From f14faaa030b35cb048c836a32beaee7b05f87f15 Mon Sep 17 00:00:00 2001 From: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> Date: Wed, 12 Jun 2024 15:28:18 +0200 Subject: [PATCH 01/16] Add image source to docker file Signed-off-by: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> --- mex-{{ cookiecutter.project_name }}/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/mex-{{ cookiecutter.project_name }}/Dockerfile b/mex-{{ cookiecutter.project_name }}/Dockerfile index 8529491..69814a1 100644 --- a/mex-{{ cookiecutter.project_name }}/Dockerfile +++ b/mex-{{ cookiecutter.project_name }}/Dockerfile @@ -5,6 +5,7 @@ FROM python:3.11 as base LABEL org.opencontainers.image.authors="RKI MEx Team " LABEL org.opencontainers.image.description="{{ cookiecutter.short_summary }}" LABEL org.opencontainers.image.licenses="MIT" +LABEL org.opencontainers.image.source = "https://github.com/robert-koch-institut/mex-{{ cookiecutter.project_name }}" ENV PYTHONUNBUFFERED=1 ENV PYTHONOPTIMIZE=1 From 31516c40932ad90bd17ab6f8e52593dd75e89bf3 Mon Sep 17 00:00:00 2001 From: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> Date: Wed, 12 Jun 2024 17:24:46 +0200 Subject: [PATCH 02/16] Update Dockerfile Signed-off-by: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> --- mex-{{ cookiecutter.project_name }}/Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/mex-{{ cookiecutter.project_name }}/Dockerfile b/mex-{{ cookiecutter.project_name }}/Dockerfile index 69814a1..fb791c9 100644 --- a/mex-{{ cookiecutter.project_name }}/Dockerfile +++ b/mex-{{ cookiecutter.project_name }}/Dockerfile @@ -2,10 +2,11 @@ FROM python:3.11 as base -LABEL org.opencontainers.image.authors="RKI MEx Team " +LABEL org.opencontainers.image.authors="mex@rki.de" LABEL org.opencontainers.image.description="{{ cookiecutter.short_summary }}" LABEL org.opencontainers.image.licenses="MIT" -LABEL org.opencontainers.image.source = "https://github.com/robert-koch-institut/mex-{{ cookiecutter.project_name }}" +LABEL org.opencontainers.image.url="https://github.com/robert-koch-institut/mex-{{ cookiecutter.project_name }}" +LABEL org.opencontainers.image.vendor="robert-koch-institut" ENV PYTHONUNBUFFERED=1 ENV PYTHONOPTIMIZE=1 From 90106dae615973072752c087a3939d6fc02906eb Mon Sep 17 00:00:00 2001 From: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> Date: Wed, 12 Jun 2024 17:26:02 +0200 Subject: [PATCH 03/16] Delete .github/workflows/docker.yml Signed-off-by: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> --- .../.github/workflows/docker.yml | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 mex-{{ cookiecutter.project_name }}/.github/workflows/docker.yml diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/docker.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/docker.yml deleted file mode 100644 index 01da418..0000000 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/docker.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: Docker - -on: - push: - tags: ["**"] - workflow_dispatch: - -jobs: - docker: - runs-on: ubuntu-latest - timeout-minutes: 10 - steps: - - name: Build, tag and push docker image to ghcr - uses: GlueOps/github-actions-build-push-containers@v0.4.2 From 4e082fa9d05b82c88f2ab20eb4c84e41abb58498 Mon Sep 17 00:00:00 2001 From: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> Date: Wed, 12 Jun 2024 17:31:46 +0200 Subject: [PATCH 04/16] Update release.yml Signed-off-by: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> --- .../.github/workflows/release.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/release.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/release.yml index 8e68e56..4817852 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/release.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/release.yml @@ -30,6 +30,8 @@ jobs: release: runs-on: ubuntu-latest timeout-minutes: 10 + outputs: + tag: ${{ steps.release.outputs.tag }} steps: - name: Checkout repo uses: actions/checkout@v4 @@ -78,3 +80,14 @@ jobs: {% raw %}GH_TOKEN: ${{ secrets.WORKFLOW_TOKEN }}{% endraw %} run: | pdm release {% raw %}${{ inputs.version }}{% endraw %} + echo "tag=$(git describe --abbrev=0 --tags)" >> "$GITHUB_OUTPUT" + + container: + runs-on: ubuntu-latest + timeout-minutes: 10 + needs: release + steps: + - name: Build, tag and push container to ghcr + uses: GlueOps/github-actions-build-push-containers@v0.4.2 + with: + {% raw %}tags: "${{ github.sha }},${{ needs.release.outputs.tag }},latest"{% endraw %} From 8e9f19be2defb82b01936b941c800c7e951d2726 Mon Sep 17 00:00:00 2001 From: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> Date: Wed, 12 Jun 2024 17:34:05 +0200 Subject: [PATCH 05/16] Update documentation.yml Signed-off-by: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> --- .../.github/workflows/documentation.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/documentation.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/documentation.yml index 4b38061..b350e9f 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/documentation.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/documentation.yml @@ -1,8 +1,10 @@ name: Documentation on: - push: - tags: ["**"] + workflow_run: + workflows: [Release] + types: + - completed workflow_dispatch: env: From f816d5eecec208d08328acfd18da8cec5f9d4479 Mon Sep 17 00:00:00 2001 From: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> Date: Wed, 12 Jun 2024 17:36:25 +0200 Subject: [PATCH 06/16] Update pull_request_template.md Signed-off-by: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> --- .github/pull_request_template.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index ed2c8a9..604cad3 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,5 +1,8 @@ # PR Context - + # Added From 26b93773b9f16f7920d216635923cd415cc3f1ec Mon Sep 17 00:00:00 2001 From: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> Date: Wed, 12 Jun 2024 17:46:01 +0200 Subject: [PATCH 07/16] Update release.yml Signed-off-by: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> --- .../.github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/release.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/release.yml index 4817852..70cf770 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/release.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/release.yml @@ -21,6 +21,7 @@ env: permissions: contents: write + packages: write concurrency: group: "release" From f1041604ccbf292127bc6f5d93c7e5b323ea355c Mon Sep 17 00:00:00 2001 From: Nicolas Drebenstedt Date: Thu, 13 Jun 2024 14:38:57 +0200 Subject: [PATCH 08/16] Update workflows --- .github/workflows/open-code.yml | 4 ++ .github/workflows/renovatebot.yml | 4 ++ .github/workflows/reviewing.yml | 4 ++ .../.github/workflows/cookiecutter.yml | 4 ++ .../.github/workflows/cve-scan.yml | 4 ++ .../.github/workflows/documentation.yml | 2 +- .../.github/workflows/linting.yml | 4 ++ .../.github/workflows/open-code.yml | 4 ++ .../.github/workflows/release.yml | 49 +++++++++++++++++-- .../.github/workflows/renovatebot.yml | 4 ++ .../.github/workflows/reviewing.yml | 4 ++ .../.github/workflows/testing.yml | 4 ++ 12 files changed, 85 insertions(+), 6 deletions(-) diff --git a/.github/workflows/open-code.yml b/.github/workflows/open-code.yml index a62402f..0b74768 100644 --- a/.github/workflows/open-code.yml +++ b/.github/workflows/open-code.yml @@ -6,6 +6,10 @@ on: tags: ["**"] workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: sync: runs-on: ubuntu-latest diff --git a/.github/workflows/renovatebot.yml b/.github/workflows/renovatebot.yml index 5f3d533..9d64084 100644 --- a/.github/workflows/renovatebot.yml +++ b/.github/workflows/renovatebot.yml @@ -8,6 +8,10 @@ on: - cron: "14 3 * * 1-5" workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: renovate: runs-on: ubuntu-latest diff --git a/.github/workflows/reviewing.yml b/.github/workflows/reviewing.yml index 24e6a67..31fda00 100644 --- a/.github/workflows/reviewing.yml +++ b/.github/workflows/reviewing.yml @@ -6,6 +6,10 @@ on: - opened - reopened +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: assignee: runs-on: ubuntu-latest diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/cookiecutter.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/cookiecutter.yml index d924423..66c35a0 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/cookiecutter.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/cookiecutter.yml @@ -8,6 +8,10 @@ on: - cron: '0 0 * * *' workflow_dispatch: +concurrency: + group: {% raw %}${{ github.workflow }}-${{ github.ref }}{% endraw %} + cancel-in-progress: true + env: PIP_NO_OPTION: on PIP_NO_CLEAN: on diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/cve-scan.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/cve-scan.yml index 77e3e21..ac446a9 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/cve-scan.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/cve-scan.yml @@ -16,6 +16,10 @@ on: - cron: '0 0 * * *' workflow_dispatch: +concurrency: + group: {% raw %}${{ github.workflow }}-${{ github.ref }}{% endraw %} + cancel-in-progress: true + jobs: scan: runs-on: ubuntu-latest diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/documentation.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/documentation.yml index b350e9f..a89d0b2 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/documentation.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/documentation.yml @@ -18,7 +18,7 @@ permissions: id-token: write concurrency: - group: "pages" + group: {% raw %}${{ github.workflow }}-${{ github.ref }}{% endraw %} cancel-in-progress: false jobs: diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/linting.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/linting.yml index bcab021..4859d99 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/linting.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/linting.yml @@ -14,6 +14,10 @@ env: PIP_NO_CLEAN: on PIP_PREFER_BINARY: on +concurrency: + group: {% raw %}${{ github.workflow }}-${{ github.ref }}{% endraw %} + cancel-in-progress: true + jobs: lint: runs-on: ubuntu-latest diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/open-code.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/open-code.yml index 986cd44..22ae2ff 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/open-code.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/open-code.yml @@ -6,6 +6,10 @@ on: tags: ["**"] workflow_dispatch: +concurrency: + group: {% raw %}${{ github.workflow }}-${{ github.ref }}{% endraw %} + cancel-in-progress: true + jobs: sync: runs-on: ubuntu-latest diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/release.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/release.yml index 70cf770..38606b3 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/release.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/release.yml @@ -24,7 +24,7 @@ permissions: packages: write concurrency: - group: "release" + group: {% raw %}${{ github.workflow }}-${{ github.ref }}{% endraw %} cancel-in-progress: false jobs: @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 outputs: - tag: ${{ steps.release.outputs.tag }} + tag: {% raw %}${{ steps.release.outputs.tag }}{% endraw %} steps: - name: Checkout repo uses: actions/checkout@v4 @@ -77,18 +77,57 @@ jobs: {%- endraw %} - name: Release new version + id: release env: {% raw %}GH_TOKEN: ${{ secrets.WORKFLOW_TOKEN }}{% endraw %} run: | pdm release {% raw %}${{ inputs.version }}{% endraw %} echo "tag=$(git describe --abbrev=0 --tags)" >> "$GITHUB_OUTPUT" - container: + containerize: runs-on: ubuntu-latest timeout-minutes: 10 needs: release steps: - - name: Build, tag and push container to ghcr + - name: Build, tag and push docker image to ghcr uses: GlueOps/github-actions-build-push-containers@v0.4.2 with: - {% raw %}tags: "${{ github.sha }},${{ needs.release.outputs.tag }},latest"{% endraw %} + tags: "${{ github.sha }},${{ needs.release.outputs.tag }},latest" + + distribute: + runs-on: ubuntu-latest + timeout-minutes: 10 + needs: release + steps: + - name: Checkout repo + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Cache requirements + uses: actions/cache@v4 + env: + cache-name: cache-requirements + with: + path: ~/.cache/pip + key: ${{ env.cache-name }}-${{ hashFiles('requirements.txt') }} + restore-keys: | + ${{ env.cache-name }}- + - name: Setup python + uses: actions/setup-python@v5 + with: + python-version: 3.11 + + - name: Install requirements + run: make setup + + - name: Build wheel and sdist distros and create a github release + env: + GH_TOKEN: ${{ github.token }} + PDM_CHECK_UPDATE: False + run: | + pdm build --dest dist + gh release create ${{ needs.release.outputs.tag }} --generate-notes --latest --verify-tag + for filename in dist/*; do + gh release upload ${{ needs.release.outputs.tag }} ${filename}; + done diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/renovatebot.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/renovatebot.yml index 0595234..69c280d 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/renovatebot.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/renovatebot.yml @@ -8,6 +8,10 @@ on: - cron: "14 3 * * 1-5" workflow_dispatch: +concurrency: + group: {% raw %}${{ github.workflow }}-${{ github.ref }}{% endraw %} + cancel-in-progress: true + jobs: renovate: runs-on: ubuntu-latest diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/reviewing.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/reviewing.yml index b120f65..9e41e6f 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/reviewing.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/reviewing.yml @@ -6,6 +6,10 @@ on: - opened - reopened +concurrency: + group: {% raw %}${{ github.workflow }}-${{ github.ref }}{% endraw %} + cancel-in-progress: true + jobs: assignee: runs-on: ubuntu-latest diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/testing.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/testing.yml index 240e43f..cfa4046 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/testing.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/testing.yml @@ -14,6 +14,10 @@ env: PIP_NO_CLEAN: on PIP_PREFER_BINARY: on +concurrency: + group: {% raw %}${{ github.workflow }}-${{ github.ref }}{% endraw %} + cancel-in-progress: true + jobs: test: runs-on: ubuntu-latest From 8d254ff12c07dab40b2856853b7fd6c2777168ee Mon Sep 17 00:00:00 2001 From: Nicolas Drebenstedt Date: Thu, 13 Jun 2024 14:46:34 +0200 Subject: [PATCH 09/16] Clean up schedules and concurrency --- .github/workflows/renovatebot.yml | 1 - .../.github/workflows/cookiecutter.yml | 4 ++-- .../.github/workflows/cve-scan.yml | 7 +------ .../.github/workflows/documentation.yml | 2 +- .../.github/workflows/open-code.yml | 2 +- .../.github/workflows/renovatebot.yml | 3 +-- 6 files changed, 6 insertions(+), 13 deletions(-) diff --git a/.github/workflows/renovatebot.yml b/.github/workflows/renovatebot.yml index 9d64084..70d57c3 100644 --- a/.github/workflows/renovatebot.yml +++ b/.github/workflows/renovatebot.yml @@ -4,7 +4,6 @@ on: push: branches: ["main"] schedule: - # * is a special character in YAML so you have to quote this string - cron: "14 3 * * 1-5" workflow_dispatch: diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/cookiecutter.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/cookiecutter.yml index 66c35a0..a3baff9 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/cookiecutter.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/cookiecutter.yml @@ -5,11 +5,11 @@ on: branches: ["main"] tags: ["**"] schedule: - - cron: '0 0 * * *' + - cron: "14 3 * * 1-5" workflow_dispatch: concurrency: - group: {% raw %}${{ github.workflow }}-${{ github.ref }}{% endraw %} + group: {% raw %}${{ github.workflow }}{% endraw %} cancel-in-progress: true env: diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/cve-scan.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/cve-scan.yml index ac446a9..0ece42c 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/cve-scan.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/cve-scan.yml @@ -2,18 +2,13 @@ name: CVE Scan on: push: - # Workflows triggered by Dependabot on the "push" event run with read-only access. - # Uploading Code Scanning results requires write access. We therefore only use the - # "pull_request" trigger for Dependabot branches. - branches-ignore: - - 'dependabot/**' pull_request: types: - opened - reopened - synchronize schedule: - - cron: '0 0 * * *' + - cron: "14 3 * * 1-5" workflow_dispatch: concurrency: diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/documentation.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/documentation.yml index a89d0b2..801fc7c 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/documentation.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/documentation.yml @@ -18,7 +18,7 @@ permissions: id-token: write concurrency: - group: {% raw %}${{ github.workflow }}-${{ github.ref }}{% endraw %} + group: {% raw %}${{ github.workflow }}{% endraw %} cancel-in-progress: false jobs: diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/open-code.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/open-code.yml index 22ae2ff..34085e9 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/open-code.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/open-code.yml @@ -7,7 +7,7 @@ on: workflow_dispatch: concurrency: - group: {% raw %}${{ github.workflow }}-${{ github.ref }}{% endraw %} + group: {% raw %}${{ github.workflow }}{% endraw %} cancel-in-progress: true jobs: diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/renovatebot.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/renovatebot.yml index 69c280d..0453abb 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/renovatebot.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/renovatebot.yml @@ -4,12 +4,11 @@ on: push: branches: ["main"] schedule: - # * is a special character in YAML so you have to quote this string - cron: "14 3 * * 1-5" workflow_dispatch: concurrency: - group: {% raw %}${{ github.workflow }}-${{ github.ref }}{% endraw %} + group: {% raw %}${{ github.workflow }}{% endraw %} cancel-in-progress: true jobs: From 73f1998d35a49836f5ea26c2b062f129b41c4e9d Mon Sep 17 00:00:00 2001 From: Nicolas Drebenstedt Date: Thu, 13 Jun 2024 15:21:49 +0200 Subject: [PATCH 10/16] Update CL --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5edcdf7..bd06c4c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,12 +14,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - github action for releasing a new version in template packages - add `.web` folder to ignore files for reflex development - add commit signing to release pipeline +- add more metadata labels to docker file +- add hint to PR template to explain testing for template changes +- configure sensible concurrency rules for all workflows +- add distribution upload step to release pipeline ### Changes - harmonize git and docker ignore files - update requirements, actions and sample dependencies - set fixed versions in toml for renovatebot +- trigger documentation on release pipeline instead of pushed tag +- harmonize cron schedules ### Deprecated @@ -27,11 +33,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - drop npm support from renovate pipeline - remove non-functional branch restriction from release pipeline +- remove docker workflow and move into release pipeline +- remove stale dependabot cve-scan config ### Fixed - fix `export-all` and `install-all` pdm scripts - fix wording of release pipeline title +- fix tagging and pushing docker containers to ghcr.io ### Security From 7a8f48a155edfe8dac6f43f5dfad08a4156f5b23 Mon Sep 17 00:00:00 2001 From: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> Date: Thu, 13 Jun 2024 16:22:54 +0200 Subject: [PATCH 11/16] Update pyproject.toml Signed-off-by: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> --- mex-{{ cookiecutter.project_name }}/pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mex-{{ cookiecutter.project_name }}/pyproject.toml b/mex-{{ cookiecutter.project_name }}/pyproject.toml index a91095b..0ab6198 100644 --- a/mex-{{ cookiecutter.project_name }}/pyproject.toml +++ b/mex-{{ cookiecutter.project_name }}/pyproject.toml @@ -12,7 +12,7 @@ optional-dependencies.dev = [ "black==24.4.2", "ipdb==0.13.13", "mypy==1.10.0", - "pytest-cov>=5.0.0", + "pytest-cov==5.0.0", "pytest-random-order==1.1.1", "pytest-xdist==3.6.1", "pytest==8.2.2", From 86e42668e09f4d196e757142cb3e7a3e54286694 Mon Sep 17 00:00:00 2001 From: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> Date: Thu, 13 Jun 2024 16:58:29 +0200 Subject: [PATCH 12/16] Update .pre-commit-config.yaml Signed-off-by: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> --- mex-{{ cookiecutter.project_name }}/.pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mex-{{ cookiecutter.project_name }}/.pre-commit-config.yaml b/mex-{{ cookiecutter.project_name }}/.pre-commit-config.yaml index 784ff9e..2a07a28 100644 --- a/mex-{{ cookiecutter.project_name }}/.pre-commit-config.yaml +++ b/mex-{{ cookiecutter.project_name }}/.pre-commit-config.yaml @@ -12,7 +12,7 @@ repos: - id: ruff args: [--fix, --exit-non-zero-on-fix] - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 + rev: v4.6.0 hooks: - id: pretty-format-json name: json From 0ede05b068d8490dba201f6e9a9fd20ca58da09d Mon Sep 17 00:00:00 2001 From: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> Date: Thu, 13 Jun 2024 17:00:01 +0200 Subject: [PATCH 13/16] Update .gitignore Signed-off-by: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index bb9d1eb..b5e846a 100644 --- a/.gitignore +++ b/.gitignore @@ -124,4 +124,5 @@ dmypy.json data/ identity.csv schema.json +tmp*/ work/ From 0175a967cddee2cc0d16ca3d1ad9b0ac897ec9ff Mon Sep 17 00:00:00 2001 From: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> Date: Thu, 13 Jun 2024 17:00:15 +0200 Subject: [PATCH 14/16] Update .dockerignore Signed-off-by: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> --- mex-{{ cookiecutter.project_name }}/.dockerignore | 1 + 1 file changed, 1 insertion(+) diff --git a/mex-{{ cookiecutter.project_name }}/.dockerignore b/mex-{{ cookiecutter.project_name }}/.dockerignore index 3650b7f..ed6e92d 100644 --- a/mex-{{ cookiecutter.project_name }}/.dockerignore +++ b/mex-{{ cookiecutter.project_name }}/.dockerignore @@ -120,6 +120,7 @@ dmypy.json data/ identity.csv schema.json +tmp*/ work/ # Docker specifics From 5433ab99dda01e0a19035f714c40eb58a09c7efd Mon Sep 17 00:00:00 2001 From: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> Date: Thu, 13 Jun 2024 17:00:33 +0200 Subject: [PATCH 15/16] Update .gitignore Signed-off-by: Nicolas Drebenstedt <897972+cutoffthetop@users.noreply.github.com> --- mex-{{ cookiecutter.project_name }}/.gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/mex-{{ cookiecutter.project_name }}/.gitignore b/mex-{{ cookiecutter.project_name }}/.gitignore index bb9d1eb..b5e846a 100644 --- a/mex-{{ cookiecutter.project_name }}/.gitignore +++ b/mex-{{ cookiecutter.project_name }}/.gitignore @@ -124,4 +124,5 @@ dmypy.json data/ identity.csv schema.json +tmp*/ work/ From a23701a77b596dc23b0ea5cb33f0a4eb76460f3a Mon Sep 17 00:00:00 2001 From: Nicolas Drebenstedt Date: Fri, 14 Jun 2024 09:35:47 +0200 Subject: [PATCH 16/16] Escape with raw --- .../.github/workflows/release.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/release.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/release.yml index 38606b3..12b0d7d 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/release.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/release.yml @@ -92,7 +92,7 @@ jobs: - name: Build, tag and push docker image to ghcr uses: GlueOps/github-actions-build-push-containers@v0.4.2 with: - tags: "${{ github.sha }},${{ needs.release.outputs.tag }},latest" + {% raw %}tags: "${{ github.sha }},${{ needs.release.outputs.tag }},latest"{% endraw %} distribute: runs-on: ubuntu-latest @@ -110,9 +110,9 @@ jobs: cache-name: cache-requirements with: path: ~/.cache/pip - key: ${{ env.cache-name }}-${{ hashFiles('requirements.txt') }} + {% raw %}key: ${{ env.cache-name }}-${{ hashFiles('requirements.txt') }}{% endraw %} restore-keys: | - ${{ env.cache-name }}- + {% raw %}${{ env.cache-name }}-{% endraw %} - name: Setup python uses: actions/setup-python@v5 with: @@ -123,11 +123,13 @@ jobs: - name: Build wheel and sdist distros and create a github release env: - GH_TOKEN: ${{ github.token }} + {% raw %}GH_TOKEN: ${{ secrets.WORKFLOW_TOKEN }}{% endraw %} PDM_CHECK_UPDATE: False run: | + {% raw -%} pdm build --dest dist gh release create ${{ needs.release.outputs.tag }} --generate-notes --latest --verify-tag for filename in dist/*; do gh release upload ${{ needs.release.outputs.tag }} ${filename}; done + {%- endraw %}