840\n\nbabeltrace2 (minghangli-uni):\n    confirmed homepage: https://babeltrace.org/\n```\n\n\u003e [!NOTE]\n\u003e If the homepage *cannot* been confirmed the output would show as *unconfirmed*.\n\n\u003e [!TIP]\n\u003e **What am I looking for here?**\n\u003e I make sure the homepage is `confirmed` and, if there are maintainers, that they either appear under `Reviewers` in the PR or have been \"notified\" in a comment.\n\n\n### Maintainers only\n\nIf the only changes involved adding or updating maintainers, you can run `spack maintainers \u003cpackage-name\u003e` or use the script.\n\nFor example, if you want a unique list of maintainers for every package in a multi-package PR, like #1855, you could run:\n\n```\n$ spack-python /path/to/review-helpers/bin/check_maints.py 1855\nhypre: balay, liruipeng, oseikuffuor1, rfalgout, victorapm, waynemitchell\nmfem: acfisher, markcmiller86, tzanio, v-dobrev\npalace: cameronrutherford, hughcars, phdum, sbozzolo, simlap\n\nPR #1855: acfisher, balay, cameronrutherford, hughcars, liruipeng, markcmiller86, oseikuffuor1, phdum, rfalgout, sbozzolo, simlap, tzanio, v-dobrev, victorapm, waynemitchell\n```\n\n\u003e [!TIP]\n\u003e **What am I looking for here?**\n\u003e I tend to only use this feature if there are a LOT of packages and I want to know 1) if there is a maintainer to review each package and 2) there is a unique list of maintainers so I can make sure that each either appears under `Reviewers` in the PR or have been \"notified\" in a comment.\n\n\n## Limitations\n\nFor speed, these scripts typically rely on PR differences and the system you are using.\nPRs that customize the version for different platforms -- using dictionaries, for example -- or differences that do not include the `version` part of the directive will not work as expected.\nIn these cases, you will need to rely on the `CI` check to verify versions or\ncheck out the PR and run a suitable tool (e.g., `spack checksum`).\n\n\u003e [!WARNING]\n\u003e None of the currently available tools will check `version` directives for manually downloaded packages.\n\n\n## License\n\nThis project is part of Spack. Spack is distributed under the terms of both the MIT license and the Apache License (Version 2.0). Users may choose either license, at their option.\n\nAll new contributions must be made under both the MIT and Apache-2.0 licenses.\n\nSee [LICENSE-MIT](https://github.com/spack/review-helpers/blob/develop/LICENSE-MIT),\n[LICENSE-APACHE](https://github.com/spack/review-helpers/blob/develop/LICENSE-APACHE),\n[COPYRIGHT](https://github.com/spack/review-helpers/blob/develop/COPYRIGHT), and\n[NOTICE](https://github.com/spack/review-helpers/blob/develop/NOTICE) for details.\n\nSPDX-License-Identifier: (Apache-2.0 OR MIT)\n\nLLNL-CODE-811652\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspack%2Freview-helpers","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fspack%2Freview-helpers","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspack%2Freview-helpers/lists"}