diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index 1298f336..d5f5de62 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -1,9 +1,4 @@ -# This workflow requires a personal access token named `BUMP_VERSION_TOKEN` with the following privileges: -# - Contents: Read and Write -# - Metadata: Read-Only -# - Pull Requests: Read and Write - -name: "Bump Patch Version" +name: Bump Patch Version on: push: @@ -15,6 +10,7 @@ on: - .github/**.yml - .gitignore - .pre-commit-config.yaml + - .readthedocs.yml - .yamllint.yaml - .zenodo.json - AUTHORS.rst @@ -25,26 +21,24 @@ on: - CODE_OF_CONDUCT.md - CONTRIBUTING.rst - Makefile - - .readthedocs.yml - docs/*.py - docs/*.rst - - environment-docs.yml - environment-dev.yml + - environment-docs.yml - pyproject.toml + - src/miranda/__init__.py - tests/**.py - tox.ini - - src/miranda/__init__.py - workflow_dispatch: permissions: contents: read jobs: bump_patch_version: + name: Bumpversion Patch runs-on: ubuntu-latest permissions: actions: read - contents: write steps: - name: Harden Runner uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 @@ -52,42 +46,50 @@ jobs: disable-sudo: true egress-policy: block allowed-endpoints: > + api.github.com:443 files.pythonhosted.org:443 github.com:443 pypi.org:443 - - name: Checkout Repository (no persist-credentials) - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Generate App Token + id: token_generator + uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1 + with: + app-id: ${{ secrets.OURANOS_HELPER_BOT_ID }} + private-key: ${{ secrets.OURANOS_HELPER_BOT_KEY }} + - name: Checkout Repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: + token: ${{ steps.token_generator.outputs.token }} persist-credentials: false - fetch-depth: 0 - name: Set up Python3 uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: "3.x" - - name: Config Commit Bot - run: | - git config --local user.email "bumpversion[bot]@ouranos.ca" - git config --local user.name "bumpversion[bot]" - - name: Current Version - run: | - CURRENT_VERSION="$(grep -E '__version__' src/miranda/__init__.py | cut -d ' ' -f3)" - echo "CURRENT_VERSION=${CURRENT_VERSION}" >> $GITHUB_ENV + - name: Import GPG Key + uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0 + with: + gpg_private_key: ${{ secrets.OURANOS_HELPER_BOT_GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.OURANOS_HELPER_BOT_GPG_PRIVATE_KEY_PASSWORD }} + git_user_signingkey: true + git_commit_gpgsign: true + trust_level: 5 - name: Install CI libraries run: | python -m pip install --require-hashes -r CI/requirements_ci.txt - - name: Conditional Bump Version + - name: Conditional Bump run: | - if [[ ${{ env.CURRENT_VERSION }} =~ -dev(\.\d+)? ]]; then + CURRENT_VERSION=$(bump-my-version show current_version) + if [[ ${CURRENT_VERSION} =~ -dev(\.\d+)? ]]; then echo "Development version (ends in 'dev(\.\d+)?'), bumping 'build' version" bump-my-version bump build else echo "Version is stable, bumping 'patch' version" bump-my-version bump patch fi - bump-my-version show-bump + echo "new_version=$(bump-my-version show current_version)" - name: Push Changes uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # v0.8.0 with: force: false - github_token: ${{ secrets.BUMP_VERSION_TOKEN }} branch: ${{ github.ref }} + github_token: ${{ steps.token_generator.outputs.token }} diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 8ba0cd6c..d7f808cd 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -32,6 +32,7 @@ Internal changes * `miranda` now applies the `numpydoc` documentation style to all publicly-exposed docstrings. * GitHub Workflows now use commit hashes for both running GitHub Actions and installing Python dependencies from PyPI. * `miranda` now has a `CODE_OF_CONDUCT.md` file for setting community standards and expectations. +* Now using the GitHub Ouranos bot for automatic version bumping via `bump-version.yml`. .. _changes_0.5.0: diff --git a/environment-docs.yml b/environment-docs.yml index f8442cd8..3cb97332 100644 --- a/environment-docs.yml +++ b/environment-docs.yml @@ -10,6 +10,7 @@ dependencies: - ipython - ipykernel - nbsphinx + - pygments <2.19 # FIXME: Newest pygments breaks sphinx-codeautolink. See: https://github.com/felix-hilden/sphinx-codeautolink/issues/153 - sphinx-autoapi - sphinx-codeautolink - sphinx-copybutton diff --git a/pyproject.toml b/pyproject.toml index 702825e2..f8a25e07 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -52,39 +52,39 @@ dependencies = [ [project.optional-dependencies] dev = [ # Dev tools and testing - "pip >=24.2.0", + "black ==24.8.0", + "blackdoc ==0.3.9", "bump-my-version >=0.26.0", - "watchdog >=4.0.0", + "coverage >=7.5.0", + "coveralls >=4.0.1", "flake8 >=7.1.1", "flake8-rst-docstrings >=0.3.0", "flit >=3.9.0,<4.0", - "tox >=4.18.0", - "coverage >=7.5.0", - "coveralls >=4.0.1", + "isort ==5.13.2", "mypy", "numpydoc >=1.8.0", + "pip >=24.2.0", + "pre-commit >=3.5.0", "pytest >=8.3.2", "pytest-cov >=5.0.0", - "black ==24.8.0", - "blackdoc ==0.3.9", - "isort ==5.13.2", "ruff >=0.5.7", - "pre-commit >=3.5.0" + "tox >=4.18.0", + "watchdog >=4.0.0" ] docs = [ # Documentation and examples + "furo >=2023.07.26", + "ipykernel", + "ipython", + "jupyter_client", + "nbsphinx", + "pandoc", + "pygments <2.19", # FIXME: Newest pygments breaks sphinx-codeautolink. See: https://github.com/felix-hilden/sphinx-codeautolink/issues/153 "sphinx >=7.0.0", - "sphinx_codeautolink", - "sphinx_copybutton", "sphinx-intl", "sphinx-mdinclude", - "sphinxcontrib-napoleon", - "nbsphinx", - "pandoc", - "ipython", - "ipykernel", - "jupyter_client", - "furo >=2023.07.26" + "sphinx_codeautolink", + "sphinx_copybutton" ] gis = [ # GIS library support