-
Notifications
You must be signed in to change notification settings - Fork 1
143 lines (132 loc) · 6.76 KB
/
check_on_push.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
#
# Check Hooke repository on push event.
#
# There is information on Docker container security at
# URL: https://docs.docker.com/engine/security/
# URL: https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html
# Note: I don't see how one can specify the 'user' for the
# Actions runs so I don't see the value of creating
# a non-root user when the container is built.
# There is information on Github Actions security at
# URL: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
# URL: https://blog.gitguardian.com/github-actions-security-cheat-sheet/
# This Github Actions page notes:
# o Using CODEOWNERS to monitor changes: specifically changes to.github/workflows/*
# o Preventing GitHub Actions from creating or approving pull requests
# Security notes:
# o secure the docker container against meddling
# o secure the hooke repository against meddling
#
name: Hooke check on push
run-name: Check branch ${{ github.ref_name }} on push by ${{ github.actor }}
on: [push]
jobs:
hooke_check_on_push:
# Notes: ubuntu.
# o use Ubuntu - there are messages on line about needing to use Ubuntu
# for use with Github Actions.
# o use a Docker container that has the Monocle3 and Hooke dependencies
# installed.
# see 'github.com:cole-trapnell-lab/hooke/src/docker/NOTES' and
# 'github.com:cole-trapnell-lab/Docker/monocle3_depend/NOTES'.
# o Github Actions has a limited variety of Linux runners. See
# URL: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
runs-on: ubuntu-latest
# One can add fine-grain-control over GITHUB_TOKEN permissions but
# I have not found authoratative descriptions of the permissions
# targets. www pages have some information
# URL: https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
# URL: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
# permissions:
# actions: read|write|none
# checks: read|write|none
# contents: read|write|none
# deployments: read|write|none
# id-token: read|write|none
# issues: read|write|none
# discussions: read|write|none
# packages: read|write|none
# pages: read|write|none
# pull-requests: read|write|none
# repository-projects: read|write|none
# security-events: read|write|none
# statuses: read|write|none
container:
# Note:
# in order for the GITHUB_TOKEN to work as a credential one must
# allow the Hooke repository to access the container 'package'.
# Navigate to the Packages tab -> <repository> tab -> Package settings ->
# Manage Actions access: click on Add Repository; give repository name
#
# The following Docker image was pushed initially to the Docker container
# but we use now the Github container registry. The following image and
# credential lines are here for documentation, if require in the future.
# image: docker.io/brgew/monocle3_depend:v1.3.0
#
# The following three (commented out) lines give credentials for a docker
# image stored at the Docker container registry.
# credentials:
# username: brgew
# password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN_READ }}
#
# The following Docker image was pushed to the Github container registry,
# which is found at the Github Packages tab.
image: ghcr.io/cole-trapnell-lab/monocle3_depend:v1.3.0_1
#
#
# The following three uncommented lines give credentials for a Github
# container registry. There is information about github.ACTOR at
# URL: https://docs.github.com/en/actions/learn-github-actions/contexts
# where there is the statement
# github.actor string The username of the user that triggered the
# initial workflow run. If the workflow run is
# a re-run, this value may differ from
# github.triggering_actor. Any workflow re-runs
# will use the privileges of github.actor, even
# if the actor initiating the re-run
# (github.triggering_actor) has different
# privileges.
credentials:
username: ${{ github.ACTOR }}
password: ${{ secrets.GITHUB_TOKEN }}
# TRAVIS: the testthat scripts check for the TRAVIS environment variable
# in order to choose the correct set of target values and to avoid
# running interactive code. For convenience, I keep the name TRAVIS after
# switching to Actions CI.
# _R_CHECK_TESTS_NLINES_: instruct the devtools::test scripts to output all
# error lines rather than the last 13. See
# https://yihui.org/en/2017/12/last-13-lines-of-output/
# GITHUB_PAT: required to read install Monocle3 using remotes::github_install()
# URL: https://github.com/r-lib/remotes/issues/641
env:
TRAVIS: true
GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
_R_CHECK_TESTS_NLINES_: 0
steps:
# Get current repository contents.
- uses: actions/checkout@v3
# Run tests.
# Notes:
# o the RCMD check command appears to not output the regression tests
# output unless an error occurs, in which case, the output of all
# regressions tests is output.
# o the torch package installs system-specific files the first time
# that it is loaded with 'library(torch)', which includes a
# confirmation dialog. In order to circumvent the dialog, I can
# set the environment variable TORCH_INSTALL to 1 and then install
# torch. The documentation at
# https://cran.r-project.org/web/packages/torch/vignettes/installation.html
# says that I can alternatively run torch::install_torch() in R
# in order to avoid the dialog but it didn't work for me.
# o PLNmodels is in active development and we need the master branch
# rather than CRAN
- name: Run R CMD build and R CMD check
run: |
export TORCH_INSTALL=1
R -e 'install.packages("torch", force=TRUE)'
R -e 'remotes::install_github("cole-trapnell-lab/monocle3", ref="develop")'
R -e 'remotes::install_github("PLN-team/PLNmodels", ref="master")'
R CMD build .
R CMD check hooke*tar.gz
shell: bash
# R -e 'install.packages("torch", force=TRUE); remotes::install_github("cole-trapnell-lab/monocle3", ref="develop"); R CMD build; R CMD check hooke*tar.gz'