From e6bbf88e942b37b117507e8fd3884855993f0191 Mon Sep 17 00:00:00 2001 From: martonvago Date: Mon, 11 Aug 2025 12:23:40 +0100 Subject: [PATCH 1/3] feat: :sparkles: add test and update-from-template workflows --- .github/workflows/test.yml | 36 ++++++++++++ .../workflows/update-from-template.yml | 55 +++++++++++++++++++ 2 files changed, 91 insertions(+) create mode 100644 .github/workflows/test.yml create mode 100644 template/.github/workflows/update-from-template.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..b8ada39 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,36 @@ +name: Test template creation + +on: + push: + branches: + - main + pull_request: + +# Least privilege permissions +permissions: read-all + +jobs: + test-copier: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + + - name: Set up uv + uses: astral-sh/setup-uv@bd01e18f51369d5a26f1651c3cb451d3417e3bba + with: + enable-cache: true + + - name: Set up Quarto + uses: quarto-dev/quarto-actions/setup@9e48da27e184aa238fcb49f5db75469626d43adb # v2.1.9 + + - name: Install justfile + run: sudo apt install -y just + + - name: Set Git user + run: | + git config --global user.name "GitHub Actions" + git config --global user.email "fake@example.com" + + - name: Test and check template creation + run: just _tests diff --git a/template/.github/workflows/update-from-template.yml b/template/.github/workflows/update-from-template.yml new file mode 100644 index 0000000..58b216f --- /dev/null +++ b/template/.github/workflows/update-from-template.yml @@ -0,0 +1,55 @@ +name: Update from template + +on: + workflow_dispatch: + schedule: + # Every day at 3:30 at night. + - cron: '30 3 * * *' + +# Limit token permissions for security +permissions: read-all + +jobs: + update-from-template: + runs-on: ubuntu-latest + permissions: + pull-requests: write + steps: + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + with: + egress-policy: audit + + - name: Check out repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Install Python + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + with: + python-version: "3.13" + + - name: Install dependencies + run: | + sudo apt install pipx + pipx ensurepath + pipx install uv rust-just copier + + - name: Set User + run: | + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + + - name: Pull request with updates from template + run: | + copier update --trust --defaults --overwrite + any_changes=$(git status --porcelain=v1 2>/dev/null | wc -l) + if [ "$any_changes" -eq 0 ]; then + echo "No updates from the template detected, and no changes found. Stopping and exiting." + exit 0 + fi + git checkout -b chore/update-from-template + git add . + git commit -m "chore(sync): :hammer: update changes from template" + gh pr create \ + --title "chore(sync): :hammer: update changes from template" \ + --body "This PR is automatically generated by the 'update-from-template' workflow. It syncs the latest changes from the template repository with this repository." From 0da4a059303e063c2ce8d9a49714204fd823d040 Mon Sep 17 00:00:00 2001 From: martonvago Date: Mon, 11 Aug 2025 12:35:21 +0100 Subject: [PATCH 2/3] ci: :construction_worker: remove dependency on zsh --- justfile | 8 ++++---- template/justfile.jinja | 7 ++++--- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/justfile b/justfile index fffcfcf..21924a5 100644 --- a/justfile +++ b/justfile @@ -32,14 +32,15 @@ update-template: # Check the commit messages on the current branch that are not on the main branch check-commits: - #!/bin/zsh + #!/usr/bin/env bash branch_name=$(git rev-parse --abbrev-ref HEAD) number_of_commits=$(git rev-list --count HEAD ^main) if [[ ${branch_name} != "main" && ${number_of_commits} -gt 0 ]] then + # If issue happens, try `uv tool update-shell` uvx --from commitizen cz check --rev-range main..HEAD else - echo "On `main` or current branch doesn't have any commits." + echo "On 'main' or current branch doesn't have any commits." fi # Check for spelling errors in files @@ -48,7 +49,7 @@ check-spelling: # Test and check that a Python package can be created from the template test is_seedcase_project: - #!/bin/zsh + #!/usr/bin/env bash test_name="test-python-package" test_dir="$(pwd)/_temp/{{ is_seedcase_project }}/$test_name" template_dir="$(pwd)" @@ -103,7 +104,6 @@ test is_seedcase_project: # Clean up any leftover and temporary build files cleanup: - #!/bin/zsh rm -rf _temp # Build the website using Quarto diff --git a/template/justfile.jinja b/template/justfile.jinja index ab72553..4df6b80 100644 --- a/template/justfile.jinja +++ b/template/justfile.jinja @@ -65,14 +65,15 @@ build-website: # Run checks on commits with non-main branches check-commits: - #!/bin/zsh + #!/usr/bin/env bash branch_name=$(git rev-parse --abbrev-ref HEAD) number_of_commits=$(git rev-list --count HEAD ^main) if [[ ${branch_name} != "main" && ${number_of_commits} -gt 0 ]] then - uv run cz check --rev-range main..HEAD + # If issue happens, try `uv tool update-shell` + uvx --from commitizen cz check --rev-range main..HEAD else - echo "Can't either be on ${branch_name} or have more than ${number_of_commits}." + echo "On 'main' or current branch doesn't have any commits." fi # Run basic security checks on the package From e73cad36b41fd8cba55d32414cf0133e6248661b Mon Sep 17 00:00:00 2001 From: martonvago Date: Fri, 15 Aug 2025 13:26:14 +0100 Subject: [PATCH 3/3] fix: :bug: fix copier update --- template/.github/workflows/update-from-template.yml | 2 +- template/justfile.jinja | 3 ++- template/{{_copier_conf.answers_file}}.jinja | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/template/.github/workflows/update-from-template.yml b/template/.github/workflows/update-from-template.yml index 58b216f..c7deb51 100644 --- a/template/.github/workflows/update-from-template.yml +++ b/template/.github/workflows/update-from-template.yml @@ -41,7 +41,7 @@ jobs: - name: Pull request with updates from template run: | - copier update --trust --defaults --overwrite + just update-from-template any_changes=$(git status --porcelain=v1 2>/dev/null | wc -l) if [ "$any_changes" -eq 0 ]; then echo "No updates from the template detected, and no changes found. Stopping and exiting." diff --git a/template/justfile.jinja b/template/justfile.jinja index 8e45742..d46a84d 100644 --- a/template/justfile.jinja +++ b/template/justfile.jinja @@ -116,7 +116,8 @@ build-contributors: # Check for and apply updates from the template update-from-template: - uvx copier update --trust --defaults + # Do not update existing source files + uvx copier update --trust --defaults $(find src/{{ github_repo_snake_case }} -type f -printf "--exclude %p ") # Reset repo changes to match the template reset-from-template: diff --git a/template/{{_copier_conf.answers_file}}.jinja b/template/{{_copier_conf.answers_file}}.jinja index a8c521e..794f947 100644 --- a/template/{{_copier_conf.answers_file}}.jinja +++ b/template/{{_copier_conf.answers_file}}.jinja @@ -1,2 +1,2 @@ # Changes here will be overwritten by Copier; NEVER EDIT MANUALLY -{{ dict(_copier_answers, copyright_year=copyright_year) | to_nice_yaml -}} +{{ dict(_copier_answers, github_repo=github_repo, copyright_year=copyright_year) | to_nice_yaml -}}