From b76b72dd86f02be536cfa54365ef5ac5740d0b2d Mon Sep 17 00:00:00 2001 From: MCMaurer Date: Tue, 20 Dec 2022 00:45:56 +0000 Subject: [PATCH] [actions] update sandpaper workflow to version 0.11.3 --- .github/workflows/README.md | 33 +++++++++++++------- .github/workflows/pr-comment.yaml | 18 ++++++++--- .github/workflows/pr-post-remove-branch.yaml | 2 +- .github/workflows/pr-preflight.yaml | 4 ++- .github/workflows/pr-receive.yaml | 16 ++++++---- .github/workflows/sandpaper-main.yaml | 4 +-- .github/workflows/sandpaper-version.txt | 2 +- .github/workflows/update-cache.yaml | 26 +++++++-------- .github/workflows/update-workflows.yaml | 10 +++--- 9 files changed, 68 insertions(+), 47 deletions(-) diff --git a/.github/workflows/README.md b/.github/workflows/README.md index cc4a94d..101967e 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -46,8 +46,11 @@ This workflow has two caches; one cache is for the lesson infrastructure and the other is for the the lesson dependencies if the lesson contains rendered content. These caches are invalidated by new versions of the infrastructure and the `renv.lock` file, respectively. If there is a problem with the cache, -manual invaliation is necessary and can be done by setting the `CACHE_VERSION` -secret to the current date. +manual invaliation is necessary. You will need maintain access to the repository +and you can either go to the actions tab and [click on the caches button to find +and invalidate the failing cache](https://github.blog/changelog/2022-10-20-manage-caches-in-your-actions-workflows-from-web-interface/) +or by setting the `CACHE_VERSION` secret to the current date (which will +invalidate all of the caches). ## Updates @@ -86,24 +89,25 @@ will do the following: 1. check the recorded version of sandpaper against the current version on github 2. update the files if there is a difference in versions -After the files are updated, a pull request is created if there are any changes. -Maintainers are encouraged to review the changes and accept the pull request. +After the files are updated, if there are any changes, they are pushed to a +branch called `update/workflows` and a pull request is created. Maintainers are +encouraged to review the changes and accept the pull request if the outputs +are okay. This update is run ~~weekly or~~ on demand. -TODO: - - perform check if a pull request exists before creating pull request - ### 03 Maintain: Update Pacakge Cache (update-cache.yaml) For lessons that have generated content, we use {renv} to ensure that the output is stable. This is controlled by a single lockfile which documents the packages -needed for the lesson and the version numbers. +needed for the lesson and the version numbers. This workflow is skipped in +lessons that do not have generated content. Because the lessons need to remain current with the package ecosystem, it's a good idea to make sure these packages can be updated periodically. The -update cache workflow will do this by checking for updates, applying them and -creating a pull request with _only the lockfile changed_. +update cache workflow will do this by checking for updates, applying them in a +branch called `updates/packages` and creating a pull request with _only the +lockfile changed_. From here, the markdown documents will be rebuilt and you can inspect what has changed based on how the packages have updated. @@ -143,6 +147,11 @@ pull request. GitHub has safeguarded the token used in this workflow to have no priviledges in the repository, but we have taken precautions to protect against spoofing. +This workflow is triggered with every push to a pull request. If this workflow +is already running and a new push is sent to the pull request, the workflow +running from the previous push will be cancelled and a new workflow run will be +started. + The first step of this workflow is to check if it is valid (e.g. that no workflow files have been modified). If there are workflow files that have been modified, a comment is made that indicates that the workflow is not run. If @@ -156,7 +165,7 @@ request. This builds the content and uploads three artifacts: 3. The rendered files (build) Because this workflow builds generated content, it follows the same general -process as the sandpaper-main workflow with the same caching mechanisms. +process as the `sandpaper-main` workflow with the same caching mechanisms. The artifacts produced are used by the next workflow. @@ -172,7 +181,7 @@ The steps in this workflow are: 3. If it is valid: update the pull request comment with the summary of changes Importantly: if the pull request is invalid, the branch is not created so any -malicious code is not published. +malicious code is not published. From here, the maintainer can request changes from the author and eventually either merge or reject the PR. When this happens, if the PR was valid, the diff --git a/.github/workflows/pr-comment.yaml b/.github/workflows/pr-comment.yaml index dff6e26..3a2bbac 100644 --- a/.github/workflows/pr-comment.yaml +++ b/.github/workflows/pr-comment.yaml @@ -8,6 +8,11 @@ on: types: - completed +concurrency: + group: pr-${{ github.event.workflow_run.pull_requests[0].number }} + cancel-in-progress: true + + jobs: # Pull requests are valid if: # - they match the sha of the workflow run head commit @@ -37,7 +42,7 @@ jobs: id: get-pr run: | unzip pr.zip - echo "::set-output name=NUM::$(<./NR)" + echo "NUM=$(<./NR)" >> $GITHUB_OUTPUT - name: "Fail if PR number was not present" id: bad-pr @@ -48,7 +53,9 @@ jobs: - name: "Get Invalid Hashes File" id: hash run: | - echo "::set-output name=json::"$(curl -sL https://files.carpentries.org/invalid-hashes.json) + echo "json<> $GITHUB_OUTPUT - name: "Check PR" id: check-pr if: ${{ steps.dl.outputs.success == 'true' }} @@ -56,6 +63,7 @@ jobs: with: pr: ${{ steps.get-pr.outputs.NUM }} sha: ${{ github.event.workflow_run.head_sha }} + headroom: 3 # if it's within the last three commits, we can keep going, because it's likely rapid-fire invalid: ${{ fromJSON(steps.hash.outputs.json)[github.repository] }} fail_on_error: true @@ -72,7 +80,7 @@ jobs: NR: ${{ needs.test-pr.outputs.number }} steps: - name: 'Checkout md outputs' - uses: actions/checkout@v2.3.4 + uses: actions/checkout@v3 with: ref: md-outputs path: built @@ -98,9 +106,9 @@ jobs: git checkout --orphan md-outputs-PR-${NR} git add -A git commit -m "source commit: ${CURR_HEAD}" - ls -A | grep -v '^.git' | xargs rm -r + ls -A | grep -v '^.git$' | xargs rm -r cd .. - unzip -d built built.zip + unzip -o -d built built.zip cd built git add -A git commit --allow-empty -m "differences for PR #${NR}" diff --git a/.github/workflows/pr-post-remove-branch.yaml b/.github/workflows/pr-post-remove-branch.yaml index 2225f12..338230f 100644 --- a/.github/workflows/pr-post-remove-branch.yaml +++ b/.github/workflows/pr-post-remove-branch.yaml @@ -23,7 +23,7 @@ jobs: id: get-pr run: | unzip pr.zip - echo "::set-output name=NUM::$(<./NUM)" + echo "NUM=$(<./NUM)" >> $GITHUB_OUTPUT - name: 'Remove branch' uses: carpentries/actions/remove-branch@main with: diff --git a/.github/workflows/pr-preflight.yaml b/.github/workflows/pr-preflight.yaml index 47d5b03..496abcd 100644 --- a/.github/workflows/pr-preflight.yaml +++ b/.github/workflows/pr-preflight.yaml @@ -18,7 +18,9 @@ jobs: - name: "Get Invalid Hashes File" id: hash run: | - echo "::set-output name=json::"$(curl -sL https://files.carpentries.org/invalid-hashes.json) + echo "json<> $GITHUB_OUTPUT - name: "Check PR" id: check-pr uses: carpentries/actions/check-valid-pr@main diff --git a/.github/workflows/pr-receive.yaml b/.github/workflows/pr-receive.yaml index 0448e97..0494204 100644 --- a/.github/workflows/pr-receive.yaml +++ b/.github/workflows/pr-receive.yaml @@ -5,6 +5,10 @@ on: types: [opened, synchronize, reopened] +concurrency: + group: ${{ github.ref }} + cancel-in-progress: true + jobs: test-pr: name: "Record PR number" @@ -28,10 +32,12 @@ jobs: - name: "Get Invalid Hashes File" id: hash run: | - echo "::set-output name=json::"$(curl -sL https://files.carpentries.org/invalid-hashes.json) + echo "json<> $GITHUB_OUTPUT - name: "echo output" run: | - echo ${{ steps.hash.outputs.json }} + echo "${{ steps.hash.outputs.json }}" - name: "Check PR" id: check-pr uses: carpentries/actions/check-valid-pr@main @@ -52,10 +58,10 @@ jobs: MD: ${{ github.workspace }}/site/built steps: - name: "Check Out Main Branch" - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: "Check Out Staging Branch" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: ref: md-outputs path: ${{ env.MD }} @@ -68,8 +74,6 @@ jobs: - name: "Set up Pandoc" uses: r-lib/actions/setup-pandoc@v2 - with: - pandoc-version: "2.11.4" - name: "Setup Lesson Engine" uses: carpentries/actions/setup-sandpaper@main diff --git a/.github/workflows/sandpaper-main.yaml b/.github/workflows/sandpaper-main.yaml index 1e5ff0f..e17707a 100644 --- a/.github/workflows/sandpaper-main.yaml +++ b/.github/workflows/sandpaper-main.yaml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout Lesson" - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: "Set up R" uses: r-lib/actions/setup-r@v2 @@ -42,8 +42,6 @@ jobs: - name: "Set up Pandoc" uses: r-lib/actions/setup-pandoc@v2 - with: - pandoc-version: "2.11.4" - name: "Setup Lesson Engine" uses: carpentries/actions/setup-sandpaper@main diff --git a/.github/workflows/sandpaper-version.txt b/.github/workflows/sandpaper-version.txt index 9b40aa6..1a96df1 100644 --- a/.github/workflows/sandpaper-version.txt +++ b/.github/workflows/sandpaper-version.txt @@ -1 +1 @@ -0.10.4 +0.11.3 diff --git a/.github/workflows/update-cache.yaml b/.github/workflows/update-cache.yaml index d16e7a3..69eb2c6 100644 --- a/.github/workflows/update-cache.yaml +++ b/.github/workflows/update-cache.yaml @@ -21,16 +21,16 @@ jobs: - id: check run: | if [[ ${{ github.event_name }} == 'workflow_dispatch' ]]; then - echo "::set-output name=ok::true" + echo "ok=true" >> $GITHUB_OUTPUT echo "Running on request" # using single brackets here to avoid 08 being interpreted as octal # https://github.com/carpentries/sandpaper/issues/250 elif [ `date +%d` -le 7 ]; then # If the Tuesday lands in the first week of the month, run it - echo "::set-output name=ok::true" + echo "ok=true" >> $GITHUB_OUTPUT echo "Running on schedule" else - echo "::set-output name=ok::false" + echo "ok=false" >> $GITHUB_OUTPUT echo "Not Running Today" fi @@ -43,11 +43,11 @@ jobs: needed: ${{ steps.renv.outputs.exists }} steps: - name: "Checkout Lesson" - uses: actions/checkout@v2 + uses: actions/checkout@v3 - id: renv run: | if [[ -d renv ]]; then - echo "::set-output name=exists::true" + echo "exists=true" >> $GITHUB_OUTPUT fi check_token: @@ -76,7 +76,7 @@ jobs: steps: - name: "Checkout Lesson" - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: "Set up R" uses: r-lib/actions/setup-r@v2 @@ -93,17 +93,17 @@ jobs: - name: Create Pull Request id: cpr if: ${{ steps.update.outputs.n > 0 }} - uses: peter-evans/create-pull-request@v3.10.0 + uses: peter-evans/create-pull-request@v4.2.0 with: token: ${{ secrets.SANDPAPER_WORKFLOW }} delete-branch: true - branch: "update-${{ steps.update.outputs.n }}-packages-${{ steps.update.outputs.date }}" + branch: "update/packages" commit-message: "[actions] update ${{ steps.update.outputs.n }} packages" title: "Update ${{ steps.update.outputs.n }} packages" body: | :robot: This is an automated build - This will update the following package versions in your lesson: + This will update ${{ steps.update.outputs.n }} packages in your lesson with the following versions: ``` ${{ steps.update.outputs.report }} @@ -114,12 +114,12 @@ jobs: If you want to inspect these changes locally, you can use the following code to check out a new branch: ```bash - git fetch origin update-${{ steps.update.outputs.n }}-packages-${{ steps.update.outputs.date }} - git checkout update-${{ steps.update.outputs.n }}-packages-${{ steps.update.outputs.date }} + git fetch origin update/packages + git checkout update/packages ``` - - Auto-generated by [create-pull-request][1] via ${{ github.event.inputs.name }} + - Auto-generated by [create-pull-request][1] on ${{ steps.update.outputs.date }} [1]: https://github.com/peter-evans/create-pull-request - labels: "type:package cache" + labels: "type: package cache" draft: false diff --git a/.github/workflows/update-workflows.yaml b/.github/workflows/update-workflows.yaml index 1dbf438..8f2a4b1 100644 --- a/.github/workflows/update-workflows.yaml +++ b/.github/workflows/update-workflows.yaml @@ -36,7 +36,7 @@ jobs: if: ${{ needs.check_token.outputs.workflow == 'true' }} steps: - name: "Checkout Repository" - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Update Workflows id: update @@ -47,11 +47,11 @@ jobs: - name: Create Pull Request id: cpr if: "${{ steps.update.outputs.new }}" - uses: peter-evans/create-pull-request@v3.10.0 + uses: peter-evans/create-pull-request@v4.2.0 with: token: ${{ secrets.SANDPAPER_WORKFLOW }} delete-branch: true - branch: "update-workflows-version-${{ steps.update.outputs.new }}" + branch: "update/workflows" commit-message: "[actions] update sandpaper workflow to version ${{ steps.update.outputs.new }}" title: "Update Workflows to Version ${{ steps.update.outputs.new }}" body: | @@ -59,8 +59,8 @@ jobs: Update Workflows from sandpaper version ${{ steps.update.outputs.old }} -> ${{ steps.update.outputs.new }} - - Auto-generated by [create-pull-request][1] via ${{ github.event.inputs.name }} + - Auto-generated by [create-pull-request][1] on ${{ steps.update.outputs.date }} [1]: https://github.com/peter-evans/create-pull-request - labels: "type:template and tools" + labels: "type: template and tools" draft: false