diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..ca6697070 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +--- +version: 2 +updates: + + # Maintain GitHub Actions dependencies + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 5 + labels: + - "bot" + commit-message: + prefix: "[CHORE](deps)" + include: "scope" diff --git a/.github/workflows/check-python-code.yaml b/.github/workflows/check-python-code.yaml index 97d37eb4b..fffbd8b53 100644 --- a/.github/workflows/check-python-code.yaml +++ b/.github/workflows/check-python-code.yaml @@ -1,7 +1,7 @@ name: Check Python package code on: - pull_request_target: + pull_request: paths: - 'packages/**' - 'pyproject.toml' @@ -16,12 +16,9 @@ on: jobs: check: runs-on: ubuntu-latest - if: github.event.pull_request.head.repo.full_name == github.repository steps: - - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} + - uses: actions/checkout@v6 - name: Install uv uses: astral-sh/setup-uv@v4 diff --git a/.github/workflows/check-python-package-versions.yaml b/.github/workflows/check-python-package-versions.yaml index c8e4f2449..960c68e4b 100644 --- a/.github/workflows/check-python-package-versions.yaml +++ b/.github/workflows/check-python-package-versions.yaml @@ -1,7 +1,7 @@ name: Check Python package version numbers on: - pull_request_target: + pull_request: paths: - '**/pyproject.toml' - 'packages/**/__about__.py' @@ -12,7 +12,6 @@ permissions: jobs: check: - if: github.event.pull_request.head.repo.full_name == github.repository uses: ./.github/workflows/reusable-check-python-package-versions.yaml with: before_commit: ${{ github.event.pull_request.base.sha }} diff --git a/.github/workflows/publish-python-packages.yaml b/.github/workflows/publish-python-packages.yaml index b9a31e837..09da369e1 100644 --- a/.github/workflows/publish-python-packages.yaml +++ b/.github/workflows/publish-python-packages.yaml @@ -6,6 +6,7 @@ on: paths: - '**/pyproject.toml' - 'packages/**/__about__.py' + workflow_dispatch: inputs: aws_iam_role_name: description: The name of the IAM role to assume for accessing CodeArtifact @@ -64,16 +65,18 @@ jobs: - name: Get CodeArtifact publish URL id: get-code-artifact-params run: | - echo 'token<> $GITHUB_OUTPUT - ./.github/workflows/scripts/code-artifact.sh token \ - 505071440022 us-west-2 overture-pypi >> $GITHUB_OUTPUT - echo EOF >> $GITHUB_OUTPUT - echo 'publish_url<> $GITHUB_OUTPUT - ./.github/workflows/scripts/code-artifact.sh publish-url \ - 505071440022 us-west-2 overture-pypi overture >> $GITHUB_OUTPUT - echo EOF >> $GITHUB_OUTPUT + token=$(./.github/workflows/scripts/code-artifact.sh token \ + 505071440022 us-west-2 overture-pypi) + echo "::add-mask::${token}" + echo "token=${token}" >> $GITHUB_OUTPUT + publish_url=$(./.github/workflows/scripts/code-artifact.sh publish-url \ + 505071440022 us-west-2 overture-pypi overture) + echo "publish_url=${publish_url}" >> $GITHUB_OUTPUT - name: Publish package ${{ matrix.package }} version ${{ matrix.after }} to PyPI + env: + CA_TOKEN: ${{ steps.get-code-artifact-params.outputs.token }} + CA_PUBLISH_URL: ${{ steps.get-code-artifact-params.outputs.publish_url }} run: | package="${{ matrix.package }}" before="${{ matrix.before }}" @@ -91,5 +94,5 @@ jobs: exit 1 fi uv publish "$wheel" "$tarball" \ - -t "${{ steps.get-code-artifact-params.outputs.token }}" \ - --publish-url "${{ steps.get-code-artifact-params.outputs.publish_url }}" + -t "${CA_TOKEN}" \ + --publish-url "${CA_PUBLISH_URL}" diff --git a/.github/workflows/reusable-check-python-package-versions.yaml b/.github/workflows/reusable-check-python-package-versions.yaml index 87253e03e..519a9e3d2 100644 --- a/.github/workflows/reusable-check-python-package-versions.yaml +++ b/.github/workflows/reusable-check-python-package-versions.yaml @@ -62,20 +62,20 @@ jobs: run: sudo apt-get update && sudo apt-get install -y jq - name: Install uv - uses: astral-sh/setup-uv@v4 + uses: astral-sh/setup-uv@v7 with: version: latest - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: "3.10" - - name: Check out code before change - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ inputs.before_commit }} + - name: Set up Python + uses: actions/setup-python@v6 + with: + python-version-file: .python-version + - name: Sync code before change to make packages visible to Python run: uv sync --all-packages @@ -123,20 +123,22 @@ jobs: id: get-code-artifact-index-url if: steps.save-changes.outputs.num_changed_packages > 0 run: | - echo 'index_url<> $GITHUB_OUTPUT - ./.github/workflows/scripts/code-artifact.sh index-url \ + index_url=$(./.github/workflows/scripts/code-artifact.sh index-url \ "${{ inputs.aws_account_id }}" "${{ inputs.aws_region }}" \ - "${{ inputs.domain }}" "${{ inputs.repository }}" >> $GITHUB_OUTPUT - echo EOF >> $GITHUB_OUTPUT + "${{ inputs.domain }}" "${{ inputs.repository }}") + echo "::add-mask::${index_url}" + echo "index_url=${index_url}" >> $GITHUB_OUTPUT - name: Fail if any of the new versions already exist in the repo if: steps.save-changes.outputs.num_changed_packages > 0 + env: + INDEX_URL: ${{ steps.get-code-artifact-index-url.outputs.index_url }} run: | jq -c '.[]' /tmp/package-version-diff.json | while read -r entry; do package=$(echo "$entry" | jq -r '.package') after=$(echo "$entry" | jq -r '.after') exit_code=0 - output=$(uv run pip download "${package}==${after}" --index-url "${{ steps.get-code-artifact-index-url.outputs.index_url }}" --no-deps -d /tmp --quiet 2>&1) || exit_code=$? + output=$(uv run pip download "${package}==${after}" --index-url "${INDEX_URL}" --no-deps -d /tmp --quiet 2>&1) || exit_code=$? if [[ $exit_code -eq 0 || ( "${output,,}" != *"could not find a version"* && "${output,,}" != *"no matching distributions"* diff --git a/.github/workflows/test-schema.yaml b/.github/workflows/test-schema.yaml index d23d2b315..9f15acd88 100644 --- a/.github/workflows/test-schema.yaml +++ b/.github/workflows/test-schema.yaml @@ -14,12 +14,15 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version: 1.22 - - name: Install dependencies - run: go install github.com/santhosh-tekuri/jsonschema/cmd/jv@latest - - name: Validate - run: ./test.sh + - uses: actions/checkout@v6 + + - name: Set up Go + uses: actions/setup-go@v6 + with: + go-version: 1.22 + + - name: Install dependencies + run: go install github.com/santhosh-tekuri/jsonschema/cmd/jv@latest + + - name: Validate + run: ./test.sh diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 000000000..0fe93f496 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,3 @@ +# Devops + +/.github @lowlydba @overturemaps/omf-public-reviewers diff --git a/pyproject.toml b/pyproject.toml index 1679e49a3..9626ff7c4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -9,7 +9,6 @@ version = "0.0.0" [tool.uv.workspace] members = ["packages/*"] - [tool.ruff] line-length = 88 target-version = "py310"