Merge branch 'main' of https://github.com/opendatahub-io/notebooks into sync-downstr-3

Author: atheo89

.github/workflows/build-notebooks-TEMPLATE.yaml

@@ -59,11 +59,11 @@ jobs:
           echo "IMAGE_REGISTRY=${IMAGE_REGISTRY,,}" >>${GITHUB_ENV}
           echo "CACHE=${CACHE,,}" >>${GITHUB_ENV}
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         if: ${{ fromJson(inputs.github).event_name != 'pull_request_target' }}
       # we need to checkout the pr branch, not pr target (the default for pull_request_target)
       # user access check is done in calling workflow
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         if: ${{ fromJson(inputs.github).event_name == 'pull_request_target' }}
         with:
           ref: "refs/pull/${{ fromJson(inputs.github).event.number }}/merge"

.github/workflows/build-notebooks-pr-rhel.yaml

@@ -39,11 +39,11 @@ jobs:
 
       # Here we are checking out the pull request, so that we can build from the new code
       # We can do this because we already checked that the submitting user is a contributor
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         if: ${{ github.event_name == 'pull_request_target' }}
         with:
           ref: "refs/pull/${{ github.event.number }}/merge"
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         if: ${{ github.event_name != 'pull_request_target' }}
 
       - name: Determine targets to build based on changed files

.github/workflows/build-notebooks-pr.yaml

@@ -26,7 +26,7 @@ jobs:
       matrix: ${{ steps.gen.outputs.matrix }}
       has_jobs: ${{ steps.gen.outputs.has_jobs }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - uses: actions/setup-go@v5
         with:

.github/workflows/build-notebooks-push.yaml

@@ -24,7 +24,7 @@ jobs:
       matrix: ${{ steps.gen.outputs.matrix }}
       has_jobs: ${{ steps.gen.outputs.has_jobs }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Determine targets to build (we want to build everything on push)
         run: |

.github/workflows/code-quality.yaml

@@ -12,7 +12,7 @@ jobs:
   check-generated-code:
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Rerun all code generators we have
         run: bash ci/generate_code.sh
@@ -32,7 +32,7 @@ jobs:
   pytest-tests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       # https://github.com/astral-sh/setup-uv
       - name: Install the latest version of uv
@@ -60,7 +60,7 @@ jobs:
   code-static-analysis:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Do not check secrets, they are encrypted
         run: rm -rf ./ci/secrets

.github/workflows/create-release.yaml

@@ -44,7 +44,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
       - name: Generate notebooks release

.github/workflows/docs.yaml

@@ -16,7 +16,7 @@ jobs:
     name: Generate list of images for release notes
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       # https://github.com/astral-sh/setup-uv
       - name: Install the latest version of uv

.github/workflows/notebooks-digest-updater.yaml

@@ -50,7 +50,7 @@ jobs:
           git config --global user.name "GitHub Actions"
 
       - name: Checkout branch
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ env.BRANCH_NAME }}
 
@@ -61,7 +61,7 @@ jobs:
          git push --set-upstream origin ${{ env.TMP_BRANCH }}
 
       - name: Checkout release branch
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ env.TMP_BRANCH }}
           fetch-depth: 0

.github/workflows/notebooks-release.yaml

@@ -72,7 +72,7 @@ jobs:
       pr_merged_m: ${{ steps.check_pr.outputs.pr_merged }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -105,7 +105,7 @@ jobs:
       pr_merged_b: ${{ steps.check_pr.outputs.pr_merged }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 

.github/workflows/notify-team-to-review-pr.yml

@@ -0,0 +1,33 @@
+---
+name: Add Review Requested Label
+on:  # yamllint disable-line rule:truthy
+  # the regular `secrets.GITHUB_TOKEN` with `on: pull_request` results in a 403 error
+  #  HttpError: Resource not accessible by integration
+  pull_request_target:
+    types: [opened]
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
+jobs:
+  add-label:
+    if: contains(github.event.pull_request.labels.*.name, 'konflux-nudge') == false
+    runs-on: ubuntu-latest
+    steps:
+
+      # SECURITY: never clone untrusted code in pull_request_target workflows
+
+      - name: Add review-requested label
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          # language=javascript
+          script: |
+            await github.rest.issues.addLabels({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.payload.pull_request.number,
+              labels: ['review-requested']
+            });