diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 9cf40d3..2a90d78 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -4,5 +4,4 @@ - build.yaml - Build and push docker container images to a docker registry - conda-lock-command.yml - Refresh conda-lock files by writing `/condalock` in a Pull Request comment - retag.yml - Republish docker images originally tagged with a short hash using a new CalVer string -- slash-command-dispatch.yml - ChatOps that looks for slash commands in Pull Requests to trigger automated scripts - test.yaml - Test building docker container images in a Pull Request diff --git a/.github/workflows/conda-lock-command.yml b/.github/workflows/conda-lock-command.yml index 587f32a..f887158 100644 --- a/.github/workflows/conda-lock-command.yml +++ b/.github/workflows/conda-lock-command.yml @@ -1,18 +1,18 @@ # Runs conda-lock against environment.yml for reproducible environments -# Runs on any opened PR +# Runs on Pull Request comments starting with /condalock name: Conda Lock on: - repository_dispatch: - types: [condalock-command] - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read + issue_comment: + types: [created] jobs: condalock: + # Only run on Pull Requests, when a comment with '/condalock' is made + if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/condalock') permissions: - contents: write # for Git to git push + contents: write # to git push added/changed files + pull-requests: write # for adding reactions to pull request comments runs-on: ubuntu-latest timeout-minutes: 15 defaults: @@ -27,45 +27,50 @@ jobs: app_id: ${{ secrets.APP_ID }} private_key: ${{ secrets.APP_PRIVATE_KEY }} - # Checkout the pull request branch - - name: Checkout Repository - uses: actions/checkout@v3 + # Add an emoji reaction to comment to indicate the script is starting + - name: Add reaction + uses: peter-evans/create-or-update-comment@v3 with: token: ${{ steps.generate-token.outputs.token }} - repository: ${{ github.event.client_payload.pull_request.head.repo.full_name }} - ref: ${{ github.event.client_payload.pull_request.head.ref }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + comment-id: ${{ github.event.comment.id }} + reactions: eyes - # Setup Python environment - - uses: actions/setup-python@v4 + # Checkout the git repository + - name: Checkout repository + uses: actions/checkout@v3 with: - python-version: '3.10' + token: ${{ steps.generate-token.outputs.token }} - # Install conda-lock library - # HACK: Temporarily pin urllib3<2 to resolve incompatibilities: - # https://github.com/ionrock/cachecontrol/issues/292 - - name: Install conda-lock - run: 'pip install conda-lock "urllib3<2"' + # Switch to pull request branch + # https://github.com/actions/checkout/issues/331#issuecomment-925405415 + - name: Switch to Pull Request branch + run: hub pr checkout ${{ github.event.issue.number }} + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} - # Run "conda-lock" for linux-64 only - - name: Run conda-lock - run: | - conda-lock lock --mamba --kind explicit --file environment.yml --platform linux-64 + # Add an emoji reaction to comment to indicate that conda-lock is starting + - name: Add reaction + uses: peter-evans/create-or-update-comment@v3 + with: + token: ${{ steps.generate-token.outputs.token }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + comment-id: ${{ github.event.comment.id }} + reactions: rocket - # Commit the change to the PR branch if any changes - - name: Commit condalock files to PR - run: | - if [[ $(git ls-files --modified --others) ]]; then - git config --global user.name 'actions-bot' - git config --global user.email '58130806+actions-bot@users.noreply.github.com' - git commit --all --message "[condalock-command] autogenerated conda-lock files" - git push - fi + # Run conda-lock GitHub Action + - name: Run conda-lock + uses: weiji14/conda-lock-refresh@f021e17844c28aabfdb41c0ded96448043a8d2b5 # v0.1.0 + with: + file: "environment.yml" + kind: "explicit" + platform: "linux-64" # Add an emoji reaction to comment to indicate the script completed successfully - name: Add reaction - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@v3 with: token: ${{ steps.generate-token.outputs.token }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - comment-id: ${{ github.event.client_payload.github.payload.comment.id }} - reaction-type: hooray + comment-id: ${{ github.event.comment.id }} + reactions: hooray diff --git a/.github/workflows/slash-command-dispatch.yml b/.github/workflows/slash-command-dispatch.yml deleted file mode 100644 index c16ca89..0000000 --- a/.github/workflows/slash-command-dispatch.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: Slash Command Dispatch - -on: - issue_comment: - types: [created] - # Add "edited" type for test purposes. Where possible, avoid using to prevent processing unnecessary events. - # types: [created, edited] - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - -jobs: - slashCommandDispatch: - permissions: - pull-requests: write # for peter-evans/slash-command-dispatch to create PR reaction - if: ${{ github.event.issue.pull_request }} - runs-on: ubuntu-latest - steps: - # Generate token from CryoInTheCloud bot - - uses: tibdex/github-app-token@v1 - id: generate-token - with: - app_id: ${{ secrets.APP_ID }} - private_key: ${{ secrets.APP_PRIVATE_KEY }} - - - name: Slash Command Dispatch - uses: peter-evans/slash-command-dispatch@v3 - with: - token: ${{ steps.generate-token.outputs.token }} - reaction-token: ${{ secrets.GITHUB_TOKEN }} - commands: | - condalock - issue-type: pull-request - permission: none