From 68d09df9c590a35d3ed67d17afc6d88edc4291d4 Mon Sep 17 00:00:00 2001 From: tdstein Date: Tue, 1 Apr 2025 22:09:19 -0400 Subject: [PATCH 1/2] style: add name and double line break to each step --- .github/workflows/board.yaml | 7 +- .github/workflows/ci.yaml | 99 +++++++++++++++------ .github/workflows/conventional-commits.yaml | 11 ++- .github/workflows/coverage.yaml | 27 ++++-- .github/workflows/release.yaml | 27 ++++-- .github/workflows/site.yaml | 66 ++++++++++---- 6 files changed, 175 insertions(+), 62 deletions(-) diff --git a/.github/workflows/board.yaml b/.github/workflows/board.yaml index 960713e9..6912c706 100644 --- a/.github/workflows/board.yaml +++ b/.github/workflows/board.yaml @@ -14,13 +14,16 @@ jobs: permissions: issues: write steps: - - run: gh issue edit "$NUMBER" --add-label "$LABELS" + - name: Add label to issue + run: gh issue edit "$NUMBER" --add-label "$LABELS" env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_REPO: ${{ github.repository }} NUMBER: ${{ github.event.issue.number }} LABELS: sdk - - uses: actions/add-to-project@v1.0.2 + + - name: Add issue to project board + uses: actions/add-to-project@v1.0.2 continue-on-error: true with: project-url: https://github.com/orgs/rstudio/projects/207 diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d20c71ab..71478f29 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -8,12 +8,23 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: astral-sh/setup-uv@v3 - - run: uv python install - - run: make dev - - run: make lint - - run: make fmt + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup UV + uses: astral-sh/setup-uv@v3 + + - name: Install UV Python + run: uv python install + + - name: Setup development environment + run: make dev + + - name: Run linter + run: make lint + + - name: Format code + run: make fmt test: runs-on: ubuntu-latest @@ -28,19 +39,31 @@ jobs: - "3.12" - "3.13" steps: - - uses: actions/checkout@v4 - - uses: astral-sh/setup-uv@v3 - - run: uv python install ${{ matrix.python-version }} - - run: make dev - - run: make test + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup UV + uses: astral-sh/setup-uv@v3 + + - name: Install UV Python for matrix version + run: uv python install ${{ matrix.python-version }} + + - name: Setup development environment + run: make dev + + - name: Run tests + run: make test setup-integration-test: runs-on: ubuntu-latest outputs: versions: ${{ steps.versions.outputs.versions }} steps: - - uses: actions/checkout@v4 - - id: versions + - name: Checkout code + uses: actions/checkout@v4 + + - name: Get integration versions + id: versions working-directory: ./integration # The `jq` command is "output compact, raw input, slurp, split on new lines, and remove the last element". This results in a JSON array of Connect versions (e.g., ["2025.01.0", "2024.12.0"]). run: | @@ -55,16 +78,28 @@ jobs: matrix: CONNECT_VERSION: ${{ fromJson(needs.setup-integration-test.outputs.versions) }} steps: - - uses: actions/checkout@v4 - - uses: docker/setup-buildx-action@v3 + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Write Posit Connect license to disk run: echo "$CONNECT_LICENSE" > ./integration/license.lic env: CONNECT_LICENSE: ${{ secrets.CONNECT_LICENSE }} - - uses: astral-sh/setup-uv@v3 - - run: uv python install - - run: make -C ./integration ${{ matrix.CONNECT_VERSION }} - - uses: actions/upload-artifact@v4 + + - name: Setup UV + uses: astral-sh/setup-uv@v3 + + - name: Install UV Python + run: uv python install + + - name: Run integration tests for version + run: make -C ./integration ${{ matrix.CONNECT_VERSION }} + + - name: Upload integration test report + uses: actions/upload-artifact@v4 if: always() with: name: ${{ matrix.CONNECT_VERSION }} - Integration Test Report @@ -78,10 +113,13 @@ jobs: pull-requests: write if: always() steps: - - uses: actions/download-artifact@v4 + - name: Download artifacts + uses: actions/download-artifact@v4 with: path: artifacts - - uses: EnricoMi/publish-unit-test-result-action@v2 + + - name: Publish integration test results + uses: EnricoMi/publish-unit-test-result-action@v2 with: check_name: integration-test-results comment_mode: off @@ -91,8 +129,17 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: astral-sh/setup-uv@v3 - - run: uv python install - - run: make dev - - run: make build + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup UV + uses: astral-sh/setup-uv@v3 + + - name: Install UV Python + run: uv python install + + - name: Setup development environment + run: make dev + + - name: Build project + run: make build diff --git a/.github/workflows/conventional-commits.yaml b/.github/workflows/conventional-commits.yaml index 53f39847..b5efc12a 100644 --- a/.github/workflows/conventional-commits.yaml +++ b/.github/workflows/conventional-commits.yaml @@ -9,7 +9,8 @@ jobs: default: runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v5 + - name: Lint pull request title + uses: amannn/action-semantic-pull-request@v5 id: lint env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -25,7 +26,9 @@ jobs: style refactor test - - uses: marocchino/sticky-pull-request-comment@v2 + + - name: Post lint error comment + uses: marocchino/sticky-pull-request-comment@v2 if: always() && (steps.lint.outputs.error_message != null) with: header: lint-error @@ -39,7 +42,9 @@ jobs: ``` ${{ steps.lint.outputs.error_message }} ``` - - if: ${{ steps.lint.outputs.error_message == null }} + + - name: Remove lint error comment + if: ${{ steps.lint.outputs.error_message == null }} uses: marocchino/sticky-pull-request-comment@v2 with: header: lint-error diff --git a/.github/workflows/coverage.yaml b/.github/workflows/coverage.yaml index bdd492f2..0a8e3378 100644 --- a/.github/workflows/coverage.yaml +++ b/.github/workflows/coverage.yaml @@ -8,13 +8,26 @@ jobs: cov: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: astral-sh/setup-uv@v3 - - run: uv python install - - run: make dev - - run: make test - - run: make cov-xml - - if: ${{ ! github.event.pull_request.head.repo.fork }} + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup UV + uses: astral-sh/setup-uv@v3 + + - name: Install UV Python + run: uv python install + + - name: Setup development environment + run: make dev + + - name: Run tests + run: make test + + - name: Generate coverage report + run: make cov-xml + + - name: Upload coverage report + if: ${{ ! github.event.pull_request.head.repo.fork }} uses: orgoro/coverage@v3.2 with: coverageFile: coverage.xml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f641a1af..1548edd9 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -9,13 +9,26 @@ jobs: permissions: id-token: write steps: - - uses: actions/checkout@v4 + - name: Checkout code + uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: astral-sh/setup-uv@v3 - - run: uv python install - - uses: actions/setup-node@v4 - - run: make build - - run: make install - - id: release + + - name: Setup UV + uses: astral-sh/setup-uv@v3 + + - name: Install UV Python + run: uv python install + + - name: Setup Node.js + uses: actions/setup-node@v4 + + - name: Build project + run: make build + + - name: Install project + run: make install + + - name: Publish to PyPI + id: release uses: pypa/gh-action-pypi-publish@release/v1 diff --git a/.github/workflows/site.yaml b/.github/workflows/site.yaml index dc45c931..3efdfba0 100644 --- a/.github/workflows/site.yaml +++ b/.github/workflows/site.yaml @@ -19,34 +19,66 @@ jobs: if: github.event_name == 'push' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout code + uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: astral-sh/setup-uv@v3 - - run: uv python install - - run: make build install - - uses: quarto-dev/quarto-actions/setup@v2 - - run: make docs - - uses: actions/configure-pages@v3 - - uses: actions/upload-pages-artifact@v3 + + - name: Setup UV + uses: astral-sh/setup-uv@v3 + + - name: Install UV Python + run: uv python install + + - name: Build and install project + run: make build install + + - name: Setup Quarto + uses: quarto-dev/quarto-actions/setup@v2 + + - name: Build documentation + run: make docs + + - name: Configure GitHub Pages + uses: actions/configure-pages@v3 + + - name: Upload documentation to Pages artifact + uses: actions/upload-pages-artifact@v3 with: path: "./docs/_site" - - uses: actions/deploy-pages@v4 + + - name: Deploy to GitHub Pages + uses: actions/deploy-pages@v4 preview: if: github.event_name == 'pull_request' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout code + uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: astral-sh/setup-uv@v3 - - run: uv python install - - uses: actions/setup-node@v4 - - uses: quarto-dev/quarto-actions/setup@v2 - - run: make dev - - run: make docs - - id: preview + + - name: Setup UV + uses: astral-sh/setup-uv@v3 + + - name: Install UV Python + run: uv python install + + - name: Setup Node.js + uses: actions/setup-node@v4 + + - name: Setup Quarto + uses: quarto-dev/quarto-actions/setup@v2 + + - name: Setup development environment + run: make dev + + - name: Build documentation + run: make docs + + - name: Deploy preview to Netlify + id: preview working-directory: docs env: NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} From 041c692ad6fe039982ba41328b70b9b855b9684b Mon Sep 17 00:00:00 2001 From: tdstein Date: Tue, 1 Apr 2025 22:13:36 -0400 Subject: [PATCH 2/2] ci: secure the license file. Mimics https://github.com/posit-dev/connect-architectures/blob/35626310f6aad0854ea62b151560eaff5a7f57a9/.github/workflows/ci.yml\#L91C1-L96C32 --- .github/workflows/ci.yaml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 71478f29..e16c81b6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -84,19 +84,23 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Write Posit Connect license to disk - run: echo "$CONNECT_LICENSE" > ./integration/license.lic - env: - CONNECT_LICENSE: ${{ secrets.CONNECT_LICENSE }} - - name: Setup UV uses: astral-sh/setup-uv@v3 - name: Install UV Python run: uv python install - - name: Run integration tests for version - run: make -C ./integration ${{ matrix.CONNECT_VERSION }} + - name: Configure Connect license + working-directory: ./integration + run: | + cat << EOF > connect.lic + ${{ secrets.CONNECT_LICENSE }} + EOF + chmod 600 connect.lic + + - name: Run integration tests + working-directory: ./integration + run: make ${{ matrix.CONNECT_VERSION }} - name: Upload integration test report uses: actions/upload-artifact@v4