From d3fa0492c9b04e06e34958aebb5bfa78876f8ae1 Mon Sep 17 00:00:00 2001 From: richardsheridan Date: Sun, 5 Mar 2023 10:42:14 -0500 Subject: [PATCH 1/5] Drop dependabot in favor of automated pip-tools --- .github/dependabot.yml | 36 ------------ .github/workflows/bump_deps.yml | 52 ++++++++++++++++++ .github/workflows/ci.yml | 33 ----------- ci.sh | 2 +- .../tests}/astrill-codesigning-cert.cer | Bin 5 files changed, 53 insertions(+), 70 deletions(-) delete mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/bump_deps.yml rename {.github/workflows => trio/tests}/astrill-codesigning-cert.cer (100%) diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 0c2930b120..0000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,36 +0,0 @@ -version: 2 -updates: -- package-ecosystem: pip - directory: "/" - schedule: - interval: daily - open-pull-requests-limit: 10 - allow: - - dependency-type: direct - - dependency-type: indirect - ignore: - - dependency-name: pytest - versions: - - ">= 4.6.1.a, < 4.6.2" - - dependency-name: astroid - versions: - - 2.5.2 - - dependency-name: sphinx - versions: - - 3.4.3 - - 3.5.0 - - 3.5.1 - - 3.5.2 - - 3.5.3 - - dependency-name: regex - versions: - - 2021.3.17 - - dependency-name: pygments - versions: - - 2.8.0 - - dependency-name: cryptography - versions: - - 3.4.5 - - dependency-name: pytest - versions: - - 6.2.2 diff --git a/.github/workflows/bump_deps.yml b/.github/workflows/bump_deps.yml new file mode 100644 index 0000000000..86f9b35c8d --- /dev/null +++ b/.github/workflows/bump_deps.yml @@ -0,0 +1,52 @@ +name: Bump dependencies + +on: + workflow_dispatch: + schedule: + - cron: '0 0 1 * *' + +jobs: + bump: + name: bump requirements + timeout-minutes: 10 + runs-on: 'ubuntu-latest' + # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#changing-github_token-permissions + permissions: + pull-requests: write + issues: write + repository-projects: write + contents: write + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup python + uses: actions/setup-python@v4 + with: + python-version: "3.8" + - name: Bump dependencies + run: | + python -m pip install -r test-requirements.txt + pip-compile test-requirements.in + pip-compile docs-requirements.in + - name: Black + run: | + python -m pip install -r test-requirements.txt # may contain new black ver + black setup.py trio + - name: Commit changes + run: | + git switch --force-create bump_from_${GITHUB_SHA:0:6} + git config user.name 'github-actions[bot]' + git config user.email '41898282+github-actions[bot]@users.noreply.github.com' + git commit -am "Dependency updates" + gh pr create --base master --label dependencies \ + --title "Bump dependencies from commit ${GITHUB_SHA:0:6}" \ + --body "" + # gh pr create returns before the pr is ready, we have to poll until success + # https://github.com/cli/cli/issues/2619#issuecomment-1240543096 + for BACKOFF in 1 2 4 8 15 15 15 15; do + sleep $BACKOFF + if gh pr merge --auto --squash; then + break + fi + done + exit 1 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 145ee55b11..839b84a39e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -121,39 +121,6 @@ jobs: # Should match 'name:' up above JOB_NAME: 'Ubuntu (${{ matrix.python }}${{ matrix.extra_name }})' - autofmt: - name: Autoformat dependabot PR - timeout-minutes: 10 - if: github.actor == 'dependabot[bot]' - runs-on: 'ubuntu-latest' - # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#changing-github_token-permissions - permissions: - pull-requests: write - issues: write - repository-projects: write - contents: write - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.ref }} - - name: Setup python - uses: actions/setup-python@v2 - with: - python-version: "3.8" - - name: Check formatting - run: | - python -m pip install -r test-requirements.txt - ./check.sh - - name: Commit autoformatter changes - if: failure() - run: | - black setup.py trio - git config user.name 'github-actions[bot]' - git config user.email '41898282+github-actions[bot]@users.noreply.github.com' - git commit -am "Autoformatter changes" - git push - macOS: name: 'macOS (${{ matrix.python }})' timeout-minutes: 10 diff --git a/ci.sh b/ci.sh index d4f9df3a94..8eb570b584 100755 --- a/ci.sh +++ b/ci.sh @@ -115,7 +115,7 @@ else # when installing, and then running 'certmgr.msc' and exporting the # certificate. See: # http://www.migee.com/2010/09/24/solution-for-unattendedsilent-installs-and-would-you-like-to-install-this-device-software/ - certutil -addstore "TrustedPublisher" .github/workflows/astrill-codesigning-cert.cer + certutil -addstore "TrustedPublisher" trio/tests/astrill-codesigning-cert.cer # Double-slashes are how you tell windows-bash that you want a single # slash, and don't treat this as a unix-style filename that needs to # be replaced by a windows-style filename. diff --git a/.github/workflows/astrill-codesigning-cert.cer b/trio/tests/astrill-codesigning-cert.cer similarity index 100% rename from .github/workflows/astrill-codesigning-cert.cer rename to trio/tests/astrill-codesigning-cert.cer From 9328bff0ccb2af94eb64573bd16a5c5b3732ad6e Mon Sep 17 00:00:00 2001 From: richardsheridan Date: Sun, 5 Mar 2023 14:07:35 -0500 Subject: [PATCH 2/5] bugfix based on off-repo testing --- .github/workflows/bump_deps.yml | 33 +++++++++++++++++++++++---------- 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/.github/workflows/bump_deps.yml b/.github/workflows/bump_deps.yml index 86f9b35c8d..e173f98089 100644 --- a/.github/workflows/bump_deps.yml +++ b/.github/workflows/bump_deps.yml @@ -34,19 +34,32 @@ jobs: black setup.py trio - name: Commit changes run: | - git switch --force-create bump_from_${GITHUB_SHA:0:6} + git switch --force-create autodeps/bump_from_${GITHUB_SHA:0:6} git config user.name 'github-actions[bot]' git config user.email '41898282+github-actions[bot]@users.noreply.github.com' git commit -am "Dependency updates" - gh pr create --base master --label dependencies \ + git push --force --set-upstream origin autodeps/bump_from_${GITHUB_SHA:0:6} + - name: Make automerge PR + env: + GH_TOKEN: ${{ github.token }} + run: | + # git push returns before github is ready for a pr, we have to poll until success + for BACKOFF in 1 2 4 8 15 15 15 15 0; do + sleep $BACKOFF + if gh pr create \ + --label dependencies --body "" \ --title "Bump dependencies from commit ${GITHUB_SHA:0:6}" \ - --body "" + ; then + break + fi + done + (($BACKOFF)) || (echo "Could not create the PR" && false) # gh pr create returns before the pr is ready, we have to poll until success - # https://github.com/cli/cli/issues/2619#issuecomment-1240543096 - for BACKOFF in 1 2 4 8 15 15 15 15; do - sleep $BACKOFF - if gh pr merge --auto --squash; then - break - fi + # https://github.com/cli/cli/issues/2619#issuecomment-1240543096 + for BACKOFF in 1 2 4 8 15 15 15 15 0; do + sleep $BACKOFF + if gh pr merge --auto --squash; then + break + fi done - exit 1 + (($BACKOFF)) || (echo "Could not set automerge" && false) From b574e60af574ea815dcafb684d1eb8360078d218 Mon Sep 17 00:00:00 2001 From: richardsheridan Date: Mon, 6 Mar 2023 21:56:49 -0500 Subject: [PATCH 3/5] rename workflow --- .github/workflows/{bump_deps.yml => autodeps.yml} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename .github/workflows/{bump_deps.yml => autodeps.yml} (97%) diff --git a/.github/workflows/bump_deps.yml b/.github/workflows/autodeps.yml similarity index 97% rename from .github/workflows/bump_deps.yml rename to .github/workflows/autodeps.yml index e173f98089..4644324db2 100644 --- a/.github/workflows/bump_deps.yml +++ b/.github/workflows/autodeps.yml @@ -1,4 +1,4 @@ -name: Bump dependencies +name: Autodeps on: workflow_dispatch: @@ -6,8 +6,8 @@ on: - cron: '0 0 1 * *' jobs: - bump: - name: bump requirements + Autodeps: + name: Autodeps timeout-minutes: 10 runs-on: 'ubuntu-latest' # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#changing-github_token-permissions From aedbc7d5356263f66342993ac54a07178bc446d6 Mon Sep 17 00:00:00 2001 From: richardsheridan Date: Mon, 6 Mar 2023 22:01:19 -0500 Subject: [PATCH 4/5] only commit and make automerge pr if there are changes otherwise this workflow would fail in the rare case that no dependencies update within a month --- .github/workflows/autodeps.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/workflows/autodeps.yml b/.github/workflows/autodeps.yml index 4644324db2..3534905201 100644 --- a/.github/workflows/autodeps.yml +++ b/.github/workflows/autodeps.yml @@ -32,17 +32,23 @@ jobs: run: | python -m pip install -r test-requirements.txt # may contain new black ver black setup.py trio - - name: Commit changes + - name: Commit changes and create automerge PR + env: + GH_TOKEN: ${{ github.token }} run: | + # https://stackoverflow.com/a/3879077/4504950 + if ! git diff-index --quiet HEAD; then + echo "No changes to commit!" + exit 0 + fi + + # setup git repo git switch --force-create autodeps/bump_from_${GITHUB_SHA:0:6} git config user.name 'github-actions[bot]' git config user.email '41898282+github-actions[bot]@users.noreply.github.com' git commit -am "Dependency updates" git push --force --set-upstream origin autodeps/bump_from_${GITHUB_SHA:0:6} - - name: Make automerge PR - env: - GH_TOKEN: ${{ github.token }} - run: | + # git push returns before github is ready for a pr, we have to poll until success for BACKOFF in 1 2 4 8 15 15 15 15 0; do sleep $BACKOFF From 74cef56b9c5955f337ce39f613868820981768e1 Mon Sep 17 00:00:00 2001 From: richardsheridan Date: Mon, 6 Mar 2023 22:06:57 -0500 Subject: [PATCH 5/5] refactor for readability --- .github/workflows/autodeps.yml | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/.github/workflows/autodeps.yml b/.github/workflows/autodeps.yml index 3534905201..1f93fa03aa 100644 --- a/.github/workflows/autodeps.yml +++ b/.github/workflows/autodeps.yml @@ -25,12 +25,15 @@ jobs: python-version: "3.8" - name: Bump dependencies run: | + python -m pip install -U pip python -m pip install -r test-requirements.txt pip-compile test-requirements.in pip-compile docs-requirements.in - name: Black run: | - python -m pip install -r test-requirements.txt # may contain new black ver + # The new dependencies may contain a new black version. + # Commit any changes immediately. + python -m pip install -r test-requirements.txt black setup.py trio - name: Commit changes and create automerge PR env: @@ -49,8 +52,8 @@ jobs: git commit -am "Dependency updates" git push --force --set-upstream origin autodeps/bump_from_${GITHUB_SHA:0:6} - # git push returns before github is ready for a pr, we have to poll until success - for BACKOFF in 1 2 4 8 15 15 15 15 0; do + # git push returns before github is ready for a pr, so we poll until success + for BACKOFF in 1 2 4 8 0; do sleep $BACKOFF if gh pr create \ --label dependencies --body "" \ @@ -59,13 +62,22 @@ jobs: break fi done - (($BACKOFF)) || (echo "Could not create the PR" && false) - # gh pr create returns before the pr is ready, we have to poll until success + + if [ $BACKOFF -eq 0 ]; then + echo "Could not create the PR" + exit 1 + fi + + # gh pr create returns before the pr is ready, so we again poll until success # https://github.com/cli/cli/issues/2619#issuecomment-1240543096 - for BACKOFF in 1 2 4 8 15 15 15 15 0; do + for BACKOFF in 1 2 4 8 0; do sleep $BACKOFF if gh pr merge --auto --squash; then break fi done - (($BACKOFF)) || (echo "Could not set automerge" && false) + + if [ $BACKOFF -eq 0 ]; then + echo "Could not set automerge" + exit 1 + fi