diff --git a/.github/workflows/CheckCompatBounds.yml b/.github/workflows/CheckCompatBounds.yml new file mode 100644 index 0000000..718a91f --- /dev/null +++ b/.github/workflows/CheckCompatBounds.yml @@ -0,0 +1,14 @@ +name: "CheckCompatBounds" +on: + pull_request: ~ +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: "${{ startsWith(github.ref, 'refs/pull/') }}" +permissions: + contents: "read" +jobs: + check-compat-bounds: + name: "CheckCompatBounds" + uses: "ITensor/ITensorActions/.github/workflows/CheckCompatBounds.yml@v2" + with: + localregistry: "https://github.com/ITensor/ITensorRegistry.git" diff --git a/.github/workflows/CodeQL.yml b/.github/workflows/CodeQL.yml new file mode 100644 index 0000000..5b70afd --- /dev/null +++ b/.github/workflows/CodeQL.yml @@ -0,0 +1,16 @@ +name: "CodeQL" +on: + pull_request: + branches: + - "main" +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: "${{ startsWith(github.ref, 'refs/pull/') }}" +permissions: + contents: "read" + security-events: "write" + actions: "read" +jobs: + codeql: + name: "CodeQL" + uses: "ITensor/ITensorActions/.github/workflows/CodeQL.yml@v2" diff --git a/.github/workflows/CompatHelper.yml b/.github/workflows/CompatHelper.yml index 70f2dc6..305496d 100644 --- a/.github/workflows/CompatHelper.yml +++ b/.github/workflows/CompatHelper.yml @@ -7,8 +7,9 @@ permissions: contents: "write" pull-requests: "write" jobs: - compat-helper: + compathelper: name: "CompatHelper" - uses: "ITensor/ITensorActions/.github/workflows/CompatHelper.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/CompatHelper.yml@v2" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" + secrets: "inherit" diff --git a/.github/workflows/Documentation.yml b/.github/workflows/Documentation.yml index c3b11ec..9c6dec4 100644 --- a/.github/workflows/Documentation.yml +++ b/.github/workflows/Documentation.yml @@ -3,17 +3,19 @@ on: push: branches: - "main" - tags: "*" + tags: ["v*"] pull_request: ~ schedule: - cron: "1 4 * * 4" concurrency: group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: "${{ github.ref_name != github.event.repository.default_branch || github.ref != 'refs/tags/v*' }}" +permissions: + contents: "write" jobs: - build-and-deploy-docs: + documentation: name: "Documentation" - uses: "ITensor/ITensorActions/.github/workflows/Documentation.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/Documentation.yml@v2" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" secrets: diff --git a/.github/workflows/FormatCheck.yml b/.github/workflows/FormatCheck.yml index 3c290ea..e1a1aaa 100644 --- a/.github/workflows/FormatCheck.yml +++ b/.github/workflows/FormatCheck.yml @@ -1,16 +1,17 @@ -name: "Format Check" +name: "FormatCheck" on: - pull_request_target: + pull_request: types: - "opened" - "synchronize" - "reopened" - "ready_for_review" +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: "${{ startsWith(github.ref, 'refs/pull/') }}" permissions: contents: "read" - actions: "write" - pull-requests: "write" jobs: format-check: - name: "Format Check" - uses: "ITensor/ITensorActions/.github/workflows/FormatCheck.yml@main" + name: "FormatCheck" + uses: "ITensor/ITensorActions/.github/workflows/FormatCheck.yml@v2" diff --git a/.github/workflows/FormatCheckComment.yml b/.github/workflows/FormatCheckComment.yml new file mode 100644 index 0000000..3aa4a15 --- /dev/null +++ b/.github/workflows/FormatCheckComment.yml @@ -0,0 +1,16 @@ +name: "FormatCheckComment" +on: + workflow_run: + workflows: + - "FormatCheck" + types: + - "completed" +permissions: + pull-requests: "write" + actions: "read" +jobs: + format-check-comment: + name: "FormatCheckComment" + if: "github.event.workflow_run.event == 'pull_request'" + uses: "ITensor/ITensorActions/.github/workflows/FormatCheckComment.yml@v2" + secrets: "inherit" diff --git a/.github/workflows/FormatPullRequest.yml b/.github/workflows/FormatPullRequest.yml index 5a8b627..b0c2b61 100644 --- a/.github/workflows/FormatPullRequest.yml +++ b/.github/workflows/FormatPullRequest.yml @@ -1,4 +1,4 @@ -name: "Format Pull Request" +name: "FormatPullRequest" on: schedule: - cron: "0 0 * * *" @@ -11,6 +11,6 @@ permissions: pull-requests: "write" jobs: format-pull-request: - name: "Format Pull Request" - uses: "ITensor/ITensorActions/.github/workflows/FormatPullRequest.yml@main" + name: "FormatPullRequest" + uses: "ITensor/ITensorActions/.github/workflows/FormatPullRequest.yml@v2" secrets: "inherit" diff --git a/.github/workflows/IntegrationTest.yml b/.github/workflows/IntegrationTest.yml index 310f563..a94b24d 100644 --- a/.github/workflows/IntegrationTest.yml +++ b/.github/workflows/IntegrationTest.yml @@ -4,38 +4,27 @@ on: branches: - "main" tags: "*" - paths: - - "Project.toml" - pull_request_target: + pull_request: types: - "opened" - "synchronize" - "reopened" - "ready_for_review" - "converted_to_draft" - paths: - - "Project.toml" +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: "${{ startsWith(github.ref, 'refs/pull/') }}" +permissions: + actions: "read" + contents: "read" jobs: integration-test: name: "IntegrationTest" - strategy: - fail-fast: false - matrix: - pkg: - - "ITensorTestPackageDependent" - uses: "ITensor/ITensorActions/.github/workflows/IntegrationTest.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/IntegrationTest.yml@v2" secrets: "inherit" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" - pkg: "${{ matrix.pkg }}" - integration-gate: - name: "IntegrationTest" - needs: "integration-test" - if: "${{ always() && needs.integration-test.result != 'skipped' }}" - runs-on: "ubuntu-latest" - steps: - - name: "Fail if any downstream integration test failed" - run: | - echo "integration-test.result = ${{ needs.integration-test.result }}" - test "${{ needs.integration-test.result }}" = "success" - + pkgs: | + [ + "ITensorTestPackageDependent" + ] diff --git a/.github/workflows/IntegrationTestRequest.yml b/.github/workflows/IntegrationTestRequest.yml index 6f58e45..7f7aee2 100644 --- a/.github/workflows/IntegrationTestRequest.yml +++ b/.github/workflows/IntegrationTestRequest.yml @@ -1,14 +1,20 @@ -name: "Integration Test Request" +name: "IntegrationTestRequest" on: issue_comment: types: - "created" +permissions: + actions: "read" + contents: "read" + checks: "write" + pull-requests: "write" jobs: - integrationrequest: + integration-test-request: + name: "IntegrationTestRequest" if: | github.event.issue.pull_request && contains(fromJSON('["OWNER", "COLLABORATOR", "MEMBER"]'), github.event.comment.author_association) - - uses: "ITensor/ITensorActions/.github/workflows/IntegrationTestRequest.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/IntegrationTestRequest.yml@v2" + secrets: "inherit" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" diff --git a/.github/workflows/Registrator.yml b/.github/workflows/Registrator.yml index 97dc033..82d0a03 100644 --- a/.github/workflows/Registrator.yml +++ b/.github/workflows/Registrator.yml @@ -1,4 +1,4 @@ -name: "Register Package" +name: "Registrator" on: workflow_dispatch: ~ push: @@ -15,8 +15,9 @@ permissions: pull-requests: "write" issues: "write" jobs: - Register: - uses: "ITensor/ITensorActions/.github/workflows/Registrator.yml@main" + registrator: + name: "Registrator" + uses: "ITensor/ITensorActions/.github/workflows/Registrator.yml@v2" with: localregistry: "ITensor/ITensorRegistry" secrets: "inherit" diff --git a/.github/workflows/TagBot.yml b/.github/workflows/TagBot.yml index f535119..1dd7bed 100644 --- a/.github/workflows/TagBot.yml +++ b/.github/workflows/TagBot.yml @@ -4,8 +4,14 @@ on: types: - "created" workflow_dispatch: ~ +env: + REGISTRY_TAGBOT_ACTION: "JuliaRegistries/TagBot" +permissions: + contents: "write" + issues: "read" jobs: - TagBot: + tagbot: + name: "TagBot" if: "github.event_name == 'workflow_dispatch' || github.actor == 'JuliaTagBot'" - uses: "ITensor/ITensorActions/.github/workflows/TagBot.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/TagBot.yml@v2" secrets: "inherit" diff --git a/.github/workflows/Tests.yml b/.github/workflows/Tests.yml index 70f6c8d..7add6ef 100644 --- a/.github/workflows/Tests.yml +++ b/.github/workflows/Tests.yml @@ -19,6 +19,8 @@ on: concurrency: group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: "${{ startsWith(github.ref, 'refs/pull/') }}" +permissions: + contents: "read" jobs: tests: name: "Tests" @@ -32,7 +34,7 @@ jobs: - "ubuntu-latest" - "macOS-latest" - "windows-latest" - uses: "ITensor/ITensorActions/.github/workflows/Tests.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/Tests.yml@v2" with: group: "${{ matrix.group }}" julia-version: "${{ matrix.version }}" diff --git a/.github/workflows/VersionCheck.yml b/.github/workflows/VersionCheck.yml index bb0df88..437bd6b 100644 --- a/.github/workflows/VersionCheck.yml +++ b/.github/workflows/VersionCheck.yml @@ -1,9 +1,15 @@ -name: "Version Check" +name: "VersionCheck" on: pull_request: ~ +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: "${{ startsWith(github.ref, 'refs/pull/') }}" +permissions: + contents: "read" + pull-requests: "read" jobs: version-check: - name: "Version Check" - uses: "ITensor/ITensorActions/.github/workflows/VersionCheck.yml@main" + name: "VersionCheck" + uses: "ITensor/ITensorActions/.github/workflows/VersionCheck.yml@v2" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git"