diff --git a/.github/workflows/check_required_files.yml b/.github/workflows/check_required_files.yml index bd04a98adb67..8a1f96dd1317 100644 --- a/.github/workflows/check_required_files.yml +++ b/.github/workflows/check_required_files.yml @@ -73,12 +73,14 @@ jobs: # Get list of added files: - name: 'Get list of added files' id: added-files + env: + GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + PR_NUMBER: ${{ inputs.pull_request_number }} run: | page=1 files="" while true; do - new_files=$(curl -s -H "Accept: application/vnd.github.v3+json" -H "Authorization: Bearer ${{ secrets.STDLIB_BOT_GITHUB_TOKEN - }}" "https://api.github.com/repos/stdlib-js/stdlib/pulls/${{ inputs.pull_request_number }}/files?page=$page&per_page=100" | jq -r '.[] | select(.status == "added") | .filename') + new_files=$(curl -s -H "Accept: application/vnd.github.v3+json" -H "Authorization: Bearer $GITHUB_TOKEN" "https://api.github.com/repos/stdlib-js/stdlib/pulls/$PR_NUMBER/files?page=$page&per_page=100" | jq -r '.[] | select(.status == "added") | .filename') if [ -z "$new_files" ]; then break fi diff --git a/.github/workflows/cleanup_coverage.yml b/.github/workflows/cleanup_coverage.yml index 35b191a1b884..353087d0ac9b 100644 --- a/.github/workflows/cleanup_coverage.yml +++ b/.github/workflows/cleanup_coverage.yml @@ -43,7 +43,7 @@ jobs: # Delete the 'pr-' branch from the 'stdlib-js/www-test-code-coverage' repository: - name: 'Delete coverage branch for PR' env: - REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} + REPO_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} PR_NUMBER: ${{ github.event.pull_request.number }} run: | curl -X DELETE -H "Authorization: token $REPO_GITHUB_TOKEN" \ @@ -55,7 +55,7 @@ jobs: # Pin action to full length commit SHA uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: - github-token: ${{ secrets.CHATBOT_GITHUB_TOKEN }} + github-token: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} script: | const prNumber = context.payload.pull_request.number; const { data: comments } = await github.rest.issues.listComments({ diff --git a/.github/workflows/deprecate_packages.yml b/.github/workflows/deprecate_packages.yml index 5856a003c34f..7a66319199cc 100644 --- a/.github/workflows/deprecate_packages.yml +++ b/.github/workflows/deprecate_packages.yml @@ -61,7 +61,7 @@ jobs: # Deprecate the specified packages on npm and the respective GitHub repositories: - name: 'Deprecate packages' env: - GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} run: | pkgs='${{ github.event.inputs.packages }}' npm_names="" diff --git a/.github/workflows/git_note_amend_message.yml b/.github/workflows/git_note_amend_message.yml index ecaa328eac17..baa211fd4e00 100644 --- a/.github/workflows/git_note_amend_message.yml +++ b/.github/workflows/git_note_amend_message.yml @@ -52,9 +52,6 @@ on: STDLIB_BOT_GITHUB_TOKEN: description: 'GitHub token for stdlib-bot' required: true - REPO_GITHUB_TOKEN: - description: 'GitHub token for accessing the repository' - required: true STDLIB_BOT_GPG_PRIVATE_KEY: description: 'GPG private key for stdlib-bot' required: true @@ -85,7 +82,10 @@ jobs: fetch-depth: 0 # Token for accessing the repository: - token: ${{ secrets.REPO_GITHUB_TOKEN }} + token: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + + # Avoid storing GitHub token in local Git configuration: + persist-credentials: false # Verify commit exists: - name: 'Verify commit exists' @@ -130,7 +130,7 @@ jobs: # Commit and push changes: - name: 'Commit and push changes' env: - REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} + REPO_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} USER_NAME: stdlib-bot run: | git config --local user.email "82920195+stdlib-bot@users.noreply.github.com" diff --git a/.github/workflows/git_note_filter_packages.yml b/.github/workflows/git_note_filter_packages.yml index 3104a94f7250..303e47db9caa 100644 --- a/.github/workflows/git_note_filter_packages.yml +++ b/.github/workflows/git_note_filter_packages.yml @@ -52,9 +52,6 @@ on: STDLIB_BOT_GITHUB_TOKEN: description: 'GitHub token for stdlib-bot' required: true - REPO_GITHUB_TOKEN: - description: 'GitHub token for accessing the repository' - required: true STDLIB_BOT_GPG_PRIVATE_KEY: description: 'GPG private key for stdlib-bot' required: true @@ -85,7 +82,10 @@ jobs: fetch-depth: 0 # Token for accessing the repository: - token: ${{ secrets.REPO_GITHUB_TOKEN }} + token: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + + # Avoid storing GitHub token in local Git configuration: + persist-credentials: false # Verify commit exists: - name: 'Verify commit exists' @@ -139,7 +139,7 @@ jobs: # Commit and push changes: - name: 'Commit and push changes' env: - REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} + REPO_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} USER_NAME: stdlib-bot run: | git config --local user.email "82920195+stdlib-bot@users.noreply.github.com" diff --git a/.github/workflows/good_first_issue.yml b/.github/workflows/good_first_issue.yml index abe24145bf83..72814eb3761f 100644 --- a/.github/workflows/good_first_issue.yml +++ b/.github/workflows/good_first_issue.yml @@ -52,7 +52,7 @@ jobs: - name: 'Add comment' run: gh issue comment "$NUMBER" --body "$BODY" env: - GH_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.STDLIB_BOT_FGPAT_PR_WRITE }} GH_REPO: ${{ github.repository }} NUMBER: ${{ github.event.issue.number }} BODY: | diff --git a/.github/workflows/label_commands.yml b/.github/workflows/label_commands.yml index 8270efe8820a..4538336cc0e2 100644 --- a/.github/workflows/label_commands.yml +++ b/.github/workflows/label_commands.yml @@ -52,7 +52,7 @@ jobs: # Pin action to full length commit SHA uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: - github-token: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + github-token: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} script: | try { await github.rest.issues.removeLabel({ @@ -69,7 +69,7 @@ jobs: # Pin action to full length commit SHA uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: - github-token: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + github-token: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} script: | github.rest.issues.addLabels({ 'owner': context.repo.owner, @@ -83,7 +83,7 @@ jobs: run: | curl -X POST \ -H "Accept: application/vnd.github.v3+json" \ - -H "Authorization: Bearer ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }}" \ + -H "Authorization: Bearer ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }}" \ "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/reactions" \ -d '{"content":"eyes"}' @@ -106,7 +106,7 @@ jobs: pull_request_number: ${{ github.event.pull_request.number }} user: ${{ github.event.sender.login }} secrets: - STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} # Define a job for updating copyright header years: update_copyright_years: @@ -126,8 +126,7 @@ jobs: with: pull_request_number: ${{ github.event.pull_request.number }} secrets: - REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} - STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} STDLIB_BOT_GPG_PRIVATE_KEY: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }} STDLIB_BOT_GPG_PASSPHRASE: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }} @@ -149,8 +148,7 @@ jobs: with: pull_request_number: ${{ github.event.pull_request.number }} secrets: - REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} - STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} STDLIB_BOT_GPG_PRIVATE_KEY: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }} STDLIB_BOT_GPG_PASSPHRASE: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }} @@ -172,8 +170,7 @@ jobs: with: pull_request_number: ${{ github.event.pull_request.number }} secrets: - REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} - STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} STDLIB_BOT_GPG_PRIVATE_KEY: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }} STDLIB_BOT_GPG_PASSPHRASE: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }} @@ -195,8 +192,7 @@ jobs: with: pull_request_number: ${{ github.event.pull_request.number }} secrets: - REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} - STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} STDLIB_BOT_GPG_PRIVATE_KEY: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }} STDLIB_BOT_GPG_PASSPHRASE: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }} @@ -228,7 +224,7 @@ jobs: # Pin action to full length commit SHA uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: - github-token: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + github-token: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} script: | try { await github.rest.issues.removeLabel({ diff --git a/.github/workflows/lint_autofix.yml b/.github/workflows/lint_autofix.yml index d87f24dfdb66..551501a42af9 100644 --- a/.github/workflows/lint_autofix.yml +++ b/.github/workflows/lint_autofix.yml @@ -36,9 +36,6 @@ on: STDLIB_BOT_GITHUB_TOKEN: description: 'GitHub token for stdlib-bot' required: true - REPO_GITHUB_TOKEN: - description: 'GitHub token for accessing the repository' - required: true STDLIB_BOT_GPG_PRIVATE_KEY: description: 'GPG private key for stdlib-bot' required: true @@ -93,7 +90,7 @@ jobs: repository: ${{ steps.pr-details.outputs.repository }} # Token for accessing the repository: - token: ${{ secrets.REPO_GITHUB_TOKEN }} + token: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} # File path to checkout to: path: './' @@ -174,7 +171,7 @@ jobs: # Commit and push changes: - name: 'Commit and push changes' env: - REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} + REPO_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} USER_NAME: stdlib-bot BRANCH_NAME: ${{ steps.pr-details.outputs.branch }} REPO_NAME: ${{ steps.pr-details.outputs.repository }} diff --git a/.github/workflows/lint_random_files.yml b/.github/workflows/lint_random_files.yml index 4724fbbb1f97..37f2dc40a04b 100644 --- a/.github/workflows/lint_random_files.yml +++ b/.github/workflows/lint_random_files.yml @@ -397,7 +397,7 @@ jobs: - name: 'Create sub-issue for C lint failures' if: ( github.event.inputs.c != 'false' ) && failure() && contains(steps.*.outcome, 'failure') && contains(steps.lint-c.outcome, 'failure') env: - GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} run: | BODY_FILE="$GITHUB_WORKSPACE/lint_issue_body.md" @@ -476,7 +476,7 @@ jobs: commit-message: 'style: resolve lint errors' committer: 'stdlib-bot <82920195+stdlib-bot@users.noreply.github.com>' signoff: true - token: ${{ secrets.PULL_REQUEST_TOKEN }} + token: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} labels: | automated-pr team-reviewers: | diff --git a/.github/workflows/pr_merge_develop.yml b/.github/workflows/pr_merge_develop.yml index a2d8eb08740b..2add109322fb 100644 --- a/.github/workflows/pr_merge_develop.yml +++ b/.github/workflows/pr_merge_develop.yml @@ -21,7 +21,6 @@ name: pr_merge_develop # Workflow triggers: on: - # Allow the workflow to be triggered by other workflows workflow_call: # Define the input parameters for the workflow: @@ -36,9 +35,6 @@ on: STDLIB_BOT_GITHUB_TOKEN: description: 'GitHub token for stdlib-bot' required: true - REPO_GITHUB_TOKEN: - description: 'GitHub token for accessing the repository' - required: true STDLIB_BOT_GPG_PRIVATE_KEY: description: 'GPG private key for stdlib-bot' required: true @@ -82,7 +78,7 @@ jobs: with: ref: ${{ steps.pr-details.outputs.branch }} repository: ${{ steps.pr-details.outputs.repository }} - token: ${{ secrets.REPO_GITHUB_TOKEN }} + token: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} fetch-depth: 0 # Disable Git hooks: @@ -103,7 +99,7 @@ jobs: # Merge the develop branch into the PR branch: - name: 'Merge develop branch' env: - REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} + REPO_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} USER_NAME: stdlib-bot BRANCH_NAME: ${{ steps.pr-details.outputs.branch }} REPO_NAME: ${{ steps.pr-details.outputs.repository }} diff --git a/.github/workflows/pr_rebase_develop.yml b/.github/workflows/pr_rebase_develop.yml index 8474f03d607b..6c54713ed532 100644 --- a/.github/workflows/pr_rebase_develop.yml +++ b/.github/workflows/pr_rebase_develop.yml @@ -36,9 +36,6 @@ on: STDLIB_BOT_GITHUB_TOKEN: description: 'GitHub token for stdlib-bot' required: true - REPO_GITHUB_TOKEN: - description: 'GitHub token for accessing the repository' - required: true STDLIB_BOT_GPG_PRIVATE_KEY: description: 'GPG private key for stdlib-bot' required: true @@ -82,7 +79,7 @@ jobs: with: ref: ${{ steps.pr-details.outputs.branch }} repository: ${{ steps.pr-details.outputs.repository }} - token: ${{ secrets.REPO_GITHUB_TOKEN }} + token: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} fetch-depth: 0 # Disable Git hooks: @@ -103,7 +100,7 @@ jobs: # Rebase on develop branch: - name: 'Rebase on develop branch' env: - REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} + REPO_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} USER_NAME: stdlib-bot BRANCH_NAME: ${{ steps.pr-details.outputs.branch }} REPO_NAME: ${{ steps.pr-details.outputs.repository }} diff --git a/.github/workflows/scaffold_pkg.yml b/.github/workflows/scaffold_pkg.yml deleted file mode 100644 index 629d84526c87..000000000000 --- a/.github/workflows/scaffold_pkg.yml +++ /dev/null @@ -1,83 +0,0 @@ -#/ -# @license Apache-2.0 -# -# Copyright (c) 2022 The Stdlib Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#/ - -# Workflow name: -name: scaffold_package - -# Workflow triggers: -on: - # Allow the workflow to be triggered by other workflows - workflow_call: - # Define the secrets accessible by the workflow: - secrets: - PULL_REQUEST_TOKEN: - description: 'GitHub token for stdlib-bot' - required: true - SCAFFOLD_GITHUB_TOKEN: - description: 'GitHub token used in the scaffold package action' - required: true - OPENAI_API_KEY: - description: 'OpenAI API key for scaffold package action' - required: true - -# Global permissions: -permissions: - # Allow read-only access to the repository contents: - contents: read - -# Workflow jobs: -jobs: - scaffold: - - # Define a display name: - name: 'Scaffold Package via RFC Issue Comment' - - # Define the type of virtual host machine on which to run the job: - runs-on: ubuntu-latest - - # Define the sequence of job steps... - steps: - # Checkout the current branch: - - name: 'Checkout current branch' - # Pin action to full length commit SHA - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - # Run the command to scaffold a package: - - name: 'Scaffold package' - id: scaffold - # Pin action to full length commit SHA - uses: stdlib-js/scaffold-pkg-pr-action@882ef0cbb70c1fb76135b9620232606686c1cb10 # v0.0.1 - with: - OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - GITHUB_TOKEN: ${{ secrets.SCAFFOLD_GITHUB_TOKEN }} - - # Create a pull request: - - name: 'Create pull request' - # Pin action to full length commit SHA - uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6 - with: - token: ${{ secrets.PULL_REQUEST_TOKEN }} - commit-message: 'feat: add `${{ steps.scaffold.outputs.alias }}`' - title: 'feat: add `${{ steps.scaffold.outputs.alias }}` package' - body: | - This PR adds the [${{ steps.scaffold.outputs.alias }}](../tree/${{ steps.scaffold.outputs.path }}/${{ steps.scaffold.outputs.dir }}) package. - - ## Notes - - * :warning: The package was scaffolded using the stdlib bot, which uses AI to generate package content. The generated content is not guaranteed to be correct, and will require manual review and editing. :warning: - branch: ${{ steps.scaffold.outputs.path }} diff --git a/.github/workflows/scaffold_pkg_via_branch_push.yml b/.github/workflows/scaffold_pkg_via_branch_push.yml deleted file mode 100644 index e8c3050d7f61..000000000000 --- a/.github/workflows/scaffold_pkg_via_branch_push.yml +++ /dev/null @@ -1,137 +0,0 @@ -#/ -# @license Apache-2.0 -# -# Copyright (c) 2022 The Stdlib Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#/ - -# Workflow name: -name: scaffold_package_via_push_to_branch - -# Workflow triggers: -on: - push: - branches: - - 'scaffold/**' - - 'scaffold-**/**' - -# Global permissions: -permissions: - # Allow read-only access to the repository contents: - contents: read - -# Workflow jobs: -jobs: - - scaffold: - # FIXME: disabled until determination whether to re-enable this job - if: false - - # Define a display name: - name: 'Scaffold Package via Push to Scaffolding Branch' - - # Define the type of virtual host machine on which to run the job: - runs-on: ubuntu-latest - - # Define the sequence of job steps... - steps: - # Checkout the new branch: - - name: 'Checkout new branch' - # Pin action to full length commit SHA - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - # Refers to the branch name of the branch being pushed: - ref: ${{ github.event.push.head.ref }} - - # Refers to the repository name of the branch being pushed: - repository: ${{ github.event.push.head.repo.full_name }} - - # Specify whether to remove untracked files before checking out the repository: - clean: true - - # Limit clone depth to the last 25 commits: - fetch-depth: 25 - - # Specify whether to download Git-LFS files: - lfs: false - - # Get list of changed files: - - name: 'Get list of changed files' - id: changed-files - run: | - files=$(git diff --diff-filter=AM --name-only ${{ github.event.before }} ${{ github.event.after }}) - files=$(echo "$files" | tr '\n' ' ' | sed 's/ $//') - echo "files=${files}" >> $GITHUB_OUTPUT - - # Run the command to scaffold a package: - - name: 'Scaffold package' - id: scaffold - # Pin action to full length commit SHA - uses: stdlib-js/scaffold-pkg-pr-action@882ef0cbb70c1fb76135b9620232606686c1cb10 # v0.0.1 - with: - OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - added-files: ${{ steps.changed-files.outputs.files }} - - # Configure Git: - - name: 'Configure Git' - run: | - git config --local user.email "82920195+stdlib-bot@users.noreply.github.com" - git config --local user.name "stdlib-bot" - - # Import GPG key to sign commits: - - name: 'Import GPG key to sign commits' - # Pin action to full length commit SHA - uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0 - with: - gpg_private_key: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }} - git_user_signingkey: true - git_commit_gpgsign: true - - # Commit changes: - - name: 'Commit changes' - run: | - git add -A - git commit -m "Scaffold ${{ steps.scaffold.outputs.path }} package files" - - # Push changes: - - name: 'Push changes' - run: | - SLUG=${{ github.repository }} - echo "Pushing changes to $SLUG..." - git push "https://$GITHUB_ACTOR:$GITHUB_TOKEN@github.com/$SLUG.git" HEAD:${{ github.event.push.head.ref }} - - # Check if branch name contains an issue number: - - name: 'Check if branch name contains an issue number' - id: check-branch-name - run: | - if [[ ${{ github.event.push.head.ref }} =~ ^scaffold-([0-9]+) ]]; then - echo "Branch name contains an issue number: ${BASH_REMATCH[1]}" - echo "issue-number=${BASH_REMATCH[1]}" >> $GITHUB_OUTPUT - fi - - # Add a comment to the pull request: - - name: 'Add comment to pull request' - if: steps.check-branch-name.outputs.issue-number != '' - # Pin action to full length commit SHA - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 - with: - issue-number: ${{ steps.check-branch-name.outputs.issue-number }} - body: | - Based off the `README.md` file, the [stdlib-bot](https://github.com/stdlib-bot) has generated contents for the [${{ steps.scaffold.outputs.alias }}](../tree/${{ steps.scaffold.outputs.path }}/${{ steps.scaffold.outputs.dir }}) package. - - ## Notes - - * :warning: The stdlib-bot uses AI to generate package content. The generated content is not guaranteed to be correct, and will require manual review and editing. :warning: diff --git a/.github/workflows/slash_commands.yml b/.github/workflows/slash_commands.yml index d3098b1f5b75..f4db67815223 100644 --- a/.github/workflows/slash_commands.yml +++ b/.github/workflows/slash_commands.yml @@ -48,7 +48,7 @@ jobs: # Pin action to full length commit SHA uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: - github-token: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + github-token: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} script: | github.rest.issues.addLabels({ 'owner': context.repo.owner, @@ -61,7 +61,7 @@ jobs: - name: 'Add initial reaction' uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: - github-token: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + github-token: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} script: | const commentBody = github.event.comment.body.trim(); const RE_COMMANDS = /^\/stdlib\s+(help|check-files|update-copyright-years|lint-autofix|merge|rebase)$/i; @@ -105,7 +105,7 @@ jobs: pull_request_number: ${{ github.event.issue.number }} user: ${{ github.event.comment.user.login }} secrets: - STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} # Define a job for updating copyright header years: update_copyright_years: @@ -121,8 +121,7 @@ jobs: with: pull_request_number: ${{ github.event.issue.number }} secrets: - REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} - STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} STDLIB_BOT_GPG_PRIVATE_KEY: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }} STDLIB_BOT_GPG_PASSPHRASE: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }} @@ -143,8 +142,7 @@ jobs: with: pull_request_number: ${{ github.event.issue.number }} secrets: - REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} - STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} STDLIB_BOT_GPG_PRIVATE_KEY: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }} STDLIB_BOT_GPG_PASSPHRASE: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }} @@ -165,8 +163,7 @@ jobs: with: pull_request_number: ${{ github.event.issue.number }} secrets: - REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} - STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} STDLIB_BOT_GPG_PRIVATE_KEY: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }} STDLIB_BOT_GPG_PASSPHRASE: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }} @@ -187,8 +184,7 @@ jobs: with: pull_request_number: ${{ github.event.issue.number }} secrets: - REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} - STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + STDLIB_BOT_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} STDLIB_BOT_GPG_PRIVATE_KEY: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }} STDLIB_BOT_GPG_PASSPHRASE: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }} @@ -228,7 +224,7 @@ jobs: - `/stdlib rebase` - Rebase this PR on top of develop branch. # GitHub token: - token: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + token: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} # Define a job for removing the in-progress label: remove_progress_label: @@ -256,7 +252,7 @@ jobs: # Pin action to full length commit SHA uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: - github-token: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} + github-token: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} script: | try { await github.rest.issues.removeLabel({ diff --git a/.github/workflows/standalone_push_changes.yml b/.github/workflows/standalone_push_changes.yml index f9b2b7bed677..d5671e428138 100644 --- a/.github/workflows/standalone_push_changes.yml +++ b/.github/workflows/standalone_push_changes.yml @@ -97,13 +97,13 @@ jobs: # Pin action to full length commit SHA uses: stdlib-js/changed-packages-action@e489c6b4eff164c5912a0b2d17d7462f38c11712 # v2.0.0 with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_FGPAT_REPO_READ }} # Push changes to the package repositories: - name: 'Push changes' if: ${{ steps.changed_packages.outputs.packages != '[]' }} env: - GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} run: | echo "Pushing changes to the following repositories: ${{ steps.changed_packages.outputs.packages }}" node lib/node_modules/@stdlib/_tools/scripts/publish_packages.js ${{ join( fromJSON( steps.changed_packages.outputs.packages ), ' ' ) }} diff --git a/.github/workflows/standalone_test.yml b/.github/workflows/standalone_test.yml index 2cda06e92104..b917b14e8d98 100644 --- a/.github/workflows/standalone_test.yml +++ b/.github/workflows/standalone_test.yml @@ -85,7 +85,7 @@ jobs: # Trigger standalone package tests: - name: 'Trigger tests' env: - GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} run: | node lib/node_modules/@stdlib/_tools/scripts/trigger_workflow_events.js diff --git a/.github/workflows/track_todos.yml b/.github/workflows/track_todos.yml index 7b6fffc5b9e5..a208939b3fb6 100644 --- a/.github/workflows/track_todos.yml +++ b/.github/workflows/track_todos.yml @@ -85,7 +85,7 @@ jobs: title: 'TODO comments' content-filepath: ./tracking_issue_todos.md issue-number: 803 - token: ${{ secrets.PULL_REQUEST_TOKEN }} + token: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} labels: | todos automated-issue @@ -98,7 +98,7 @@ jobs: title: 'FIXME comments' content-filepath: ./tracking_issue_fixmes.md issue-number: 804 - token: ${{ secrets.PULL_REQUEST_TOKEN }} + token: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }} labels: | fixmes automated-issue diff --git a/.github/workflows/update_pr_copyright_years.yml b/.github/workflows/update_pr_copyright_years.yml index 4fa4187fd3fe..768223a3517c 100644 --- a/.github/workflows/update_pr_copyright_years.yml +++ b/.github/workflows/update_pr_copyright_years.yml @@ -36,9 +36,6 @@ on: STDLIB_BOT_GITHUB_TOKEN: description: 'GitHub token for stdlib-bot' required: true - REPO_GITHUB_TOKEN: - description: 'GitHub token for accessing the repository' - required: true STDLIB_BOT_GPG_PRIVATE_KEY: description: 'GPG private key for stdlib-bot' required: true @@ -105,13 +102,13 @@ jobs: page=1 files="" while true; do - new_files=$(curl -s -H "Accept: application/vnd.github.v3+json" -H "Authorization: Bearer ${{ secrets.STDLIB_BOT_GITHUB_TOKEN - }}" "https://api.github.com/repos/stdlib-js/stdlib/pulls/${{ inputs.pull_request_number }}/files?page=$page&per_page=100" | jq -r '.[] | select(.status == "added") | .filename') - if [ -z "$new_files" ]; then - break - fi - files="$files $new_files" - page=$((page+1)) + new_files=$(curl -s -H "Accept: application/vnd.github.v3+json" -H "Authorization: Bearer ${{ secrets.STDLIB_BOT_GITHUB_TOKEN + }}" "https://api.github.com/repos/stdlib-js/stdlib/pulls/${{ inputs.pull_request_number }}/files?page=$page&per_page=100" | jq -r '.[] | select(.status == "added") | .filename') + if [ -z "$new_files" ]; then + break + fi + files="$files $new_files" + page=$((page+1)) done files=$(echo "$files" | tr '\n' ' ' | sed 's/^ //;s/ $//') echo "files=${files}" >> $GITHUB_OUTPUT @@ -141,7 +138,7 @@ jobs: # Commit and push changes: - name: 'Commit and push changes' env: - REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} + REPO_GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_GITHUB_TOKEN }} USER_NAME: stdlib-bot BRANCH_NAME: ${{ steps.pr-details.outputs.branch }} REPO_NAME: ${{ steps.pr-details.outputs.repository }}