From c0503d8169d639f48edc8f7ef8a189d6049a40a2 Mon Sep 17 00:00:00 2001 From: Kyle Altendorf Date: Thu, 30 Jan 2025 10:31:38 -0500 Subject: [PATCH 1/6] use `allow-dev-deps` label to block merging and allow non-binary dependencies --- .github/actions/install/action.yml | 4 ++++ .github/workflows/check_wheel_availability.yaml | 1 + .github/workflows/require-labels.yml | 9 ++++++++- .github/workflows/test-install-scripts.yml | 2 ++ 4 files changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/actions/install/action.yml b/.github/actions/install/action.yml index 5974d171cd61..b64a8c246fa8 100644 --- a/.github/actions/install/action.yml +++ b/.github/actions/install/action.yml @@ -39,6 +39,10 @@ inputs: runs: using: "composite" steps: + - name: Set up rust + if: contains( github.event.pull_request.labels.*.name, 'allow-dev-deps') + uses: dtolnay/rust-toolchain@stable + - name: Run install script (macOS, Ubuntu) if: runner.os == 'macos' || runner.os == 'linux' shell: bash diff --git a/.github/workflows/check_wheel_availability.yaml b/.github/workflows/check_wheel_availability.yaml index 6924efd1d88f..c1f31817ff3d 100644 --- a/.github/workflows/check_wheel_availability.yaml +++ b/.github/workflows/check_wheel_availability.yaml @@ -19,6 +19,7 @@ concurrency: jobs: check_dependency_artifacts: name: ${{ matrix.os.name }} ${{ matrix.arch.name }} ${{ matrix.python-version }} + if: ${{ !contains( github.event.pull_request.labels.*.name, 'allow-dev-deps') }} runs-on: ${{ matrix.os.runs-on[matrix.arch.matrix] }} strategy: fail-fast: false diff --git a/.github/workflows/require-labels.yml b/.github/workflows/require-labels.yml index 10106b7a5cf3..b598c497dc17 100644 --- a/.github/workflows/require-labels.yml +++ b/.github/workflows/require-labels.yml @@ -12,7 +12,8 @@ jobs: outputs: status: ${{ steps.check-labels.outputs.status }} steps: - - id: check-labels + - name: check changelog labels + id: check-labels uses: mheap/github-action-required-labels@v5 with: mode: exactly @@ -23,3 +24,9 @@ jobs: if: steps.check-labels.outputs.status == 'success' - run: echo FAILURE && exit 1 if: steps.check-labels.outputs.status == 'failure' + - name: check banned labels + uses: mheap/github-action-required-labels@v5 + with: + mode: exactly + count: 0 + labels: "allow-dev-deps" diff --git a/.github/workflows/test-install-scripts.yml b/.github/workflows/test-install-scripts.yml index 03e01458188f..a2cce610a490 100644 --- a/.github/workflows/test-install-scripts.yml +++ b/.github/workflows/test-install-scripts.yml @@ -23,6 +23,7 @@ concurrency: jobs: test_scripts: name: Native ${{ matrix.os.emoji }} ${{ matrix.arch.emoji }} ${{ matrix.development.name }} - ${{ matrix.editable.name }} + if: ${{ !contains( github.event.pull_request.labels.*.name, 'allow-dev-deps') }} runs-on: ${{ matrix.os.runs-on[matrix.arch.matrix] }} strategy: fail-fast: false @@ -134,6 +135,7 @@ jobs: test_scripts_in_docker: name: Docker ${{ matrix.distribution.name }} ${{ matrix.arch.name }} + if: ${{ !contains( github.event.pull_request.labels.*.name, 'allow-dev-deps') }} runs-on: ${{ matrix.os.runs-on[matrix.arch.matrix] }} container: ${{ matrix.distribution.url }} strategy: From 67a7d14b7c0609fb053de297a9a86b3b174da106 Mon Sep 17 00:00:00 2001 From: Kyle Altendorf Date: Thu, 30 Jan 2025 10:58:10 -0500 Subject: [PATCH 2/6] not here... --- .github/workflows/reflow-check-allow-dev-deps.yml | 0 .github/workflows/require-labels.yml | 9 +-------- 2 files changed, 1 insertion(+), 8 deletions(-) create mode 100644 .github/workflows/reflow-check-allow-dev-deps.yml diff --git a/.github/workflows/reflow-check-allow-dev-deps.yml b/.github/workflows/reflow-check-allow-dev-deps.yml new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/.github/workflows/require-labels.yml b/.github/workflows/require-labels.yml index b598c497dc17..10106b7a5cf3 100644 --- a/.github/workflows/require-labels.yml +++ b/.github/workflows/require-labels.yml @@ -12,8 +12,7 @@ jobs: outputs: status: ${{ steps.check-labels.outputs.status }} steps: - - name: check changelog labels - id: check-labels + - id: check-labels uses: mheap/github-action-required-labels@v5 with: mode: exactly @@ -24,9 +23,3 @@ jobs: if: steps.check-labels.outputs.status == 'success' - run: echo FAILURE && exit 1 if: steps.check-labels.outputs.status == 'failure' - - name: check banned labels - uses: mheap/github-action-required-labels@v5 - with: - mode: exactly - count: 0 - labels: "allow-dev-deps" From 57524480ddca6bf9af6beb32ef9e9e6839853bc4 Mon Sep 17 00:00:00 2001 From: Kyle Altendorf Date: Thu, 30 Jan 2025 11:08:24 -0500 Subject: [PATCH 3/6] check in both places --- .../workflows/check_wheel_availability.yaml | 3 +++ .../workflows/reflow-check-allow-dev-deps.yml | 24 +++++++++++++++++++ .github/workflows/test-install-scripts.yml | 3 +++ 3 files changed, 30 insertions(+) diff --git a/.github/workflows/check_wheel_availability.yaml b/.github/workflows/check_wheel_availability.yaml index c1f31817ff3d..a847d47b0f97 100644 --- a/.github/workflows/check_wheel_availability.yaml +++ b/.github/workflows/check_wheel_availability.yaml @@ -17,6 +17,9 @@ concurrency: cancel-in-progress: true jobs: + check-allow-dev-deps: + uses: ./.github/workflows/reflow-check-allow-dev-deps.yml + check_dependency_artifacts: name: ${{ matrix.os.name }} ${{ matrix.arch.name }} ${{ matrix.python-version }} if: ${{ !contains( github.event.pull_request.labels.*.name, 'allow-dev-deps') }} diff --git a/.github/workflows/reflow-check-allow-dev-deps.yml b/.github/workflows/reflow-check-allow-dev-deps.yml index e69de29bb2d1..6921462cb0dd 100644 --- a/.github/workflows/reflow-check-allow-dev-deps.yml +++ b/.github/workflows/reflow-check-allow-dev-deps.yml @@ -0,0 +1,24 @@ +name: 🚨 Check allow-dev-deps label + +on: + workflow_call: + inputs: + concurrency-name: + required: true + type: string + +concurrency: + # SHA is added to the end if on `main` to let all main workflows run + group: ${{ github.ref }}-${{ github.workflow }}-${{ inputs.concurrency-name }}-${{ github.event_name }}-${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/') || startsWith(github.ref, 'refs/heads/long_lived/')) && github.sha || '' }} + cancel-in-progress: true + +jobs: + check-labels: + runs-on: ubuntu-latest + steps: + - name: check banned labels + uses: mheap/github-action-required-labels@v5 + with: + mode: exactly + count: 0 + labels: "allow-dev-deps" diff --git a/.github/workflows/test-install-scripts.yml b/.github/workflows/test-install-scripts.yml index a2cce610a490..73c79ecee440 100644 --- a/.github/workflows/test-install-scripts.yml +++ b/.github/workflows/test-install-scripts.yml @@ -21,6 +21,9 @@ concurrency: cancel-in-progress: true jobs: + check-allow-dev-deps: + uses: ./.github/workflows/reflow-check-allow-dev-deps.yml + test_scripts: name: Native ${{ matrix.os.emoji }} ${{ matrix.arch.emoji }} ${{ matrix.development.name }} - ${{ matrix.editable.name }} if: ${{ !contains( github.event.pull_request.labels.*.name, 'allow-dev-deps') }} From 6d945b23e42ae1722d63ffad0448a5d3e871aca7 Mon Sep 17 00:00:00 2001 From: Kyle Altendorf Date: Thu, 30 Jan 2025 11:13:56 -0500 Subject: [PATCH 4/6] use an output from the reflow to avoid checking the label directly --- .github/actions/install/action.yml | 1 - .github/workflows/check_wheel_availability.yaml | 3 ++- .github/workflows/reflow-check-allow-dev-deps.yml | 2 ++ .github/workflows/test-install-scripts.yml | 3 ++- 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/actions/install/action.yml b/.github/actions/install/action.yml index b64a8c246fa8..999273730b90 100644 --- a/.github/actions/install/action.yml +++ b/.github/actions/install/action.yml @@ -40,7 +40,6 @@ runs: using: "composite" steps: - name: Set up rust - if: contains( github.event.pull_request.labels.*.name, 'allow-dev-deps') uses: dtolnay/rust-toolchain@stable - name: Run install script (macOS, Ubuntu) diff --git a/.github/workflows/check_wheel_availability.yaml b/.github/workflows/check_wheel_availability.yaml index a847d47b0f97..64f2f900e735 100644 --- a/.github/workflows/check_wheel_availability.yaml +++ b/.github/workflows/check_wheel_availability.yaml @@ -22,7 +22,8 @@ jobs: check_dependency_artifacts: name: ${{ matrix.os.name }} ${{ matrix.arch.name }} ${{ matrix.python-version }} - if: ${{ !contains( github.event.pull_request.labels.*.name, 'allow-dev-deps') }} + needs: check-allow-dev-deps + if: ${{ !needs.check-allow-dev-deps.outputs.allow-dev-deps }} runs-on: ${{ matrix.os.runs-on[matrix.arch.matrix] }} strategy: fail-fast: false diff --git a/.github/workflows/reflow-check-allow-dev-deps.yml b/.github/workflows/reflow-check-allow-dev-deps.yml index 6921462cb0dd..f41ecdcc6bef 100644 --- a/.github/workflows/reflow-check-allow-dev-deps.yml +++ b/.github/workflows/reflow-check-allow-dev-deps.yml @@ -6,6 +6,8 @@ on: concurrency-name: required: true type: string + outputs: + allow-dev-deps: ${{ contains( github.event.pull_request.labels.*.name, 'allow-dev-deps') }} concurrency: # SHA is added to the end if on `main` to let all main workflows run diff --git a/.github/workflows/test-install-scripts.yml b/.github/workflows/test-install-scripts.yml index 73c79ecee440..fe0ef9c2fc79 100644 --- a/.github/workflows/test-install-scripts.yml +++ b/.github/workflows/test-install-scripts.yml @@ -26,7 +26,8 @@ jobs: test_scripts: name: Native ${{ matrix.os.emoji }} ${{ matrix.arch.emoji }} ${{ matrix.development.name }} - ${{ matrix.editable.name }} - if: ${{ !contains( github.event.pull_request.labels.*.name, 'allow-dev-deps') }} + needs: check-allow-dev-deps + if: ${{ !needs.check-allow-dev-deps.outputs.allow-dev-deps }} runs-on: ${{ matrix.os.runs-on[matrix.arch.matrix] }} strategy: fail-fast: false From 57aaac6390b18ff8c78e7caa4788901e17c14873 Mon Sep 17 00:00:00 2001 From: Kyle Altendorf Date: Thu, 30 Jan 2025 11:18:28 -0500 Subject: [PATCH 5/6] fixup --- .github/workflows/reflow-check-allow-dev-deps.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/reflow-check-allow-dev-deps.yml b/.github/workflows/reflow-check-allow-dev-deps.yml index f41ecdcc6bef..cbb67baf767f 100644 --- a/.github/workflows/reflow-check-allow-dev-deps.yml +++ b/.github/workflows/reflow-check-allow-dev-deps.yml @@ -2,16 +2,13 @@ name: 🚨 Check allow-dev-deps label on: workflow_call: - inputs: - concurrency-name: - required: true - type: string outputs: - allow-dev-deps: ${{ contains( github.event.pull_request.labels.*.name, 'allow-dev-deps') }} + allow-dev-deps: + value: ${{ contains( github.event.pull_request.labels.*.name, 'allow-dev-deps') }} concurrency: # SHA is added to the end if on `main` to let all main workflows run - group: ${{ github.ref }}-${{ github.workflow }}-${{ inputs.concurrency-name }}-${{ github.event_name }}-${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/') || startsWith(github.ref, 'refs/heads/long_lived/')) && github.sha || '' }} + group: ${{ github.ref }}-${{ github.workflow }}-${{ github.event_name }}-${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/') || startsWith(github.ref, 'refs/heads/long_lived/')) && github.sha || '' }} cancel-in-progress: true jobs: From 5f3248aff89e5ef2428c5ba0cf8c4f249a12bf71 Mon Sep 17 00:00:00 2001 From: Kyle Altendorf Date: Thu, 30 Jan 2025 11:31:43 -0500 Subject: [PATCH 6/6] try just needs --- .github/actions/install/action.yml | 1 + .github/workflows/check_wheel_availability.yaml | 1 - .github/workflows/reflow-check-allow-dev-deps.yml | 3 --- .github/workflows/test-install-scripts.yml | 1 - 4 files changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/actions/install/action.yml b/.github/actions/install/action.yml index 999273730b90..f4f1d74bbadf 100644 --- a/.github/actions/install/action.yml +++ b/.github/actions/install/action.yml @@ -40,6 +40,7 @@ runs: using: "composite" steps: - name: Set up rust + if: ${{ contains( github.event.pull_request.labels.*.name, 'allow-dev-deps') }} uses: dtolnay/rust-toolchain@stable - name: Run install script (macOS, Ubuntu) diff --git a/.github/workflows/check_wheel_availability.yaml b/.github/workflows/check_wheel_availability.yaml index 64f2f900e735..46442a21dc15 100644 --- a/.github/workflows/check_wheel_availability.yaml +++ b/.github/workflows/check_wheel_availability.yaml @@ -23,7 +23,6 @@ jobs: check_dependency_artifacts: name: ${{ matrix.os.name }} ${{ matrix.arch.name }} ${{ matrix.python-version }} needs: check-allow-dev-deps - if: ${{ !needs.check-allow-dev-deps.outputs.allow-dev-deps }} runs-on: ${{ matrix.os.runs-on[matrix.arch.matrix] }} strategy: fail-fast: false diff --git a/.github/workflows/reflow-check-allow-dev-deps.yml b/.github/workflows/reflow-check-allow-dev-deps.yml index cbb67baf767f..448c03bbba96 100644 --- a/.github/workflows/reflow-check-allow-dev-deps.yml +++ b/.github/workflows/reflow-check-allow-dev-deps.yml @@ -2,9 +2,6 @@ name: 🚨 Check allow-dev-deps label on: workflow_call: - outputs: - allow-dev-deps: - value: ${{ contains( github.event.pull_request.labels.*.name, 'allow-dev-deps') }} concurrency: # SHA is added to the end if on `main` to let all main workflows run diff --git a/.github/workflows/test-install-scripts.yml b/.github/workflows/test-install-scripts.yml index fe0ef9c2fc79..0067f7f894e0 100644 --- a/.github/workflows/test-install-scripts.yml +++ b/.github/workflows/test-install-scripts.yml @@ -27,7 +27,6 @@ jobs: test_scripts: name: Native ${{ matrix.os.emoji }} ${{ matrix.arch.emoji }} ${{ matrix.development.name }} - ${{ matrix.editable.name }} needs: check-allow-dev-deps - if: ${{ !needs.check-allow-dev-deps.outputs.allow-dev-deps }} runs-on: ${{ matrix.os.runs-on[matrix.arch.matrix] }} strategy: fail-fast: false