diff --git a/.flake8 b/.flake8 index 2d028b2d..a8948ef1 100644 --- a/.flake8 +++ b/.flake8 @@ -1,7 +1,7 @@ [flake8] filename = - *.py, - *.pys + *.py max-line-length = 120 extend-exclude = + .venv/ venv/ diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b736c94c..70774ed7 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,44 +5,100 @@ version: 2 updates: + - package-ecosystem: "cargo" + directory: "/" + rebase-strategy: disabled + schedule: + interval: "cron" + cronjob: "0 1 * * *" + timezone: "America/New_York" + open-pull-requests-limit: 10 + - package-ecosystem: "docker" directory: "/" + rebase-strategy: disabled schedule: - interval: "daily" - time: "08:00" + interval: "cron" + cronjob: "30 1 * * *" + timezone: "America/New_York" open-pull-requests-limit: 10 - package-ecosystem: "github-actions" + directories: + - "/" + - "/.github/actions/*" + - "/actions/*" + rebase-strategy: disabled + schedule: + interval: "cron" + cronjob: "0 2 * * *" + timezone: "America/New_York" + open-pull-requests-limit: 10 + groups: + docker-actions: + applies-to: version-updates + patterns: + - "docker/*" + github-actions: + applies-to: version-updates + patterns: + - "actions/*" + - "github/*" + lizardbyte-actions: + applies-to: version-updates + patterns: + - "LizardByte/*" + + - package-ecosystem: "gitsubmodule" directory: "/" + rebase-strategy: disabled schedule: - interval: "daily" - time: "08:30" + interval: "cron" + cronjob: "30 2 * * *" + timezone: "America/New_York" open-pull-requests-limit: 10 - package-ecosystem: "npm" directory: "/" + rebase-strategy: disabled schedule: - interval: "daily" - time: "09:00" + interval: "cron" + cronjob: "0 3 * * *" + timezone: "America/New_York" open-pull-requests-limit: 10 + groups: + dev-dependencies: + applies-to: version-updates + dependency-type: "development" - package-ecosystem: "nuget" directory: "/" + rebase-strategy: disabled schedule: - interval: "daily" - time: "09:30" + interval: "cron" + cronjob: "30 3 * * *" + timezone: "America/New_York" open-pull-requests-limit: 10 - package-ecosystem: "pip" directory: "/" + rebase-strategy: disabled schedule: - interval: "daily" - time: "10:00" + interval: "cron" + cronjob: "0 4 * * *" + timezone: "America/New_York" open-pull-requests-limit: 10 + groups: + pytest-dependencies: + applies-to: version-updates + patterns: + - "pytest*" - - package-ecosystem: "gitsubmodule" + - package-ecosystem: "rust-toolchain" directory: "/" + rebase-strategy: disabled schedule: - interval: "daily" - time: "10:30" - open-pull-requests-limit: 10 + interval: "cron" + cronjob: "30 4 * * *" + timezone: "America/New_York" + open-pull-requests-limit: 1 diff --git a/.github/label-actions.yml b/.github/label-actions.yml deleted file mode 100644 index 653cf860..00000000 --- a/.github/label-actions.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -# This file is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# Configuration for Label Actions - https://github.com/dessant/label-actions - -added: - comment: > - This feature has been added and will be available in the next release. -fixed: - comment: > - This issue has been fixed and will be available in the next release. -invalid:duplicate: - comment: > - :wave: @{issue-author}, this appears to be a duplicate of a pre-existing issue. - close: true - lock: true - unlabel: 'status:awaiting-triage' - --invalid:duplicate: - reopen: true - unlock: true - -invalid:support: - comment: > - :wave: @{issue-author}, we use the issue tracker exclusively for bug reports. - However, this issue appears to be a support request. Please use our - [Support Center](https://app.lizardbyte.dev/support) for support issues. Thanks. - close: true - lock: true - lock-reason: 'off-topic' - unlabel: 'status:awaiting-triage' - --invalid:support: - reopen: true - unlock: true - -invalid:template-incomplete: - issues: - comment: > - :wave: @{issue-author}, please edit your issue to complete the template with - all the required info. Your issue will be automatically closed in 5 days if - the template is not completed. Thanks. - prs: - comment: > - :wave: @{issue-author}, please edit your PR to complete the template with - all the required info. Your PR will be automatically closed in 5 days if - the template is not completed. Thanks. diff --git a/.github/semantic.yml b/.github/semantic.yml index b5eb70d0..92d97a74 100644 --- a/.github/semantic.yml +++ b/.github/semantic.yml @@ -12,3 +12,4 @@ titleAndCommits: false anyCommit: false allowMergeCommits: false allowRevertCommits: false +targetUrl: https://docs.lizardbyte.dev/latest/developers/contributing.html#creating-a-pull-request diff --git a/.github/workflows/_codeql.yml b/.github/workflows/_codeql.yml new file mode 100644 index 00000000..15c5a6f6 --- /dev/null +++ b/.github/workflows/_codeql.yml @@ -0,0 +1,28 @@ +--- +# This workflow is centrally managed in https://github.com/LizardByte/.github/ +# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in +# the above-mentioned repo. + +name: CodeQL +permissions: + actions: read + contents: read + security-events: write + +on: + push: + branches: + - master + pull_request: + schedule: + - cron: '00 12 * * 0' # every Sunday at 12:00 UTC + +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true + +jobs: + call-codeql: + name: CodeQL + uses: LizardByte/.github/.github/workflows/__call-codeql.yml@master + if: ${{ github.repository != 'LizardByte/.github' }} diff --git a/.github/workflows/_common-lint.yml b/.github/workflows/_common-lint.yml new file mode 100644 index 00000000..80be0ccf --- /dev/null +++ b/.github/workflows/_common-lint.yml @@ -0,0 +1,21 @@ +--- +# This workflow is centrally managed in https://github.com/LizardByte/.github/ +# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in +# the above-mentioned repo. + +name: common lint +permissions: + contents: read + +on: + pull_request: + +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true + +jobs: + lint: + name: Common Lint + uses: LizardByte/.github/.github/workflows/__call-common-lint.yml@master + if: ${{ github.repository != 'LizardByte/.github' }} diff --git a/.github/workflows/_release-notifier.yml b/.github/workflows/_release-notifier.yml new file mode 100644 index 00000000..76ee855e --- /dev/null +++ b/.github/workflows/_release-notifier.yml @@ -0,0 +1,25 @@ +--- +# This workflow is centrally managed in https://github.com/LizardByte/.github/ +# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in +# the above-mentioned repo. + +# Create a blog post for a new release and open a PR to the blog repo + +name: Release Notifications +permissions: + contents: read + +on: + release: + types: + - released # this triggers when a release is published, but does not include pre-releases or drafts + +jobs: + update-blog: + name: Update blog + uses: LizardByte/.github/.github/workflows/__call-release-notifier.yml@master + if: github.repository_owner == 'LizardByte' + secrets: + GH_EMAIL: ${{ secrets.GH_BOT_EMAIL }} + GH_NAME: ${{ secrets.GH_BOT_NAME }} + GH_TOKEN: ${{ secrets.GH_BOT_TOKEN }} diff --git a/.github/workflows/_update-changelog.yml b/.github/workflows/_update-changelog.yml new file mode 100644 index 00000000..283e7770 --- /dev/null +++ b/.github/workflows/_update-changelog.yml @@ -0,0 +1,31 @@ +--- +# This workflow is centrally managed in https://github.com/LizardByte/.github/ +# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in +# the above-mentioned repo. + +name: Update changelog +permissions: + contents: read + +on: + release: + types: + - created + - edited + - deleted + workflow_dispatch: + +concurrency: + group: "${{ github.workflow }}" + cancel-in-progress: true + +jobs: + update-changelog: + name: Update Changelog + uses: LizardByte/.github/.github/workflows/__call-update-changelog.yml@master + if: >- + github.repository_owner == 'LizardByte' && + (github.event_name == 'workflow_dispatch' || + (!github.event.release.prerelease && !github.event.release.draft)) + secrets: + GH_TOKEN: ${{ secrets.GH_BOT_TOKEN }} diff --git a/.github/workflows/_update-docs.yml b/.github/workflows/_update-docs.yml new file mode 100644 index 00000000..6dd66c55 --- /dev/null +++ b/.github/workflows/_update-docs.yml @@ -0,0 +1,34 @@ +--- +# This workflow is centrally managed in https://github.com/LizardByte/.github/ +# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in +# the above-mentioned repo. + +# To use, add the `rtd` repository label to identify repositories that should trigger this workflow. +# If the project slug is not the repository name, add a repository variable named `READTHEDOCS_SLUG` with the value of +# the ReadTheDocs project slug. + +# Update readthedocs on release events. + +name: Update docs +permissions: {} + +on: + release: + types: + - created + - edited + - deleted + +concurrency: + group: "${{ github.workflow }}-${{ github.event.release.tag_name }}" + cancel-in-progress: true + +jobs: + update-docs: + name: Update docs + uses: LizardByte/.github/.github/workflows/__call-update-docs.yml@master + if: github.repository_owner == 'LizardByte' + with: + readthedocs_slug: ${{ vars.READTHEDOCS_SLUG }} + secrets: + READTHEDOCS_TOKEN: ${{ secrets.READTHEDOCS_TOKEN }} diff --git a/.github/workflows/ci-docker.yml b/.github/workflows/ci-docker.yml deleted file mode 100644 index 124febc4..00000000 --- a/.github/workflows/ci-docker.yml +++ /dev/null @@ -1,385 +0,0 @@ ---- -# This action is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# This workflow is intended to work with all our organization Docker projects. A readme named `DOCKER_README.md` -# will be used to update the description on Docker hub. - -# custom comments in dockerfiles: - -# `# platforms: ` -# Comma separated list of platforms, i.e. `# platforms: linux/386,linux/amd64`. Docker platforms can alternatively -# be listed in a file named `.docker_platforms`. -# `# platforms_pr: ` -# Comma separated list of platforms to run for PR events, i.e. `# platforms_pr: linux/amd64`. This will take -# precedence over the `# platforms: ` directive. -# `# artifacts: ` -# `true` to build in two steps, stopping at `artifacts` build stage and extracting the image from there to the -# GitHub runner. - -name: CI Docker - -on: - pull_request: - branches: [master] - types: [opened, synchronize, reopened] - push: - branches: [master] - workflow_dispatch: - -concurrency: - group: "${{ github.workflow }}-${{ github.ref }}" - cancel-in-progress: true - -jobs: - check_dockerfiles: - name: Check Dockerfiles - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Find dockerfiles - id: find - run: | - dockerfiles=$(find . -type f -iname "Dockerfile" -o -iname "*.dockerfile") - - echo "found dockerfiles: ${dockerfiles}" - - # do not quote to keep this as a single line - echo dockerfiles=${dockerfiles} >> $GITHUB_OUTPUT - - MATRIX_COMBINATIONS="" - for FILE in ${dockerfiles}; do - # extract tag from file name - tag=$(echo $FILE | sed -r -z -e 's/(\.\/)*.*\/(Dockerfile)/None/gm') - if [[ $tag == "None" ]]; then - MATRIX_COMBINATIONS="$MATRIX_COMBINATIONS {\"dockerfile\": \"$FILE\"}," - else - tag=$(echo $FILE | sed -r -z -e 's/(\.\/)*.*\/(.+)(\.dockerfile)/-\2/gm') - MATRIX_COMBINATIONS="$MATRIX_COMBINATIONS {\"dockerfile\": \"$FILE\", \"tag\": \"$tag\"}," - fi - done - - # removes the last character (i.e. comma) - MATRIX_COMBINATIONS=${MATRIX_COMBINATIONS::-1} - - # setup matrix for later jobs - matrix=$(( - echo "{ \"include\": [$MATRIX_COMBINATIONS] }" - ) | jq -c .) - - echo $matrix - echo $matrix | jq . - echo "matrix=$matrix" >> $GITHUB_OUTPUT - - - name: Find dotnet solution file - id: find_dotnet - run: | - solution=$(find . -maxdepth 1 -type f -iname "*.sln") - - echo "found solution: ${solution}" - - # do not quote to keep this as a single line - echo solution=${solution} >> $GITHUB_OUTPUT - - if [[ $solution != "" ]]; then - echo "dotnet=true" >> $GITHUB_OUTPUT - else - echo "dotnet=false" >> $GITHUB_OUTPUT - fi - - outputs: - dockerfiles: ${{ steps.find.outputs.dockerfiles }} - matrix: ${{ steps.find.outputs.matrix }} - dotnet: ${{ steps.find_dotnet.outputs.dotnet }} - solution: ${{ steps.find_dotnet.outputs.solution }} - - setup_release: - if: ${{ needs.check_dockerfiles.outputs.dockerfiles }} - name: Setup Release - needs: - - check_dockerfiles - outputs: - publish_release: ${{ steps.setup_release.outputs.publish_release }} - release_body: ${{ steps.setup_release.outputs.release_body }} - release_commit: ${{ steps.setup_release.outputs.release_commit }} - release_generate_release_notes: ${{ steps.setup_release.outputs.release_generate_release_notes }} - release_tag: ${{ steps.setup_release.outputs.release_tag }} - release_version: ${{ steps.setup_release.outputs.release_version }} - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Release - id: setup_release - uses: LizardByte/setup-release-action@v2024.801.192524 - with: - dotnet: ${{ needs.check_dockerfiles.outputs.dotnet }} - github_token: ${{ secrets.GITHUB_TOKEN }} - - lint_dockerfile: - needs: [check_dockerfiles] - if: ${{ needs.check_dockerfiles.outputs.dockerfiles }} - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.check_dockerfiles.outputs.matrix) }} - name: Lint Dockerfile${{ matrix.tag }} - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Hadolint - id: hadolint - uses: hadolint/hadolint-action@v3.1.0 - with: - dockerfile: ${{ matrix.dockerfile }} - ignore: DL3008,DL3013,DL3016,DL3018,DL3028,DL3059 - output-file: ./hadolint.log - verbose: true - - - name: Log - if: failure() - run: | - echo "Hadolint outcome: ${{ steps.hadolint.outcome }}" >> $GITHUB_STEP_SUMMARY - cat "./hadolint.log" >> $GITHUB_STEP_SUMMARY - - docker: - needs: [check_dockerfiles, setup_release] - if: ${{ needs.check_dockerfiles.outputs.dockerfiles }} - runs-on: ubuntu-latest - permissions: - packages: write - contents: write - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.check_dockerfiles.outputs.matrix) }} - name: Docker${{ matrix.tag }} - - steps: - - name: Maximize build space - uses: easimon/maximize-build-space@v10 - with: - root-reserve-mb: 30720 # https://github.com/easimon/maximize-build-space#caveats - remove-dotnet: 'true' - remove-android: 'true' - remove-haskell: 'true' - remove-codeql: 'true' - remove-docker-images: 'true' - - - name: Checkout - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Prepare - id: prepare - env: - NV: ${{ needs.setup_release.outputs.release_tag }} - run: | - # get branch name - BRANCH=${GITHUB_HEAD_REF} - - RELEASE=${{ needs.setup_release.outputs.publish_release }} - COMMIT=${{ needs.setup_release.outputs.release_commit }} - - if [ -z "$BRANCH" ]; then - echo "This is a PUSH event" - BRANCH=${{ github.ref_name }} - CLONE_URL=${{ github.event.repository.clone_url }} - else - echo "This is a PULL REQUEST event" - CLONE_URL=${{ github.event.pull_request.head.repo.clone_url }} - fi - - # determine to push image to dockerhub and ghcr or not - if [[ $GITHUB_EVENT_NAME == "push" ]]; then - PUSH=true - else - PUSH=false - fi - - # setup the tags - REPOSITORY=${{ github.repository }} - BASE_TAG=$(echo $REPOSITORY | tr '[:upper:]' '[:lower:]') - - TAGS="${BASE_TAG}:${COMMIT:0:7}${{ matrix.tag }},ghcr.io/${BASE_TAG}:${COMMIT:0:7}${{ matrix.tag }}" - - if [[ $GITHUB_REF == refs/heads/master ]]; then - TAGS="${TAGS},${BASE_TAG}:latest${{ matrix.tag }},ghcr.io/${BASE_TAG}:latest${{ matrix.tag }}" - TAGS="${TAGS},${BASE_TAG}:master${{ matrix.tag }},ghcr.io/${BASE_TAG}:master${{ matrix.tag }}" - else - TAGS="${TAGS},${BASE_TAG}:test${{ matrix.tag }},ghcr.io/${BASE_TAG}:test${{ matrix.tag }}" - fi - - if [[ ${NV} != "" ]]; then - TAGS="${TAGS},${BASE_TAG}:${NV}${{ matrix.tag }},ghcr.io/${BASE_TAG}:${NV}${{ matrix.tag }}" - fi - - # parse custom directives out of dockerfile - # try to get the platforms from the dockerfile custom directive, i.e. `# platforms: xxx,yyy` - # directives for PR event, i.e. not push event - if [[ ${RELEASE} == "false" ]]; then - while read -r line; do - if [[ $line == "# platforms_pr: "* && $PLATFORMS == "" ]]; then - # echo the line and use `sed` to remove the custom directive - PLATFORMS=$(echo -e "$line" | sed 's/# platforms_pr: //') - elif [[ $PLATFORMS != "" ]]; then - # break while loop once all custom "PR" event directives are found - break - fi - done <"${{ matrix.dockerfile }}" - fi - # directives for all events... above directives will not be parsed if they were already found - while read -r line; do - if [[ $line == "# platforms: "* && $PLATFORMS == "" ]]; then - # echo the line and use `sed` to remove the custom directive - PLATFORMS=$(echo -e "$line" | sed 's/# platforms: //') - elif [[ $line == "# artifacts: "* && $ARTIFACTS == "" ]]; then - # echo the line and use `sed` to remove the custom directive - ARTIFACTS=$(echo -e "$line" | sed 's/# artifacts: //') - elif [[ $line == "# no-cache-filters: "* && $NO_CACHE_FILTERS == "" ]]; then - # echo the line and use `sed` to remove the custom directive - NO_CACHE_FILTERS=$(echo -e "$line" | sed 's/# no-cache-filters: //') - elif [[ $PLATFORMS != "" && $ARTIFACTS != "" && $NO_CACHE_FILTERS != "" ]]; then - # break while loop once all custom directives are found - break - fi - done <"${{ matrix.dockerfile }}" - # if PLATFORMS is blank, fall back to the legacy method of reading from the `.docker_platforms` file - if [[ $PLATFORMS == "" ]]; then - # read the platforms from `.docker_platforms` - PLATFORMS=$(<.docker_platforms) - fi - # if PLATFORMS is still blank, fall back to `linux/amd64` - if [[ $PLATFORMS == "" ]]; then - PLATFORMS="linux/amd64" - fi - - echo "branch=${BRANCH}" >> $GITHUB_OUTPUT - echo "build_date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT - echo "clone_url=${CLONE_URL}" >> $GITHUB_OUTPUT - echo "artifacts=${ARTIFACTS}" >> $GITHUB_OUTPUT - echo "no_cache_filters=${NO_CACHE_FILTERS}" >> $GITHUB_OUTPUT - echo "platforms=${PLATFORMS}" >> $GITHUB_OUTPUT - echo "tags=${TAGS}" >> $GITHUB_OUTPUT - - - name: Set Up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - id: buildx - - - name: Cache Docker Layers - uses: actions/cache@v4 - with: - path: /tmp/.buildx-cache - key: Docker-buildx${{ matrix.tag }}-${{ github.sha }} - restore-keys: | - Docker-buildx${{ matrix.tag }}- - - - name: Log in to Docker Hub - if: ${{ needs.setup_release.outputs.publish_release == 'true' }} # PRs do not have access to secrets - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - - name: Log in to the Container registry - if: ${{ needs.setup_release.outputs.publish_release == 'true' }} # PRs do not have access to secrets - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ secrets.GH_BOT_NAME }} - password: ${{ secrets.GH_BOT_TOKEN }} - - - name: Build artifacts - if: ${{ steps.prepare.outputs.artifacts == 'true' }} - id: build_artifacts - uses: docker/build-push-action@v6 - with: - context: ./ - file: ${{ matrix.dockerfile }} - target: artifacts - outputs: type=local,dest=artifacts - push: false - platforms: ${{ steps.prepare.outputs.platforms }} - build-args: | - BRANCH=${{ steps.prepare.outputs.branch }} - BUILD_DATE=${{ steps.prepare.outputs.build_date }} - BUILD_VERSION=${{ needs.setup_release.outputs.release_tag }} - COMMIT=${{ needs.setup_release.outputs.release_commit }} - CLONE_URL=${{ steps.prepare.outputs.clone_url }} - RELEASE=${{ needs.setup_release.outputs.publish_release }} - tags: ${{ steps.prepare.outputs.tags }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - no-cache-filters: ${{ steps.prepare.outputs.no_cache_filters }} - - - name: Build and push - id: build - uses: docker/build-push-action@v6 - with: - context: ./ - file: ${{ matrix.dockerfile }} - push: ${{ needs.setup_release.outputs.publish_release }} - platforms: ${{ steps.prepare.outputs.platforms }} - build-args: | - BRANCH=${{ steps.prepare.outputs.branch }} - BUILD_DATE=${{ steps.prepare.outputs.build_date }} - BUILD_VERSION=${{ needs.setup_release.outputs.release_tag }} - COMMIT=${{ needs.setup_release.outputs.release_commit }} - CLONE_URL=${{ steps.prepare.outputs.clone_url }} - RELEASE=${{ needs.setup_release.outputs.publish_release }} - tags: ${{ steps.prepare.outputs.tags }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - no-cache-filters: ${{ steps.prepare.outputs.no_cache_filters }} - - - name: Arrange Artifacts - if: ${{ steps.prepare.outputs.artifacts == 'true' }} - working-directory: artifacts - run: | - # artifacts will be in sub directories named after the docker target platform, e.g. `linux_amd64` - # so move files to the artifacts directory - # https://unix.stackexchange.com/a/52816 - find ./ -type f -exec mv -t ./ -n '{}' + - - # remove provenance file - rm -f ./provenance.json - - - name: Upload Artifacts - if: ${{ steps.prepare.outputs.artifacts == 'true' }} - uses: actions/upload-artifact@v4 - with: - name: Docker${{ matrix.tag }} - path: artifacts/ - - - name: Create/Update GitHub Release - if: ${{ needs.setup_release.outputs.publish_release == 'true' && steps.prepare.outputs.artifacts == 'true' }} - uses: LizardByte/create-release-action@v2024.614.221009 - with: - allowUpdates: true - artifacts: "*artifacts/*" - body: ${{ needs.setup_release.outputs.release_body }} - discussionCategory: announcements - generateReleaseNotes: ${{ needs.setup_release.outputs.release_generate_release_notes }} - name: ${{ needs.setup_release.outputs.release_tag }} - prerelease: true - tag: ${{ needs.setup_release.outputs.release_tag }} - token: ${{ secrets.GH_BOT_TOKEN }} - - - name: Update Docker Hub Description - if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} - uses: peter-evans/dockerhub-description@v4 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_PASSWORD }} # token is not currently supported - repository: ${{ env.BASE_TAG }} - short-description: ${{ github.event.repository.description }} - readme-filepath: ./DOCKER_README.md diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 60dbef1c..00000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,214 +0,0 @@ ---- -# This action is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# This workflow will analyze all supported languages in the repository using CodeQL Analysis. - -name: "CodeQL" - -on: - push: - branches: ["master"] - pull_request: - branches: ["master"] - schedule: - - cron: '00 12 * * 0' # every Sunday at 12:00 UTC - -concurrency: - group: "${{ github.workflow }}-${{ github.ref }}" - cancel-in-progress: true - -jobs: - languages: - name: Get language matrix - runs-on: ubuntu-latest - outputs: - matrix: ${{ steps.lang.outputs.result }} - continue: ${{ steps.continue.outputs.result }} - steps: - - name: Get repo languages - uses: actions/github-script@v7 - id: lang - with: - script: | - // CodeQL supports ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift'] - // Use only 'java' to analyze code written in Java, Kotlin or both - // Use only 'javascript' to analyze code written in JavaScript, TypeScript or both - // Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - const supported_languages = ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift'] - - const remap_languages = { - 'c++': 'cpp', - 'c#': 'csharp', - 'kotlin': 'java', - 'typescript': 'javascript', - } - - const repo = context.repo - const response = await github.rest.repos.listLanguages(repo) - let matrix = { - "include": [] - } - - for (let [key, value] of Object.entries(response.data)) { - // remap language - if (remap_languages[key.toLowerCase()]) { - console.log(`Remapping language: ${key} to ${remap_languages[key.toLowerCase()]}`) - key = remap_languages[key.toLowerCase()] - } - if (supported_languages.includes(key.toLowerCase())) { - console.log(`Found supported language: ${key}`) - let osList = ['ubuntu-latest']; - if (key.toLowerCase() === 'swift') { - osList = ['macos-latest']; - } else if (key.toLowerCase() === 'cpp') { - // TODO: update macos to latest after the below issue is resolved - // https://github.com/github/codeql-action/issues/2266 - osList = ['macos-13', 'ubuntu-latest', 'windows-latest']; - } - for (let os of osList) { - // set name for matrix - if (osList.length == 1) { - name = key.toLowerCase() - } else { - name = `${key.toLowerCase()}, ${os}` - } - - // add to matrix - matrix['include'].push({"language": key.toLowerCase(), "os": os, "name": name}) - } - } - } - - // print languages - console.log(`matrix: ${JSON.stringify(matrix)}`) - - return matrix - - - name: Continue - uses: actions/github-script@v7 - id: continue - with: - script: | - // if matrix['include'] is an empty list return false, otherwise true - const matrix = ${{ steps.lang.outputs.result }} // this is already json encoded - - if (matrix['include'].length == 0) { - return false - } else { - return true - } - - analyze: - name: Analyze (${{ matrix.name }}) - if: ${{ needs.languages.outputs.continue == 'true' }} - defaults: - run: - shell: ${{ matrix.os == 'windows-latest' && 'msys2 {0}' || 'bash' }} - env: - GITHUB_CODEQL_BUILD: true - needs: [languages] - runs-on: ${{ matrix.os || 'ubuntu-latest' }} - timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.languages.outputs.matrix) }} - - steps: - - name: Maximize build space - if: >- - runner.os == 'Linux' && - matrix.language == 'cpp' - uses: easimon/maximize-build-space@v10 - with: - root-reserve-mb: 30720 - remove-dotnet: ${{ (matrix.language == 'csharp' && 'false') || 'true' }} - remove-android: 'true' - remove-haskell: 'true' - remove-codeql: 'false' - remove-docker-images: 'true' - - - name: Checkout repository - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Setup msys2 - if: >- - runner.os == 'Windows' && - matrix.language == 'cpp' - uses: msys2/setup-msys2@v2 - with: - msystem: ucrt64 - update: true - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # yamllint disable-line rule:line-length - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - config: | - paths-ignore: - - build - - node_modules - - third-party - - # Pre autobuild - # create a file named .codeql-prebuild-${{ matrix.language }}.sh in the root of your repository - # create a file named .codeql-build-${{ matrix.language }}.sh in the root of your repository - - name: Prebuild - id: prebuild - run: | - # check if prebuild script exists - filename=".codeql-prebuild-${{ matrix.language }}-${{ runner.os }}.sh" - if [ -f "./${filename}" ]; then - echo "Running prebuild script: ${filename}" - ./${filename} - fi - - # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). - - name: Autobuild - if: steps.prebuild.outputs.skip_autobuild != 'true' - uses: github/codeql-action/autobuild@v3 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:${{matrix.language}}" - output: sarif-results - upload: failure-only - - - name: filter-sarif - uses: advanced-security/filter-sarif@v1 - with: - input: sarif-results/${{ matrix.language }}.sarif - output: sarif-results/${{ matrix.language }}.sarif - patterns: | - -build/** - -node_modules/** - -third\-party/** - - - name: Upload SARIF - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: sarif-results/${{ matrix.language }}.sarif - - - name: Upload loc as a Build Artifact - uses: actions/upload-artifact@v4 - with: - name: sarif-results-${{ matrix.language }}-${{ runner.os }} - path: sarif-results - retention-days: 1 diff --git a/.github/workflows/issues.yml b/.github/workflows/issues.yml deleted file mode 100644 index aec6006c..00000000 --- a/.github/workflows/issues.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# This action is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# Label and un-label actions using `../label-actions.yml`. - -name: Issues - -on: - issues: - types: [labeled, unlabeled] - discussion: - types: [labeled, unlabeled] - -jobs: - label: - name: Label Actions - if: startsWith(github.repository, 'LizardByte/') - runs-on: ubuntu-latest - steps: - - name: Label Actions - uses: dessant/label-actions@v4 - with: - github-token: ${{ secrets.GH_BOT_TOKEN }} diff --git a/.github/workflows/python-flake8.yml b/.github/workflows/python-flake8.yml deleted file mode 100644 index 61e23f74..00000000 --- a/.github/workflows/python-flake8.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# This action is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# Lint python files with flake8. - -name: flake8 - -on: - pull_request: - branches: [master] - types: [opened, synchronize, reopened] - -concurrency: - group: "${{ github.workflow }}-${{ github.ref }}" - cancel-in-progress: true - -jobs: - flake8: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Python - uses: actions/setup-python@v5 # https://github.com/actions/setup-python - with: - python-version: '3.10' - - - name: Install dependencies - run: | - # pin flake8 before v6.0.0 due to removal of support for type comments (required for Python 2.7 type hints) - python -m pip install --upgrade pip setuptools "flake8<6" - - - name: Test with flake8 - run: | - python -m flake8 --verbose diff --git a/.github/workflows/release-notifier.yml b/.github/workflows/release-notifier.yml deleted file mode 100644 index 2d1e632d..00000000 --- a/.github/workflows/release-notifier.yml +++ /dev/null @@ -1,127 +0,0 @@ ---- -# This action is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# Send release notification to various platforms. - -name: Release Notifications - -on: - release: - types: - - released # this triggers when a release is published, but does not include pre-releases or drafts - -jobs: - simplified_changelog: - if: >- - startsWith(github.repository, 'LizardByte/') && - !github.event.release.prerelease && - !github.event.release.draft - outputs: - SIMPLIFIED_BODY: ${{ steps.output.outputs.SIMPLIFIED_BODY }} - runs-on: ubuntu-latest - steps: - - name: remove contributors section - env: - RELEASE_BODY: ${{ github.event.release.body }} - id: output - run: | - echo "${RELEASE_BODY}" > ./release_body.md - modified_body=$(sed '/^---$/d; /^## Contributors$/,/<\/a>/d' ./release_body.md) - echo "modified_body: ${modified_body}" - - # use a heredoc to ensure the output is multiline - echo "SIMPLIFIED_BODY<> $GITHUB_OUTPUT - echo "${modified_body}" >> $GITHUB_OUTPUT - echo "EOF" >> $GITHUB_OUTPUT - - discord: - if: >- - startsWith(github.repository, 'LizardByte/') && - !github.event.release.prerelease && - !github.event.release.draft - needs: simplified_changelog - runs-on: ubuntu-latest - steps: - - name: discord - uses: sarisia/actions-status-discord@v1 - with: - avatar_url: ${{ secrets.ORG_LOGO_URL }} - color: 0x00ff00 - description: ${{ needs.simplified_changelog.outputs.SIMPLIFIED_BODY }} - nodetail: true - nofail: false - title: ${{ github.event.repository.name }} ${{ github.ref_name }} Released - url: ${{ github.event.release.html_url }} - username: ${{ secrets.DISCORD_USERNAME }} - webhook: ${{ secrets.DISCORD_RELEASE_WEBHOOK }} - - facebook_group: - if: >- - startsWith(github.repository, 'LizardByte/') && - !github.event.release.prerelease && - !github.event.release.draft - runs-on: ubuntu-latest - steps: - - name: facebook-post-action - uses: ReenigneArcher/facebook-post-action@v1 - with: - page_id: ${{ secrets.FACEBOOK_GROUP_ID }} - access_token: ${{ secrets.FACEBOOK_ACCESS_TOKEN }} - message: | - ${{ github.event.repository.name }} ${{ github.ref_name }} Released - url: ${{ github.event.release.html_url }} - - facebook_page: - if: >- - startsWith(github.repository, 'LizardByte/') && - !github.event.release.prerelease && - !github.event.release.draft - runs-on: ubuntu-latest - steps: - - name: facebook-post-action - uses: ReenigneArcher/facebook-post-action@v1 - with: - page_id: ${{ secrets.FACEBOOK_PAGE_ID }} - access_token: ${{ secrets.FACEBOOK_ACCESS_TOKEN }} - message: | - ${{ github.event.repository.name }} ${{ github.ref_name }} Released - url: ${{ github.event.release.html_url }} - - reddit: - if: >- - startsWith(github.repository, 'LizardByte/') && - !github.event.release.prerelease && - !github.event.release.draft - needs: simplified_changelog - runs-on: ubuntu-latest - steps: - - name: reddit - uses: bluwy/release-for-reddit-action@v2 - with: - username: ${{ secrets.REDDIT_USERNAME }} - password: ${{ secrets.REDDIT_PASSWORD }} - app-id: ${{ secrets.REDDIT_CLIENT_ID }} - app-secret: ${{ secrets.REDDIT_CLIENT_SECRET }} - subreddit: ${{ secrets.REDDIT_SUBREDDIT }} - title: ${{ github.event.repository.name }} ${{ github.ref_name }} Released - url: ${{ github.event.release.html_url }} - flair-id: ${{ secrets.REDDIT_FLAIR_ID }} # https://www.reddit.com/r/>/api/link_flair.json - comment: ${{ needs.simplified_changelog.outputs.SIMPLIFIED_BODY }} - - x: - if: >- - startsWith(github.repository, 'LizardByte/') && - !github.event.release.prerelease && - !github.event.release.draft - runs-on: ubuntu-latest - steps: - - name: x - uses: nearform-actions/github-action-notify-twitter@v1 - with: - message: ${{ github.event.release.html_url }} - twitter-app-key: ${{ secrets.X_APP_KEY }} - twitter-app-secret: ${{ secrets.X_APP_SECRET }} - twitter-access-token: ${{ secrets.X_ACCESS_TOKEN }} - twitter-access-token-secret: ${{ secrets.X_ACCESS_TOKEN_SECRET }} diff --git a/.github/workflows/update-changelog.yml b/.github/workflows/update-changelog.yml deleted file mode 100644 index 99d2793e..00000000 --- a/.github/workflows/update-changelog.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# This action is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# Update changelog on release events. - -name: Update changelog - -on: - release: - types: [created, edited, deleted] - workflow_dispatch: - -concurrency: - group: "${{ github.workflow }}" - cancel-in-progress: true - -jobs: - update-changelog: - if: >- - github.event_name == 'workflow_dispatch' || - (!github.event.release.prerelease && !github.event.release.draft) - runs-on: ubuntu-latest - steps: - - name: Update Changelog - uses: LizardByte/update-changelog-action@v2024.609.4705 - with: - changelogBranch: changelog - changelogFile: CHANGELOG.md - token: ${{ secrets.GH_BOT_TOKEN }} diff --git a/.github/workflows/update-docs.yml b/.github/workflows/update-docs.yml deleted file mode 100644 index d1212f65..00000000 --- a/.github/workflows/update-docs.yml +++ /dev/null @@ -1,89 +0,0 @@ ---- -# This action is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# Use the `rtd` repository label to identify repositories that should trigger have this workflow. -# If the project slug is not the repository name, add a repository variable named `READTHEDOCS_SLUG` with the value of -# the ReadTheDocs project slug. - -# Update readthedocs on release events. - -name: Update docs - -on: - release: - types: [created, edited, deleted] - -concurrency: - group: "${{ github.workflow }}-${{ github.event.release.tag_name }}" - cancel-in-progress: true - -jobs: - update-docs: - env: - RTD_SLUG: ${{ vars.READTHEDOCS_SLUG }} - RTD_TOKEN: ${{ secrets.READTHEDOCS_TOKEN }} - TAG: ${{ github.event.release.tag_name }} - if: >- - !github.event.release.draft - runs-on: ubuntu-latest - steps: - - name: Get RTD_SLUG - run: | - # if the RTD_SLUG is not set, use the repository name in lowercase - if [ -z "${RTD_SLUG}" ]; then - RTD_SLUG=$(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]') - fi - echo "RTD_SLUG=${RTD_SLUG}" >> $GITHUB_ENV - - - name: Deactivate deleted release - if: >- - github.event_name == 'release' && - github.event.action == 'deleted' - run: | - json_body=$(jq -n \ - --arg active "false" \ - --arg hidden "false" \ - --arg privacy_level "public" \ - '{active: $active, hidden: $hidden, privacy_level: $privacy_level}') - - curl \ - -X PATCH \ - -H "Authorization: Token ${RTD_TOKEN}" \ - https://readthedocs.org/api/v3/projects/${RTD_SLUG}/versions/${TAG}/ \ - -H "Content-Type: application/json" \ - -d "$json_body" - - - name: Check if edited release is latest GitHub release - id: check - if: >- - github.event_name == 'release' && - github.event.action == 'edited' - uses: actions/github-script@v7 - with: - script: | - const latestRelease = await github.rest.repos.getLatestRelease({ - owner: context.repo.owner, - repo: context.repo.repo - }); - - core.setOutput('isLatestRelease', latestRelease.data.tag_name === context.payload.release.tag_name); - - - name: Update RTD project - # changing the default branch in readthedocs makes "latest" point to that branch/tag - # we can also update other properties like description, etc. - if: >- - steps.check.outputs.isLatestRelease == 'true' - run: | - json_body=$(jq -n \ - --arg default_branch "${TAG}" \ - --arg description "${{ github.event.repository.description }}" \ - '{default_branch: $default_branch}') - - curl \ - -X PATCH \ - -H "Authorization: Token ${RTD_TOKEN}" \ - https://readthedocs.org/api/v3/projects/${RTD_SLUG}/ \ - -H "Content-Type: application/json" \ - -d "$json_body" diff --git a/.github/workflows/yaml-lint.yml b/.github/workflows/yaml-lint.yml deleted file mode 100644 index 023b836c..00000000 --- a/.github/workflows/yaml-lint.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- -# This action is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# Lint yaml files. - -name: yaml lint - -on: - pull_request: - branches: [master] - types: [opened, synchronize, reopened] - -concurrency: - group: "${{ github.workflow }}-${{ github.ref }}" - cancel-in-progress: true - -jobs: - yaml-lint: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Find additional files - id: find-files - run: | - # space separated list of files - FILES=.clang-format - - # empty placeholder - FOUND="" - - for FILE in ${FILES}; do - if [ -f "$FILE" ] - then - FOUND="$FOUND $FILE" - fi - done - - echo "found=${FOUND}" >> $GITHUB_OUTPUT - - - name: yaml lint - id: yaml-lint - uses: ibiqlik/action-yamllint@v3 - with: - # https://yamllint.readthedocs.io/en/stable/configuration.html#default-configuration - config_data: | - extends: default - rules: - comments: - level: error - line-length: - max: 120 - truthy: - # GitHub uses "on" for workflow event triggers - # .clang-format file has options of "Yes" "No" that will be caught by this, so changed to "warning" - allowed-values: ['true', 'false', 'on'] - check-keys: true - level: warning - file_or_dir: . ${{ steps.find-files.outputs.found }} - - - name: Log - run: | - cat "${{ steps.yaml-lint.outputs.logfile }}" >> $GITHUB_STEP_SUMMARY