Skip to content

Commit

Permalink
Merge branch 'master' into use-cfxr-units
Browse files Browse the repository at this point in the history
  • Loading branch information
Zeitsperre authored Jan 10, 2024
2 parents 4127f79 + 784b418 commit 7979bdd
Show file tree
Hide file tree
Showing 17 changed files with 247 additions and 135 deletions.
75 changes: 43 additions & 32 deletions .github/labeler.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,40 +5,51 @@
# we refer here to CI as the 'meta' configuration files for managing the code and integrations with the repository,
# not configurations related to the deployment process itself.

API:
- xclim/cli.py
'API':
- changed-files:
- any-glob-to-any-file:
- 'xclim/cli.py'

CI:
- .editorconfig
- .pre-commit-config.yaml
- .readthedocs.yml
- .yamllint.yml
- .github/workflows/*
- docs/Makefile
- pylintrc
- tox.ini
- Makefile
'CI':
- changed-files:
- any-glob-to-any-file:
- '.editorconfig'
- '.pre-commit-config.yaml'
- '.readthedocs.yml'
- '.yamllint.yml'
- '.github/workflows/*'
- 'docs/Makefile'
- 'pylintrc'
- 'tox.ini'
- 'Makefile'

docs:
- .readthedocs.yml
- docs/**/*
- AUTHORS.rst
- CONTRIBUTING.rst
- ISSUE_TEMPLATE/**/*
- ISSUE_TEMPLATE.md
- PULL_REQUEST_TEMPLATE.md
- README.rst
'docs':
- changed-files:
- any-glob-to-any-file:
- '.readthedocs.yml'
- 'docs/**/*'
- 'AUTHORS.rst'
- 'CONTRIBUTING.rst'
- 'ISSUE_TEMPLATE/**/*'
- 'ISSUE_TEMPLATE.md'
- 'PULL_REQUEST_TEMPLATE.md'
- 'README.rst'

indicators:
- xclim/indicators/**/*
- xclim/indicators/**/*
- xclim/indices/**/_*.py
- xclim/data/**/*.json
- xclim/data/**/*.yml
'indicators':
- changed-files:
- any-glob-to-any-file:
- 'xclim/indicators/**/*'
- 'xclim/indices/**/_*.py'
- 'xclim/data/**/*.json'
- 'xclim/data/**/*.yml'

information:
- CONTRIBUTING.rst
'information':
- changed-files:
- any-glob-to-any-file:
- 'CONTRIBUTING.rst'

sdba:
- xclim/sdba/**/*
- tests/test_sdba/*.py
'sdba':
- changed-files:
- any-glob-to-any-file:
- 'xclim/sdba/**/*'
- 'tests/test_sdba/*.py'
11 changes: 9 additions & 2 deletions .github/workflows/actions-versions-updater.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,19 @@ permissions: # added using https://github.com/step-security/secure-repo
jobs:
build:
runs-on: ubuntu-latest

permissions:
actions: write
contents: write
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
- name: Checkout
uses: actions/[email protected]
Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/add-to-project.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,14 @@ jobs:
add-to-project:
name: Add Issue to xclim Project
runs-on: ubuntu-latest
permissions:
contents: read
repository-projects: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
- uses: actions/[email protected]
with:
project-url: https://github.com/orgs/Ouranosinc/projects/6
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/bump-version.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ jobs:
bump_patch_version:
name: Bumpversion Patch
runs-on: ubuntu-latest
permissions:
actions: read
contents: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
Expand Down
7 changes: 6 additions & 1 deletion .github/workflows/cache-cleaner.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,12 @@ jobs:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
- name: Check out code
uses: actions/[email protected]
Expand Down
8 changes: 8 additions & 0 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,14 @@ jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
- name: 'Checkout Repository'
uses: actions/[email protected]
- name: 'Dependency Review'
Expand Down
6 changes: 6 additions & 0 deletions .github/workflows/first_pull_request.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,16 @@ on:
types:
- opened

permissions: # added using https://github.com/step-security/secure-repo
contents: read

jobs:
welcome:
name: Welcome
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
Expand Down
20 changes: 15 additions & 5 deletions .github/workflows/label.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,24 @@ on: [pull_request_target]
# See: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target

permissions:
checks: write
contents: read
pull-requests: write

jobs:
label:
name: Label
runs-on: ubuntu-latest
permissions:
checks: write
contents: read
pull-requests: write
steps:
- uses: actions/[email protected]
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
- uses: actions/[email protected]
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
22 changes: 18 additions & 4 deletions .github/workflows/label_on_approval.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,19 +10,25 @@ on:
- review_requested

permissions:
checks: write
contents: read
pull-requests: write

jobs:
label_approved:
name: Label on Approval
runs-on: ubuntu-latest
if: |
(!contains(github.event.pull_request.labels.*.name, 'approved')) &&
(github.event.review.state == 'approved') &&
(github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name)
runs-on: ubuntu-latest
permissions:
checks: write
contents: read
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
- name: Label Approved
uses: actions/[email protected]
with:
Expand All @@ -36,11 +42,19 @@ jobs:
comment_approved:
name: Comment Concerning Approved Tag
runs-on: ubuntu-latest
if: |
(github.event_name == 'pull_request_target') &&
(github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name)
runs-on: ubuntu-latest
permissions:
checks: write
contents: read
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
- name: Find comment
uses: peter-evans/[email protected]
id: fc
Expand Down
32 changes: 29 additions & 3 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,13 @@ jobs:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
disable-sudo: true
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
github.com:443
pypi.org:443
raw.githubusercontent.com:443
- uses: actions/[email protected]
- name: Set up Python${{ matrix.python-version }}
uses: actions/[email protected]
Expand Down Expand Up @@ -124,7 +130,18 @@ jobs:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
egress-policy: block
allowed-endpoints: >
azure.archive.ubuntu.com:80
coveralls.io:443
esm.ubuntu.com:443
files.pythonhosted.org:443
github.com:443
motd.ubuntu.com:443
packages.microsoft.com:443
ppa.launchpadcontent.net:443
pypi.org:443
raw.githubusercontent.com:443
- uses: actions/[email protected]
- name: Install Eigen3
if: contains(matrix.tox-env, 'sbck')
Expand Down Expand Up @@ -167,7 +184,16 @@ jobs:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
coveralls.io:443
files.pythonhosted.org:443
github.com:443
objects.githubusercontent.com:443
pypi.org:443
raw.githubusercontent.com:443
- uses: actions/[email protected]
- name: Setup Conda (Micromamba) with Python${{ matrix.python-version }}
uses: mamba-org/[email protected]
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/publish-mastodon.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@ on:
default: true
type: boolean

permissions: # added using https://github.com/step-security/secure-repo
contents: read

jobs:
toot:
name: Generate Mastodon Toot
Expand Down
8 changes: 8 additions & 0 deletions .github/workflows/testdata_version.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,14 @@ jobs:
contents: read
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
- uses: actions/[email protected]
- name: Find xclim-testdata Tag and CI Testing Branch
run: |
Expand Down
10 changes: 9 additions & 1 deletion .github/workflows/upstream.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,15 @@ jobs:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
files.pythonhosted.org:443
github.com:443
objects.githubusercontent.com:443
pypi.org:443
raw.githubusercontent.com:443
- uses: actions/[email protected]
with:
fetch-depth: 0 # Fetch all history for all branches and tags.
Expand Down
Loading

0 comments on commit 7979bdd

Please sign in to comment.