From e12b17ac9faea8d7346425057372919bdde17666 Mon Sep 17 00:00:00 2001 From: per1234 Date: Sat, 1 May 2021 21:26:54 -0700 Subject: [PATCH 01/17] Use v1 ref in example snippet The v1 branch will be updated on every release that increments the minor or patch version. Therefore, the use of this ref in workflows will result in the workflow automatically benefiting from ongoing improvements or fixes that don't cause a breaking change. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2a8d57b..649e7c6 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ jobs: steps: - uses: actions/checkout@v2 - - uses: arduino/cpp-test-action@main + - uses: arduino/cpp-test-action@v1 with: coverage-data-path: ${{ env.COVERAGE_DATA_PATH }} From 1357b6584335202e282def16f32094f52751381d Mon Sep 17 00:00:00 2001 From: per1234 Date: Mon, 27 Sep 2021 02:57:15 -0700 Subject: [PATCH 02/17] Add CI workflow to synchronize with shared repository labels On every push that changes relevant files, and periodically, configure the repository's issue and pull request labels according to the universal, shared, and local label configuration files. --- .github/workflows/sync-labels.yml | 139 ++++++++++++++++++++++++++++++ 1 file changed, 139 insertions(+) create mode 100644 .github/workflows/sync-labels.yml diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml new file mode 100644 index 0000000..f4c245e --- /dev/null +++ b/.github/workflows/sync-labels.yml @@ -0,0 +1,139 @@ +# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/sync-labels.md +name: Sync Labels + +# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows +on: + push: + paths: + - ".github/workflows/sync-labels.ya?ml" + - ".github/label-configuration-files/*.ya?ml" + pull_request: + paths: + - ".github/workflows/sync-labels.ya?ml" + - ".github/label-configuration-files/*.ya?ml" + schedule: + # Run daily at 8 AM UTC to sync with changes to shared label configurations. + - cron: "0 8 * * *" + workflow_dispatch: + repository_dispatch: + +env: + CONFIGURATIONS_FOLDER: .github/label-configuration-files + CONFIGURATIONS_ARTIFACT: label-configuration-files + +jobs: + check: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Download JSON schema for labels configuration file + id: download-schema + uses: carlosperate/download-file-action@v1.0.3 + with: + file-url: https://raw.githubusercontent.com/arduino/tooling-project-assets/main/workflow-templates/assets/sync-labels/arduino-tooling-gh-label-configuration-schema.json + location: ${{ runner.temp }}/label-configuration-schema + + - name: Install JSON schema validator + run: | + sudo npm install \ + --global \ + ajv-cli \ + ajv-formats + + - name: Validate local labels configuration + run: | + # See: https://github.com/ajv-validator/ajv-cli#readme + ajv validate \ + --all-errors \ + -c ajv-formats \ + -s "${{ steps.download-schema.outputs.file-path }}" \ + -d "${{ env.CONFIGURATIONS_FOLDER }}/*.{yml,yaml}" + + download: + needs: check + runs-on: ubuntu-latest + + strategy: + matrix: + filename: + # Filenames of the shared configurations to apply to the repository in addition to the local configuration. + # https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/sync-labels + - universal.yml + - tooling.yml + + steps: + - name: Download + uses: carlosperate/download-file-action@v1.0.3 + with: + file-url: https://raw.githubusercontent.com/arduino/tooling-project-assets/main/workflow-templates/assets/sync-labels/${{ matrix.filename }} + + - name: Pass configuration files to next job via workflow artifact + uses: actions/upload-artifact@v2 + with: + path: | + *.yaml + *.yml + if-no-files-found: error + name: ${{ env.CONFIGURATIONS_ARTIFACT }} + + sync: + needs: download + runs-on: ubuntu-latest + + steps: + - name: Set environment variables + run: | + # See: https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable + echo "MERGED_CONFIGURATION_PATH=${{ runner.temp }}/labels.yml" >> "$GITHUB_ENV" + + - name: Determine whether to dry run + id: dry-run + if: > + github.event_name == 'pull_request' || + ( + ( + github.event_name == 'push' || + github.event_name == 'workflow_dispatch' + ) && + github.ref != format('refs/heads/{0}', github.event.repository.default_branch) + ) + run: | + # Use of this flag in the github-label-sync command will cause it to only check the validity of the + # configuration. + echo "::set-output name=flag::--dry-run" + + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Download configuration files artifact + uses: actions/download-artifact@v2 + with: + name: ${{ env.CONFIGURATIONS_ARTIFACT }} + path: ${{ env.CONFIGURATIONS_FOLDER }} + + - name: Remove unneeded artifact + uses: geekyeggo/delete-artifact@v1 + with: + name: ${{ env.CONFIGURATIONS_ARTIFACT }} + + - name: Merge label configuration files + run: | + # Merge all configuration files + shopt -s extglob + cat "${{ env.CONFIGURATIONS_FOLDER }}"/*.@(yml|yaml) > "${{ env.MERGED_CONFIGURATION_PATH }}" + + - name: Install github-label-sync + run: sudo npm install --global github-label-sync + + - name: Sync labels + env: + GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + # See: https://github.com/Financial-Times/github-label-sync + github-label-sync \ + --labels "${{ env.MERGED_CONFIGURATION_PATH }}" \ + ${{ steps.dry-run.outputs.flag }} \ + ${{ github.repository }} From 5a2cc80f5f4edf37941b87e8ceb338613e379308 Mon Sep 17 00:00:00 2001 From: per1234 Date: Mon, 20 Dec 2021 21:23:17 -0800 Subject: [PATCH 03/17] Use major version ref of `carlosperate/download-file-action` (#6) The `carlosperate/download-file-action` action is used in the GitHub Actions workflows as a convenient way to download external resources. A major version ref has been added to that repository. It will always point to the latest release of the "1" major version series. This means it is no longer necessary to do a full pin of the action version in use as before. Use of the major version ref will cause the workflow to use a stable version of the action, while also benefiting from ongoing development to the action up until such time as a new major release of an action is made. At that time we would need to evaluate whether any changes to the workflow are required by the breaking change that triggered the major release before manually updating the major ref (e.g., uses: `carlosperate/download-file-action@v2`). I think this approach strikes the right balance between stability and maintainability for these workflows. --- .github/workflows/sync-labels.yml | 4 ++-- .github/workflows/validate-action_yml.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index f4c245e..0273232 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -31,7 +31,7 @@ jobs: - name: Download JSON schema for labels configuration file id: download-schema - uses: carlosperate/download-file-action@v1.0.3 + uses: carlosperate/download-file-action@v1 with: file-url: https://raw.githubusercontent.com/arduino/tooling-project-assets/main/workflow-templates/assets/sync-labels/arduino-tooling-gh-label-configuration-schema.json location: ${{ runner.temp }}/label-configuration-schema @@ -66,7 +66,7 @@ jobs: steps: - name: Download - uses: carlosperate/download-file-action@v1.0.3 + uses: carlosperate/download-file-action@v1 with: file-url: https://raw.githubusercontent.com/arduino/tooling-project-assets/main/workflow-templates/assets/sync-labels/${{ matrix.filename }} diff --git a/.github/workflows/validate-action_yml.yml b/.github/workflows/validate-action_yml.yml index a700424..c48730b 100644 --- a/.github/workflows/validate-action_yml.yml +++ b/.github/workflows/validate-action_yml.yml @@ -31,7 +31,7 @@ jobs: uses: actions/checkout@v2 - name: Download JSON schema for action.yml - uses: carlosperate/download-file-action@v1.0.3 + uses: carlosperate/download-file-action@v1 with: file-url: https://json.schemastore.org/github-action location: ${{ env.JSON_SCHEMA_FOLDER }} From 0f6c108cedc00541f6ac9e4b15a631b572a861b4 Mon Sep 17 00:00:00 2001 From: per1234 Date: Tue, 4 Jan 2022 10:32:09 -0800 Subject: [PATCH 04/17] Configure Dependabot to check for outdated actions used in workflows Dependabot will periodically check the versions of all actions used in the repository's workflows. If any are found to be outdated, it will submit a pull request to update them. NOTE: Dependabot's PRs will occasionally propose to pin to the patch version of the action (e.g., updating `uses: foo/bar@v1` to `uses: foo/bar@v2.3.4`). When the action author has provided a major version ref, use that instead (e.g., `uses: foo/bar@v2`). Dependabot will automatically close its PR once the workflow has been updated. More information: https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-dependabot --- .github/dependabot.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..f2bfa72 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +# See: https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#about-the-dependabotyml-file +version: 2 + +updates: + # Configure check for outdated GitHub Actions actions in workflows. + # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/dependabot/README.md + # See: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-actions-up-to-date-with-dependabot + - package-ecosystem: github-actions + directory: / # Check the repository's workflows under /.github/workflows/ + schedule: + interval: daily + labels: + - "topic: infrastructure" From 5eb42d8e7ad6cb75437cc851a4fabdda4c1ef348 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Mar 2022 07:53:20 +0000 Subject: [PATCH 05/17] Bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/spell-check.yml | 2 +- .github/workflows/sync-labels.yml | 4 ++-- .github/workflows/validate-action_yml.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/spell-check.yml b/.github/workflows/spell-check.yml index c8fd36c..7c1905f 100644 --- a/.github/workflows/spell-check.yml +++ b/.github/workflows/spell-check.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 # See: https://github.com/codespell-project/actions-codespell/blob/master/README.md - name: Spell check diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 0273232..28d0397 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Download JSON schema for labels configuration file id: download-schema @@ -106,7 +106,7 @@ jobs: echo "::set-output name=flag::--dry-run" - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Download configuration files artifact uses: actions/download-artifact@v2 diff --git a/.github/workflows/validate-action_yml.yml b/.github/workflows/validate-action_yml.yml index c48730b..b1604f1 100644 --- a/.github/workflows/validate-action_yml.yml +++ b/.github/workflows/validate-action_yml.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Checkout local repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Download JSON schema for action.yml uses: carlosperate/download-file-action@v1 From d6ae45ce9fa444ffc3ef282973b240d636cbf58a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Apr 2022 08:27:46 +0000 Subject: [PATCH 06/17] Bump actions/upload-artifact from 2 to 3 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/sync-labels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 28d0397..6081b1a 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -71,7 +71,7 @@ jobs: file-url: https://raw.githubusercontent.com/arduino/tooling-project-assets/main/workflow-templates/assets/sync-labels/${{ matrix.filename }} - name: Pass configuration files to next job via workflow artifact - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: path: | *.yaml From 7d7a99e9845e59bbd6499695d33bccf100c74809 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Apr 2022 08:27:48 +0000 Subject: [PATCH 07/17] Bump actions/download-artifact from 2 to 3 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/sync-labels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 28d0397..5ee9592 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -109,7 +109,7 @@ jobs: uses: actions/checkout@v3 - name: Download configuration files artifact - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v3 with: name: ${{ env.CONFIGURATIONS_ARTIFACT }} path: ${{ env.CONFIGURATIONS_FOLDER }} From c93278330e1515cc625f376db3b8a2d664b082e7 Mon Sep 17 00:00:00 2001 From: per1234 Date: Wed, 11 May 2022 00:36:26 -0700 Subject: [PATCH 08/17] Use form-based issue templates High quality feedback via GitHub issues is a very valuable contribution to the project. It is important to make the issue creation and management process as efficient as possible for the contributors, maintainers, and developers. Issue templates are helpful to the maintainers and developers because it establishes a standardized framework for the issues and encourages the contributors to provide the essential information. The contributor is now presented with a web form when creating an issue. This consists of multi-line input fields that have the same formatting, preview, and attachment capabilities as the standard GitHub Issue composer, in addition to menus and checkboxes where appropriate. The use of this form-based system should provide a much better experience for the contributors and also result in higher quality issues by establishing a standardized framework for the issues and encouraging contributors to provide the essential information. A template chooser allows the contributor to select the appropriate template type, redirects support requests to the appropriate communication channels via "Contact Links", and provides a prominent link to security policy to guide any vulnerability disclosures. The clear separation of the types of issues encourages the reporter to fit their report into a specific issue category, resulting in more clarity. Automatic labeling according to template choice allows the reporter to do the initial classification. --- .github/ISSUE_TEMPLATE/bug-report.yml | 56 ++++++++++++++++++++++ .github/ISSUE_TEMPLATE/config.yml | 17 +++++++ .github/ISSUE_TEMPLATE/feature-request.yml | 51 ++++++++++++++++++++ 3 files changed, 124 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug-report.yml create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/ISSUE_TEMPLATE/feature-request.yml diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml new file mode 100644 index 0000000..6d68623 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -0,0 +1,56 @@ +# Source: https://github.com/arduino/tooling-project-assets/blob/main/issue-templates/forms/general/bug-report.yml +# See: https://docs.github.com/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms + +name: Bug report +description: Report a problem with the code or documentation in this repository. +labels: + - "type: imperfection" +body: + - type: textarea + id: description + attributes: + label: Describe the problem + validations: + required: true + - type: textarea + id: reproduce + attributes: + label: To reproduce + description: Provide the specific set of steps we can follow to reproduce the problem. + validations: + required: true + - type: textarea + id: expected + attributes: + label: Expected behavior + description: What would you expect to happen after following those instructions? + validations: + required: true + - type: input + id: project-version + attributes: + label: "'arduino/cpp-test-action' version" + description: | + Which version of `arduino/cpp-test-action` are you using? + _This should be the most recent version available._ + validations: + required: true + - type: textarea + id: additional + attributes: + label: Additional context + description: Add any additional information here. + validations: + required: false + - type: checkboxes + id: checklist + attributes: + label: Issue checklist + description: Please double-check that you have done each of the following things before submitting the issue. + options: + - label: I searched for previous reports in [the issue tracker](https://github.com/arduino/cpp-test-action/issues?q=) + required: true + - label: I verified the problem still occurs when using the latest version + required: true + - label: My report contains all necessary details + required: true diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..d247937 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,17 @@ +# Source: https://github.com/arduino/tooling-project-assets/blob/main/issue-templates/template-choosers/github-actions/config.yml +# See: https://docs.github.com/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser + +blank_issues_enabled: false +contact_links: + - name: Learn about using this project + url: https://github.com/arduino/cpp-test-action#readme + about: Detailed usage documentation is available here. + - name: Learn about GitHub Actions + url: https://docs.github.com/actions + about: Everything you need to know to get started with GitHub Actions. + - name: Support request + url: https://forum.arduino.cc/ + about: We can help you out on the Arduino Forum! + - name: Discuss development work on the project + url: https://groups.google.com/a/arduino.cc/g/developers + about: Arduino Developers Mailing List diff --git a/.github/ISSUE_TEMPLATE/feature-request.yml b/.github/ISSUE_TEMPLATE/feature-request.yml new file mode 100644 index 0000000..c6688ec --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature-request.yml @@ -0,0 +1,51 @@ +# Source: https://github.com/arduino/tooling-project-assets/blob/main/issue-templates/forms/general/bug-report.yml +# See: https://docs.github.com/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms + +name: Feature request +description: Suggest an enhancement to this project. +labels: + - "type: enhancement" +body: + - type: textarea + id: description + attributes: + label: Describe the request + validations: + required: true + - type: textarea + id: current + attributes: + label: Describe the current behavior + description: | + What is the current behavior of `arduino/cpp-test-action` in relation to your request? + How can we reproduce that behavior? + validations: + required: true + - type: input + id: project-version + attributes: + label: "'arduino/cpp-test-action' version" + description: | + Which version of `arduino/cpp-test-action` are you using? + _This should be the most recent version available._ + validations: + required: true + - type: textarea + id: additional + attributes: + label: Additional context + description: Add any additional information here. + validations: + required: false + - type: checkboxes + id: checklist + attributes: + label: Issue checklist + description: Please double-check that you have done each of the following things before submitting the issue. + options: + - label: I searched for previous requests in [the issue tracker](https://github.com/arduino/cpp-test-action/issues?q=) + required: true + - label: I verified the feature was still missing when using the latest version + required: true + - label: My request contains all necessary details + required: true From 7002d721394c12b9f8b71d4b9b4f3e03213e3575 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Oct 2022 07:28:57 +0000 Subject: [PATCH 09/17] Bump geekyeggo/delete-artifact from 1 to 2 Bumps [geekyeggo/delete-artifact](https://github.com/geekyeggo/delete-artifact) from 1 to 2. - [Release notes](https://github.com/geekyeggo/delete-artifact/releases) - [Commits](https://github.com/geekyeggo/delete-artifact/compare/v1...v2) --- updated-dependencies: - dependency-name: geekyeggo/delete-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/sync-labels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 9ce51aa..4376e4c 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -115,7 +115,7 @@ jobs: path: ${{ env.CONFIGURATIONS_FOLDER }} - name: Remove unneeded artifact - uses: geekyeggo/delete-artifact@v1 + uses: geekyeggo/delete-artifact@v2 with: name: ${{ env.CONFIGURATIONS_ARTIFACT }} From 9519f49d8c4d3633a4e5aaf5e518da89d8a5c774 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Oct 2022 07:28:57 +0000 Subject: [PATCH 10/17] Bump carlosperate/download-file-action from 1 to 2 Bumps [carlosperate/download-file-action](https://github.com/carlosperate/download-file-action) from 1 to 2. - [Release notes](https://github.com/carlosperate/download-file-action/releases) - [Commits](https://github.com/carlosperate/download-file-action/compare/v1...v2) --- updated-dependencies: - dependency-name: carlosperate/download-file-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/sync-labels.yml | 4 ++-- .github/workflows/validate-action_yml.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 4376e4c..70085bd 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -31,7 +31,7 @@ jobs: - name: Download JSON schema for labels configuration file id: download-schema - uses: carlosperate/download-file-action@v1 + uses: carlosperate/download-file-action@v2 with: file-url: https://raw.githubusercontent.com/arduino/tooling-project-assets/main/workflow-templates/assets/sync-labels/arduino-tooling-gh-label-configuration-schema.json location: ${{ runner.temp }}/label-configuration-schema @@ -66,7 +66,7 @@ jobs: steps: - name: Download - uses: carlosperate/download-file-action@v1 + uses: carlosperate/download-file-action@v2 with: file-url: https://raw.githubusercontent.com/arduino/tooling-project-assets/main/workflow-templates/assets/sync-labels/${{ matrix.filename }} diff --git a/.github/workflows/validate-action_yml.yml b/.github/workflows/validate-action_yml.yml index b1604f1..c53241f 100644 --- a/.github/workflows/validate-action_yml.yml +++ b/.github/workflows/validate-action_yml.yml @@ -31,7 +31,7 @@ jobs: uses: actions/checkout@v3 - name: Download JSON schema for action.yml - uses: carlosperate/download-file-action@v1 + uses: carlosperate/download-file-action@v2 with: file-url: https://json.schemastore.org/github-action location: ${{ env.JSON_SCHEMA_FOLDER }} From 614e46aa8ec86f244c9548e2fa05c7fadd41c709 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Sep 2023 07:27:54 +0000 Subject: [PATCH 11/17] Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/spell-check.yml | 2 +- .github/workflows/sync-labels.yml | 4 ++-- .github/workflows/validate-action_yml.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/spell-check.yml b/.github/workflows/spell-check.yml index 7c1905f..1859dfe 100644 --- a/.github/workflows/spell-check.yml +++ b/.github/workflows/spell-check.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 # See: https://github.com/codespell-project/actions-codespell/blob/master/README.md - name: Spell check diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 70085bd..9134495 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Download JSON schema for labels configuration file id: download-schema @@ -106,7 +106,7 @@ jobs: echo "::set-output name=flag::--dry-run" - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Download configuration files artifact uses: actions/download-artifact@v3 diff --git a/.github/workflows/validate-action_yml.yml b/.github/workflows/validate-action_yml.yml index c53241f..33d68c5 100644 --- a/.github/workflows/validate-action_yml.yml +++ b/.github/workflows/validate-action_yml.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Checkout local repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Download JSON schema for action.yml uses: carlosperate/download-file-action@v2 From ffcf7fae86ce7ae82a84657987a02660917c0ca6 Mon Sep 17 00:00:00 2001 From: per1234 Date: Thu, 13 Jun 2024 10:16:07 -0700 Subject: [PATCH 12/17] Automatically assign per1234 to Dependabot PRs As the primary maintainer of the project infrastructure, it is the responsibility of GitHub user per1234 to review and merge the pull requests automatically submitted by Dependabot for bumps of outdated project dependencies. Configuring Dependabot to automatically set the pull request assignment will slightly streamline that process. --- .github/dependabot.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f2bfa72..6942074 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,6 +7,8 @@ updates: # See: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-actions-up-to-date-with-dependabot - package-ecosystem: github-actions directory: / # Check the repository's workflows under /.github/workflows/ + assignees: + - per1234 schedule: interval: daily labels: From 2d3b54a1a53301c45e8e5fc5c59b9e93608fd1b4 Mon Sep 17 00:00:00 2001 From: per1234 Date: Thu, 13 Jun 2024 10:17:19 -0700 Subject: [PATCH 13/17] Don't limit number of open Dependabot pull requests The Dependabot service is used to keep the project dependencies updated. Thanks to the project's high quality validation infrastructure, the human effort required to complete a trivial version bump is minimal. However, some bumps may introduce breaking changes that would require a significant amount of effort to accommodate, or are blocked by external tasks. In this case, the Dependabot pull request can't be merged, but should be left open to track the need to perform the bump when it is feasible. This means that it should be expected that there will be regularly be a small number of Dependabot pull requests left open in the repository over long periods of time. The automated system is here to assist the human project maintainers, not as a tyrannical overlord, so this is the system working exactly as intended. By default, Dependabot is configured to stop submitting pull requests if it already has five open pull requests. This means that if it happens that the accumulation of intentionally on-hold pull requests reaches that number, the project stops receiving the easily handled trivial update PRs. This is very harmful because it results in the completely unnecessary use of outdated dependencies, and unnecessary challenging large bumps when pull requests start being submitted once more after the backlog is cleared. The harmful default configuration is hereby overridden by configuring the maximum open pull request limit at 100. This value was chosen as an arbitrary large number simply to functionally disable the limiting, rather than from any expectation that the actual number of open PRs can ever reach that count. --- .github/dependabot.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6942074..146dab8 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,6 +9,7 @@ updates: directory: / # Check the repository's workflows under /.github/workflows/ assignees: - per1234 + open-pull-requests-limit: 100 schedule: interval: daily labels: From 5c96fb54790bd62635e526c908e1017ae6a27890 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 9 Oct 2024 08:37:09 +0000 Subject: [PATCH 14/17] Bump actions/upload-artifact from 3 to 4 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/sync-labels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 9134495..e1b8658 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -71,7 +71,7 @@ jobs: file-url: https://raw.githubusercontent.com/arduino/tooling-project-assets/main/workflow-templates/assets/sync-labels/${{ matrix.filename }} - name: Pass configuration files to next job via workflow artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: path: | *.yaml From 9fa03128037ca9cb209637b85ed1fed10cfb289d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Dec 2023 07:30:32 +0000 Subject: [PATCH 15/17] Bump actions/download-artifact from 3 to 4 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/sync-labels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index e1b8658..34ff6a5 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -109,7 +109,7 @@ jobs: uses: actions/checkout@v4 - name: Download configuration files artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: ${{ env.CONFIGURATIONS_ARTIFACT }} path: ${{ env.CONFIGURATIONS_FOLDER }} From 1f590381a9194c776c20c53fb325699d72e8eee6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Jun 2024 19:08:15 +0000 Subject: [PATCH 16/17] Bump geekyeggo/delete-artifact from 2 to 5 Bumps [geekyeggo/delete-artifact](https://github.com/geekyeggo/delete-artifact) from 2 to 5. - [Release notes](https://github.com/geekyeggo/delete-artifact/releases) - [Changelog](https://github.com/GeekyEggo/delete-artifact/blob/main/CHANGELOG.md) - [Commits](https://github.com/geekyeggo/delete-artifact/compare/v2...v5) --- updated-dependencies: - dependency-name: geekyeggo/delete-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/sync-labels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 34ff6a5..e73db2e 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -115,7 +115,7 @@ jobs: path: ${{ env.CONFIGURATIONS_FOLDER }} - name: Remove unneeded artifact - uses: geekyeggo/delete-artifact@v2 + uses: geekyeggo/delete-artifact@v5 with: name: ${{ env.CONFIGURATIONS_ARTIFACT }} From 5e595631c88d0bf36d9e16c02c55774fb71b2f37 Mon Sep 17 00:00:00 2001 From: per1234 Date: Sun, 20 Oct 2024 05:00:52 -0700 Subject: [PATCH 17/17] Don't upload multiple times to same artifact in label sync workflow The "Sync Labels" GitHub Actions workflow is configured to allow the use of multiple shared label configuration files. This is done by using a job matrix in the GitHub Actions workflow to download each of the files from the source repository in a parallel GitHub Actions workflow job. A GitHub Actions workflow artifact was used to transfer the generated files between sequential jobs in the workflow. The "actions/upload-artifact" and "actions/download-artifact" actions are used for this purpose. Previously, a single artifact was used for the transfer of all the shared label configuration files, with each of the parallel jobs uploading its own generated files to that artifact. However, support for uploading multiple times to a single artifact was dropped in version 4.0.0 of the "actions/upload-artifact" action. So it is now necessary to use a dedicated artifact for each of the builds. These can be downloaded in aggregate by using the artifact name globbing and merging features which were introduced in version 4.1.0 of the "actions/download-artifact" action. --- .github/workflows/sync-labels.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index e73db2e..78723a3 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -19,7 +19,7 @@ on: env: CONFIGURATIONS_FOLDER: .github/label-configuration-files - CONFIGURATIONS_ARTIFACT: label-configuration-files + CONFIGURATIONS_ARTIFACT_PREFIX: label-configuration-file- jobs: check: @@ -77,7 +77,7 @@ jobs: *.yaml *.yml if-no-files-found: error - name: ${{ env.CONFIGURATIONS_ARTIFACT }} + name: ${{ env.CONFIGURATIONS_ARTIFACT_PREFIX }}${{ matrix.filename }} sync: needs: download @@ -108,16 +108,17 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - - name: Download configuration files artifact + - name: Download configuration file artifacts uses: actions/download-artifact@v4 with: - name: ${{ env.CONFIGURATIONS_ARTIFACT }} + merge-multiple: true + pattern: ${{ env.CONFIGURATIONS_ARTIFACT_PREFIX }}* path: ${{ env.CONFIGURATIONS_FOLDER }} - - name: Remove unneeded artifact + - name: Remove unneeded artifacts uses: geekyeggo/delete-artifact@v5 with: - name: ${{ env.CONFIGURATIONS_ARTIFACT }} + name: ${{ env.CONFIGURATIONS_ARTIFACT_PREFIX }}* - name: Merge label configuration files run: |