[PATCH] Various improvements to CI/CD (- WIP #338 -)

Additions with file .github/actions/fetch-test-reporter/action.yml:
 * implemented fetch action of GHI #130

Additions with file .github/tools/fetch-test-reporter:
 * added submodule for implementing GHI #130

Additions with file .gitmodules:
 * added submodule for implementing GHI #130

Changes in file .github/workflows/Tests.yml:
 * minor tweaks
 * related work

Changes in file tests/check_pip:
 * followup improvements related to fixing GHI #400
 * refactor cioutput usage to hopefully handle venv stuff
 * Implement handling traversing git directories and venv
 * Add possible alternitive apache-2 license label to allowed list

Author: reactive-firewall

.github/actions/checkout-and-rebuild/action.yml

@@ -63,6 +63,7 @@ runs:
       with:
         persist-credentials: false
         fetch-depth: 0
+        submodules: true
         path: ${{ inputs.path }}
         repository: reactive-firewall/multicast
         token: ${{ inputs.token }}

.github/actions/fetch-test-reporter/action.yml

@@ -0,0 +1,77 @@
+---
+name: 'Fetch Code Coverage Tools'
+description: 'Fetch various Code Coverage tools'
+author: 'Mr. Walls'
+branding:
+  icon: 'download-cloud'
+  color: 'blue'
+inputs:
+  token:
+    description: |
+      The token used to authenticate when performing GitHub API operations.
+      When running this action on github.com, the default value is sufficient. When running on
+      GHES, you can pass a personal access token for github.com if you are experiencing
+      rate limiting.
+    default: ${{ github.server_url == 'https://github.com' && github.token || '' }}
+    required: true
+outputs:
+  sha:
+    description: "The SHA of the commit checked-out"
+    value: ${{ steps.output_sha.outputs.sha || 'HEAD' }}
+  can_fetch:
+    description: "Can the fetch tool even be used?"
+    value: ${{ steps.output_can_fetch.outputs.can_fetch || 'false' }}
+  status:
+    description: "The outcome of the fetch test reporter action."
+    value: ${{ steps.fetch_outcome.outputs.status || 'cancelled' }}
+
+runs:
+  using: composite
+  steps:
+    - name: "Calculate Commit SHA"
+      id: output_sha
+      shell: bash
+      run: |
+        printf "sha=%s\n" $(git rev-parse --verify HEAD) >> "$GITHUB_OUTPUT"
+        printf "FETCH_SHA=%s\n" $(git rev-parse --verify HEAD) >> "$GITHUB_ENV"
+    - name: "Check has Fetch Tool"
+      id: output_can_fetch
+      shell: bash
+      run: |
+        if [[ -x ${{ github.workspace }}/.github/tools/fetch-test-reporter/fetch-test-reporter ]] ; then
+          printf "can_fetch=true\n" >> "$GITHUB_OUTPUT"
+          printf "::debug::%s\n" "Found ${{ github.workspace }}/.github/tools/fetch-test-reporter/fetch-test-reporter"
+        else
+          printf "::warning, title='Missing tool':: %s\n" "Can't find fetch-test-reporter tool."
+          printf "can_fetch=false\n" >> "$GITHUB_OUTPUT"
+        fi
+    - name: "Install test reporter tools on ${{ runner.os }}"
+      id: fetch-test-reporter-main
+      if: ${{ !cancelled() && (steps.output_can_fetch.outputs.can_fetch == 'true') && (runner.os != 'Windows') && (github.repository == 'reactive-firewall/multicast') }}
+      shell: bash
+      env:
+        CODECLIMATE_REPO_TOKEN: ${{ github.server_url == 'https://github.com' && secrets.CODECLIMATE_TOKEN || '' }}
+        CC_TEST_REPORTER_ID: ${{ github.server_url == 'https://github.com' && secrets.CC_TEST_REPORTER_ID || '' }}
+        DEEPSOURCE_DSN: ${{ github.server_url == 'https://github.com' && secrets.DEEPSOURCE_DSN || '' }}
+      run: |
+        ${{ github.workspace }}/.github/tools/fetch-test-reporter/fetch-test-reporter || exit $?
+    - name: "Evaluate Fetch Task"
+      id: fetch_outcome
+      if: ${{ !cancelled() }}
+      shell: bash
+      run: |
+         if [[ "${{ steps.output_can_fetch.outputs.can_fetch }}" == "true" ]] ; then
+          if [[ "${{ steps.fetch-test-reporter-main.outcome }}" == "success" ]] ; then
+            THE_RESULT="success"
+          else
+            THE_RESULT="failure"
+          fi
+        else
+          THE_RESULT="skipped"
+        fi
+        printf "status=%s\n" "${THE_RESULT}" >> "$GITHUB_OUTPUT"
+        if [[ "${THE_RESULT}" == "failure" ]] ; then
+          exit 1
+        else
+          exit 0
+        fi

.github/tools/fetch-test-reporter

@@ -84,6 +84,7 @@ jobs:
           run-id: ${{ steps.get_trigger_id.outputs.trigger_id }}
       - name: "move into place"
         id: load_build_info
+        if: ${{ (github.repository == 'reactive-firewall/multicast') && success() }}
         run: |
           mv -vf "multicast-info.txt/multicast-info.txt" ./"multicast-info-tmp.txt" ;
           wait ;
@@ -137,23 +138,11 @@ jobs:
         build-run-id: ${{ needs.check_mats.outputs.build_id }}
         python-version: ${{ matrix.python-version }}
         path: ${{ github.workspace }}
-    - name: Install code-climate tools for ${{ matrix.python-version }} on ${{ matrix.os }}
-      if: ${{ !cancelled() && runner.os == 'Linux' }}
-      shell: bash
-      env:
-        CODECLIMATE_REPO_TOKEN: ${{ secrets.CODECLIMATE_TOKEN }}
-        CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
-      run: |
-        curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter || true ;
-        chmod +x ./cc-test-reporter 2>/dev/null || true ;
-        ./cc-test-reporter before-build || true ;
-    - name: Install deepsource tools for ${{ matrix.python-version }} on ${{ matrix.os }}
-      if: ${{ !cancelled() && runner.os == 'Linux' }}
-      shell: bash
-      env:
-        DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }}
-      run: |
-        (curl https://deepsource.io/cli | sh) || true ;
+    - name: Install coverage tools for ${{ matrix.python-version }} on ${{ matrix.os }}
+      id: fetch-test-tools
+      uses: ./.github/actions/fetch-test-reporter
+      with:
+        token: ${{ github.server_url == 'https://github.com' && github.token || '' }}
     - name: Pre-Clean
       id: clean
       run: make -j1 -f Makefile clean || true ;
@@ -194,7 +183,7 @@ jobs:
         path: ./test-reports/
         if-no-files-found: ignore
     - name: code-climate for ${{ matrix.python-version }} on ${{ matrix.os }}
-      if: ${{ !cancelled() && runner.os == 'Linux' }}
+      if: ${{ !cancelled() && runner.os != 'Windows' }}
       shell: bash
       env:
         CODECLIMATE_REPO_TOKEN: ${{ secrets.CODECLIMATE_TOKEN }}

.github/workflows/Tests.yml

@@ -0,0 +1,4 @@
+[submodule "fetch-test-reporter"]
+	path = .github/tools/fetch-test-reporter
+	url = https://gist.github.com/c718380a1747d43dda1519167fc50ac0.git
+	ignore = dirty

.gitmodules

@@ -168,7 +168,6 @@ else
 fi
 check_command pip-licenses ;
 check_command shlock ;
-
 # Set default exitcode to failure until sure we won't need to abort
 EXIT_CODE=1
 
@@ -224,13 +223,33 @@ function handle_signals() {
 handle_signals
 
 # lazy defined variables should be defined now that this is the only script instance.
+# identify git root
+if GIT_ROOT_DIR=$(git rev-parse --show-superproject-working-tree 2>/dev/null); then
+	if [ -z "${GIT_ROOT_DIR}" ]; then
+		GIT_ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null)
+	fi
+else
+		python3 -B .github/tools/cioutput.py -l error --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "FAIL" "Missing valid repository or source structure." >&2
+	EXIT_CODE=40
+fi
+
+CIOUTPUT_PY=".github/tools/cioutput.py"
+# check for tool by full path
+if [[ ( -r ${GIT_ROOT_DIR}/.github/tools/cioutput.py ) ]] ; then
+	# set absolute path to .github/tools/cioutput.py
+	CIOUTPUT_PY=${GIT_ROOT_DIR}/.github/tools/cioutput.py
+else
+	python3 -B .github/tools/cioutput.py -l info --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "SKIP" "Required CI Output tool can not be found." >&2 ;
+	EXIT_CODE=126
+fi
+
 
 # set the script-file to check_pip
 SCRIPT_FILE="tests/check_pip"
 # Set pip-audit options
 AUDIT_OPTIONS="--progress-spinner off --desc on --requirement"
 # List of Allowed Licenses delimited by semicolon ;
-ALLOW_LICENSES="Public Domain;Apache Software License;MIT License;BSD License;Python Software Foundation License;The Unlicense (Unlicense);Mozilla Public License 2.0 (MPL 2.0);"
+ALLOW_LICENSES="Public Domain;Apache Software License;Apache-2.0;MIT License;BSD License;Python Software Foundation License;The Unlicense (Unlicense);Mozilla Public License 2.0 (MPL 2.0);"
 # Set pip-licenses options
 LICENSE_OPTIONS="--from=mixed"
 # Set pip options
@@ -244,10 +263,12 @@ else
 	PIP_ENV_FLAGS=""
 	LICENSE_OPTIONS="${LICENSE_OPTIONS} --ignore-packages chardet"
 fi ;
+# urllib is licensed under MIT, but reports "UNKNOWN"
+LICENSE_OPTIONS="${LICENSE_OPTIONS} --ignore-packages urllib3"
 # Enable auto-fix if '--fix' argument is provided
 if [[ "$1" == "--fix" ]]; then
 	AUDIT_OPTIONS="--fix --strict ${AUDIT_OPTIONS}"
-	python3 -B .github/tools/cioutput.py --log-level debug -l debug "Auto-fix enabled."
+	python3 -B "${CIOUTPUT_PY}" --log-level debug -l debug "Auto-fix enabled."
 fi
 
 # lazy defined functions should be defined now that this is the only script instance.
@@ -258,7 +279,7 @@ function setup_venv() {
 	local temp_dir
 	# relax umask to allow mktemp and venv
 	umask 007
-	python3 -B .github/tools/cioutput.py --log-level debug -l debug "need venv ..."
+	python3 -B "${CIOUTPUT_PY}" --log-level debug -l debug "need venv ..."
 	# Create a temporary directory for the virtual environment
 	temp_dir=$(mktemp -d)
 	TEMP_DIRS="${TEMP_DIRS} ${temp_dir}" ;
@@ -300,42 +321,42 @@ function install_package() {
 	local pkg="$1"
 	# shellcheck disable=SC2086
 	if ! python3 -m pip install $PIP_COMMON_FLAGS $PIP_ENV_FLAGS "${pkg}"; then
-		python3 -B .github/tools/cioutput.py -l warning --file "${req_file}" --title "PIP" "Failed to install ${pkg}" >&2 ;
+		python3 -B "${CIOUTPUT_PY}" -l warning --file "${req_file}" --title "PIP" "Failed to install ${pkg}" >&2 ;
 		return 6
 	fi
 	return 0
 }
 
 # === Utilities ===
 function report_summary() {
-	python3 -B .github/tools/cioutput.py --group "Results" ;
+	python3 -B "${CIOUTPUT_PY}" --group "Results" ;
 	# Improved reporting based on EXIT_CODE
 	case "${EXIT_CODE}" in
-		0) python3 -B .github/tools/cioutput.py -l info --file "${SCRIPT_FILE}" --title "OK" "OK: Found no detected requirements errors." ;;
-		1) python3 -B .github/tools/cioutput.py -l error --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "CHECK-PIP" "FAIL: General failure during script execution." >&2 ;;
-		3) python3 -B .github/tools/cioutput.py -l error --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "CONFIGURATION" "FAIL: Gathering repostory's requirements failed." >&2 ;;  # git ls-tree command failed
-		4) python3 -B .github/tools/cioutput.py -l critical --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "SECURITY" "FAIL: pip-audit detected security vulnerabilities." >&2 ;;
-		5) python3 -B .github/tools/cioutput.py -l error --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "LICENSE" "FAIL: pip-licenses detected license issues." >&2 ;;
-		6) python3 -B .github/tools/cioutput.py -l error --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "INSTALL" "FAIL: pip install failed." >&2 ;;
-		126) python3 -B .github/tools/cioutput.py -l warning --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "SKIPPED" "SKIP: Unable to continue script execution." >&2 ;;
-		*) python3 -B .github/tools/cioutput.py -l error --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "FAILED" "FAIL: Detected requirements errors." >&2 ;;
+		0) python3 -B "${CIOUTPUT_PY}" -l info --file "${SCRIPT_FILE}" --title "OK" "OK: Found no detected requirements errors." ;;
+		1) python3 -B "${CIOUTPUT_PY}" -l error --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "CHECK-PIP" "FAIL: General failure during script execution." >&2 ;;
+		3) python3 -B "${CIOUTPUT_PY}" -l error --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "CONFIGURATION" "FAIL: Gathering repostory's requirements failed." >&2 ;;  # git ls-tree command failed
+		4) python3 -B "${CIOUTPUT_PY}" -l critical --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "SECURITY" "FAIL: pip-audit detected security vulnerabilities." >&2 ;;
+		5) python3 -B "${CIOUTPUT_PY}" -l error --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "LICENSE" "FAIL: pip-licenses detected license issues." >&2 ;;
+		6) python3 -B "${CIOUTPUT_PY}" -l error --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "INSTALL" "FAIL: pip install failed." >&2 ;;
+		126) python3 -B "${CIOUTPUT_PY}" -l warning --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "SKIPPED" "SKIP: Unable to continue script execution." >&2 ;;
+		*) python3 -B "${CIOUTPUT_PY}" -l error --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "FAILED" "FAIL: Detected requirements errors." >&2 ;;
 	esac
-	python3 -B .github/tools/cioutput.py --group ;
+	python3 -B "${CIOUTPUT_PY}" --group ;
 }
 
 function navigate_dirs_by_git() {
-	if _TEST_ROOT_DIR=$(git rev-parse --show-superproject-working-tree 2>/dev/null); then
-		if [ -z "${_TEST_ROOT_DIR}" ]; then
-			_TEST_ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null)
-			if [ -z "${_TEST_ROOT_DIR}" ]; then
-				python3 -B .github/tools/cioutput.py -l error --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "${FUNCNAME:-$0}" "FAIL: Could not determine repository root" >&2
+	if GIT_ROOT_DIR=$(git rev-parse --show-superproject-working-tree 2>/dev/null); then
+		if [ -z "${GIT_ROOT_DIR}" ]; then
+			GIT_ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null)
+			if [ -z "${GIT_ROOT_DIR}" ]; then
+				python3 -B "${CIOUTPUT_PY}" -l error --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "${FUNCNAME:-$0}" "FAIL: Could not determine repository root" >&2
 				EXIT_CODE=40
 				return ${EXIT_CODE}
 			fi
 		fi
-		python3 -B .github/tools/cioutput.py --log-level debug -l debug "Found ${_TEST_ROOT_DIR} ..." ;
+		python3 -B "${CIOUTPUT_PY}" --log-level debug -l debug "Found ${GIT_ROOT_DIR} ..." ;
 	else
-		python3 -B .github/tools/cioutput.py -l error --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "${FUNCNAME:-$0}" "FAIL: missing valid repository or source structure" >&2
+		python3 -B "${CIOUTPUT_PY}" -l error --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "${FUNCNAME:-$0}" "FAIL: missing valid repository or source structure" >&2
 		EXIT_CODE=40
 		return ${EXIT_CODE}
 	fi
@@ -351,23 +372,23 @@ function check_package_licenses() {
 	# move into a venv
 	setup_venv ; SUB_CODE=$? ;
 	wait ;
-	python3 -B .github/tools/cioutput.py --log-level debug -l debug "venv setup ... (${SUB_CODE})" ;
+	python3 -B "${CIOUTPUT_PY}" --log-level debug -l debug "venv setup ... (${SUB_CODE})" ;
 	# Install pip-licenses
 	install_package "pip-licenses>=5.0" || SUB_CODE=6 ;
 	wait ;
 	local pkg
 	# Install the given Python modules using pip
 	# shellcheck disable=SC2086
 	for pkg in ${packages} ; do
-		python3 -B .github/tools/cioutput.py --log-level debug -l debug "Checking license from package '${pkg}' ..." ;
-		REQ_SPEC=$(grep -F -- "${pkg}" <(cat <"${_TEST_ROOT_DIR}"/$req_file | sed -E -e '/^[[:space:]]*$/d' | sed -E -e '/^[#]+.*$/d') | grep -m1 -F -- "${pkg}" )
+		python3 -B "${CIOUTPUT_PY}" --log-level debug -l debug "Checking license from package '${pkg}' ..." ;
+		REQ_SPEC=$(grep -F -- "${pkg}" <(cat <"${GIT_ROOT_DIR}"/$req_file | sed -E -e '/^[[:space:]]*$/d' | sed -E -e '/^[#]+.*$/d') | grep -m1 -F -- "${pkg}" )
 		ERR_MSG="pip install '${pkg}' failed for $req_file." ;
 		if [[ ("${SUB_CODE}" -eq 0) ]] && install_package "${REQ_SPEC};" 2>/dev/null ;
 		then
-			python3 -B .github/tools/cioutput.py --log-level debug -l debug "Fetched license from package '${pkg}' ..." ;
+			python3 -B "${CIOUTPUT_PY}" --log-level debug -l debug "Fetched license from package '${pkg}' ..." ;
 		else
 			[[ ("${SUB_CODE}" -eq 0) ]] && SUB_CODE=6 && \
-			python3 -B .github/tools/cioutput.py -l warning --file "${req_file}" --line 1 --col 1 --title "PIP" "${ERR_MSG}" >&2
+			python3 -B "${CIOUTPUT_PY}" -l warning --file "${req_file}" --line 1 --col 1 --title "PIP" "${ERR_MSG}" >&2
 		fi
 		unset ERR_MSG 2>/dev/null || : ;
 	done
@@ -380,51 +401,52 @@ function check_package_licenses() {
 	return "${SUB_CODE}"
 }
 
-# THIS IS THE ACTUAL TEST DIR USED (update _TEST_ROOT_DIR as needed)
-_TEST_ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null) ;
+# THIS IS THE ACTUAL TEST DIR USED (update GIT_ROOT_DIR as needed)
+GIT_ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null) ;
 navigate_dirs_by_git
 
 if [[ ("${EXIT_CODE}" -eq 0) ]] ; then
 
-	python3 -B .github/tools/cioutput.py --log-level debug -l debug "Reading from repository ${_TEST_ROOT_DIR} ..." ;
+	python3 -B "${CIOUTPUT_PY}" --log-level debug -l debug "Reading from repository ${GIT_ROOT_DIR} ..." ;
 	# Get a list of files to check using git ls-tree with filtering (and careful shell globing)
-	FILES_TO_CHECK=$(git ls-tree -r --full-tree --name-only HEAD -- "${_TEST_ROOT_DIR}"/test/requirements.txt "${_TEST_ROOT_DIR}"/*-requirements.txt "${_TEST_ROOT_DIR}/requirements.txt" 2>/dev/null) || EXIT_CODE=3 ;
-	[[ ( $EXIT_CODE -eq 0 ) ]] || { python3 -B .github/tools/cioutput.py -l error --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "GIT" "Failed to list requirements files using git ls-tree" >&2 ;}
+	FILES_TO_CHECK=$(git ls-tree -r --full-tree --name-only HEAD -- "${GIT_ROOT_DIR}"/test/requirements.txt "${GIT_ROOT_DIR}"/*-requirements.txt "${GIT_ROOT_DIR}/requirements.txt" 2>/dev/null) || EXIT_CODE=3 ;
+	[[ ( $EXIT_CODE -eq 0 ) ]] || { python3 -B "${CIOUTPUT_PY}" -l error --file "${SCRIPT_FILE}" --line ${BASH_LINENO:-0} --title "GIT" "Failed to list requirements files using git ls-tree" >&2 ;}
 
 	if [[ ("${EXIT_CODE}" -eq 0) ]] ; then
 		# THIS IS THE ACTUAL TEST
-		python3 -B .github/tools/cioutput.py --log-level debug -l debug "Starting checks ..." ;
+		python3 -B "${CIOUTPUT_PY}" --log-level debug -l debug "Starting checks ..." ;
 		# Iterate over files and run checks
 		for req_file in ${FILES_TO_CHECK} ; do
-			python3 -B .github/tools/cioutput.py --group "Checking ${req_file}" ;
+			python3 -B "${CIOUTPUT_PY}" --group "Checking ${req_file}" ;
 			if [[ ( -x $(command -v pip-audit) ) ]] && [[ ("${EXIT_CODE}" -eq 0) ]] ; then
-				python3 -B .github/tools/cioutput.py --log-level debug -l debug "Auditing ${req_file} for security vulnerabilities ..."
+				python3 -B "${CIOUTPUT_PY}" --log-level debug -l debug "Auditing ${req_file} for security vulnerabilities ..."
 				# shellcheck disable=SC2086
 				{ pip-audit $AUDIT_OPTIONS "${req_file}" || EXIT_CODE=4 ;} ; wait ;
 			fi ;
 			if [[ ("${EXIT_CODE}" -eq 0) ]] ; then
-				python3 -B .github/tools/cioutput.py --log-level debug -l debug "Checking licenses in $req_file ..." ;
+				python3 -B "${CIOUTPUT_PY}" --log-level debug -l debug "Checking licenses in $req_file ..." ;
 				# filter for only pkg from requirements file
 				check_package_licenses "$req_file" ; EXIT_CODE=$?
 			else
-				python3 -B .github/tools/cioutput.py -l error --file "${req_file}" --line 1 --title "REQUIREMENTS" "FAIL: Found requirements errors." >&2 ;
+				python3 -B "${CIOUTPUT_PY}" -l error --file "${req_file}" --line 1 --title "REQUIREMENTS" "FAIL: Found requirements errors." >&2 ;
 			fi
-			python3 -B .github/tools/cioutput.py --group ;
+			python3 -B "${CIOUTPUT_PY}" --group ;
 		done
 	fi
 
-	python3 -B .github/tools/cioutput.py --log-level debug -l debug "Summary reporting ..." ;
+	python3 -B "${CIOUTPUT_PY}" --log-level debug -l debug "Summary reporting ..." ;
 	report_summary
 fi
 
-python3 -B .github/tools/cioutput.py --log-level debug -l debug "Cleaning up ..." ;
+python3 -B "${CIOUTPUT_PY}" --log-level debug -l debug "Cleaning up ..." ;
 cleanup || rm -f "${LOCK_FILE}" 2>/dev/null || : ;
 
 # unset when done
-unset _TEST_ROOT_DIR 2>/dev/null || : ;
+unset GIT_ROOT_DIR 2>/dev/null || : ;
 unset AUDIT_OPTIONS 2>/dev/null || : ;
 unset ALLOW_LICENSES 2>/dev/null || : ;
 unset LICENSE_OPTIONS 2>/dev/null || : ;
+unset CIOUTPUT_PY 2>/dev/null || : ;
 
 wait ;
 python3 -B .github/tools/cioutput.py --log-level debug -l debug "Check-pip done." ;