From 85628df5e4fd97410eca9d603896cc3c78504d28 Mon Sep 17 00:00:00 2001 From: Chris Markiewicz Date: Tue, 6 Dec 2022 14:29:28 -0500 Subject: [PATCH 1/3] CI: Add concurrency and permissions sections --- .github/workflows/docs-build-pr.yml | 7 +++++++ .github/workflows/docs-build-update.yml | 4 ++++ .github/workflows/pythonpackage.yml | 7 +++++++ .github/workflows/unittests.yml | 7 +++++++ 4 files changed, 25 insertions(+) diff --git a/.github/workflows/docs-build-pr.yml b/.github/workflows/docs-build-pr.yml index 058fc083bb..8b5d8c6c8b 100644 --- a/.github/workflows/docs-build-pr.yml +++ b/.github/workflows/docs-build-pr.yml @@ -5,6 +5,13 @@ on: pull_request: branches: [ master, 'maint/*' ] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: read + jobs: build: if: "(github.repository_owner != 'nipreps') && !contains(github.event.head_commit.message, '[skip ci]')" diff --git a/.github/workflows/docs-build-update.yml b/.github/workflows/docs-build-update.yml index 8c45578bcf..e81ded890a 100644 --- a/.github/workflows/docs-build-update.yml +++ b/.github/workflows/docs-build-update.yml @@ -6,6 +6,10 @@ on: branches: [ 'doc/*', 'docs/*', master, "maint/*" ] tags: [ '*' ] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml index 70ac9a7af4..5405f7daa4 100644 --- a/.github/workflows/pythonpackage.yml +++ b/.github/workflows/pythonpackage.yml @@ -10,6 +10,13 @@ on: pull_request: branches: [ master, 'maint/*' ] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: read + jobs: build: if: "!startsWith(github.ref, 'refs/tags/') && !contains(github.event.head_commit.message, '[skip ci]')" diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 5261fb591a..b98dfae107 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -6,6 +6,13 @@ on: schedule: - cron: 0 0 * * 0 +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: read + jobs: build-linux: if: "!contains(github.event.head_commit.message, '[skip ci]' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name != 'nipreps/sdcflows'))" From 3dab8fc94641621426c1f4766d76f0c704fe4ef0 Mon Sep 17 00:00:00 2001 From: Chris Markiewicz Date: Tue, 6 Dec 2022 14:29:50 -0500 Subject: [PATCH 2/3] CI: Update cache versions, do not use old Python for flake8 --- .github/workflows/docs-build-pr.yml | 2 +- .github/workflows/docs-build-update.yml | 2 +- .github/workflows/pythonpackage.yml | 14 +++++++------- .github/workflows/unittests.yml | 4 ++-- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/docs-build-pr.yml b/.github/workflows/docs-build-pr.yml index 8b5d8c6c8b..fa152574cf 100644 --- a/.github/workflows/docs-build-pr.yml +++ b/.github/workflows/docs-build-pr.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: fetch-depth: 0 diff --git a/.github/workflows/docs-build-update.yml b/.github/workflows/docs-build-update.yml index e81ded890a..f1ad110734 100644 --- a/.github/workflows/docs-build-update.yml +++ b/.github/workflows/docs-build-update.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: ssh-key: "${{ secrets.NIPREPS_DEPLOY }}" fetch-depth: 0 diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml index 5405f7daa4..adf7eaaf8e 100644 --- a/.github/workflows/pythonpackage.yml +++ b/.github/workflows/pythonpackage.yml @@ -27,15 +27,15 @@ jobs: pip: ["pip==21.2", "pip~=22.0"] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Fetch all tags (for setuptools_scm to work) run: | /usr/bin/git -c protocol.version=2 fetch --tags --prune --unshallow origin - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - - uses: actions/cache@v1 + - uses: actions/cache@v4 with: path: $HOME/.cache/pip key: pip-cache-v1 @@ -93,10 +93,10 @@ jobs: flake8: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Set up Python 3.7 - uses: actions/setup-python@v1 + - uses: actions/checkout@v3 + - name: Set up Python 3 + uses: actions/setup-python@v4 with: - python-version: 3.7 + python-version: 3 - run: pip install flake8 - run: flake8 sdcflows/ diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index b98dfae107..f2dd8d20b8 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -88,7 +88,7 @@ jobs: git config --global user.name 'NiPreps Bot' git config --global user.email 'nipreps@gmail.com' - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - uses: actions/cache@v3 @@ -104,7 +104,7 @@ jobs: run: | $CONDA/bin/conda install -c conda-forge git-annex datalad pip $CONDA/bin/pip install datalad-osf - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Install minimal dependencies timeout-minutes: 5 run: | From 84564c8ca2a81da86c4dbc7c70987a6e1f7f2ae4 Mon Sep 17 00:00:00 2001 From: Chris Markiewicz Date: Tue, 6 Dec 2022 14:33:11 -0500 Subject: [PATCH 3/3] Update .github/workflows/pythonpackage.yml --- .github/workflows/pythonpackage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml index adf7eaaf8e..942c630648 100644 --- a/.github/workflows/pythonpackage.yml +++ b/.github/workflows/pythonpackage.yml @@ -35,7 +35,7 @@ jobs: uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - - uses: actions/cache@v4 + - uses: actions/cache@v3 with: path: $HOME/.cache/pip key: pip-cache-v1