Merge remote-tracking branch 'upstream/develop' into philipp/add-missing-opts

Author: stdlib-bot

.github/workflows/autoclose.yml

@@ -37,11 +37,6 @@ jobs:
     # Only run this job if the pull request has a specific label:
     if: "${{ github.event.label.name == 'autoclose: EditorConfig' }}"
 
-    # Define job permissions:
-    permissions:
-      contents: read
-      pull-requests: write
-
     # Define the type of virtual host machine:
     runs-on: ubuntu-latest
 
@@ -73,11 +68,6 @@ jobs:
     # Only run this job if the pull request has a specific label:
     if: "${{ github.event.label.name == 'autoclose: Contributor Guidelines' }}"
 
-    # Define job permissions:
-    permissions:
-      contents: read
-      pull-requests: write
-
     # Define the type of virtual host machine:
     runs-on: ubuntu-latest
 
@@ -109,11 +99,6 @@ jobs:
     # Only run this job if the pull request has a specific label:
     if: "${{ github.event.label.name == 'autoclose: Project Conventions' }}"
 
-    # Define job permissions:
-    permissions:
-      contents: read
-      pull-requests: write
-
     # Define the type of virtual host machine:
     runs-on: ubuntu-latest
 
@@ -149,11 +134,6 @@ jobs:
     # Only run this job if the pull request has a specific label:
     if: "${{ github.event.label.name == 'autoclose: Spam' }}"
 
-    # Define job permissions:
-    permissions:
-      contents: read
-      pull-requests: write
-
     # Define the type of virtual host machine:
     runs-on: ubuntu-latest
 
@@ -189,12 +169,6 @@ jobs:
     # Only run this job if the pull request has a specific label:
     if: "${{ github.event.label.name == 'autoclose: Stale' }}"
 
-    # Define job permissions:
-    permissions:
-      contents: read
-      issues: write
-      pull-requests: write
-
     # Define the type of virtual host machine:
     runs-on: ubuntu-latest
 
@@ -211,3 +185,66 @@ jobs:
             This pull request has been automatically closed because it has been inactive for an extended period after changes were requested. If you still wish to pursue this contribution, feel free to reopen the pull request or submit a new one.
 
             We appreciate your interest in contributing to stdlib!
+
+  # Define a job which closes a pull request if a PR has an inappropriate Git history:
+  git_history:
+
+    # Define job name:
+    name: 'Check for Git History label'
+
+    # Only run this job if the pull request has a specific label:
+    if: "${{ github.event.label.name == 'autoclose: Git History' }}"
+
+    # Define the type of virtual host machine:
+    runs-on: ubuntu-latest
+
+    # Define the sequence of job steps:
+    steps:
+
+      # Close the pull request:
+      - name: 'Close pull request'
+        run: gh pr close "$NUMBER" --comment "$BODY"
+        env:
+          GH_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }}
+          GH_REPO: ${{ github.repository }}
+          NUMBER: ${{ github.event.pull_request.number }}
+          BODY: |
+            Thank you for working on this pull request. However, we cannot accept your contribution due to Git history issues.
+
+            Some common issues include:
+
+            -   Merge conflicts
+            -   Inappropriate commit messages
+            -   Unrelated commits
+            -   Including changes from merged branches that weren't intended for this PR
+
+            We recommend opening a new pull request with only the intended changes.
+
+            Thank you for your interest in stdlib, and we look forward to your future contributions.
+
+  # Define a job which closes a pull request if proposed changes duplicate already included changes:
+  already_resolved:
+
+    # Define job name:
+    name: 'Check for already resolved label'
+
+    # Only run this job if the pull request has a specific label:
+    if: "${{ github.event.label.name == 'autoclose: Already Resolved' }}"
+
+    # Define the type of virtual host machine:
+    runs-on: ubuntu-latest
+
+    # Define the sequence of job steps:
+    steps:
+
+      # Close the pull request:
+      - name: 'Close pull request'
+        run: gh pr close "$NUMBER" --comment "$BODY"
+        env:
+          GH_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }}
+          GH_REPO: ${{ github.repository }}
+          NUMBER: ${{ github.event.pull_request.number }}
+          BODY: |
+            Thank you for working on this pull request. However, we cannot accept your contribution as the issue this pull request seeks to resolve has already been addressed in a different pull request or commit.
+
+            Thank you again for your interest in stdlib, and we look forward to reviewing your future contributions.

.github/workflows/check_commit_metadata.yml

@@ -43,8 +43,8 @@ jobs:
     # Define the type of virtual host machine:
     runs-on: ubuntu-latest
 
-    # Skip this job for PRs opened by automated bot accounts:
-    if: github.event.pull_request.user.login != 'stdlib-bot' && github.event.pull_request.user.login != 'dependabot[bot]'
+    # Temporarily disable the entire workflow:
+    if: false
 
     # Define the sequence of job steps...
     steps:
@@ -53,14 +53,10 @@ jobs:
         # Pin action to full length commit SHA
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-          # Specify whether to remove untracked files before checking out the repository:
-          clean: true
-
-          # Limit clone depth to the most recent commit:
-          fetch-depth: 1
-
-          # Specify whether to download Git-LFS files:
-          lfs: false
+          # Ensure we have access to the scripts directory:
+          sparse-checkout: |
+              .github/workflows/scripts
+          sparse-checkout-cone-mode: false
         timeout-minutes: 10
 
       # Extract commit metadata from commit messages as JSON:

.github/workflows/check_contributing_guidelines_acceptance.yml

@@ -50,9 +50,6 @@ permissions:
   # Allow read-only access to the repository contents:
   contents: read
 
-  # Allow write access to pull requests:
-  pull-requests: write
-
 # Workflow jobs:
 jobs:
 
@@ -75,14 +72,10 @@ jobs:
         # Pin action to full length commit SHA
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-          # Specify whether to remove untracked files before checking out the repository:
-          clean: true
-
-          # Limit clone depth to the most recent commit:
-          fetch-depth: 1
-
-          # Specify whether to download Git-LFS files:
-          lfs: false
+          # Ensure we have access to the scripts directory:
+          sparse-checkout: |
+              .github/workflows/scripts
+          sparse-checkout-cone-mode: false
         timeout-minutes: 10
 
       # Check contributing guidelines acceptance:

.github/workflows/create_address_commit_comment_issues.yml

@@ -55,14 +55,10 @@ jobs:
         # Pin action to full length commit SHA
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-          # Specify whether to remove untracked files before checking out the repository:
-          clean: false
-
-          # Limit clone depth to the most recent commit:
-          fetch-depth: 1
-
-          # Specify whether to download Git-LFS files:
-          lfs: false
+          # Ensure we have access to the scripts directory:
+          sparse-checkout: |
+              .github/workflows/scripts
+          sparse-checkout-cone-mode: false
         timeout-minutes: 10
 
       # Create issues from commit comments:

.github/workflows/generate_pr_commit_message.yml

@@ -30,12 +30,6 @@ permissions:
   # Allow read-only access to the repository contents:
   contents: read
 
-  # Allow write access to issues, assignees, labels, and milestones:
-  issues: write
-
-  # Allow write access to pull requests:
-  pull-requests: write
-
 # Workflow jobs:
 jobs:
 
@@ -62,8 +56,11 @@ jobs:
         # Pin action to full length commit SHA
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-          # Fetch all commits to ensure we have the full commit history:
-          fetch-depth: 0
+          # Ensure we have access to the scripts directory and .mailmap file for generating the commit message:
+          sparse-checkout: |
+            .github/workflows/scripts
+            .mailmap
+          sparse-checkout-cone-mode: false
 
       # Generate commit message:
       - name: 'Generate commit message'

.github/workflows/git_note_amend_message.yml

@@ -120,7 +120,7 @@ jobs:
       # Import GPG key to sign commits:
       - name: 'Import GPG key to sign commits'
         # Pin action to full length commit SHA
-        uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
+        uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
         with:
           gpg_private_key: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }}

.github/workflows/git_note_filter_packages.yml

@@ -129,7 +129,7 @@ jobs:
       # Import GPG key to sign commits:
       - name: 'Import GPG key to sign commits'
         # Pin action to full length commit SHA
-        uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
+        uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
         with:
           gpg_private_key: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }}

.github/workflows/good_first_issue.yml

@@ -40,7 +40,6 @@ jobs:
     # Define job permissions:
     permissions:
       contents: read
-      pull-requests: write
 
     # Define the type of virtual host machine:
     runs-on: ubuntu-latest

.github/workflows/label_good_first_prs.yml

@@ -43,8 +43,8 @@ jobs:
 
     # Define job permissions:
     permissions:
+      # Allow read-only access to the repository contents:
       contents: read
-      pull-requests: write
 
     # Define the type of virtual host machine:
     runs-on: ubuntu-latest
@@ -56,14 +56,10 @@ jobs:
         # Pin action to full length commit SHA
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-          # Specify whether to remove untracked files before checking out the repository:
-          clean: true
-
-          # Limit clone depth to the most recent commit:
-          fetch-depth: 1
-
-          # Specify whether to download Git-LFS files:
-          lfs: false
+          # Ensure we have access to the scripts directory:
+          sparse-checkout: |
+              .github/workflows/scripts
+          sparse-checkout-cone-mode: false
         timeout-minutes: 10
 
       # Check whether any of the referenced issues is a "Good First Issue":

.github/workflows/labeler.yml

@@ -49,7 +49,6 @@ jobs:
     # Define job permissions:
     permissions:
       contents: read
-      pull-requests: write
 
     # Define the type of virtual host machine:
     runs-on: ubuntu-latest