-
Notifications
You must be signed in to change notification settings - Fork 15
80 lines (68 loc) · 2.91 KB
/
build_allow_lists.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
---
name: Build allow lists
# Run workflow on pushes to matching branches
on: # yamllint disable-line rule:truthy
push:
branches: [develop]
schedule:
- cron: "0 0 */6 * *" # run every six days in order to keep the cache fresh
workflow_dispatch: # allow this workflow to be manually triggered
# checkout needs 'contents:read'
# pull request needs 'pull-requests:write' and 'contents:write'
permissions:
contents: write
pull-requests: write
env:
TIMEOUT_REACHED: 0
jobs:
build_allow_lists:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Cache dependencies
uses: actions/cache@v3
with:
path: environment_configs/package_lists/dependency-cache.json
key: dependencies-${{ github.sha }} # request a cache that does not yet exist
restore-keys: dependencies- # use prefix matching to fallback to the most recently created SHA-specific cache
- name: Check PyPI allow list
shell: pwsh
env:
LIBRARIES_IO_API_KEY: ${{ secrets.LIBRARIES_IO_API_KEY }}
run: ./deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 -Repository pypi -TimeoutMinutes 60 -ApiKey "$env:LIBRARIES_IO_API_KEY" # this will set TIMEOUT_REACHED if the timeout is reached
- name: Check CRAN allow list
shell: pwsh
env:
LIBRARIES_IO_API_KEY: ${{ secrets.LIBRARIES_IO_API_KEY }}
run: ./deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 -Repository cran -TimeoutMinutes 240 -ApiKey "$env:LIBRARIES_IO_API_KEY" # this will set TIMEOUT_REACHED if the timeout is reached
- name: Check for changes
shell: bash
run: git --no-pager diff -- . ':!environment_configs/package_lists/dependency-cache.json'
- name: Get current date
id: date
run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
- name: Create pull request
if: ${{ (env.TIMEOUT_REACHED == 0) && (! env.ACT) }}
id: pull-request
uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # This commit corresponds to tag 4.2.4
with:
commit-message: Update PyPI and CRAN allow lists
committer: GitHub Actions <[email protected]>
author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
base: develop
branch: package-allowlist-updates
delete-branch: true
title: Update PyPI and CRAN allow lists
body: |
### :arrow_heading_up: Summary
- Apply package allowlist diff from ${{ github.sha }} on ${{ steps.date.outputs.date }}
### :closed_umbrella: Related issues
None
### :microscope: Tests
Allow-list only
labels: |
affected: developers
severity: minor
type: enhancement
draft: false