Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit 1e661d9

Browse files
authoredMar 19, 2024
Apply update of workflows from asset repo (#240)
1 parent b1f047a commit 1e661d9

18 files changed

+1798
-85
lines changed
 

‎.github/workflows/check-general-formatting-task.yml

Lines changed: 33 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,9 @@
11
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-general-formatting-task.md
22
name: Check General Formatting
33

4-
# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows
4+
# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows
55
on:
6+
create:
67
push:
78
pull_request:
89
schedule:
@@ -12,20 +13,48 @@ on:
1213
repository_dispatch:
1314

1415
jobs:
16+
run-determination:
17+
runs-on: ubuntu-latest
18+
permissions: {}
19+
outputs:
20+
result: ${{ steps.determination.outputs.result }}
21+
steps:
22+
- name: Determine if the rest of the workflow should run
23+
id: determination
24+
run: |
25+
RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x"
26+
# The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead.
27+
if [[
28+
"${{ github.event_name }}" != "create" ||
29+
"${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX
30+
]]; then
31+
# Run the other jobs.
32+
RESULT="true"
33+
else
34+
# There is no need to run the other jobs.
35+
RESULT="false"
36+
fi
37+
38+
echo "result=$RESULT" >> $GITHUB_OUTPUT
39+
1540
check:
41+
needs: run-determination
42+
if: needs.run-determination.outputs.result == 'true'
1643
runs-on: ubuntu-latest
44+
permissions:
45+
contents: read
1746

1847
steps:
1948
- name: Set environment variables
2049
run: |
21-
# See: https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
50+
# See: https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable
2251
echo "EC_INSTALL_PATH=${{ runner.temp }}/editorconfig-checker" >> "$GITHUB_ENV"
2352
2453
- name: Checkout repository
2554
uses: actions/checkout@v4
2655

2756
- name: Install Task
28-
uses: arduino/setup-task@v1
57+
uses: arduino/setup-task@v2
2958
with:
3059
repo-token: ${{ secrets.GITHUB_TOKEN }}
3160
version: 3.x
@@ -46,7 +75,7 @@ jobs:
4675
# Give the binary a standard name
4776
mv "${{ env.EC_INSTALL_PATH }}/bin/ec-linux-amd64" "${{ env.EC_INSTALL_PATH }}/bin/ec"
4877
# Add installation to PATH:
49-
# See: https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#adding-a-system-path
78+
# See: https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-system-path
5079
echo "${{ env.EC_INSTALL_PATH }}/bin" >> "$GITHUB_PATH"
5180
5281
- name: Check formatting

‎.github/workflows/check-go-dependencies-task.yml

Lines changed: 20 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
name: Check Go Dependencies
33

44
env:
5-
# See: https://github.com/actions/setup-go/tree/v3#readme
5+
# See: https://github.com/actions/setup-go/tree/main#supported-version-syntax
66
GO_VERSION: "1.18"
77

88
# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows
@@ -37,6 +37,7 @@ on:
3737
jobs:
3838
run-determination:
3939
runs-on: ubuntu-latest
40+
permissions: {}
4041
outputs:
4142
result: ${{ steps.determination.outputs.result }}
4243
steps:
@@ -62,13 +63,21 @@ jobs:
6263
needs: run-determination
6364
if: needs.run-determination.outputs.result == 'true'
6465
runs-on: ubuntu-latest
66+
permissions:
67+
contents: read
6568

6669
steps:
6770
- name: Checkout repository
6871
uses: actions/checkout@v4
6972
with:
7073
submodules: recursive
7174

75+
# This is required to allow jonabc/setup-licensed to install licensed via Ruby gem.
76+
- name: Install Ruby
77+
uses: ruby/setup-ruby@v1
78+
with:
79+
ruby-version: ruby # Install latest version
80+
7281
- name: Install licensed
7382
uses: jonabc/setup-licensed@v1
7483
with:
@@ -81,7 +90,7 @@ jobs:
8190
go-version: ${{ env.GO_VERSION }}
8291

8392
- name: Install Task
84-
uses: arduino/setup-task@v1
93+
uses: arduino/setup-task@v2
8594
with:
8695
repo-token: ${{ secrets.GITHUB_TOKEN }}
8796
version: 3.x
@@ -112,13 +121,21 @@ jobs:
112121
needs: run-determination
113122
if: needs.run-determination.outputs.result == 'true'
114123
runs-on: ubuntu-latest
124+
permissions:
125+
contents: read
115126

116127
steps:
117128
- name: Checkout repository
118129
uses: actions/checkout@v4
119130
with:
120131
submodules: recursive
121132

133+
# This is required to allow jonabc/setup-licensed to install licensed via Ruby gem.
134+
- name: Install Ruby
135+
uses: ruby/setup-ruby@v1
136+
with:
137+
ruby-version: ruby # Install latest version
138+
122139
- name: Install licensed
123140
uses: jonabc/setup-licensed@v1
124141
with:
@@ -131,7 +148,7 @@ jobs:
131148
go-version: ${{ env.GO_VERSION }}
132149

133150
- name: Install Task
134-
uses: arduino/setup-task@v1
151+
uses: arduino/setup-task@v2
135152
with:
136153
repo-token: ${{ secrets.GITHUB_TOKEN }}
137154
version: 3.x

‎.github/workflows/check-markdown-task.yml

Lines changed: 53 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,18 @@ name: Check Markdown
44
env:
55
# See: https://github.com/actions/setup-go/tree/main#supported-version-syntax
66
GO_VERSION: "1.18"
7+
# See: https://github.com/actions/setup-node/#readme
8+
NODE_VERSION: 16.x
79

8-
# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows
10+
# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows
911
on:
12+
create:
1013
push:
1114
paths:
1215
- ".github/workflows/check-markdown-task.ya?ml"
1316
- ".markdown-link-check.json"
17+
- "package.json"
18+
- "package-lock.json"
1419
- "Taskfile.ya?ml"
1520
- "**/.markdownlint*"
1621
- "**.mdx?"
@@ -21,6 +26,8 @@ on:
2126
paths:
2227
- ".github/workflows/check-markdown-task.ya?ml"
2328
- ".markdown-link-check.json"
29+
- "package.json"
30+
- "package-lock.json"
2431
- "Taskfile.ya?ml"
2532
- "**/.markdownlint*"
2633
- "**.mdx?"
@@ -34,18 +41,51 @@ on:
3441
repository_dispatch:
3542

3643
jobs:
44+
run-determination:
45+
runs-on: ubuntu-latest
46+
permissions: {}
47+
outputs:
48+
result: ${{ steps.determination.outputs.result }}
49+
steps:
50+
- name: Determine if the rest of the workflow should run
51+
id: determination
52+
run: |
53+
RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x"
54+
# The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead.
55+
if [[
56+
"${{ github.event_name }}" != "create" ||
57+
"${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX
58+
]]; then
59+
# Run the other jobs.
60+
RESULT="true"
61+
else
62+
# There is no need to run the other jobs.
63+
RESULT="false"
64+
fi
65+
66+
echo "result=$RESULT" >> $GITHUB_OUTPUT
67+
3768
lint:
69+
needs: run-determination
70+
if: needs.run-determination.outputs.result == 'true'
3871
runs-on: ubuntu-latest
72+
permissions:
73+
contents: read
3974

4075
steps:
4176
- name: Checkout repository
4277
uses: actions/checkout@v4
4378

79+
- name: Setup Node.js
80+
uses: actions/setup-node@v4
81+
with:
82+
node-version: ${{ env.NODE_VERSION }}
83+
4484
- name: Initialize markdownlint-cli problem matcher
45-
uses: xt0rted/markdownlint-problem-matcher@v2
85+
uses: xt0rted/markdownlint-problem-matcher@v3
4686

4787
- name: Install Task
48-
uses: arduino/setup-task@v1
88+
uses: arduino/setup-task@v2
4989
with:
5090
repo-token: ${{ secrets.GITHUB_TOKEN }}
5191
version: 3.x
@@ -54,7 +94,11 @@ jobs:
5494
run: task markdown:lint
5595

5696
links:
97+
needs: run-determination
98+
if: needs.run-determination.outputs.result == 'true'
5799
runs-on: ubuntu-latest
100+
permissions:
101+
contents: read
58102

59103
steps:
60104
- name: Checkout repository
@@ -65,8 +109,13 @@ jobs:
65109
with:
66110
go-version: ${{ env.GO_VERSION }}
67111

112+
- name: Setup Node.js
113+
uses: actions/setup-node@v4
114+
with:
115+
node-version: ${{ env.NODE_VERSION }}
116+
68117
- name: Install Task
69-
uses: arduino/setup-task@v1
118+
uses: arduino/setup-task@v2
70119
with:
71120
repo-token: ${{ secrets.GITHUB_TOKEN }}
72121
version: 3.x

‎.github/workflows/check-mkdocs-task.yml

Lines changed: 32 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,11 +4,12 @@ name: Check Website
44
env:
55
# See: https://github.com/actions/setup-go/tree/v2#readme
66
GO_VERSION: "1.18"
7-
# See: https://github.com/actions/setup-python/tree/v2#available-versions-of-python
7+
# See: https://github.com/actions/setup-python/tree/main#available-versions-of-python
88
PYTHON_VERSION: "3.9"
99

10-
# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows
10+
# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows
1111
on:
12+
create:
1213
push:
1314
paths:
1415
- ".github/workflows/check-mkdocs-task.ya?ml"
@@ -37,8 +38,36 @@ on:
3738
repository_dispatch:
3839

3940
jobs:
41+
run-determination:
42+
runs-on: ubuntu-latest
43+
permissions: {}
44+
outputs:
45+
result: ${{ steps.determination.outputs.result }}
46+
steps:
47+
- name: Determine if the rest of the workflow should run
48+
id: determination
49+
run: |
50+
RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x"
51+
# The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead.
52+
if [[
53+
"${{ github.event_name }}" != "create" ||
54+
"${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX
55+
]]; then
56+
# Run the other jobs.
57+
RESULT="true"
58+
else
59+
# There is no need to run the other jobs.
60+
RESULT="false"
61+
fi
62+
63+
echo "result=$RESULT" >> $GITHUB_OUTPUT
64+
4065
check:
66+
needs: run-determination
67+
if: needs.run-determination.outputs.result == 'true'
4168
runs-on: ubuntu-latest
69+
permissions:
70+
contents: read
4271

4372
steps:
4473
- name: Checkout repository
@@ -58,7 +87,7 @@ jobs:
5887
run: pip install poetry
5988

6089
- name: Install Task
61-
uses: arduino/setup-task@v1
90+
uses: arduino/setup-task@v2
6291
with:
6392
repo-token: ${{ secrets.GITHUB_TOKEN }}
6493
version: 3.x

‎.github/workflows/check-prettier-formatting-task.yml

Lines changed: 40 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,13 @@
11
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-prettier-formatting-task.md
22
name: Check Prettier Formatting
33

4-
# See: https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows
4+
env:
5+
# See: https://github.com/actions/setup-node/#readme
6+
NODE_VERSION: 16.x
7+
8+
# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows
59
on:
10+
create:
611
push:
712
paths:
813
- ".github/workflows/check-prettier-formatting-task.ya?ml"
@@ -199,15 +204,48 @@ on:
199204
repository_dispatch:
200205

201206
jobs:
207+
run-determination:
208+
runs-on: ubuntu-latest
209+
permissions: {}
210+
outputs:
211+
result: ${{ steps.determination.outputs.result }}
212+
steps:
213+
- name: Determine if the rest of the workflow should run
214+
id: determination
215+
run: |
216+
RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x"
217+
# The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead.
218+
if [[
219+
"${{ github.event_name }}" != "create" ||
220+
"${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX
221+
]]; then
222+
# Run the other jobs.
223+
RESULT="true"
224+
else
225+
# There is no need to run the other jobs.
226+
RESULT="false"
227+
fi
228+
229+
echo "result=$RESULT" >> $GITHUB_OUTPUT
230+
202231
check:
232+
needs: run-determination
233+
if: needs.run-determination.outputs.result == 'true'
203234
runs-on: ubuntu-latest
235+
permissions:
236+
contents: read
204237

205238
steps:
206239
- name: Checkout repository
207240
uses: actions/checkout@v4
208241

242+
- name: Setup Node.js
243+
uses: actions/setup-node@v4
244+
with:
245+
node-version: ${{ env.NODE_VERSION }}
246+
209247
- name: Install Task
210-
uses: arduino/setup-task@v1
248+
uses: arduino/setup-task@v2
211249
with:
212250
repo-token: ${{ secrets.GITHUB_TOKEN }}
213251
version: 3.x

‎.github/workflows/check-python-task.yml

Lines changed: 40 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,12 @@
22
name: Check Python
33

44
env:
5-
# See: https://github.com/actions/setup-python/tree/v2#available-versions-of-python
5+
# See: https://github.com/actions/setup-python/tree/main#available-versions-of-python
66
PYTHON_VERSION: "3.9"
77

8-
# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows
8+
# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows
99
on:
10+
create:
1011
push:
1112
paths:
1213
- ".github/workflows/check-python-task.ya?ml"
@@ -27,12 +28,43 @@ on:
2728
- "Taskfile.ya?ml"
2829
- "**/tox.ini"
2930
- "**.py"
31+
schedule:
32+
# Run periodically to catch breakage caused by external changes.
33+
- cron: "0 8 * * WED"
3034
workflow_dispatch:
3135
repository_dispatch:
3236

3337
jobs:
38+
run-determination:
39+
runs-on: ubuntu-latest
40+
permissions: {}
41+
outputs:
42+
result: ${{ steps.determination.outputs.result }}
43+
steps:
44+
- name: Determine if the rest of the workflow should run
45+
id: determination
46+
run: |
47+
RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x"
48+
# The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead.
49+
if [[
50+
"${{ github.event_name }}" != "create" ||
51+
"${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX
52+
]]; then
53+
# Run the other jobs.
54+
RESULT="true"
55+
else
56+
# There is no need to run the other jobs.
57+
RESULT="false"
58+
fi
59+
60+
echo "result=$RESULT" >> $GITHUB_OUTPUT
61+
3462
lint:
63+
needs: run-determination
64+
if: needs.run-determination.outputs.result == 'true'
3565
runs-on: ubuntu-latest
66+
permissions:
67+
contents: read
3668

3769
steps:
3870
- name: Checkout repository
@@ -47,7 +79,7 @@ jobs:
4779
run: pip install poetry
4880

4981
- name: Install Task
50-
uses: arduino/setup-task@v1
82+
uses: arduino/setup-task@v2
5183
with:
5284
repo-token: ${{ secrets.GITHUB_TOKEN }}
5385
version: 3.x
@@ -59,7 +91,11 @@ jobs:
5991
run: task python:lint
6092

6193
formatting:
94+
needs: run-determination
95+
if: needs.run-determination.outputs.result == 'true'
6296
runs-on: ubuntu-latest
97+
permissions:
98+
contents: read
6399

64100
steps:
65101
- name: Checkout repository
@@ -74,7 +110,7 @@ jobs:
74110
run: pip install poetry
75111

76112
- name: Install Task
77-
uses: arduino/setup-task@v1
113+
uses: arduino/setup-task@v2
78114
with:
79115
repo-token: ${{ secrets.GITHUB_TOKEN }}
80116
version: 3.x

‎.github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ name: Deploy Website
44
env:
55
# See: https://github.com/actions/setup-go/tree/main#supported-version-syntax
66
GO_VERSION: "1.18"
7-
# See: https://github.com/actions/setup-python/tree/v2#available-versions-of-python
7+
# See: https://github.com/actions/setup-python/tree/main#available-versions-of-python
88
PYTHON_VERSION: "3.9"
99

1010
on:
@@ -31,6 +31,7 @@ on:
3131
jobs:
3232
publish-determination:
3333
runs-on: ubuntu-latest
34+
permissions: {}
3435
outputs:
3536
result: ${{ steps.determination.outputs.result }}
3637
steps:
@@ -56,6 +57,8 @@ jobs:
5657
runs-on: ubuntu-latest
5758
needs: publish-determination
5859
if: needs.publish-determination.outputs.result == 'true'
60+
permissions:
61+
contents: write
5962

6063
steps:
6164
- name: Checkout repository
@@ -77,7 +80,7 @@ jobs:
7780
python -m pip install poetry
7881
7982
- name: Install Task
80-
uses: arduino/setup-task@v1
83+
uses: arduino/setup-task@v2
8184
with:
8285
repo-token: ${{ secrets.GITHUB_TOKEN }}
8386
version: 3.x

‎.github/workflows/publish-go-tester-task.yml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ jobs:
3636
runs-on: ubuntu-latest
3737
outputs:
3838
result: ${{ steps.determination.outputs.result }}
39+
permissions: {}
3940
steps:
4041
- name: Determine if the rest of the workflow should run
4142
id: determination
@@ -61,6 +62,7 @@ jobs:
6162
needs: run-determination
6263
if: needs.run-determination.outputs.result == 'true'
6364
runs-on: ubuntu-latest
65+
permissions: {}
6466
outputs:
6567
prefix: ${{ steps.calculation.outputs.prefix }}
6668
steps:
@@ -79,6 +81,8 @@ jobs:
7981
needs: package-name-prefix
8082
name: Build ${{ matrix.os.name }}
8183
runs-on: ubuntu-latest
84+
permissions:
85+
contents: read
8286

8387
strategy:
8488
matrix:
@@ -121,7 +125,7 @@ jobs:
121125
go-version: ${{ env.GO_VERSION }}
122126

123127
- name: Install Task
124-
uses: arduino/setup-task@v1
128+
uses: arduino/setup-task@v2
125129
with:
126130
repo-token: ${{ secrets.GITHUB_TOKEN }}
127131
version: 3.x
@@ -144,6 +148,8 @@ jobs:
144148
- build
145149
- package-name-prefix
146150
runs-on: ubuntu-latest
151+
permissions:
152+
contents: read
147153

148154
steps:
149155
- name: Download build artifacts

‎.github/workflows/release-go-crosscompile-task.yml

Lines changed: 18 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ env:
88
DIST_DIR: dist
99
# The project's folder on Arduino's download server for uploading builds
1010
AWS_PLUGIN_TARGET: /arduino-fwuploader/
11+
AWS_REGION: "us-east-1"
1112
ARTIFACT_NAME: dist
1213
# See: https://github.com/actions/setup-go/tree/main#supported-version-syntax
1314
GO_VERSION: "1.18"
@@ -20,6 +21,8 @@ on:
2021
jobs:
2122
create-release-artifacts:
2223
runs-on: ubuntu-latest
24+
permissions:
25+
contents: read
2326

2427
strategy:
2528
matrix:
@@ -56,7 +59,7 @@ jobs:
5659
go-version: ${{ env.GO_VERSION }}
5760

5861
- name: Install Task
59-
uses: arduino/setup-task@v1
62+
uses: arduino/setup-task@v2
6063
with:
6164
repo-token: ${{ secrets.GITHUB_TOKEN }}
6265
version: 3.x
@@ -75,6 +78,8 @@ jobs:
7578
name: Notarize ${{ matrix.artifact.name }}
7679
runs-on: macos-latest
7780
needs: create-release-artifacts
81+
permissions:
82+
contents: read
7883

7984
env:
8085
GON_CONFIG_PATH: gon.config.hcl
@@ -177,7 +182,11 @@ jobs:
177182

178183
create-release:
179184
runs-on: ubuntu-latest
185+
environment: production
180186
needs: notarize-macos
187+
permissions:
188+
contents: write
189+
id-token: write # This is required for requesting the JWT
181190

182191
steps:
183192
- name: Checkout # we need package_index.template
@@ -226,12 +235,12 @@ jobs:
226235
# (all the files we need are in the DIST_DIR root)
227236
artifacts: ${{ env.DIST_DIR }}/*
228237

238+
- name: configure aws credentials
239+
uses: aws-actions/configure-aws-credentials@v4
240+
with:
241+
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
242+
role-session-name: "github_${{ env.PROJECT_NAME }}"
243+
aws-region: ${{ env.AWS_REGION }}
244+
229245
- name: Upload release files on Arduino downloads servers
230-
uses: docker://plugins/s3
231-
env:
232-
PLUGIN_SOURCE: "${{ env.DIST_DIR }}/arduino-fwuploader*"
233-
PLUGIN_TARGET: ${{ env.AWS_PLUGIN_TARGET }}
234-
PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/"
235-
PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }}
236-
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
237-
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
246+
run: aws s3 sync ${{ env.DIST_DIR }} s3://${{ secrets.DOWNLOADS_BUCKET }}${{ env.AWS_PLUGIN_TARGET }}

‎.github/workflows/sync-labels.yml

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/sync-labels.md
22
name: Sync Labels
33

4-
# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows
4+
# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows
55
on:
66
push:
77
paths:
@@ -24,6 +24,8 @@ env:
2424
jobs:
2525
check:
2626
runs-on: ubuntu-latest
27+
permissions:
28+
contents: read
2729

2830
steps:
2931
- name: Checkout repository
@@ -55,6 +57,7 @@ jobs:
5557
download:
5658
needs: check
5759
runs-on: ubuntu-latest
60+
permissions: {}
5861

5962
strategy:
6063
matrix:
@@ -82,11 +85,14 @@ jobs:
8285
sync:
8386
needs: download
8487
runs-on: ubuntu-latest
88+
permissions:
89+
contents: read
90+
issues: write
8591

8692
steps:
8793
- name: Set environment variables
8894
run: |
89-
# See: https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
95+
# See: https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable
9096
echo "MERGED_CONFIGURATION_PATH=${{ runner.temp }}/labels.yml" >> "$GITHUB_ENV"
9197
9298
- name: Determine whether to dry run

‎.github/workflows/test-go-integration-task.yml

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,12 @@
22
name: Test Integration
33

44
env:
5-
# See: https://github.com/actions/setup-go/tree/v2#readme
5+
# See: https://github.com/actions/setup-go/tree/main#supported-version-syntax
66
GO_VERSION: "1.18"
7-
# See: https://github.com/actions/setup-python/tree/v2#available-versions-of-python
7+
# See: https://github.com/actions/setup-python/tree/main#available-versions-of-python
88
PYTHON_VERSION: "3.9"
99

10-
# See: https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows
10+
# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows
1111
on:
1212
create:
1313
push:
@@ -38,15 +38,16 @@ jobs:
3838
runs-on: ubuntu-latest
3939
outputs:
4040
result: ${{ steps.determination.outputs.result }}
41+
permissions: {}
4142
steps:
4243
- name: Determine if the rest of the workflow should run
4344
id: determination
4445
run: |
4546
RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x"
4647
# The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead.
47-
if [[ \
48-
"${{ github.event_name }}" != "create" || \
49-
"${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX \
48+
if [[
49+
"${{ github.event_name }}" != "create" ||
50+
"${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX
5051
]]; then
5152
# Run the other jobs.
5253
RESULT="true"
@@ -60,6 +61,8 @@ jobs:
6061
test:
6162
needs: run-determination
6263
if: needs.run-determination.outputs.result == 'true'
64+
permissions:
65+
contents: read
6366

6467
strategy:
6568
matrix:
@@ -92,7 +95,7 @@ jobs:
9295
run: pip install poetry
9396

9497
- name: Install Task
95-
uses: arduino/setup-task@v1
98+
uses: arduino/setup-task@v2
9699
with:
97100
repo-token: ${{ secrets.GITHUB_TOKEN }}
98101
version: 3.x

‎.github/workflows/test-go-task.yml

Lines changed: 15 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2,16 +2,18 @@
22
name: Test Go
33

44
env:
5-
# See: https://github.com/actions/setup-go/tree/v2#readme
5+
# See: https://github.com/actions/setup-go/tree/main#supported-version-syntax
66
GO_VERSION: "1.18"
77

8-
# See: https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows
8+
# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows
99
on:
1010
create:
1111
push:
1212
paths:
1313
- ".github/workflows/test-go-task.ya?ml"
14-
- "codecov.ya?ml"
14+
- ".github/.?codecov.ya?ml"
15+
- "dev/.?codecov.ya?ml"
16+
- ".?codecov.ya?ml"
1517
- "**/go.mod"
1618
- "**/go.sum"
1719
- "Taskfile.ya?ml"
@@ -20,7 +22,9 @@ on:
2022
pull_request:
2123
paths:
2224
- ".github/workflows/test-go-task.ya?ml"
23-
- "codecov.ya?ml"
25+
- ".github/.?codecov.ya?ml"
26+
- "dev/.?codecov.ya?ml"
27+
- ".?codecov.ya?ml"
2428
- "**/go.mod"
2529
- "**/go.sum"
2630
- "Taskfile.ya?ml"
@@ -34,15 +38,16 @@ jobs:
3438
runs-on: ubuntu-latest
3539
outputs:
3640
result: ${{ steps.determination.outputs.result }}
41+
permissions: {}
3742
steps:
3843
- name: Determine if the rest of the workflow should run
3944
id: determination
4045
run: |
4146
RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x"
4247
# The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead.
43-
if [[ \
44-
"${{ github.event_name }}" != "create" || \
45-
"${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX \
48+
if [[
49+
"${{ github.event_name }}" != "create" ||
50+
"${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX
4651
]]; then
4752
# Run the other jobs.
4853
RESULT="true"
@@ -57,6 +62,8 @@ jobs:
5762
name: test (${{ matrix.module.path }} - ${{ matrix.operating-system }})
5863
needs: run-determination
5964
if: needs.run-determination.outputs.result == 'true'
65+
permissions:
66+
contents: read
6067

6168
strategy:
6269
fail-fast: false
@@ -86,7 +93,7 @@ jobs:
8693
go-version: ${{ env.GO_VERSION }}
8794

8895
- name: Install Task
89-
uses: arduino/setup-task@v1
96+
uses: arduino/setup-task@v2
9097
with:
9198
repo-token: ${{ secrets.GITHUB_TOKEN }}
9299
version: 3.x

‎.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
/arduino-fwuploader*
33
!/arduino-fwuploader*/
44
/.vscode/
5+
/node_modules/
56
.idea
67
coverage_*.txt
78
/dist

‎.markdown-link-check.json

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,12 @@
11
{
2+
"httpHeaders": [
3+
{
4+
"urls": ["https://docs.github.com/"],
5+
"headers": {
6+
"Accept-Encoding": "gzip, deflate, br"
7+
}
8+
}
9+
],
210
"retryOn429": true,
311
"retryCount": 3,
412
"aliveStatusCodes": [200, 206]

‎.markdownlintignore

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/check-markdown/.markdownlintignore
2+
.licenses/
3+
__pycache__/
4+
node_modules/

‎Taskfile.yml

Lines changed: 41 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -78,59 +78,64 @@ tasks:
7878
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/check-markdown-task/Taskfile.yml
7979
markdown:check-links:
8080
desc: Check for broken links
81+
vars:
82+
# The command is defined in a Taskfile variable to allow it to be broken into multiple lines for readability.
83+
# This can't be done in the `cmd` object of the Taskfile because `npx --call` uses the native shell, which causes
84+
# standard newline escaping syntax to not work when the task is run on Windows.
85+
#
86+
# Using -regex instead of -name to avoid Task's behavior of globbing even when quoted on Windows
87+
# The odd method for escaping . in the regex is required for windows compatibility because mvdan.cc/sh gives
88+
# \ characters special treatment on Windows in an attempt to support them as path separators.
89+
#
90+
# prettier-ignore
91+
CHECK_LINKS_COMMAND:
92+
"
93+
find . \
94+
-type d -name \".git\" -prune -o \
95+
-type d -name \".licenses\" -prune -o \
96+
-type d -name \"__pycache__\" -prune -o \
97+
-type d -name \"node_modules\" -prune -o \
98+
-regex \".*[.]md\" \
99+
-exec \
100+
markdown-link-check \
101+
--quiet \
102+
--config \"./.markdown-link-check.json\" \
103+
\\{\\} \
104+
+
105+
"
81106
deps:
82107
- task: docs:generate
108+
- task: npm:install-deps
83109
cmds:
84110
- |
85-
if [[ "{{.OS}}" == "Windows_NT" ]]; then
86-
# npx --call uses the native shell, which makes it too difficult to use npx for this application on Windows,
87-
# so the Windows user is required to have markdown-link-check installed and in PATH.
88-
if ! which markdown-link-check &>/dev/null; then
89-
echo "markdown-link-check not found or not in PATH."
90-
echo "Please install: https://github.com/tcort/markdown-link-check#readme"
91-
exit 1
92-
fi
93-
# Default behavior of the task on Windows is to exit the task when the first broken link causes a non-zero
94-
# exit status, but it's better to check all links before exiting.
95-
set +o errexit
96-
STATUS=0
97-
# Using -regex instead of -name to avoid Task's behavior of globbing even when quoted on Windows
98-
# The odd method for escaping . in the regex is required for windows compatibility because mvdan.cc/sh gives
99-
# \ characters special treatment on Windows in an attempt to support them as path separators.
100-
for file in $(find . -regex ".*[.]md"); do
101-
markdown-link-check \
102-
--quiet \
103-
--config "./.markdown-link-check.json" \
104-
"$file"
105-
STATUS=$(( $STATUS + $? ))
106-
done
107-
exit $STATUS
108-
else
109-
npx --package=markdown-link-check --call='
110-
STATUS=0
111-
for file in $(find . -regex ".*[.]md"); do
112-
markdown-link-check \
113-
--quiet \
114-
--config "./.markdown-link-check.json" \
115-
"$file"
116-
STATUS=$(( $STATUS + $? ))
117-
done
118-
exit $STATUS
119-
'
120-
fi
111+
npx \
112+
--package=markdown-link-check \
113+
--call='{{.CHECK_LINKS_COMMAND}}'
121114
122115
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/check-markdown-task/Taskfile.yml
123116
markdown:fix:
124117
desc: Automatically correct linting violations in Markdown files where possible
118+
deps:
119+
- task: npm:install-deps
125120
cmds:
126121
- npx markdownlint-cli --fix "**/*.md"
127122

128123
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/check-markdown-task/Taskfile.yml
129124
markdown:lint:
130125
desc: Check for problems in Markdown files
126+
deps:
127+
- task: npm:install-deps
131128
cmds:
132129
- npx markdownlint-cli "**/*.md"
133130

131+
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/npm-task/Taskfile.yml
132+
npm:install-deps:
133+
desc: Install dependencies managed by npm
134+
dir: |
135+
"{{default "./" .PROJECT_PATH}}"
136+
cmds:
137+
- npm install
138+
134139
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/go-task/Taskfile.yml
135140
go:build:
136141
desc: Build the Go code

‎package-lock.json

Lines changed: 1457 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎package.json

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
{
2+
"devDependencies": {
3+
"markdown-link-check": "^3.12.1",
4+
"markdownlint-cli": "^0.37.0"
5+
}
6+
}

0 commit comments

Comments
 (0)
Please sign in to comment.