Remove the base64 encoded scripts in the workflow files

[ConorMacBride]

To run the Python scripts within the reusable workflows we checkout the main branch of this repository. However, this means that if a PR updates a Python script the script that the PR CI tests is the version in the main branch and no the PR branch. Need to change the following in each workflow:

- uses: actions/checkout@v2
  with:
    repository: 'OpenAstronomy/github-actions-workflows'

[ConorMacBride]

Actually, the PR will test the Python script from the PR branch because 'OpenAstronomy/github-actions-workflows' is the default value and in that case the current ref is used.

However, if the reusable workflow is called by a different repository it will checkout the default branch of OpenAstronomy/github-actions-workflows and not e.g. refs/tags/v1 if the workflow was referenced as ...tox.yml@v1. See https://git.luolix.topmunity/t/reusable-workflows-get-the-ref-inside-the-called-workflow/224109

We could ask the user to pass the ref they used as an input to the reusable workflows although that is not ideal. Hopefully there will be a better solution soon.

[astrofrog]

An ugly solution would be that when we are ready to tag, we add a commit that hard-codes the ref of the repo to check out, e.g. v1.0.2, and then tag that commit v1.0.2, then add a commit that removes the ref again. I think it would work, although is pretty ugly.

[astrofrog]

Another solution, not very elegant but which would at least work would be to embed the Python scripts inside the workflow YAML, for instance:

echo "
<contents of tox_matrix.py>
" > tox_matrix.py
python tox_matrix.py ...

Yes this is ugly but it might be that the Python script doesn't need to be updated too often so it might not be that bad.

[astrofrog]

See #20 for a proof of concept

[astrofrog]

@ConorMacBride should we close this?

[ConorMacBride]

This is no longer an issue so maybe just close for less noise. But we should switch to a solution that doesn't involve duplication if/when GitHub adds such a feature.

[Cadair]

I reopened this prompted by this comment from @lpsinger.

It appears that maybe GitHub now provide the path and workflow ref inside the github context: https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs

I am not 100% sure if this means that we can access this inside the reuseable workflow, but maybe it's enough that we can checkout the ref and we can get rid of the dirty hack of base64 encoding the scripts?

[ConorMacBride]

actions/toolkit#1264 seems to suggest it's still not possible via the github context. I'm guessing the github.workflow_ref might refer to the workflow that calls the reusable workflow. Looking through some of the workarounds mentioned in the issue we should be able to use the GitHub API.

When I run the following in the GitHub CLI, I get d68193b68216da64eafaa618f53c59f5d271c56e, which is correct:

gh api repos/astropy/astropy/actions/runs/12186371008 \
    -q '.referenced_workflows | 
        map( 
            select(
                .path | 
                startswith("OpenAstronomy/github-actions-workflows/.github/workflows/tox.yml@")
            )
        ) | 
        .[0].sha'

In a GitHub Action we should be able to do: repos/${{ github.repository }}/actions/runs/${{ github.run_id }}.

However, if someone is calling the same reusable workflow twice in the same workflow file, we'll get multiple results and I don't think we can distinguish which is which. That would only be an issue if they are using multiple versions. The code above just takes the sha from the first match. We could detect multiple versions and just error out saying it's unsupported.

[Cadair]

That's annoying. I quite often change one version (or repo) in a workflow while I am testing stuff but I guess I am not a usual usecase in doing that.

An alternative thought I had is if it would be possible to inline the script in plain text?