Skip to content

Build allow lists #1132

Build allow lists

Build allow lists #1132

---
name: Build allow lists
# Run workflow on pushes to matching branches
on: # yamllint disable-line rule:truthy
push:
branches: [develop]
schedule:
- cron: "0 0 */6 * *" # run every six days in order to keep the cache fresh
workflow_dispatch: # allow this workflow to be manually triggered
# checkout needs 'contents:read'
# pull request needs 'pull-requests:write' and 'contents:write'
permissions:
contents: write
pull-requests: write
env:
TIMEOUT_REACHED: 0
jobs:
build_allow_lists:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Cache dependencies
uses: actions/cache@v3
with:
path: environment_configs/package_lists/dependency-cache.json
key: dependencies-${{ github.sha }} # request a cache that does not yet exist
restore-keys: dependencies- # use prefix matching to fallback to the most recently created SHA-specific cache
- name: Check PyPI allow list
shell: pwsh
env:
LIBRARIES_IO_API_KEY: ${{ secrets.LIBRARIES_IO_API_KEY }}
run: ./deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 -Repository pypi -TimeoutMinutes 60 -ApiKey "$env:LIBRARIES_IO_API_KEY" # this will set TIMEOUT_REACHED if the timeout is reached
- name: Check CRAN allow list
shell: pwsh
env:
LIBRARIES_IO_API_KEY: ${{ secrets.LIBRARIES_IO_API_KEY }}
run: ./deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 -Repository cran -TimeoutMinutes 240 -ApiKey "$env:LIBRARIES_IO_API_KEY" # this will set TIMEOUT_REACHED if the timeout is reached
- name: Check for changes
shell: bash
run: git --no-pager diff -- . ':!environment_configs/package_lists/dependency-cache.json'
- name: Get current date
id: date
run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
- name: Create pull request
if: ${{ (env.TIMEOUT_REACHED == 0) && (! env.ACT) }}
id: pull-request
uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # This commit corresponds to tag 4.2.4
with:
commit-message: Update PyPI and CRAN allow lists
committer: GitHub Actions <noreply@github.com>
author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
base: develop
branch: package-allowlist-updates
delete-branch: true
title: Update PyPI and CRAN allow lists
body: |
### :arrow_heading_up: Summary
- Apply package allowlist diff from ${{ github.sha }} on ${{ steps.date.outputs.date }}
### :closed_umbrella: Related issues
None
### :microscope: Tests
Allow-list only
labels: |
affected: developers
severity: minor
type: enhancement
draft: false