diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 31cd9a6..4af546f 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,7 +3,9 @@ updates: - package-ecosystem: "pip" directory: "/" schedule: - interval: monthly + interval: "monthly" + cooldown: + default-days: 7 labels: - "maintenance" - "dependencies" @@ -15,7 +17,9 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: monthly + interval: "monthly" + cooldown: + default-days: 7 labels: - "maintenance" groups: diff --git a/.github/labeler.yml b/.github/labeler.yml deleted file mode 100644 index 29197fa..0000000 --- a/.github/labeler.yml +++ /dev/null @@ -1,13 +0,0 @@ -documentation: - - all: - - changed-files: - - any-glob-to-any-file: ['doc/source/**/*.rst', 'README.rst'] - -maintenance: - - any: - - changed-files: - - any-glob-to-any-file: ['.github/**/*', 'pyproject.toml'] -testing: - - any: - - changed-files: - - any-glob-to-any-file: ['tests/**'] diff --git a/.github/labels.yml b/.github/labels.yml deleted file mode 100644 index 2b4ff22..0000000 --- a/.github/labels.yml +++ /dev/null @@ -1,32 +0,0 @@ -- name: bug - description: Something isn't working - color: d42a34 - -- name: dependencies - description: Related with project dependencies - color: ffc0cb - -- name: documentation - description: Improvements or additions to documentation - color: 0677ba - -- name: enhancement - description: New features or code improvements - color: FFD827 - -- name: good first issue - description: Easy to solve for newcomers - color: 62ca50 - -- name: maintenance - description: Package and maintenance related - color: f78c37 - -- name: release - description: Anything related to an incoming release - color: ffffff - -- name: testing - description: Anything related to tests - color: BFE4D6 - diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml index da0e5fc..bef8c11 100644 --- a/.github/workflows/ci_cd.yml +++ b/.github/workflows/ci_cd.yml @@ -1,6 +1,10 @@ name: GitHub CI on: pull_request: + # opened, reopened, and synchronize are default for pull_request + # edited - when PR title or body is changed + # labeled - when labels are added to PR + types: [opened, reopened, synchronize, edited, labeled] push: tags: - "*" @@ -9,7 +13,7 @@ on: workflow_dispatch: env: - MAIN_PYTHON_VERSION: '3.10' + MAIN_PYTHON_VERSION: '3.12' DOCUMENTATION_CNAME: 'python-wrapper.scade.docs.pyansys.com' LIBRARY_NAME: 'ansys-scade-python-wrapper' @@ -17,165 +21,52 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true -jobs: - - pr-name: - if: github.event_name == 'pull_request' - name: Check the name of the PR - runs-on: ubuntu-latest - steps: - - name: Check commit name - uses: ansys/actions/check-pr-title@v10 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - code-style: - name: "Code style" - runs-on: ubuntu-latest - steps: - - uses: ansys/actions/code-style@v10 - with: - python-version: ${{ env.MAIN_PYTHON_VERSION }} - - doc-style: - name: "Documentation style" - runs-on: ubuntu-latest - steps: - - uses: ansys/actions/doc-style@v10 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - smoke-tests: - name: "Build and Smoke tests" - runs-on: ${{ matrix.os }} - needs: [code-style] - strategy: - fail-fast: false - matrix: - os: [ubuntu-latest] - python-version: ['3.10'] - steps: - - uses: ansys/actions/build-wheelhouse@v10 - with: - library-name: ${{ env.LIBRARY_NAME }} - operating-system: ${{ matrix.os }} - python-version: ${{ matrix.python-version }} - - tests: - name: "Tests" - runs-on: [self-hosted, 'SCADE'] - needs: [smoke-tests] - strategy: - matrix: - os: [windows-latest] - scade-version: ['25.2'] - fail-fast: false - steps: - - name: "Install Git and clone project" - uses: actions/checkout@v6 - - - uses: ansys/scade-actions/scade-tests-pytest@v2 - with: - checkout: false - scade-version: ${{ matrix.scade-version }} - - - name: "Upload coverage reports to Codecov" - uses: codecov/codecov-action@v5 - with: - token: ${{ secrets.CODECOV_TOKEN }} - slug: ansys/scade-python-wrapper - files: .cov/xml +permissions: {} - doc-build: - name: "Build documentation" - runs-on: ubuntu-latest - timeout-minutes: 30 - needs: [doc-style] - steps: - - uses: ansys/actions/doc-build@v10 - with: - python-version: ${{ env.MAIN_PYTHON_VERSION }} - - build-library: - name: "Build library basic example" - runs-on: ubuntu-latest - needs: [tests, doc-build] - steps: - - uses: ansys/actions/build-library@v10 - with: - library-name: ${{ env.LIBRARY_NAME }} - python-version: ${{ env.MAIN_PYTHON_VERSION }} +jobs: - update-changelog: - name: "Update CHANGELOG (on release)" - if: github.event_name == 'push' && contains(github.ref, 'refs/tags') - runs-on: ubuntu-latest + sc: + uses: ansys/scade-actions/.github/workflows/scade-ext-workflow.yml@v3 permissions: - contents: write - pull-requests: write - steps: - - uses: ansys/actions/doc-deploy-changelog@v10 - with: - python-version: ${{ env.MAIN_PYTHON_VERSION }} - token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }} - bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }} - bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }} + attestations: write # needed for build-wheelhouse and build-library jobs + contents: write # needed for update-changelog, doc-deploy-pr, release, doc-deploy-dev, and doc-deploy-stable jobs + id-token: write # needed for build-wheelhouse and build-library jobs + pull-requests: write # needed for labeler, changelog-fragment, update-changelog, and doc-deploy-pr jobs + with: + # ${{ env.XXX }} not accessible when calling a reusable workflow + documentation-cname: "python-wrapper.scade.docs.pyansys.com" + library-name: "ansys-scade-python-wrapper" + repository-name: "ansys/scade-python-wrapper" + is-public: true + main-python-version: '3.12' + # strategies + build-wheelhouse-versions: "['3.10']" + python-tests-versions: "['3.10']" + secrets: + PYANSYS_CI_BOT_TOKEN: ${{ secrets.PYANSYS_CI_BOT_TOKEN }} + PYANSYS_CI_BOT_USERNAME: ${{ secrets.PYANSYS_CI_BOT_USERNAME }} + PYANSYS_CI_BOT_EMAIL: ${{ secrets.PYANSYS_CI_BOT_EMAIL }} + PYANSYS_PYPI_PRIVATE_PAT: ${{ secrets.PYANSYS_PYPI_PRIVATE_PAT }} release: name: "Release project" - if: github.event_name == 'push' && contains(github.ref, 'refs/tags') runs-on: ubuntu-latest - needs: [build-library, update-changelog] + needs: [sc] + if: ${{ needs.sc.outputs.to-release }} permissions: - id-token: write - contents: write + id-token: write # mandatory for trusted publishing with pypa/gh-action-pypi-publish + contents: read steps: - name: "Download the library artifacts from build-library step" - uses: actions/download-artifact@v6 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: ${{ env.LIBRARY_NAME }}-artifacts path: ${{ env.LIBRARY_NAME }}-artifacts - name: "Upload artifacts to PyPI using trusted publisher" - uses: pypa/gh-action-pypi-publish@v1.13.0 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 with: repository-url: "https://upload.pypi.org/legacy/" print-hash: true packages-dir: ${{ env.LIBRARY_NAME }}-artifacts skip-existing: false - - - name: "Release to GitHub" - uses: ansys/actions/release-github@v10 - with: - library-name: ${{ env.LIBRARY_NAME }} - token: ${{ secrets.GITHUB_TOKEN }} - - doc-deploy-dev: - name: "Deploy development documentation" - # Deploy development only when merging or pushing to the 'main' branch - runs-on: ubuntu-latest - needs: [build-library] - if: github.event_name == 'push' && !contains(github.ref, 'refs/tags') - steps: - - uses: ansys/actions/doc-deploy-dev@v10 - with: - doc-artifact-name: 'documentation-html' - cname: ${{ env.DOCUMENTATION_CNAME }} - token: ${{ secrets.GITHUB_TOKEN }} - bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }} - bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }} - - doc-deploy-stable: - name: "Deploy stable documentation" - # Deploy release documentation when creating a new tag - runs-on: ubuntu-latest - needs: [release] - if: github.event_name == 'push' && contains(github.ref, 'refs/tags') - steps: - - uses: ansys/actions/doc-deploy-stable@v10 - with: - doc-artifact-name: 'documentation-html' - cname: ${{ env.DOCUMENTATION_CNAME }} - token: ${{ secrets.GITHUB_TOKEN }} - bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }} - bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }} diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml deleted file mode 100644 index 00e3f93..0000000 --- a/.github/workflows/label.yml +++ /dev/null @@ -1,99 +0,0 @@ -name: Labeler -on: - pull_request: - types: [opened, reopened, synchronize, edited, labeled] - push: - branches: [ main ] - paths: - - '../labels.yml' - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - - label-syncer: - name: Syncer - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - - uses: micnncim/action-label-syncer@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - labeler: - name: Set labels - needs: [label-syncer] - permissions: - contents: read - pull-requests: write - runs-on: ubuntu-latest - steps: - - # Label based on modified files - - name: Label based on changed files - uses: actions/labeler@v6 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - - # Label based on branch name - - uses: actions-ecosystem/action-add-labels@v1 - if: | - startsWith(github.event.pull_request.head.ref, 'doc') || - startsWith(github.event.pull_request.head.ref, 'docs') - with: - labels: documentation - - - uses: actions-ecosystem/action-add-labels@v1 - if: | - startsWith(github.event.pull_request.head.ref, 'maint') || - startsWith(github.event.pull_request.head.ref, 'no-ci') || - startsWith(github.event.pull_request.head.ref, 'ci') - with: - labels: maintenance - - - uses: actions-ecosystem/action-add-labels@v1 - if: startsWith(github.event.pull_request.head.ref, 'feat') - with: - labels: | - enhancement - - - uses: actions-ecosystem/action-add-labels@v1 - if: | - startsWith(github.event.pull_request.head.ref, 'fix') || - startsWith(github.event.pull_request.head.ref, 'patch') - with: - labels: bug - - commenter: - runs-on: ubuntu-latest - steps: - - name: Suggest to add labels - uses: peter-evans/create-or-update-comment@v5 - # Execute only when no labels have been applied to the pull request - if: toJSON(github.event.pull_request.labels.*.name) == '{}' - with: - issue-number: ${{ github.event.pull_request.number }} - body: | - Please add one of the following labels to add this contribution to the Release Notes :point_down: - - [bug](https://github.com/ansys/scade-python-wrapper/pulls?q=label%3Abug+) - - [documentation](https://github.com/ansys/scade-python-wrapper/pulls?q=label%3Adocumentation+) - - [enhancement](https://github.com/ansys/scade-python-wrapper/pulls?q=label%3Aenhancement+) - - [good first issue](https://github.com/ansys/scade-python-wrapper/pulls?q=label%3Agood+first+issue) - - [maintenance](https://github.com/ansys/scade-python-wrapper/pulls?q=label%3Amaintenance+) - - [release](https://github.com/ansys/scade-python-wrapper/pulls?q=label%3Arelease+) - - changelog-fragment: - name: "Create changelog fragment" - needs: [labeler] - permissions: - contents: write - pull-requests: write - runs-on: ubuntu-latest - steps: - - uses: ansys/actions/doc-changelog@v10 - with: - token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }} - bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }} - bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }} diff --git a/doc/changelog.d/54.fixed.md b/doc/changelog.d/54.fixed.md new file mode 100644 index 0000000..a83cdf6 --- /dev/null +++ b/doc/changelog.d/54.fixed.md @@ -0,0 +1 @@ +Maintenance missing or outdated check-vulnerabilities and check-actions-security ansys actions