We should use the official action for retrieving the token to use for
the issue/PR triage and dependency update workflows instead of the one
we were using before.
This change adds the LICENSE and DCO files to CODEOWNERS and
specifies the community docs maintainers team as owners.
The purpose of this change is to prevent any unintentional or
unauthorized modifications to these files. Resolves#2178
* nox pip-compile: support check mode
Support a custom --check flag to fail if pip-compile made any changes so
we can check that that lockfiles are in sync with the input (.in) files.
(cherry picked from commit cb295b1f78)
* ci: remove pip-compile workflows from stable branch
We don't need these on stable branches, as they can be triggered from
the devel branch with a custom base-branch input.
They were also missing backports of various fixes from the devel branch.
Rather than trying to backport all the changes, let's just remove it
from stable branches and make sure we do so after each branching.
(cherry picked from commit 0d8d26e92f)
* pr_labeler: improve create_boilerplate_comment logging
(cherry picked from commit 5730ba9a01)
* pr_labeler: add --force-process-closed flag
(cherry picked from commit 44ffe0f210)
* pr_labeler: add warning for porting_guides changes
This adds a warning message when PRs are created that edit
porting_guides by someone outside of the Release Management WG. These
files are automatically generated during the ansible release process and
should not be modified.
Fixes: https://github.com/ansible/ansible-documentation/issues/503
(cherry picked from commit d2e6625e8b)
* pr_labeler: use @release-management-wg team for porting_guide check
Instead of hardcoding the list of release managers, we can use the
Github API to retrieve the members of the
`@ansible/release-management-wg` team.
(cherry picked from commit dddfd7eb55)
* pr_labeler: exempt bots from porting_guide check
For example, patchback is not a release manager, but we still want it to
backport Porting Guide PRs.
(cherry picked from commit 746662c255)
* pr_labeler: improve porting_guide_changes template wording
Co-authored-by: Sandra McCann <samccann@redhat.com>
(cherry picked from commit 95ece7e9d6)
* pr_labeler: refactor new_contributor_welcome code (#990)
* pr_labeler: add GlobalArgs.full_repo property
* pr_labeler: refactor new_contributor_welcome code
As of https://github.com/ansible/ansible-documentation/issues/69, the
pr_labeler responds with a welcome message when an issue or PR is opened
by a new contributor. It turns out this never actually worked properly.
The previous method that relied on Github's `author_association` flag
did not work with the app token that the pr_labeler uses. This refactors
the code to figure out whether a user is a new contributor by
searching the list of issues and PRs.
Fixes: https://github.com/ansible/ansible-documentation/issues/204
* pr_labeler: address potential race condition
(cherry picked from commit 763815d1ad)
* Bump actions/setup-python from 4 to 5 (#966)
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4...v5)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
(cherry picked from commit 466b1fdc43)
* pr_labeler: re-architect triager script (#1882)
This commit reorganizes the issue/PR triager script and updates the
workflow to run more efficiently.
- Make the script a proper Python package instead of an unwieldy single
file
- Use locked dependencies and UV to decrease workflow runtime to under
10 seconds.
(cherry picked from commit 7138e42716)
(cherry picked from commit 1cf9f7917b)
---------
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Github Actions makes it easy to inject arbitrary shell code into Github
Actions scripts thanks to the way its templating language works.
This change mediates that issue by passing action inputs to the `run:`
scripts as env vars instead of using `${{ }}` expansions directly in the
script bodies.
The pr_labeler job is the only one that both runs on pull requests and
has access to secrets, but we don't interpolate anything other than
`github.event.number`, so that wouldn't allow any malicious person to
steal credentials.
reusable-pip-compile has access to secrets and accepts user input, but
only from trusted sources (i.e., developers who already have write
access to this repository) and can manually trigger workflows.
Still, it's a good to tighten this up.
(cherry picked from commit 5ebf9f1686)
Co-authored-by: Maxwell G <maxwell@gtmx.me>
This uses the new Ansible Documentation Bot Github app to authenticate with
the Github API instead of the limited token built in to Github Actions.
The app token allows creating automatic dependency update PRs that
trigger CI properly.
A github-bot environment to store the BOT_APP_ID and BOT_APP_KEY
secrets.
(cherry picked from commit 1efa06b8a6)
Fixes: https://github.com/ansible/ansible-documentation/issues/382
**This is a backport of PR #668 as merged into devel
(8d8470468b).**
## Run docs checkers in the noxfile
This adds a checkers session to the noxfile to run docs checkers in
tests/checkers.py.
`nox -e checkers` runs all the docs checkers.
`nox -e 'checkers(rstcheck)'` and `nox -e 'checkers(docs-build)'` can
also be used to call individual checkers.
Simply executing `nox` will clone ansible-core, run the Python linters,
and the docs checkers (docs build test, rstcheck).
This makes it a lot easier for contributors,
as they can just run one command to make sure there changes will pass CI
before submitting a PR
and don't need to muck around with virtual environments and
dependencies.
## Use nox checkers session in CI
Now that the docs checkers are integrated into the noxfile, we can use
the nox session in CI instead of having to maintain separate CI
configurations for these jobs.
This change will cause branch protection to fail, as we no longer have
the docs-build and rstcheck CI jobs. I'll fix that when we're ready to
merge this.
Co-authored-by: Don Naro <dnaro@redhat.com>
This change renames tests/sanity.py -> tests/checkers.py.
The term sanity is not very clear and potentially offensive, and it's
already used by `ansible-test sanity` to mean something different.
(cherry picked from commit a986664e99)
Fixes: https://github.com/ansible/ansible-documentation/issues/530
Co-authored-by: Maxwell G <maxwell@gtmx.me>
This workflow updates pinned dependencies and files a PR if necessary.
For now, it only applies to the devel branch.
Co-authored-by: Don Naro <dnaro@redhat.com>
