diff --git a/.github/workflows/build-and-publish-image.yaml b/.github/workflows/build-and-publish-image.yaml index 21cf431..d2a8a2e 100644 --- a/.github/workflows/build-and-publish-image.yaml +++ b/.github/workflows/build-and-publish-image.yaml @@ -41,7 +41,7 @@ jobs: - name: Login to GHCR if: github.event_name != 'pull_request' - run: echo "${{ secrets.GITHUB_TOKEN }}" | podman login ghcr.io -u ${{ github.actor }} --password-stdin + uses: tankdonut/github-actions/actions/ghcr-login@v1 - name: Build and Push Container if: github.event_name != 'pull_request' diff --git a/.github/workflows/bump-tool-versions.yaml b/.github/workflows/bump-tool-versions.yaml index a1ae536..85d6c9e 100644 --- a/.github/workflows/bump-tool-versions.yaml +++ b/.github/workflows/bump-tool-versions.yaml @@ -35,9 +35,7 @@ jobs: - run: uv sync - name: Configure git - run: | - git config --global user.name "github-actions[bot]" - git config --global user.email "github-actions[bot]@users.noreply.github.com" + uses: tankdonut/github-actions/actions/git-bot-config@v1 - name: Run Update Automation run: | diff --git a/.github/workflows/lint-and-test.yaml b/.github/workflows/lint-and-test.yaml index d83ce66..2da6b5a 100644 --- a/.github/workflows/lint-and-test.yaml +++ b/.github/workflows/lint-and-test.yaml @@ -6,39 +6,17 @@ on: branches: - main -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - jobs: pre-commit: - permissions: - contents: read runs-on: ubuntu-latest steps: - - name: Checkout Repository - uses: actions/checkout@v6 + - uses: actions/checkout@v6 with: fetch-depth: 0 - - name: Cache asdf Tools - uses: actions/cache@v5 - id: cache-asdf - with: - path: ~/.asdf - key: asdf-${{ runner.os }}-${{ hashFiles('.tool-versions') }} - - - name: Install Dependencies via asdf - uses: asdf-vm/actions/install@v4 - - - name: Install Python Dependencies - run: uv sync - - - name: Cache pre-commit hooks - uses: actions/cache@v5 - with: - path: ~/.cache/pre-commit - key: pre-commit-${{ hashFiles('.tool-versions', '.pre-commit-config.yaml') }} - - name: Execute pre-commit - run: uv run pre-commit run --show-diff-on-failure --color=always --all-files + uses: tankdonut/github-actions/actions/pre-commit@v1 + with: + install_uv_deps: "true" + uv_sync_args: "--group dev" + extra_args: "--show-diff-on-failure --color=always" diff --git a/.github/workflows/prune-ghcr-images.yaml b/.github/workflows/prune-ghcr-images.yaml index a6a5952..0b8a4d2 100644 --- a/.github/workflows/prune-ghcr-images.yaml +++ b/.github/workflows/prune-ghcr-images.yaml @@ -8,17 +8,14 @@ on: env: SEMVER_REGEX: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ +permissions: + packages: write + jobs: - cleanup-ghcr: - runs-on: ubuntu-latest - permissions: - packages: write # Required to delete images - steps: - - name: Cleanup Stale GHCR Images - uses: dataaxiom/ghcr-cleanup-action@cd0cdb900b5dbf3a6f2cc869f0dbb0b8211f50c4 - with: - package: ${{ github.event.repository.name }} - keep-n-tagged: 10 - exclude-tags: v.*,latest,${{ github.event.repository.default_branch }},${{ env.SEMVER_REGEX }} - delete-untagged: true - use-regex: true + prune: + uses: tankdonut/github-actions/.github/workflows/prune-ghcr.yaml@v1 + with: + packages: '["${{ github.event.repository.name }}"]' + exclude-tags: "v.*,latest,${{ github.event.repository.default_branch }},${{ env.SEMVER_REGEX }}" + keep-n-tagged: "10" + secrets: inherit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8e7eb7f..8df856a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -153,14 +153,18 @@ jobs: pyproject.write_text(content) " + - name: Configure git + if: >- + steps.check-version-changes.outputs.has_changes == 'true' && + steps.idempotency.outputs.skip != 'true' + uses: tankdonut/github-actions/actions/git-bot-config@v1 + - name: Commit and push changes if: >- steps.check-version-changes.outputs.has_changes == 'true' && steps.idempotency.outputs.skip != 'true' run: | TAG="${{ steps.calver.outputs.calver_tag }}" - git config --global user.name "github-actions[bot]" - git config --global user.email "github-actions[bot]@users.noreply.github.com" git add CHANGELOG.md pyproject.toml git commit -m "chore: release ${TAG}" git push origin main @@ -175,6 +179,14 @@ jobs: | tar -xzf - crane sudo mv crane /usr/local/bin/crane + - name: Login to GHCR + if: >- + steps.check-version-changes.outputs.has_changes == 'true' && + steps.idempotency.outputs.skip != 'true' + uses: tankdonut/github-actions/actions/ghcr-login@v1 + with: + runtime: "crane" + - name: Tag container image if: >- steps.check-version-changes.outputs.has_changes == 'true' && @@ -185,7 +197,6 @@ jobs: IMAGE="ghcr.io/${{ github.repository }}" TAG="${{ steps.calver.outputs.calver_tag }}" DIGEST="${{ github.sha }}" - echo "${GITHUB_TOKEN}" | crane auth login ghcr.io -u "${{ github.actor }}" --password-stdin for i in $(seq 1 10); do if crane digest "${IMAGE}@${DIGEST}" 2>/dev/null; then echo "Image found, tagging..." diff --git a/.gitignore b/.gitignore index 57c4afa..c17b319 100644 --- a/.gitignore +++ b/.gitignore @@ -188,4 +188,4 @@ cython_debug/ # oh-my-openagent # Orchestration state, plans, and notepads for AI agent workflows -.sisyphus/ +.omo/