From fb620e4915034635ec0f09a63cb9ff0f699c949b Mon Sep 17 00:00:00 2001 From: jaimergp Date: Mon, 6 May 2024 10:26:00 +0200 Subject: [PATCH 1/3] pin github actions --- .github/workflows/autoupdate.yml | 10 +-- .github/workflows/ci.yml | 124 ++++++++++++++-------------- .github/workflows/conda_release.yml | 8 +- .github/workflows/docs.yml | 10 +-- .github/workflows/lint.yml | 6 +- 5 files changed, 79 insertions(+), 79 deletions(-) diff --git a/.github/workflows/autoupdate.yml b/.github/workflows/autoupdate.yml index 41e2de02..6ff7c2d3 100644 --- a/.github/workflows/autoupdate.yml +++ b/.github/workflows/autoupdate.yml @@ -1,15 +1,15 @@ name: Auto-update mamba on: - schedule: - - cron: "0 */6 * * *" + schedule: + - cron: "0 */6 * * *" jobs: createPullRequest: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 with: ssh-key: ${{ secrets.MINIFORGE_AUTOUPDATE_SSH_PRIVATE_KEY }} - - uses: conda-incubator/setup-miniconda@v3.0.4 + - uses: conda-incubator/setup-miniconda@a4260408e20b96e80095f42ff7f1a15b27dd94ca # v3.0.4 with: miniforge-variant: Miniforge3 environment-file: .github/actions/autoupdate/environment.yml @@ -17,7 +17,7 @@ jobs: - name: Create Pull Request id: cpr # This is the v3 tag but for security purposes we pin to the exact commit. - uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e + uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # 6d6857d36972b65feb161a90e484f2984215f83e with: commit-message: "Update mamba version" title: "Update mamba version" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ea37bf6f..ecd9973f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,5 +1,5 @@ name: Build miniforge -on: [push, pull_request] +on: [ push, pull_request ] jobs: build: @@ -186,64 +186,64 @@ jobs: TEST_IMAGE_NAMES: "centos:7" steps: - - name: Checkout code - uses: actions/checkout@v4 - - - uses: conda-incubator/setup-miniconda@v3.0.4 - with: - miniforge-version: "latest" - miniforge-variant: Mambaforge - use-mamba: true - if: ${{ ! contains(matrix.OS_NAME, 'Linux') }} - - - name: Build and test miniforge - env: - ARCH: ${{ matrix.ARCH }} - MINIFORGE_NAME: ${{ matrix.MINIFORGE_NAME }} - OS_NAME: ${{ matrix.OS_NAME }} - DOCKERIMAGE: ${{ matrix.DOCKERIMAGE }} - DOCKER_ARCH: ${{ matrix.DOCKER_ARCH }} - TARGET_PLATFORM: ${{ matrix.TARGET_PLATFORM }} - TEST_IMAGE_NAMES: ${{ matrix.TEST_IMAGE_NAMES }} - run: | - if [[ "$GITHUB_REF" == refs/tags/* ]]; then - export MINIFORGE_VERSION=${GITHUB_REF##*/}; - fi - if [[ "$OS_NAME" == "Linux" ]]; then - export EXT=sh - bash build_miniforge.sh; - fi - if [[ "$OS_NAME" == "MacOSX" ]]; then - export EXT=sh - bash build_miniforge_osx.sh; - fi - if [[ "$OS_NAME" == "Windows" ]]; then - export EXT=exe - echo "WINDIR:$WINDIR" - source "${CONDA}"/Scripts/activate; - source build_miniforge_win.sh; - fi - # Copy for latest release - cp build/$MINIFORGE_NAME-*-$OS_NAME-$ARCH.$EXT build/$MINIFORGE_NAME-$OS_NAME-$ARCH.$EXT - if [[ "$OS_NAME" == "MacOSX" ]]; then - cp build/$MINIFORGE_NAME-*-$OS_NAME-$ARCH.$EXT build/$MINIFORGE_NAME-Darwin-$ARCH.$EXT - fi - ls -alh build - shell: bash - - - name: Upload miniforge to Github artifact - if: always() - uses: actions/upload-artifact@v4 - with: - path: build/${{ matrix.MINIFORGE_NAME }}-${{ matrix.OS_NAME }}-${{ matrix.ARCH }}* - name: ${{ matrix.MINIFORGE_NAME }}-${{ matrix.OS_NAME }}-${{ matrix.ARCH }} - - - name: Upload miniforge to release - uses: svenstaro/upload-release-action@v2 - with: - repo_token: ${{ secrets.GITHUB_TOKEN }} - file: build/M*forge* - tag: ${{ github.ref }} - overwrite: true - file_glob: true - if: startsWith(github.ref, 'refs/tags/') + - name: Checkout code + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 + + - uses: conda-incubator/setup-miniconda@a4260408e20b96e80095f42ff7f1a15b27dd94ca # v3.0.4 + with: + miniforge-version: "latest" + miniforge-variant: Mambaforge + use-mamba: true + if: ${{ ! contains(matrix.OS_NAME, 'Linux') }} + + - name: Build and test miniforge + env: + ARCH: ${{ matrix.ARCH }} + MINIFORGE_NAME: ${{ matrix.MINIFORGE_NAME }} + OS_NAME: ${{ matrix.OS_NAME }} + DOCKERIMAGE: ${{ matrix.DOCKERIMAGE }} + DOCKER_ARCH: ${{ matrix.DOCKER_ARCH }} + TARGET_PLATFORM: ${{ matrix.TARGET_PLATFORM }} + TEST_IMAGE_NAMES: ${{ matrix.TEST_IMAGE_NAMES }} + run: | + if [[ "$GITHUB_REF" == refs/tags/* ]]; then + export MINIFORGE_VERSION=${GITHUB_REF##*/}; + fi + if [[ "$OS_NAME" == "Linux" ]]; then + export EXT=sh + bash build_miniforge.sh; + fi + if [[ "$OS_NAME" == "MacOSX" ]]; then + export EXT=sh + bash build_miniforge_osx.sh; + fi + if [[ "$OS_NAME" == "Windows" ]]; then + export EXT=exe + echo "WINDIR:$WINDIR" + source "${CONDA}"/Scripts/activate; + source build_miniforge_win.sh; + fi + # Copy for latest release + cp build/$MINIFORGE_NAME-*-$OS_NAME-$ARCH.$EXT build/$MINIFORGE_NAME-$OS_NAME-$ARCH.$EXT + if [[ "$OS_NAME" == "MacOSX" ]]; then + cp build/$MINIFORGE_NAME-*-$OS_NAME-$ARCH.$EXT build/$MINIFORGE_NAME-Darwin-$ARCH.$EXT + fi + ls -alh build + shell: bash + + - name: Upload miniforge to Github artifact + if: always() + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4 + with: + path: build/${{ matrix.MINIFORGE_NAME }}-${{ matrix.OS_NAME }}-${{ matrix.ARCH }}* + name: ${{ matrix.MINIFORGE_NAME }}-${{ matrix.OS_NAME }}-${{ matrix.ARCH }} + + - name: Upload miniforge to release + uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: build/M*forge* + tag: ${{ github.ref }} + overwrite: true + file_glob: true + if: startsWith(github.ref, 'refs/tags/') diff --git a/.github/workflows/conda_release.yml b/.github/workflows/conda_release.yml index f5b67f5a..df67a3c9 100644 --- a/.github/workflows/conda_release.yml +++ b/.github/workflows/conda_release.yml @@ -1,16 +1,16 @@ name: Check for new conda releases on: - schedule: - - cron: "0 */6 * * *" + schedule: + - cron: "0 */6 * * *" jobs: check_conda_release: name: "Check for release and open issue" runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 - name: Run Actions script - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 with: script: | const script = require(`${process.env.GITHUB_WORKSPACE}/.github/workflows/conda_release.js`) diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 26b9070d..18927cec 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -1,5 +1,5 @@ name: Build docs -on: [push, pull_request] +on: [ push, pull_request ] jobs: docs: runs-on: ubuntu-20.04 @@ -7,15 +7,15 @@ jobs: run: shell: bash -l {0} steps: - - uses: actions/checkout@v4 - - uses: conda-incubator/setup-miniconda@v3.0.4 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 + - uses: conda-incubator/setup-miniconda@a4260408e20b96e80095f42ff7f1a15b27dd94ca # v3.0.4 - run: python -m pip install -r docs/requirements.txt - run: python docs/releases.py - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4 with: path: build/docs name: docs - - uses: peaceiris/actions-gh-pages@v3 + - uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # v3 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: build/docs/all-releases diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index f79397fc..1a675aed 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,5 +1,5 @@ name: Lint -on: [pull_request] +on: [ pull_request ] jobs: lint: runs-on: ubuntu-latest @@ -7,9 +7,9 @@ jobs: run: shell: bash -l {0} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 - name: Setup Miniconda - uses: conda-incubator/setup-miniconda@v3.0.4 + uses: conda-incubator/setup-miniconda@a4260408e20b96e80095f42ff7f1a15b27dd94ca # v3.0.4 - name: Install dependencies run: | conda install -c conda-forge shellcheck From f000ea66fb019e2b99298bc8a5438a6bab9863c5 Mon Sep 17 00:00:00 2001 From: jaimergp Date: Mon, 6 May 2024 13:58:48 +0200 Subject: [PATCH 2/3] Group dependabot --- .github/dependabot.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5ace4600..f6b3d085 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,3 +4,7 @@ updates: directory: "/" schedule: interval: "weekly" + groups: + github-actions: + patterns: + - '*' From f104afc70834d064263e427acd299b08e0976c87 Mon Sep 17 00:00:00 2001 From: jaimergp Date: Mon, 6 May 2024 14:50:02 +0200 Subject: [PATCH 3/3] Update .github/workflows/autoupdate.yml --- .github/workflows/autoupdate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/autoupdate.yml b/.github/workflows/autoupdate.yml index 6ff7c2d3..286c04c8 100644 --- a/.github/workflows/autoupdate.yml +++ b/.github/workflows/autoupdate.yml @@ -17,7 +17,7 @@ jobs: - name: Create Pull Request id: cpr # This is the v3 tag but for security purposes we pin to the exact commit. - uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # 6d6857d36972b65feb161a90e484f2984215f83e + uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 with: commit-message: "Update mamba version" title: "Update mamba version"