From a5c9a3a1952f1218a8001765dc1427d6db3439ed Mon Sep 17 00:00:00 2001 From: tobyhodges Date: Tue, 19 Mar 2024 00:50:37 +0000 Subject: [PATCH] [actions] update sandpaper workflow to version 0.16.3 --- .github/workflows/README.md | 2 +- .github/workflows/pr-close-signal.yaml | 4 ++-- .github/workflows/pr-comment.yaml | 18 ++++++++++++------ .github/workflows/pr-post-remove-branch.yaml | 2 ++ .github/workflows/pr-preflight.yaml | 2 ++ .github/workflows/pr-receive.yaml | 10 +++++----- .github/workflows/sandpaper-version.txt | 2 +- .github/workflows/update-cache.yaml | 6 +++--- .github/workflows/update-workflows.yaml | 8 ++++---- 9 files changed, 32 insertions(+), 22 deletions(-) diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 101967e..d6edf88 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -96,7 +96,7 @@ are okay. This update is run ~~weekly or~~ on demand. -### 03 Maintain: Update Pacakge Cache (update-cache.yaml) +### 03 Maintain: Update Package Cache (update-cache.yaml) For lessons that have generated content, we use {renv} to ensure that the output is stable. This is controlled by a single lockfile which documents the packages diff --git a/.github/workflows/pr-close-signal.yaml b/.github/workflows/pr-close-signal.yaml index 9c5a603..9b129d5 100644 --- a/.github/workflows/pr-close-signal.yaml +++ b/.github/workflows/pr-close-signal.yaml @@ -16,8 +16,8 @@ jobs: mkdir -p ./pr printf ${{ github.event.number }} > ./pr/NUM - name: Upload Diff - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: - name: pr + name: pr path: ./pr diff --git a/.github/workflows/pr-comment.yaml b/.github/workflows/pr-comment.yaml index 3a2bbac..bb2eb03 100644 --- a/.github/workflows/pr-comment.yaml +++ b/.github/workflows/pr-comment.yaml @@ -21,8 +21,8 @@ jobs: test-pr: name: "Test if pull request is valid" runs-on: ubuntu-latest - if: > - github.event.workflow_run.event == 'pull_request' && + if: > + github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' outputs: is_valid: ${{ steps.check-pr.outputs.VALID }} @@ -78,6 +78,8 @@ jobs: if: ${{ needs.test-pr.outputs.is_valid == 'true' }} env: NR: ${{ needs.test-pr.outputs.number }} + permissions: + contents: write steps: - name: 'Checkout md outputs' uses: actions/checkout@v3 @@ -104,9 +106,9 @@ jobs: git config --local user.name "GitHub Actions" CURR_HEAD=$(git rev-parse HEAD) git checkout --orphan md-outputs-PR-${NR} - git add -A + git add -A git commit -m "source commit: ${CURR_HEAD}" - ls -A | grep -v '^.git$' | xargs rm -r + ls -A | grep -v '^.git$' | xargs -I _ rm -r '_' cd .. unzip -o -d built built.zip cd built @@ -122,6 +124,8 @@ jobs: if: ${{ needs.test-pr.outputs.is_valid == 'true' }} env: NR: ${{ needs.test-pr.outputs.number }} + permissions: + pull-requests: write steps: - name: 'Download comment artifact' id: dl @@ -129,7 +133,7 @@ jobs: with: run: ${{ github.event.workflow_run.id }} name: 'diff' - + - if: ${{ steps.dl.outputs.success == 'true' }} run: unzip ${{ github.workspace }}/diff.zip @@ -138,7 +142,7 @@ jobs: if: ${{ steps.dl.outputs.success == 'true' }} uses: carpentries/actions/comment-diff@main with: - pr: ${{ env.NR }} + pr: ${{ env.NR }} path: ${{ github.workspace }}/diff.md # Comment if the PR is open and matches the SHA, but the workflow files have @@ -151,6 +155,8 @@ jobs: env: NR: ${{ github.event.workflow_run.pull_requests[0].number }} body: ${{ needs.test-pr.outputs.msg }} + permissions: + pull-requests: write steps: - name: 'Check for spoofing' id: dl diff --git a/.github/workflows/pr-post-remove-branch.yaml b/.github/workflows/pr-post-remove-branch.yaml index 338230f..62c2e98 100644 --- a/.github/workflows/pr-post-remove-branch.yaml +++ b/.github/workflows/pr-post-remove-branch.yaml @@ -13,6 +13,8 @@ jobs: if: > github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' + permissions: + contents: write steps: - name: 'Download artifact' uses: carpentries/actions/download-workflow-artifact@main diff --git a/.github/workflows/pr-preflight.yaml b/.github/workflows/pr-preflight.yaml index 496abcd..d0d7420 100644 --- a/.github/workflows/pr-preflight.yaml +++ b/.github/workflows/pr-preflight.yaml @@ -14,6 +14,8 @@ jobs: runs-on: ubuntu-latest outputs: is_valid: ${{ steps.check-pr.outputs.VALID }} + permissions: + pull-requests: write steps: - name: "Get Invalid Hashes File" id: hash diff --git a/.github/workflows/pr-receive.yaml b/.github/workflows/pr-receive.yaml index 0494204..371ef54 100644 --- a/.github/workflows/pr-receive.yaml +++ b/.github/workflows/pr-receive.yaml @@ -25,7 +25,7 @@ jobs: - name: "Upload PR number" id: upload if: ${{ always() }} - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: pr path: ${{ github.workspace }}/NR @@ -107,20 +107,20 @@ jobs: shell: Rscript {0} - name: "Upload PR" - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: pr path: ${{ env.PR }} - name: "Upload Diff" - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: diff path: ${{ env.CHIVE }} retention-days: 1 - + - name: "Upload Build" - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: built path: ${{ env.MD }} diff --git a/.github/workflows/sandpaper-version.txt b/.github/workflows/sandpaper-version.txt index 1a96df1..7eb3095 100644 --- a/.github/workflows/sandpaper-version.txt +++ b/.github/workflows/sandpaper-version.txt @@ -1 +1 @@ -0.11.3 +0.16.3 diff --git a/.github/workflows/update-cache.yaml b/.github/workflows/update-cache.yaml index 69eb2c6..676d742 100644 --- a/.github/workflows/update-cache.yaml +++ b/.github/workflows/update-cache.yaml @@ -93,7 +93,7 @@ jobs: - name: Create Pull Request id: cpr if: ${{ steps.update.outputs.n > 0 }} - uses: peter-evans/create-pull-request@v4.2.0 + uses: carpentries/create-pull-request@main with: token: ${{ secrets.SANDPAPER_WORKFLOW }} delete-branch: true @@ -119,7 +119,7 @@ jobs: ``` - Auto-generated by [create-pull-request][1] on ${{ steps.update.outputs.date }} - - [1]: https://github.com/peter-evans/create-pull-request + + [1]: https://github.com/carpentries/create-pull-request/tree/main labels: "type: package cache" draft: false diff --git a/.github/workflows/update-workflows.yaml b/.github/workflows/update-workflows.yaml index 8f2a4b1..288bcd1 100644 --- a/.github/workflows/update-workflows.yaml +++ b/.github/workflows/update-workflows.yaml @@ -43,11 +43,11 @@ jobs: uses: carpentries/actions/update-workflows@main with: clean: ${{ github.event.inputs.clean }} - + - name: Create Pull Request id: cpr if: "${{ steps.update.outputs.new }}" - uses: peter-evans/create-pull-request@v4.2.0 + uses: carpentries/create-pull-request@main with: token: ${{ secrets.SANDPAPER_WORKFLOW }} delete-branch: true @@ -60,7 +60,7 @@ jobs: Update Workflows from sandpaper version ${{ steps.update.outputs.old }} -> ${{ steps.update.outputs.new }} - Auto-generated by [create-pull-request][1] on ${{ steps.update.outputs.date }} - - [1]: https://github.com/peter-evans/create-pull-request + + [1]: https://github.com/carpentries/create-pull-request/tree/main labels: "type: template and tools" draft: false