From d10fd304a0f9bf348f5d4839148e14a832b17018 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sat, 20 Jul 2024 17:57:00 -0500 Subject: [PATCH 01/45] docs: Get the project started --- pulumi/github/repos/README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 pulumi/github/repos/README.md diff --git a/pulumi/github/repos/README.md b/pulumi/github/repos/README.md new file mode 100644 index 00000000..e31936a7 --- /dev/null +++ b/pulumi/github/repos/README.md @@ -0,0 +1,18 @@ +# Repos + +Goal is to replace https://oldsite.nf-co.re/pipeline_health + +## Initial Roll-out + +The new pipelines that are broken: + +- denovotranscript +- meerpipe +- pairgenomealign +- phaseimpute +- reportho + +Maybe: + +- scdownstream +- scnanoseq From d4dc7d4363f20bb08452d8c672ba6d0ee95421b0 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sat, 20 Jul 2024 17:59:46 -0500 Subject: [PATCH 02/45] chore: Copy over code from teams --- pulumi/github/repos/.gitignore | 3 +++ pulumi/github/repos/Pulumi.dev.yaml | 4 ++++ pulumi/github/repos/Pulumi.yaml | 10 ++++++++++ pulumi/github/repos/__main__.py | 6 ++++++ pulumi/github/repos/requirements.txt | 3 +++ pulumi/github/teams/.gitignore | 5 ----- 6 files changed, 26 insertions(+), 5 deletions(-) create mode 100644 pulumi/github/repos/.gitignore create mode 100644 pulumi/github/repos/Pulumi.dev.yaml create mode 100644 pulumi/github/repos/Pulumi.yaml create mode 100644 pulumi/github/repos/__main__.py create mode 100644 pulumi/github/repos/requirements.txt diff --git a/pulumi/github/repos/.gitignore b/pulumi/github/repos/.gitignore new file mode 100644 index 00000000..18fa2a3e --- /dev/null +++ b/pulumi/github/repos/.gitignore @@ -0,0 +1,3 @@ +*.pyc +venv/ +__pycache__/ diff --git a/pulumi/github/repos/Pulumi.dev.yaml b/pulumi/github/repos/Pulumi.dev.yaml new file mode 100644 index 00000000..f388f6e6 --- /dev/null +++ b/pulumi/github/repos/Pulumi.dev.yaml @@ -0,0 +1,4 @@ +config: + github:owner: nf-core-tf + github:token: + secure: AAABADQ5983Zkr3Cb5e3Ql44AV0OkR66r4aU1seWGmEhzkgBnSlL3WfSk+qcXrFPdelbLM05rnd0thzVjSWbaR5B0Kor/GUFgvWxoUDlXomH/mFpizDV9QsqBgSNRrKlYgAxt9n4SwQ1j0aH8MpDPLyetyhLHH/cJrI33BA= diff --git a/pulumi/github/repos/Pulumi.yaml b/pulumi/github/repos/Pulumi.yaml new file mode 100644 index 00000000..d492c4a7 --- /dev/null +++ b/pulumi/github/repos/Pulumi.yaml @@ -0,0 +1,10 @@ +name: github-repos +runtime: + name: python + options: + virtualenv: venv +description: Managing GitHub repos +config: + pulumi:tags: + value: + pulumi:template: https://www.pulumi.com/ai/api/project/3cb51e5f-2548-4d7b-9d9d-1ea680ac96ee.zip diff --git a/pulumi/github/repos/__main__.py b/pulumi/github/repos/__main__.py new file mode 100644 index 00000000..bd11f662 --- /dev/null +++ b/pulumi/github/repos/__main__.py @@ -0,0 +1,6 @@ +#!/usr/bin/env python + +import yaml + +import pulumi +import pulumi_github as github diff --git a/pulumi/github/repos/requirements.txt b/pulumi/github/repos/requirements.txt new file mode 100644 index 00000000..d265c6c6 --- /dev/null +++ b/pulumi/github/repos/requirements.txt @@ -0,0 +1,3 @@ +pulumi>=3 +pulumi_github>=5.20.0 +ruff>=0.3.7 diff --git a/pulumi/github/teams/.gitignore b/pulumi/github/teams/.gitignore index 75384ec2..18fa2a3e 100644 --- a/pulumi/github/teams/.gitignore +++ b/pulumi/github/teams/.gitignore @@ -1,8 +1,3 @@ *.pyc venv/ __pycache__/ - -# sensitive data -Pulumi*yaml -*.txt -!requirements.txt From 2efa2be8f46d0726e01588dd73f299339af7c742 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sat, 20 Jul 2024 18:07:48 -0500 Subject: [PATCH 03/45] chore: re-encrypt GitHub token --- pulumi/github/repos/Pulumi.dev.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pulumi/github/repos/Pulumi.dev.yaml b/pulumi/github/repos/Pulumi.dev.yaml index f388f6e6..b2221915 100644 --- a/pulumi/github/repos/Pulumi.dev.yaml +++ b/pulumi/github/repos/Pulumi.dev.yaml @@ -1,4 +1,5 @@ config: github:owner: nf-core-tf + # https://start.1password.com/open/i?a=O5GICFDKPNABLLVGMKBL5JWDWA&v=rdfcz6oy6qxxrc4clu467a7dmm&i=4ajrv44kc5lcbboa37fr5oydla&h=nf-core.1password.eu github:token: - secure: AAABADQ5983Zkr3Cb5e3Ql44AV0OkR66r4aU1seWGmEhzkgBnSlL3WfSk+qcXrFPdelbLM05rnd0thzVjSWbaR5B0Kor/GUFgvWxoUDlXomH/mFpizDV9QsqBgSNRrKlYgAxt9n4SwQ1j0aH8MpDPLyetyhLHH/cJrI33BA= + secure: AAABAFMgBNyCNuYsps6YVPV2L7Ji5qBJj0omEQQa9HrdhT2iHo3ex0e9NsDER3Q04itGiY698X/ZQCnTM2zu9op3tcjmzfITdHxGy0FGATuUFamYsSiztHrNAKiIEJ9E0M4Al8/yJeB6X4BXvkLEgik/I+GPvZIXK3tE65Q= From 2c2deb666fd54588b436300788e233011cea136c Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sat, 20 Jul 2024 18:09:21 -0500 Subject: [PATCH 04/45] chore: pulumi import github:index/repository:Repository nf-core-tf modules --- pulumi/github/repos/__main__.py | 38 +++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/pulumi/github/repos/__main__.py b/pulumi/github/repos/__main__.py index bd11f662..103aade9 100644 --- a/pulumi/github/repos/__main__.py +++ b/pulumi/github/repos/__main__.py @@ -4,3 +4,41 @@ import pulumi import pulumi_github as github + + +nf_core_tf = github.Repository( + "nf-core-tf", + allow_merge_commit=False, + allow_rebase_merge=False, + allow_squash_merge=False, + default_branch="master", + description="Repository to host tool-specific module files for the Nextflow DSL2 community!", + has_downloads=True, + has_issues=True, + has_projects=True, + homepage_url="https://nf-co.re", + merge_commit_message="", + merge_commit_title="", + name="modules", + security_and_analysis=github.RepositorySecurityAndAnalysisArgs( + secret_scanning=github.RepositorySecurityAndAnalysisSecretScanningArgs( + status="disabled", + ), + secret_scanning_push_protection=github.RepositorySecurityAndAnalysisSecretScanningPushProtectionArgs( + status="disabled", + ), + ), + squash_merge_commit_message="", + squash_merge_commit_title="", + topics=[ + "nextflow", + "pipelines", + "nf-test", + "modules", + "nf-core", + "dsl2", + "workflows", + ], + visibility="public", + opts=pulumi.ResourceOptions(protect=True), +) From 66c4ef43c0b155a5f0edd2e8aa5e2d2322985f16 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sat, 20 Jul 2024 18:47:48 -0500 Subject: [PATCH 05/45] docs: Write up some plans --- pulumi/github/repos/README.md | 16 ++++++++++++++++ pulumi/github/repos/core_repos.yml | 14 ++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 pulumi/github/repos/core_repos.yml diff --git a/pulumi/github/repos/README.md b/pulumi/github/repos/README.md index e31936a7..6466569d 100644 --- a/pulumi/github/repos/README.md +++ b/pulumi/github/repos/README.md @@ -2,6 +2,8 @@ Goal is to replace https://oldsite.nf-co.re/pipeline_health +This repo will be the "Actions" section at the bottom. We can then create a reporting page if we really need to see all the green checks + ## Initial Roll-out The new pipelines that are broken: @@ -16,3 +18,17 @@ Maybe: - scdownstream - scnanoseq + +### Plan + +#### Short-term + +1. [ ] Import a pipeline that has all the right settings +2. [ ] Fix the 5 pipelines above with the correct settings from the "model" repo +3. [ ] Keep importing new pipelines until we gain confidence in it. + +#### Long-term + +1. Wrangle in `core_repos` +2. Roll out to all pipelines +3. Switch all repos to main diff --git a/pulumi/github/repos/core_repos.yml b/pulumi/github/repos/core_repos.yml new file mode 100644 index 00000000..1fdaf6b5 --- /dev/null +++ b/pulumi/github/repos/core_repos.yml @@ -0,0 +1,14 @@ +- .github +- basic_training +- configs +- logos +- modules +- ops +- prettier-plugin-nextflow +- references +- setup-nextflow +- sublime +- test-datasets +- tools +- vscode-extensionpack +- website From 7d7df5d6ce1c8873586907d4a09ab8dfd2423709 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sat, 20 Jul 2024 18:49:04 -0500 Subject: [PATCH 06/45] Add missing repos --- pulumi/github/repos/core_repos.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pulumi/github/repos/core_repos.yml b/pulumi/github/repos/core_repos.yml index 1fdaf6b5..d353e21c 100644 --- a/pulumi/github/repos/core_repos.yml +++ b/pulumi/github/repos/core_repos.yml @@ -12,3 +12,5 @@ - tools - vscode-extensionpack - website +- vale +- setup-nf-test From 4734c3f3b02d299d85f74b9879ac4a2260fe9e7f Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sat, 20 Jul 2024 18:49:22 -0500 Subject: [PATCH 07/45] chore: Sort lines --- pulumi/github/repos/core_repos.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pulumi/github/repos/core_repos.yml b/pulumi/github/repos/core_repos.yml index d353e21c..14ebcf5f 100644 --- a/pulumi/github/repos/core_repos.yml +++ b/pulumi/github/repos/core_repos.yml @@ -7,10 +7,10 @@ - prettier-plugin-nextflow - references - setup-nextflow +- setup-nf-test - sublime - test-datasets - tools +- vale - vscode-extensionpack - website -- vale -- setup-nf-test From 965477804e572a1628ba70fbaed8d5611475bc83 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sat, 20 Jul 2024 18:52:35 -0500 Subject: [PATCH 08/45] chore: Add pipelines --- pulumi/github/repos/pipelines.yml | 99 +++++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 pulumi/github/repos/pipelines.yml diff --git a/pulumi/github/repos/pipelines.yml b/pulumi/github/repos/pipelines.yml new file mode 100644 index 00000000..f73ac115 --- /dev/null +++ b/pulumi/github/repos/pipelines.yml @@ -0,0 +1,99 @@ +- airrflow +- ampliseq +- atacseq +- bacass +- bactmap +- bamtofastq +- cageseq +- callingcards +- chipseq +- circdna +- circrna +- clipseq +- coproid +- createpanelrefs +- createtaxdb +- crisprseq +- cutandrun +- datasync +- demo +- demultiplex +- denovotranscript +- detaxizer +- diaproteomics +- differentialabundance +- dualrnaseq +- eager +- epitopeprediction +- fastquorum +- fetchngs +- funcscan +- genomeannotator +- genomeassembler +- genomeskim +- gwas +- hgtseq +- hic +- hicar +- hlatyping +- imcyto +- isoseq +- lncpipe +- mag +- magmap +- marsseq +- mcmicro +- meerpipe +- metaboigniter +- metapep +- metatdenovo +- methylseq +- mhcquant +- mnaseseq +- molkart +- multiplesequencealign +- nanoseq +- nanostring +- nascent +- omicsgenetraitassociation +- oncoanalyser +- pairgenomealign +- pangenome +- pathogensurveillance +- pgdb +- phageannotator +- phaseimpute +- phyloplace +- pixelator +- proteinfold +- proteomicslfq +- radseq +- rangeland +- raredisease +- readsimulator +- reportho +- riboseq +- rnadnavar +- rnafusion +- rnaseq +- rnasplice +- rnavar +- sammyseq +- sarek +- scdownstream +- scnanoseq +- scrnaseq +- seqinspector +- setup-nf-test +- slamseq +- smrnaseq +- spatialvi +- spinningjenny +- taxprofiler +- tbanalyzer +- tfactivity +- vale +- variantbenchmarking +- variantcatalogue +- viralintegration +- viralrecon From 83bd8ff9f26dced424e8b790138c6bd01a974e2e Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sat, 20 Jul 2024 19:21:26 -0500 Subject: [PATCH 09/45] chore: Add two different ways of tackling this 1. Importing them all by hand, some code duplication and effort, but probably the least likely to blow up 2. Looping through them all We can also start with 1, and then move to 2 once everything is captured in the Pulumi state with 1(which seems like the sane option) --- pulumi/github/repos/core/modules.py | 42 ++++++++++++++++++++ pulumi/github/repos/import_by_hand.py | 20 ++++++++++ pulumi/github/repos/loop_example.py | 55 +++++++++++++++++++++++++++ 3 files changed, 117 insertions(+) create mode 100644 pulumi/github/repos/core/modules.py create mode 100644 pulumi/github/repos/import_by_hand.py create mode 100644 pulumi/github/repos/loop_example.py diff --git a/pulumi/github/repos/core/modules.py b/pulumi/github/repos/core/modules.py new file mode 100644 index 00000000..0f9bf163 --- /dev/null +++ b/pulumi/github/repos/core/modules.py @@ -0,0 +1,42 @@ +import yaml + +import pulumi +import pulumi_github as github + + +nf_core_tf = github.Repository( + "nf-core-tf", + allow_merge_commit=False, + allow_rebase_merge=False, + allow_squash_merge=False, + default_branch="master", + description="Repository to host tool-specific module files for the Nextflow DSL2 community!", + has_downloads=True, + has_issues=True, + has_projects=True, + homepage_url="https://nf-co.re", + merge_commit_message="", + merge_commit_title="", + name="modules", + security_and_analysis=github.RepositorySecurityAndAnalysisArgs( + secret_scanning=github.RepositorySecurityAndAnalysisSecretScanningArgs( + status="disabled", + ), + secret_scanning_push_protection=github.RepositorySecurityAndAnalysisSecretScanningPushProtectionArgs( + status="disabled", + ), + ), + squash_merge_commit_message="", + squash_merge_commit_title="", + topics=[ + "nextflow", + "pipelines", + "nf-test", + "modules", + "nf-core", + "dsl2", + "workflows", + ], + visibility="public", + opts=pulumi.ResourceOptions(protect=True), +) diff --git a/pulumi/github/repos/import_by_hand.py b/pulumi/github/repos/import_by_hand.py new file mode 100644 index 00000000..b28f9c2e --- /dev/null +++ b/pulumi/github/repos/import_by_hand.py @@ -0,0 +1,20 @@ +#!/usr/bin/env python + +import yaml + +import pulumi +import pulumi_github as github + +import pipelines.denovotranscript +import pipelines.meerpipe +import pipelines.pairgenomealign +import pipelines.phaseimpute +import pipelines.reportho + +# ... + +import core.github +import core.modules + +# ... +import core.website diff --git a/pulumi/github/repos/loop_example.py b/pulumi/github/repos/loop_example.py new file mode 100644 index 00000000..eef61d7b --- /dev/null +++ b/pulumi/github/repos/loop_example.py @@ -0,0 +1,55 @@ +#!/usr/bin/env python + +import yaml + +import pulumi +import pulumi_github as github + +TOPICS = [ + "nextflow", + "pipelines", + "nf-test", + "modules", + "nf-core", + "dsl2", + "workflows", +] + +alpha_test_pipeline_repos = [ + "denovotranscript", + "meerpipe", + "pairgenomealign", + "phaseimpute", + "reportho", +] + +for pipeline in alpha_test_pipeline_repos: + github.Repository( + "nf-core-tf", + allow_merge_commit=True, + allow_rebase_merge=True, + allow_squash_merge=True, + default_branch="master", + description="Alpha test repository for nf-core", + has_downloads=True, + has_issues=True, + has_projects=True, + homepage_url=f"https://nf-co.re/{pipeline}", + merge_commit_message="", + merge_commit_title="", + name=pipeline, + security_and_analysis=github.RepositorySecurityAndAnalysisArgs( + secret_scanning=github.RepositorySecurityAndAnalysisSecretScanningArgs( + status="disabled", + ), + secret_scanning_push_protection=github.RepositorySecurityAndAnalysisSecretScanningPushProtectionArgs( + status="disabled", + ), + ), + squash_merge_commit_message="", + squash_merge_commit_title="", + topics=TOPICS, + visibility="public", + # NOTE Idk if this will work + opts=pulumi.ResourceOptions(protect=True), + ) From b07ebfbe78a1ab94b5abf9ff22a388d4d68f79e4 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 11:23:44 -0500 Subject: [PATCH 10/45] Add demo and testpipeline --- pulumi/github/repos/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pulumi/github/repos/README.md b/pulumi/github/repos/README.md index 6466569d..8a753d2b 100644 --- a/pulumi/github/repos/README.md +++ b/pulumi/github/repos/README.md @@ -8,6 +8,9 @@ This repo will be the "Actions" section at the bottom. We can then create a repo The new pipelines that are broken: +- demo +- testpipeline + - denovotranscript - meerpipe - pairgenomealign From e3f8b97981b9868299272e2480c412d8c7c96a18 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 11:31:26 -0500 Subject: [PATCH 11/45] Add Old Pipeline Health PHP code --- pulumi/github/repos/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pulumi/github/repos/README.md b/pulumi/github/repos/README.md index 8a753d2b..cd803ab8 100644 --- a/pulumi/github/repos/README.md +++ b/pulumi/github/repos/README.md @@ -4,6 +4,10 @@ Goal is to replace https://oldsite.nf-co.re/pipeline_health This repo will be the "Actions" section at the bottom. We can then create a reporting page if we really need to see all the green checks +[Old Pipeline Health PHP code](https://github.com/nf-core/website/blob/old-site/public_html/pipeline_health.php) + +[New Pipeline Health page](https://github.com/nf-core/website/blob/main/sites/pipelines/src/pages/pipeline_health.astro) + ## Initial Roll-out The new pipelines that are broken: From 00c69126e786fab0211b54adc606bbb5df588e0b Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 11:49:11 -0500 Subject: [PATCH 12/45] Add docs on using 1password to automatically switch contexts --- docs/1password.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 docs/1password.md diff --git a/docs/1password.md b/docs/1password.md new file mode 100644 index 00000000..757d6667 --- /dev/null +++ b/docs/1password.md @@ -0,0 +1,23 @@ +# Pulumi + +[Pulumi Shell Plugin](https://developer.1password.com/docs/cli/shell-plugins/pulumi/) + +[How to use 1Password with different accounts automatically](https://developer.1password.com/docs/cli/shell-plugins/multiple-accounts/) + +```console +$ cd ~/src/nf-core + +~/src/nf-core $ op signin +# Select nf-core + +~/src/nf-core $ op plugin init pulumi + +Pulumi CLI +Authenticate with Pulumi Personal Access Token. + +? Locate your Pulumi Personal Access Token: Search in 1Password... + +? Locate your Pulumi Personal Access Token: Pulumi Personal Access Token (Private) + +? Configure when the chosen credential(s) will be used to authenticate: Use automatically when in this directory or subdirectories +``` From 5992eeea62d75bd7caef1656a0f3e8d156d93d2b Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 12:07:04 -0500 Subject: [PATCH 13/45] feat: Add prod esc environment --- pulumi/github/repos/Pulumi.prod.yaml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 pulumi/github/repos/Pulumi.prod.yaml diff --git a/pulumi/github/repos/Pulumi.prod.yaml b/pulumi/github/repos/Pulumi.prod.yaml new file mode 100644 index 00000000..37afc743 --- /dev/null +++ b/pulumi/github/repos/Pulumi.prod.yaml @@ -0,0 +1,4 @@ +config: + github:owner: nf-core +environment: + - github-prod From b4bfda25c92c26c8c9c48250fda6c628e6ae9bbf Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 12:12:21 -0500 Subject: [PATCH 14/45] chore: Remove template --- pulumi/github/repos/Pulumi.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/pulumi/github/repos/Pulumi.yaml b/pulumi/github/repos/Pulumi.yaml index d492c4a7..6154903b 100644 --- a/pulumi/github/repos/Pulumi.yaml +++ b/pulumi/github/repos/Pulumi.yaml @@ -4,7 +4,3 @@ runtime: options: virtualenv: venv description: Managing GitHub repos -config: - pulumi:tags: - value: - pulumi:template: https://www.pulumi.com/ai/api/project/3cb51e5f-2548-4d7b-9d9d-1ea680ac96ee.zip From f733779345d5cc2e5d2288886fbbf54185fd965f Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 12:21:26 -0500 Subject: [PATCH 15/45] chore: Import nf-core/testpipeline pulumi env run nf-core/github-prod -i pulumi import github:index/repository:Repository nf-core testpipeline --- pulumi/github/repos/__main__.py | 27 +++++---------------------- 1 file changed, 5 insertions(+), 22 deletions(-) diff --git a/pulumi/github/repos/__main__.py b/pulumi/github/repos/__main__.py index 103aade9..18387940 100644 --- a/pulumi/github/repos/__main__.py +++ b/pulumi/github/repos/__main__.py @@ -5,21 +5,15 @@ import pulumi import pulumi_github as github - -nf_core_tf = github.Repository( - "nf-core-tf", - allow_merge_commit=False, - allow_rebase_merge=False, - allow_squash_merge=False, +nf_core = github.Repository( + "nf-core", default_branch="master", - description="Repository to host tool-specific module files for the Nextflow DSL2 community!", + description="A small example pipeline used to test new nf-core infrastructure and common code.", has_downloads=True, has_issues=True, has_projects=True, - homepage_url="https://nf-co.re", - merge_commit_message="", - merge_commit_title="", - name="modules", + has_wiki=True, + name="testpipeline", security_and_analysis=github.RepositorySecurityAndAnalysisArgs( secret_scanning=github.RepositorySecurityAndAnalysisSecretScanningArgs( status="disabled", @@ -28,17 +22,6 @@ status="disabled", ), ), - squash_merge_commit_message="", - squash_merge_commit_title="", - topics=[ - "nextflow", - "pipelines", - "nf-test", - "modules", - "nf-core", - "dsl2", - "workflows", - ], visibility="public", opts=pulumi.ResourceOptions(protect=True), ) From 099859886095843b9b78335163695f31ffd03d8b Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 12:35:16 -0500 Subject: [PATCH 16/45] refactor: Move testpipeline into it's own file --- pulumi/github/repos/README.md | 10 ++++++ pulumi/github/repos/__main__.py | 26 +-------------- pulumi/github/repos/loop_example.py | 2 +- pulumi/github/repos/pipelines/__init__.py | 0 pulumi/github/repos/pipelines/testpipeline.py | 33 +++++++++++++++++++ 5 files changed, 45 insertions(+), 26 deletions(-) create mode 100644 pulumi/github/repos/pipelines/__init__.py create mode 100644 pulumi/github/repos/pipelines/testpipeline.py diff --git a/pulumi/github/repos/README.md b/pulumi/github/repos/README.md index cd803ab8..933c12b4 100644 --- a/pulumi/github/repos/README.md +++ b/pulumi/github/repos/README.md @@ -39,3 +39,13 @@ Maybe: 1. Wrangle in `core_repos` 2. Roll out to all pipelines 3. Switch all repos to main + +## Docs + +https://www.pulumi.com/registry/packages/github/api-docs/repository/ + +### Importing Repos + +```sh +pulumi env run nf-core/github-prod -i pulumi import github:index/repository:Repository testpipeline testpipeline +``` diff --git a/pulumi/github/repos/__main__.py b/pulumi/github/repos/__main__.py index 18387940..a8bcc2d6 100644 --- a/pulumi/github/repos/__main__.py +++ b/pulumi/github/repos/__main__.py @@ -1,27 +1,3 @@ #!/usr/bin/env python -import yaml - -import pulumi -import pulumi_github as github - -nf_core = github.Repository( - "nf-core", - default_branch="master", - description="A small example pipeline used to test new nf-core infrastructure and common code.", - has_downloads=True, - has_issues=True, - has_projects=True, - has_wiki=True, - name="testpipeline", - security_and_analysis=github.RepositorySecurityAndAnalysisArgs( - secret_scanning=github.RepositorySecurityAndAnalysisSecretScanningArgs( - status="disabled", - ), - secret_scanning_push_protection=github.RepositorySecurityAndAnalysisSecretScanningPushProtectionArgs( - status="disabled", - ), - ), - visibility="public", - opts=pulumi.ResourceOptions(protect=True), -) +import pipelines.testpipeline diff --git a/pulumi/github/repos/loop_example.py b/pulumi/github/repos/loop_example.py index eef61d7b..268cec49 100644 --- a/pulumi/github/repos/loop_example.py +++ b/pulumi/github/repos/loop_example.py @@ -25,7 +25,7 @@ for pipeline in alpha_test_pipeline_repos: github.Repository( - "nf-core-tf", + pipeline, allow_merge_commit=True, allow_rebase_merge=True, allow_squash_merge=True, diff --git a/pulumi/github/repos/pipelines/__init__.py b/pulumi/github/repos/pipelines/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py new file mode 100644 index 00000000..76bd2ce1 --- /dev/null +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -0,0 +1,33 @@ +import pulumi +import pulumi_github as github + +TOPICS = [ + "nextflow", + "pipelines", + "nf-test", + "modules", + "nf-core", + "dsl2", + "workflows", +] + +nfcore_testpipeline = github.Repository( + "testpipeline", + default_branch="master", + description="A small example pipeline used to test new nf-core infrastructure and common code.", + has_downloads=True, + has_issues=True, + has_projects=True, + has_wiki=True, + name="testpipeline", + security_and_analysis=github.RepositorySecurityAndAnalysisArgs( + secret_scanning=github.RepositorySecurityAndAnalysisSecretScanningArgs( + status="disabled", + ), + secret_scanning_push_protection=github.RepositorySecurityAndAnalysisSecretScanningPushProtectionArgs( + status="disabled", + ), + ), + visibility="public", + opts=pulumi.ResourceOptions(protect=True), +) From 434717bf41c1c079e28265621a12cb69cbf9035c Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 12:37:12 -0500 Subject: [PATCH 17/45] Take a stab at some settings --- pulumi/github/repos/pipelines/testpipeline.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index 76bd2ce1..73b4af0a 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -1,6 +1,8 @@ import pulumi import pulumi_github as github +NAME = "testpipeline" + TOPICS = [ "nextflow", "pipelines", @@ -12,14 +14,15 @@ ] nfcore_testpipeline = github.Repository( - "testpipeline", + NAME, default_branch="master", description="A small example pipeline used to test new nf-core infrastructure and common code.", has_downloads=True, has_issues=True, has_projects=True, - has_wiki=True, - name="testpipeline", + has_wiki=False, + homepage_url=f"https://nf-co.re/{NAME}", + name=NAME, security_and_analysis=github.RepositorySecurityAndAnalysisArgs( secret_scanning=github.RepositorySecurityAndAnalysisSecretScanningArgs( status="disabled", @@ -29,5 +32,6 @@ ), ), visibility="public", + topics=TOPICS, opts=pulumi.ResourceOptions(protect=True), ) From 2a64c465964240bf65ebb6ba85de71963427df13 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 13:49:44 -0500 Subject: [PATCH 18/45] Add Specs from php code This is the best I'm gonna do. We can iterate in a readable way here. --- pulumi/github/repos/pipelines/testpipeline.py | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index 73b4af0a..4ffc3542 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -21,6 +21,10 @@ has_issues=True, has_projects=True, has_wiki=False, + allow_merge_commit=True, + allow_rebase_merge=True, + allow_squash_merge=False, + delete_branch_on_merge=True, homepage_url=f"https://nf-co.re/{NAME}", name=NAME, security_and_analysis=github.RepositorySecurityAndAnalysisArgs( @@ -35,3 +39,41 @@ topics=TOPICS, opts=pulumi.ResourceOptions(protect=True), ) +# TODO Names of required CI checks. These are added to whatever already exists. +# public $required_status_check_contexts = [ +# 'pre-commit', +# 'nf-core', + +# TODO Make branches foreach (['master', 'dev', 'TEMPLATE'] as $branch) { +# TODO Add branch protections https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L296 +# TODO Template branch protection https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L509 +# https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L275-L278 +# TODO Set contributors to push +# TODO Set core to admin +# TODO 'repo_wikis' => 'Disable wikis', +# TODO 'repo_issues' => 'Enable issues', +# TODO 'repo_merge_commits' => 'Allow merge commits', +# TODO 'repo_merge_rebase' => 'Allow rebase merging', +# TODO 'repo_merge_squash' => 'Do not allow squash merges', +# TODO 'repo_default_branch' => 'default branch master (released) or dev (no releases)', +# TODO 'repo_keywords' => 'Minimum keywords set', +# TODO 'repo_description' => 'Description must be set', +# TODO 'repo_url' => 'URL should be set to https://nf-co.re', +# TODO 'team_contributors' => 'Write access for nf-core/contributors', +# TODO 'team_core' => 'Admin access for nf-core/core', +# TODO 'branch_master_exists' => 'master branch: branch must exist', +# TODO 'branch_dev_exists' => 'dev branch: branch must exist', +# TODO 'branch_template_exists' => 'TEMPLATE branch: branch must exist', +# TODO 'branch_master_strict_updates' => 'master branch: do not require branch to be up to date before merging', +# TODO 'branch_master_required_ci' => 'master branch: minimum set of CI tests must pass', +# TODO 'branch_master_stale_reviews' => 'master branch: reviews not marked stale after new commits', +# TODO 'branch_master_code_owner_reviews' => 'master branch: code owner reviews not required', +# TODO 'branch_master_required_num_reviews' => 'master branch: 2 reviews required', +# TODO 'branch_master_enforce_admins' => 'master branch: do not enforce rules for admins', +# TODO 'branch_dev_strict_updates' => 'dev branch: do not require branch to be up to date before merging', +# TODO 'branch_dev_required_ci' => 'dev branch: minimum set of CI tests must pass', +# TODO 'branch_dev_stale_reviews' => 'dev branch: reviews not marked stale after new commits', +# TODO 'branch_dev_code_owner_reviews' => 'dev branch: code owner reviews not required', +# TODO 'branch_dev_required_num_reviews' => 'dev branch: 1 review required', +# TODO 'branch_dev_enforce_admins' => 'dev branch: do not enforce rules for admins', +# TODO 'branch_template_restrict_push' => 'Restrict push to TEMPLATE to @nf-core-bot', From 6f46da7c8472176c745a0440c660d5e5fd65bc53 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 13:52:08 -0500 Subject: [PATCH 19/45] chore: Import default branch pulumi import github:index/branchDefault:BranchDefault branch_default_testpipeline testpipeline --- pulumi/github/repos/pipelines/testpipeline.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index 4ffc3542..72cc9ae2 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -15,7 +15,6 @@ nfcore_testpipeline = github.Repository( NAME, - default_branch="master", description="A small example pipeline used to test new nf-core infrastructure and common code.", has_downloads=True, has_issues=True, @@ -39,12 +38,19 @@ topics=TOPICS, opts=pulumi.ResourceOptions(protect=True), ) + # TODO Names of required CI checks. These are added to whatever already exists. # public $required_status_check_contexts = [ # 'pre-commit', # 'nf-core', # TODO Make branches foreach (['master', 'dev', 'TEMPLATE'] as $branch) { +branch_default_testpipeline = github.BranchDefault( + f"branch_default_{NAME}", + branch="master", + repository={NAME}, + opts=pulumi.ResourceOptions(protect=True), +) # TODO Add branch protections https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L296 # TODO Template branch protection https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L509 # https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L275-L278 From b02bbc55d6e9accb07f62103c19e67a73f31c969 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 14:01:08 -0500 Subject: [PATCH 20/45] chore: Import testpipeline template branch --- pulumi/github/repos/pipelines/testpipeline.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index 72cc9ae2..0f4a1ec1 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -51,6 +51,12 @@ repository={NAME}, opts=pulumi.ResourceOptions(protect=True), ) +branch_template_testpipeline = github.Branch( + "branch_template_testpipeline", + branch="TEMPLATE", + repository="testpipeline", + opts=pulumi.ResourceOptions(protect=True), +) # TODO Add branch protections https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L296 # TODO Template branch protection https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L509 # https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L275-L278 From 2ae8da82618a4ad379c368218348bda2d9ef6272 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 14:03:06 -0500 Subject: [PATCH 21/45] chore: Import testpipeline dev branch pulumi env run nf-core/github-prod -i pulumi import github:index/branch:Branch branch_dev_testpipeline testpipeline:dev --- pulumi/github/repos/pipelines/testpipeline.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index 0f4a1ec1..918a87d3 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -44,13 +44,19 @@ # 'pre-commit', # 'nf-core', -# TODO Make branches foreach (['master', 'dev', 'TEMPLATE'] as $branch) { +# Make branches foreach (['master', 'dev', 'TEMPLATE'] as $branch) { branch_default_testpipeline = github.BranchDefault( f"branch_default_{NAME}", branch="master", repository={NAME}, opts=pulumi.ResourceOptions(protect=True), ) +branch_dev_testpipeline = github.Branch( + "branch_dev_testpipeline", + branch="dev", + repository="testpipeline", + opts=pulumi.ResourceOptions(protect=True), +) branch_template_testpipeline = github.Branch( "branch_template_testpipeline", branch="TEMPLATE", From d318b6712b473a51ba3ec1f643dea2f2980f4783 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 14:09:57 -0500 Subject: [PATCH 22/45] chore: Check off some TODOs --- pulumi/github/repos/pipelines/testpipeline.py | 36 +++++++++---------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index 918a87d3..6fbb22d0 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -1,3 +1,6 @@ +# NOTE => are tests from PHP +# TODO Convert => to actual tests https://www.pulumi.com/docs/using-pulumi/testing/ +# https://github.com/pulumi/examples/blob/74db62a03d013c2854d2cf933c074ea0a3bbf69d/testing-unit-py/test_ec2.py import pulumi import pulumi_github as github @@ -15,16 +18,16 @@ nfcore_testpipeline = github.Repository( NAME, - description="A small example pipeline used to test new nf-core infrastructure and common code.", + description="A small example pipeline used to test new nf-core infrastructure and common code.", # 'repo_description' => 'Description must be set', has_downloads=True, - has_issues=True, + has_issues=True, # 'repo_issues' => 'Enable issues', has_projects=True, - has_wiki=False, - allow_merge_commit=True, - allow_rebase_merge=True, - allow_squash_merge=False, + has_wiki=False, # 'repo_wikis' => 'Disable wikis', + allow_merge_commit=True, # 'repo_merge_commits' => 'Allow merge commits', + allow_rebase_merge=True, # 'repo_merge_rebase' => 'Allow rebase merging', + allow_squash_merge=False, # 'repo_merge_squash' => 'Do not allow squash merges', delete_branch_on_merge=True, - homepage_url=f"https://nf-co.re/{NAME}", + homepage_url=f"https://nf-co.re/{NAME}", # 'repo_url' => 'URL should be set to https://nf-co.re', name=NAME, security_and_analysis=github.RepositorySecurityAndAnalysisArgs( secret_scanning=github.RepositorySecurityAndAnalysisSecretScanningArgs( @@ -35,7 +38,7 @@ ), ), visibility="public", - topics=TOPICS, + topics=TOPICS, # 'repo_keywords' => 'Minimum keywords set', opts=pulumi.ResourceOptions(protect=True), ) @@ -45,18 +48,23 @@ # 'nf-core', # Make branches foreach (['master', 'dev', 'TEMPLATE'] as $branch) { +# 'repo_default_branch' => 'default branch master (released) or dev (no releases)', +# TODO Toggle this on dev and master? +# 'branch_master_exists' => 'master branch: branch must exist', branch_default_testpipeline = github.BranchDefault( f"branch_default_{NAME}", branch="master", repository={NAME}, opts=pulumi.ResourceOptions(protect=True), ) +# 'branch_dev_exists' => 'dev branch: branch must exist', branch_dev_testpipeline = github.Branch( "branch_dev_testpipeline", branch="dev", repository="testpipeline", opts=pulumi.ResourceOptions(protect=True), ) +# 'branch_template_exists' => 'TEMPLATE branch: branch must exist', branch_template_testpipeline = github.Branch( "branch_template_testpipeline", branch="TEMPLATE", @@ -68,20 +76,8 @@ # https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L275-L278 # TODO Set contributors to push # TODO Set core to admin -# TODO 'repo_wikis' => 'Disable wikis', -# TODO 'repo_issues' => 'Enable issues', -# TODO 'repo_merge_commits' => 'Allow merge commits', -# TODO 'repo_merge_rebase' => 'Allow rebase merging', -# TODO 'repo_merge_squash' => 'Do not allow squash merges', -# TODO 'repo_default_branch' => 'default branch master (released) or dev (no releases)', -# TODO 'repo_keywords' => 'Minimum keywords set', -# TODO 'repo_description' => 'Description must be set', -# TODO 'repo_url' => 'URL should be set to https://nf-co.re', # TODO 'team_contributors' => 'Write access for nf-core/contributors', # TODO 'team_core' => 'Admin access for nf-core/core', -# TODO 'branch_master_exists' => 'master branch: branch must exist', -# TODO 'branch_dev_exists' => 'dev branch: branch must exist', -# TODO 'branch_template_exists' => 'TEMPLATE branch: branch must exist', # TODO 'branch_master_strict_updates' => 'master branch: do not require branch to be up to date before merging', # TODO 'branch_master_required_ci' => 'master branch: minimum set of CI tests must pass', # TODO 'branch_master_stale_reviews' => 'master branch: reviews not marked stale after new commits', From e96a9ce6284245833e7c8717e9a254d706111a71 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 14:21:29 -0500 Subject: [PATCH 23/45] chore: Import Master Branch protection pulumi import github:index/repositoryRuleset:RepositoryRuleset ruleset_branch_default_testpipeline testpipeline:1220601 --- pulumi/github/repos/pipelines/testpipeline.py | 54 ++++++++++++++++--- 1 file changed, 48 insertions(+), 6 deletions(-) diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index 6fbb22d0..06d918b6 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -72,18 +72,60 @@ opts=pulumi.ResourceOptions(protect=True), ) # TODO Add branch protections https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L296 -# TODO Template branch protection https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L509 -# https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L275-L278 -# TODO Set contributors to push -# TODO Set core to admin -# TODO 'team_contributors' => 'Write access for nf-core/contributors', -# TODO 'team_core' => 'Admin access for nf-core/core', +# NOTE This uses the new Rulesets instead of classic branch protection rule # TODO 'branch_master_strict_updates' => 'master branch: do not require branch to be up to date before merging', # TODO 'branch_master_required_ci' => 'master branch: minimum set of CI tests must pass', # TODO 'branch_master_stale_reviews' => 'master branch: reviews not marked stale after new commits', # TODO 'branch_master_code_owner_reviews' => 'master branch: code owner reviews not required', # TODO 'branch_master_required_num_reviews' => 'master branch: 2 reviews required', # TODO 'branch_master_enforce_admins' => 'master branch: do not enforce rules for admins', +ruleset_branch_default_testpipeline = github.RepositoryRuleset( + "ruleset_branch_default_testpipeline", + bypass_actors=[ + github.RepositoryRulesetBypassActorArgs( + actor_id=2649377, + actor_type="Team", + bypass_mode="always", + ) + ], + conditions=github.RepositoryRulesetConditionsArgs( + ref_name=github.RepositoryRulesetConditionsRefNameArgs( + excludes=[], + includes=["~DEFAULT_BRANCH"], + ), + ), + enforcement="active", + name="master", + repository="testpipeline", + rules=github.RepositoryRulesetRulesArgs( + deletion=True, + non_fast_forward=True, + pull_request=github.RepositoryRulesetRulesPullRequestArgs( + required_approving_review_count=2, + ), + required_status_checks=github.RepositoryRulesetRulesRequiredStatusChecksArgs( + required_checks=[ + github.RepositoryRulesetRulesRequiredStatusChecksRequiredCheckArgs( + context="Prettier", + integration_id=0, + ), + github.RepositoryRulesetRulesRequiredStatusChecksRequiredCheckArgs( + context="nf-core", + integration_id=0, + ), + ], + strict_required_status_checks_policy=True, + ), + ), + target="branch", + opts=pulumi.ResourceOptions(protect=True), +) +# TODO Template branch protection https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L509 +# https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L275-L278 +# TODO Set contributors to push +# TODO Set core to admin +# TODO 'team_contributors' => 'Write access for nf-core/contributors', +# TODO 'team_core' => 'Admin access for nf-core/core', # TODO 'branch_dev_strict_updates' => 'dev branch: do not require branch to be up to date before merging', # TODO 'branch_dev_required_ci' => 'dev branch: minimum set of CI tests must pass', # TODO 'branch_dev_stale_reviews' => 'dev branch: reviews not marked stale after new commits', From df10916e2f9b126fcd80a80279f322b38f133103 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 14:23:16 -0500 Subject: [PATCH 24/45] chore: Import dev branch ruleset pulumi import github:index/repositoryRuleset:RepositoryRuleset ruleset_branch_dev_testpipeline testpipeline:1220600 --- pulumi/github/repos/pipelines/testpipeline.py | 45 ++++++++++++++++--- 1 file changed, 39 insertions(+), 6 deletions(-) diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index 06d918b6..cfa73b6d 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -120,16 +120,49 @@ target="branch", opts=pulumi.ResourceOptions(protect=True), ) -# TODO Template branch protection https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L509 -# https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L275-L278 -# TODO Set contributors to push -# TODO Set core to admin -# TODO 'team_contributors' => 'Write access for nf-core/contributors', -# TODO 'team_core' => 'Admin access for nf-core/core', # TODO 'branch_dev_strict_updates' => 'dev branch: do not require branch to be up to date before merging', # TODO 'branch_dev_required_ci' => 'dev branch: minimum set of CI tests must pass', # TODO 'branch_dev_stale_reviews' => 'dev branch: reviews not marked stale after new commits', # TODO 'branch_dev_code_owner_reviews' => 'dev branch: code owner reviews not required', # TODO 'branch_dev_required_num_reviews' => 'dev branch: 1 review required', # TODO 'branch_dev_enforce_admins' => 'dev branch: do not enforce rules for admins', +ruleset_branch_dev_testpipeline = github.RepositoryRuleset( + "ruleset_branch_dev_testpipeline", + bypass_actors=[ + github.RepositoryRulesetBypassActorArgs( + actor_id=2649377, + actor_type="Team", + bypass_mode="always", + ), + github.RepositoryRulesetBypassActorArgs( + actor_id=4462882, + actor_type="Team", + bypass_mode="always", + ), + ], + conditions=github.RepositoryRulesetConditionsArgs( + ref_name=github.RepositoryRulesetConditionsRefNameArgs( + excludes=[], + includes=["refs/heads/dev"], + ), + ), + enforcement="active", + name="dev", + repository="testpipeline", + rules=github.RepositoryRulesetRulesArgs( + deletion=True, + non_fast_forward=True, + pull_request=github.RepositoryRulesetRulesPullRequestArgs( + required_approving_review_count=1, + ), + ), + target="branch", + opts=pulumi.ResourceOptions(protect=True), +) +# TODO Template branch protection https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L509 +# https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L275-L278 +# TODO Set contributors to push +# TODO Set core to admin +# TODO 'team_contributors' => 'Write access for nf-core/contributors', +# TODO 'team_core' => 'Admin access for nf-core/core', # TODO 'branch_template_restrict_push' => 'Restrict push to TEMPLATE to @nf-core-bot', From 442d9254cd0c71309fafe701a9390f057c853735 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 14:25:50 -0500 Subject: [PATCH 25/45] chore: Import template branch ruleset for testpipeline pulumi import github:index/repositoryRuleset:RepositoryRuleset ruleset_branch_TEMPLATE_testpipeline testpipeline:1220597 --- pulumi/github/repos/pipelines/testpipeline.py | 32 +++++++++++++++++-- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index cfa73b6d..eec7efc3 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -159,10 +159,36 @@ target="branch", opts=pulumi.ResourceOptions(protect=True), ) -# TODO Template branch protection https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L509 -# https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L275-L278 +# TODO Double check +# Template branch protection https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L509 +# TODO 'branch_template_restrict_push' => 'Restrict push to TEMPLATE to @nf-core-bot', +ruleset_branch_template_testpipeline = github.RepositoryRuleset( + "ruleset_branch_TEMPLATE_testpipeline", + bypass_actors=[ + github.RepositoryRulesetBypassActorArgs( + actor_id=2649377, + actor_type="Team", + bypass_mode="always", + ) + ], + conditions=github.RepositoryRulesetConditionsArgs( + ref_name=github.RepositoryRulesetConditionsRefNameArgs( + excludes=[], + includes=["refs/heads/TEMPLATE"], + ), + ), + enforcement="active", + name="template", + repository="testpipeline", + rules=github.RepositoryRulesetRulesArgs( + deletion=True, + non_fast_forward=True, + update=True, + ), + target="branch", + opts=pulumi.ResourceOptions(protect=True), +) # TODO Set contributors to push # TODO Set core to admin # TODO 'team_contributors' => 'Write access for nf-core/contributors', # TODO 'team_core' => 'Admin access for nf-core/core', -# TODO 'branch_template_restrict_push' => 'Restrict push to TEMPLATE to @nf-core-bot', From 5bf2407d43d2a4d0d3e3b0b4995fd586ccb3a82e Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 14:27:09 -0500 Subject: [PATCH 26/45] chore: Remove duplicate TODO --- pulumi/github/repos/pipelines/testpipeline.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index eec7efc3..7fec0123 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -188,7 +188,5 @@ target="branch", opts=pulumi.ResourceOptions(protect=True), ) -# TODO Set contributors to push -# TODO Set core to admin # TODO 'team_contributors' => 'Write access for nf-core/contributors', # TODO 'team_core' => 'Admin access for nf-core/core', From 68eedf4960da1e2f47c86184aebdff0f7ad5ed91 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 14:43:17 -0500 Subject: [PATCH 27/45] chore: Match up specs with code --- pulumi/github/repos/pipelines/testpipeline.py | 23 +++++++++++-------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index 7fec0123..66caf8ff 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -16,6 +16,9 @@ "workflows", ] +CORE_TEAM_ID = 2649377 +MAINTAINERS_TEAM_ID = 4462882 + nfcore_testpipeline = github.Repository( NAME, description="A small example pipeline used to test new nf-core infrastructure and common code.", # 'repo_description' => 'Description must be set', @@ -74,16 +77,14 @@ # TODO Add branch protections https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L296 # NOTE This uses the new Rulesets instead of classic branch protection rule # TODO 'branch_master_strict_updates' => 'master branch: do not require branch to be up to date before merging', -# TODO 'branch_master_required_ci' => 'master branch: minimum set of CI tests must pass', # TODO 'branch_master_stale_reviews' => 'master branch: reviews not marked stale after new commits', # TODO 'branch_master_code_owner_reviews' => 'master branch: code owner reviews not required', -# TODO 'branch_master_required_num_reviews' => 'master branch: 2 reviews required', -# TODO 'branch_master_enforce_admins' => 'master branch: do not enforce rules for admins', ruleset_branch_default_testpipeline = github.RepositoryRuleset( "ruleset_branch_default_testpipeline", bypass_actors=[ + # 'branch_master_enforce_admins' => 'master branch: do not enforce rules for admins', github.RepositoryRulesetBypassActorArgs( - actor_id=2649377, + actor_id=CORE_TEAM_ID, actor_type="Team", bypass_mode="always", ) @@ -101,8 +102,10 @@ deletion=True, non_fast_forward=True, pull_request=github.RepositoryRulesetRulesPullRequestArgs( + # 'branch_master_required_num_reviews' => 'master branch: 2 reviews required', required_approving_review_count=2, ), + # 'branch_master_required_ci' => 'master branch: minimum set of CI tests must pass', required_status_checks=github.RepositoryRulesetRulesRequiredStatusChecksArgs( required_checks=[ github.RepositoryRulesetRulesRequiredStatusChecksRequiredCheckArgs( @@ -124,18 +127,17 @@ # TODO 'branch_dev_required_ci' => 'dev branch: minimum set of CI tests must pass', # TODO 'branch_dev_stale_reviews' => 'dev branch: reviews not marked stale after new commits', # TODO 'branch_dev_code_owner_reviews' => 'dev branch: code owner reviews not required', -# TODO 'branch_dev_required_num_reviews' => 'dev branch: 1 review required', -# TODO 'branch_dev_enforce_admins' => 'dev branch: do not enforce rules for admins', ruleset_branch_dev_testpipeline = github.RepositoryRuleset( "ruleset_branch_dev_testpipeline", + # 'branch_dev_enforce_admins' => 'dev branch: do not enforce rules for admins', bypass_actors=[ github.RepositoryRulesetBypassActorArgs( - actor_id=2649377, + actor_id=CORE_TEAM_ID, actor_type="Team", bypass_mode="always", ), github.RepositoryRulesetBypassActorArgs( - actor_id=4462882, + actor_id=MAINTAINERS_TEAM_ID, actor_type="Team", bypass_mode="always", ), @@ -153,6 +155,7 @@ deletion=True, non_fast_forward=True, pull_request=github.RepositoryRulesetRulesPullRequestArgs( + # 'branch_dev_required_num_reviews' => 'dev branch: 1 review required', required_approving_review_count=1, ), ), @@ -161,15 +164,15 @@ ) # TODO Double check # Template branch protection https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L509 -# TODO 'branch_template_restrict_push' => 'Restrict push to TEMPLATE to @nf-core-bot', ruleset_branch_template_testpipeline = github.RepositoryRuleset( "ruleset_branch_TEMPLATE_testpipeline", bypass_actors=[ github.RepositoryRulesetBypassActorArgs( - actor_id=2649377, + actor_id=CORE_TEAM_ID, actor_type="Team", bypass_mode="always", ) + # TODO 'branch_template_restrict_push' => 'Restrict push to TEMPLATE to @nf-core-bot', ], conditions=github.RepositoryRulesetConditionsArgs( ref_name=github.RepositoryRulesetConditionsRefNameArgs( From 6104a303b13f2acb0e31b061bcc0b34953fe9cdd Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 14:51:42 -0500 Subject: [PATCH 28/45] feat: Update dev branch requirements --- pulumi/github/repos/pipelines/testpipeline.py | 24 +++++++++++++++---- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index 66caf8ff..2b73c7a4 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -124,9 +124,6 @@ opts=pulumi.ResourceOptions(protect=True), ) # TODO 'branch_dev_strict_updates' => 'dev branch: do not require branch to be up to date before merging', -# TODO 'branch_dev_required_ci' => 'dev branch: minimum set of CI tests must pass', -# TODO 'branch_dev_stale_reviews' => 'dev branch: reviews not marked stale after new commits', -# TODO 'branch_dev_code_owner_reviews' => 'dev branch: code owner reviews not required', ruleset_branch_dev_testpipeline = github.RepositoryRuleset( "ruleset_branch_dev_testpipeline", # 'branch_dev_enforce_admins' => 'dev branch: do not enforce rules for admins', @@ -155,8 +152,25 @@ deletion=True, non_fast_forward=True, pull_request=github.RepositoryRulesetRulesPullRequestArgs( - # 'branch_dev_required_num_reviews' => 'dev branch: 1 review required', - required_approving_review_count=1, + dismiss_stale_reviews_on_push=False, # 'branch_dev_stale_reviews' => 'dev branch: reviews not marked stale after new commits', + require_code_owner_review=False, # 'branch_dev_code_owner_reviews' => 'dev branch: code owner reviews not required', + # TODO require_last_push_approval=True, + required_approving_review_count=1, # 'branch_dev_required_num_reviews' => 'dev branch: 1 review required', + # TODO required_review_thread_resolution=True, + ), + # 'branch_dev_required_ci' => 'dev branch: minimum set of CI tests must pass', + required_status_checks=github.RepositoryRulesetRulesRequiredStatusChecksArgs( + required_checks=[ + github.RepositoryRulesetRulesRequiredStatusChecksRequiredCheckArgs( + context="nf-core", + integration_id=0, + ), + github.RepositoryRulesetRulesRequiredStatusChecksRequiredCheckArgs( + context="pre-commit", + integration_id=0, + ), + ], + strict_required_status_checks_policy=True, ), ), target="branch", From 5e1556853520763aee3a8509c57766b4154df609 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 14:56:21 -0500 Subject: [PATCH 29/45] refactor: Move required CI Checks out --- pulumi/github/repos/pipelines/testpipeline.py | 50 ++++++++----------- 1 file changed, 21 insertions(+), 29 deletions(-) diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index 2b73c7a4..61d75c8d 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -16,6 +16,21 @@ "workflows", ] +# Names of required CI checks. These are added to whatever already exists. +# public $required_status_check_contexts = [ +# 'pre-commit', +# 'nf-core', +REQUIRED_CI_CHECKS = [ + github.RepositoryRulesetRulesRequiredStatusChecksRequiredCheckArgs( + context="pre-commit", + integration_id=0, + ), + github.RepositoryRulesetRulesRequiredStatusChecksRequiredCheckArgs( + context="nf-core", + integration_id=0, + ), +] + CORE_TEAM_ID = 2649377 MAINTAINERS_TEAM_ID = 4462882 @@ -45,10 +60,6 @@ opts=pulumi.ResourceOptions(protect=True), ) -# TODO Names of required CI checks. These are added to whatever already exists. -# public $required_status_check_contexts = [ -# 'pre-commit', -# 'nf-core', # Make branches foreach (['master', 'dev', 'TEMPLATE'] as $branch) { # 'repo_default_branch' => 'default branch master (released) or dev (no releases)', @@ -74,11 +85,9 @@ repository="testpipeline", opts=pulumi.ResourceOptions(protect=True), ) -# TODO Add branch protections https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L296 +# Add branch protections https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L296 # NOTE This uses the new Rulesets instead of classic branch protection rule # TODO 'branch_master_strict_updates' => 'master branch: do not require branch to be up to date before merging', -# TODO 'branch_master_stale_reviews' => 'master branch: reviews not marked stale after new commits', -# TODO 'branch_master_code_owner_reviews' => 'master branch: code owner reviews not required', ruleset_branch_default_testpipeline = github.RepositoryRuleset( "ruleset_branch_default_testpipeline", bypass_actors=[ @@ -102,21 +111,13 @@ deletion=True, non_fast_forward=True, pull_request=github.RepositoryRulesetRulesPullRequestArgs( - # 'branch_master_required_num_reviews' => 'master branch: 2 reviews required', - required_approving_review_count=2, + required_approving_review_count=2, # 'branch_master_required_num_reviews' => 'master branch: 2 reviews required', + dismiss_stale_reviews_on_push=False, # 'branch_master_stale_reviews' => 'master branch: reviews not marked stale after new commits' + require_code_owner_review=False, # 'branch_master_code_owner_reviews' => 'master branch: code owner reviews not required', ), # 'branch_master_required_ci' => 'master branch: minimum set of CI tests must pass', required_status_checks=github.RepositoryRulesetRulesRequiredStatusChecksArgs( - required_checks=[ - github.RepositoryRulesetRulesRequiredStatusChecksRequiredCheckArgs( - context="Prettier", - integration_id=0, - ), - github.RepositoryRulesetRulesRequiredStatusChecksRequiredCheckArgs( - context="nf-core", - integration_id=0, - ), - ], + required_checks=REQUIRED_CI_CHECKS, strict_required_status_checks_policy=True, ), ), @@ -160,16 +161,7 @@ ), # 'branch_dev_required_ci' => 'dev branch: minimum set of CI tests must pass', required_status_checks=github.RepositoryRulesetRulesRequiredStatusChecksArgs( - required_checks=[ - github.RepositoryRulesetRulesRequiredStatusChecksRequiredCheckArgs( - context="nf-core", - integration_id=0, - ), - github.RepositoryRulesetRulesRequiredStatusChecksRequiredCheckArgs( - context="pre-commit", - integration_id=0, - ), - ], + required_checks=REQUIRED_CI_CHECKS, strict_required_status_checks_policy=True, ), ), From 0adf2146eb263cd2cc10dce2fe2d9df9cc9205dd Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 21:52:04 -0500 Subject: [PATCH 30/45] feat: Add contributors and core permissions --- pulumi/github/repos/pipelines/testpipeline.py | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index 61d75c8d..0e53101a 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -63,7 +63,7 @@ # Make branches foreach (['master', 'dev', 'TEMPLATE'] as $branch) { # 'repo_default_branch' => 'default branch master (released) or dev (no releases)', -# TODO Toggle this on dev and master? +# TODO Toggle this on dev as default if there's not release? # 'branch_master_exists' => 'master branch: branch must exist', branch_default_testpipeline = github.BranchDefault( f"branch_default_{NAME}", @@ -197,5 +197,17 @@ target="branch", opts=pulumi.ResourceOptions(protect=True), ) -# TODO 'team_contributors' => 'Write access for nf-core/contributors', -# TODO 'team_core' => 'Admin access for nf-core/core', +# 'team_contributors' => 'Write access for nf-core/contributors', +contributors_team_repo_testpipeline = github.TeamRepository( + "contributors_team_repo_testpipeline", + team_id="contributors", + repository="testpipeline", + permission="push", +) +# 'team_core' => 'Admin access for nf-core/core', +core_team_repo_testpipeline = github.TeamRepository( + "core_team_repo_testpipeline", + team_id="core", + repository="testpipeline", + permission="admin", +) From 0a5c86253f9cc4dae801f67b32a8016b910bb240 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 22:01:58 -0500 Subject: [PATCH 31/45] refactor: Use NAME variable where ever possible --- pulumi/github/repos/pipelines/testpipeline.py | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index 0e53101a..41ce3a8c 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -68,28 +68,28 @@ branch_default_testpipeline = github.BranchDefault( f"branch_default_{NAME}", branch="master", - repository={NAME}, + repository=NAME, opts=pulumi.ResourceOptions(protect=True), ) # 'branch_dev_exists' => 'dev branch: branch must exist', branch_dev_testpipeline = github.Branch( - "branch_dev_testpipeline", + f"branch_dev_{NAME}", branch="dev", - repository="testpipeline", + repository=NAME, opts=pulumi.ResourceOptions(protect=True), ) # 'branch_template_exists' => 'TEMPLATE branch: branch must exist', branch_template_testpipeline = github.Branch( - "branch_template_testpipeline", + f"branch_template_{NAME}", branch="TEMPLATE", - repository="testpipeline", + repository=NAME, opts=pulumi.ResourceOptions(protect=True), ) # Add branch protections https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L296 # NOTE This uses the new Rulesets instead of classic branch protection rule # TODO 'branch_master_strict_updates' => 'master branch: do not require branch to be up to date before merging', ruleset_branch_default_testpipeline = github.RepositoryRuleset( - "ruleset_branch_default_testpipeline", + f"ruleset_branch_default_{NAME}", bypass_actors=[ # 'branch_master_enforce_admins' => 'master branch: do not enforce rules for admins', github.RepositoryRulesetBypassActorArgs( @@ -106,7 +106,7 @@ ), enforcement="active", name="master", - repository="testpipeline", + repository=NAME, rules=github.RepositoryRulesetRulesArgs( deletion=True, non_fast_forward=True, @@ -126,7 +126,7 @@ ) # TODO 'branch_dev_strict_updates' => 'dev branch: do not require branch to be up to date before merging', ruleset_branch_dev_testpipeline = github.RepositoryRuleset( - "ruleset_branch_dev_testpipeline", + f"ruleset_branch_dev_{NAME}", # 'branch_dev_enforce_admins' => 'dev branch: do not enforce rules for admins', bypass_actors=[ github.RepositoryRulesetBypassActorArgs( @@ -148,7 +148,7 @@ ), enforcement="active", name="dev", - repository="testpipeline", + repository=NAME, rules=github.RepositoryRulesetRulesArgs( deletion=True, non_fast_forward=True, @@ -171,7 +171,7 @@ # TODO Double check # Template branch protection https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L509 ruleset_branch_template_testpipeline = github.RepositoryRuleset( - "ruleset_branch_TEMPLATE_testpipeline", + f"ruleset_branch_TEMPLATE_{NAME}", bypass_actors=[ github.RepositoryRulesetBypassActorArgs( actor_id=CORE_TEAM_ID, @@ -188,7 +188,7 @@ ), enforcement="active", name="template", - repository="testpipeline", + repository=NAME, rules=github.RepositoryRulesetRulesArgs( deletion=True, non_fast_forward=True, @@ -199,15 +199,15 @@ ) # 'team_contributors' => 'Write access for nf-core/contributors', contributors_team_repo_testpipeline = github.TeamRepository( - "contributors_team_repo_testpipeline", + f"contributors_team_repo_{NAME}", team_id="contributors", - repository="testpipeline", + repository=NAME, permission="push", ) # 'team_core' => 'Admin access for nf-core/core', core_team_repo_testpipeline = github.TeamRepository( - "core_team_repo_testpipeline", + f"core_team_repo_{NAME}", team_id="core", - repository="testpipeline", + repository=NAME, permission="admin", ) From 62c608d418ebdfd94cb4ed236a0e6084acb2bedf Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 22:14:52 -0500 Subject: [PATCH 32/45] Remove protect on repo --- pulumi/github/repos/pipelines/testpipeline.py | 1 - 1 file changed, 1 deletion(-) diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index 41ce3a8c..38ad7bf3 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -57,7 +57,6 @@ ), visibility="public", topics=TOPICS, # 'repo_keywords' => 'Minimum keywords set', - opts=pulumi.ResourceOptions(protect=True), ) From 3df19aa5fd99f4459dd1a85fe99c01fbad3e79c2 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 22:27:29 -0500 Subject: [PATCH 33/45] ci: Add template workflow for repos --- .github/workflows/repos.yml | 77 +++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 .github/workflows/repos.yml diff --git a/.github/workflows/repos.yml b/.github/workflows/repos.yml new file mode 100644 index 00000000..3e6b5325 --- /dev/null +++ b/.github/workflows/repos.yml @@ -0,0 +1,77 @@ +name: Preview or update Pulumi app nf-core/github-repos/prod +on: + push: + branches: + - main + paths: + - "pulumi/github/repos/**/*" + pull_request: + branches: + - main + paths: + - "pulumi/github/repos/**/*" + +# These are the environment variables that jobs in the workflow have access to. +# By defining them here, all jobs/steps will have access to these variables. +env: + # IMPORTANT! You must map the env vars for your cloud provider here even though you add them as secrets + # to this repository. + # See the setup page for cloud providers here: https://www.pulumi.com/docs/intro/cloud-providers/. + # For example, if you are using AWS, then you should add the following: + # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_STACK_NAME: nf-core/github-repos/prod + PULUMI_WORKING_DIRECTORY: pulumi/github/repos/ + +jobs: + pulumi: + name: Pulumi + runs-on: ubuntu-latest + steps: + # Turnstyle is used to prevent multiple push jobs from running at the same time. We + # limit it to push jobs to allow PR jobs to run concurrently. + - name: Turnstyle + if: ${{ github.event_name == 'push' }} + uses: softprops/turnstyle@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - uses: actions/checkout@v2 + + - name: Install Python + uses: actions/setup-python@v2 + with: + python-version: 3.6.x + + - run: pip install -r requirements.txt + working-directory: ${{ env.PULUMI_WORKING_DIRECTORY }} + + - name: PR previews + if: ${{ github.event_name == 'pull_request' }} + uses: pulumi/actions@v3 + with: + command: preview + stack-name: ${{ env.PULUMI_STACK_NAME }} + work-dir: ${{ env.PULUMI_WORKING_DIRECTORY }} + + - name: Apply infrastructure update + if: ${{ github.event_name == 'push' }} + uses: pulumi/actions@v3 + with: + command: up + stack-name: ${{ env.PULUMI_STACK_NAME }} + work-dir: ${{ env.PULUMI_WORKING_DIRECTORY }} + + # If you'd like to run your Pulumi application outside of the official GitHub Action + + #- name: Install Pulumi CLI + # uses: pulumi/setup-pulumi@v2 + + #- name: PR previews + # run: pulumi preview -s $PULUMI_STACK_NAME --cwd $PULUMI_WORKING_DIRECTORY + # if: ${{ github.event_name == 'pull_request' }} + + #- name: Apply infrastructure update + # run: pulumi update --yes -s $PULUMI_STACK_NAME --cwd $PULUMI_WORKING_DIRECTORY + # if: ${{ github.event_name == 'push' }} From 4067d72a9e04c94b869bf58eb932f71b378e511c Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 22:32:37 -0500 Subject: [PATCH 34/45] ci: Remove python-version --- .github/workflows/repos.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/repos.yml b/.github/workflows/repos.yml index 3e6b5325..b7b17b8f 100644 --- a/.github/workflows/repos.yml +++ b/.github/workflows/repos.yml @@ -40,9 +40,7 @@ jobs: - uses: actions/checkout@v2 - name: Install Python - uses: actions/setup-python@v2 - with: - python-version: 3.6.x + uses: actions/setup-python@v5 - run: pip install -r requirements.txt working-directory: ${{ env.PULUMI_WORKING_DIRECTORY }} From 46b5d68389c713fbe8b7ceb25557b9709b5ccfff Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Sun, 21 Jul 2024 22:45:20 -0500 Subject: [PATCH 35/45] style: Run pre-commit --- pulumi/github/repos/import_by_hand.py | 2 -- pulumi/github/repos/loop_example.py | 2 -- 2 files changed, 4 deletions(-) diff --git a/pulumi/github/repos/import_by_hand.py b/pulumi/github/repos/import_by_hand.py index b28f9c2e..7a723a97 100644 --- a/pulumi/github/repos/import_by_hand.py +++ b/pulumi/github/repos/import_by_hand.py @@ -1,7 +1,5 @@ #!/usr/bin/env python -import yaml - import pulumi import pulumi_github as github diff --git a/pulumi/github/repos/loop_example.py b/pulumi/github/repos/loop_example.py index 268cec49..58be0c18 100644 --- a/pulumi/github/repos/loop_example.py +++ b/pulumi/github/repos/loop_example.py @@ -1,7 +1,5 @@ #!/usr/bin/env python -import yaml - import pulumi import pulumi_github as github From ec7a222c5c55fdc17e9b210fe8c88ea43dfe74c1 Mon Sep 17 00:00:00 2001 From: Edmund Miller <20095261+edmundmiller@users.noreply.github.com> Date: Mon, 22 Jul 2024 12:56:01 -0500 Subject: [PATCH 36/45] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Matthias Hörtenhuber --- .github/workflows/repos.yml | 13 +------------ docs/1password.md | 11 ++++++++--- pulumi/github/repos/Pulumi.yaml | 2 +- 3 files changed, 10 insertions(+), 16 deletions(-) diff --git a/.github/workflows/repos.yml b/.github/workflows/repos.yml index b7b17b8f..74f7eca0 100644 --- a/.github/workflows/repos.yml +++ b/.github/workflows/repos.yml @@ -41,6 +41,7 @@ jobs: - name: Install Python uses: actions/setup-python@v5 + cache: 'pip' - run: pip install -r requirements.txt working-directory: ${{ env.PULUMI_WORKING_DIRECTORY }} @@ -61,15 +62,3 @@ jobs: stack-name: ${{ env.PULUMI_STACK_NAME }} work-dir: ${{ env.PULUMI_WORKING_DIRECTORY }} - # If you'd like to run your Pulumi application outside of the official GitHub Action - - #- name: Install Pulumi CLI - # uses: pulumi/setup-pulumi@v2 - - #- name: PR previews - # run: pulumi preview -s $PULUMI_STACK_NAME --cwd $PULUMI_WORKING_DIRECTORY - # if: ${{ github.event_name == 'pull_request' }} - - #- name: Apply infrastructure update - # run: pulumi update --yes -s $PULUMI_STACK_NAME --cwd $PULUMI_WORKING_DIRECTORY - # if: ${{ github.event_name == 'push' }} diff --git a/docs/1password.md b/docs/1password.md index 757d6667..6159912d 100644 --- a/docs/1password.md +++ b/docs/1password.md @@ -5,12 +5,17 @@ [How to use 1Password with different accounts automatically](https://developer.1password.com/docs/cli/shell-plugins/multiple-accounts/) ```console -$ cd ~/src/nf-core +cd ~/src/nf-core + +op signin -~/src/nf-core $ op signin # Select nf-core -~/src/nf-core $ op plugin init pulumi +op plugin init pulumi +``` + +This should result in: +``` Pulumi CLI Authenticate with Pulumi Personal Access Token. diff --git a/pulumi/github/repos/Pulumi.yaml b/pulumi/github/repos/Pulumi.yaml index 6154903b..ea143730 100644 --- a/pulumi/github/repos/Pulumi.yaml +++ b/pulumi/github/repos/Pulumi.yaml @@ -3,4 +3,4 @@ runtime: name: python options: virtualenv: venv -description: Managing GitHub repos +description: Managing nf-core GitHub repos From c6df079aec4924c3d28285415e20164d60abe67b Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Mon, 22 Jul 2024 12:55:24 -0500 Subject: [PATCH 37/45] chore: Add 1password link --- pulumi/github/repos/Pulumi.prod.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/pulumi/github/repos/Pulumi.prod.yaml b/pulumi/github/repos/Pulumi.prod.yaml index 37afc743..d0ca5fcf 100644 --- a/pulumi/github/repos/Pulumi.prod.yaml +++ b/pulumi/github/repos/Pulumi.prod.yaml @@ -1,4 +1,5 @@ config: github:owner: nf-core +# https://start.1password.com/open/i?a=O5GICFDKPNABLLVGMKBL5JWDWA&v=rdfcz6oy6qxxrc4clu467a7dmm&i=ttqz63qvlr5qfwfde424nbl4re&h=nf-core.1password.eu environment: - github-prod From 7dc11d73b0c71ae2e00871927390fa9fe9a01000 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Mon, 22 Jul 2024 13:01:52 -0500 Subject: [PATCH 38/45] docs: Clean up README moving planning to GH issue Co-authored-by: mashehu --- pulumi/github/repos/README.md | 47 ++++++----------------------------- 1 file changed, 7 insertions(+), 40 deletions(-) diff --git a/pulumi/github/repos/README.md b/pulumi/github/repos/README.md index 933c12b4..b005a8c8 100644 --- a/pulumi/github/repos/README.md +++ b/pulumi/github/repos/README.md @@ -1,48 +1,15 @@ # Repos -Goal is to replace https://oldsite.nf-co.re/pipeline_health +Replaces the automatic rule enforcement from the [old Pipeline Health PHP code](https://github.com/nf-core/website/blob/old-site/public_html/pipeline_health.php), -This repo will be the "Actions" section at the bottom. We can then create a reporting page if we really need to see all the green checks +[Main GitHub Issue](https://github.com/nf-core/ops/issues/5) +[Tracking Milestone](https://github.com/nf-core/ops/milestone/1) -[Old Pipeline Health PHP code](https://github.com/nf-core/website/blob/old-site/public_html/pipeline_health.php) +## Useful Docs -[New Pipeline Health page](https://github.com/nf-core/website/blob/main/sites/pipelines/src/pages/pipeline_health.astro) - -## Initial Roll-out - -The new pipelines that are broken: - -- demo -- testpipeline - -- denovotranscript -- meerpipe -- pairgenomealign -- phaseimpute -- reportho - -Maybe: - -- scdownstream -- scnanoseq - -### Plan - -#### Short-term - -1. [ ] Import a pipeline that has all the right settings -2. [ ] Fix the 5 pipelines above with the correct settings from the "model" repo -3. [ ] Keep importing new pipelines until we gain confidence in it. - -#### Long-term - -1. Wrangle in `core_repos` -2. Roll out to all pipelines -3. Switch all repos to main - -## Docs - -https://www.pulumi.com/registry/packages/github/api-docs/repository/ +- https://www.pulumi.com/registry/packages/github/api-docs/repository/ +- [Old Pipeline Health PHP code](https://github.com/nf-core/website/blob/old-site/public_html/pipeline_health.php) +- [New Pipeline Health page](https://github.com/nf-core/website/blob/main/sites/pipelines/src/pages/pipeline_health.astro) ### Importing Repos From 1096f8c18854a5a4382e3f9143b2a78d14a14ed1 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Mon, 22 Jul 2024 13:30:31 -0500 Subject: [PATCH 39/45] refactor: Use Pulumi ESC for dev --- pulumi/github/repos/Pulumi.dev.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pulumi/github/repos/Pulumi.dev.yaml b/pulumi/github/repos/Pulumi.dev.yaml index b2221915..3a722fdd 100644 --- a/pulumi/github/repos/Pulumi.dev.yaml +++ b/pulumi/github/repos/Pulumi.dev.yaml @@ -1,5 +1,5 @@ config: github:owner: nf-core-tf # https://start.1password.com/open/i?a=O5GICFDKPNABLLVGMKBL5JWDWA&v=rdfcz6oy6qxxrc4clu467a7dmm&i=4ajrv44kc5lcbboa37fr5oydla&h=nf-core.1password.eu - github:token: - secure: AAABAFMgBNyCNuYsps6YVPV2L7Ji5qBJj0omEQQa9HrdhT2iHo3ex0e9NsDER3Q04itGiY698X/ZQCnTM2zu9op3tcjmzfITdHxGy0FGATuUFamYsSiztHrNAKiIEJ9E0M4Al8/yJeB6X4BXvkLEgik/I+GPvZIXK3tE65Q= +environment: + - github-nf-core-tf From be3d2f2721f7b3c9e59431a8d891d6198e41a645 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Tue, 23 Jul 2024 11:44:07 -0500 Subject: [PATCH 40/45] docs: Add some nf-core Pulumi starter info --- docs/pulumi.md | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 docs/pulumi.md diff --git a/docs/pulumi.md b/docs/pulumi.md new file mode 100644 index 00000000..ad430fbe --- /dev/null +++ b/docs/pulumi.md @@ -0,0 +1,72 @@ +# Pulumi + +nf-core specific docs, links and guides. + +## Quick Start + +### Repo structure + +This repo is a "Monorepo", basically a bunch of smaller projects inside of one bigger project. + +```console +tree -L 1 pulumi +pulumi +├── AWSMegatests +├── github +├── repo-backups +├── sentieon-license-server +└── test-datasets +``` + +Each of these are their own projects. + +### Install Pulumi + +[Here's the official guide](https://www.pulumi.com/docs/clouds/aws/get-started/) + +### Working with this repo + + + +1. Open up the project you want to make a change to +2. Make the change (Probably in `__main.py__`) +3. If you have a Pulumi cloud account in the nf-core org `pulumi preview` and `pulumi up` should work locally +4. Create a branch in the repo and make a PR, and a preview of the deployment should get ran. + +## Terminology + +Pulumi is pretty heavy on the terms and it was kinda confusing. A hierarchy kinda helps + +``` +Projects +├── Stacks +├──── Deployments +├──── Resources +Environments +``` + +### Projects + +Each directory in `pulumi` is a project. + +#### Stacks + +Each project can have multiple stacks. For example, `dev`, `prod`, `test`. + +Official quote: + +> What are projects and stacks? Pulumi projects and stacks let you organize Pulumi code. Consider a Pulumi project to be analogous to a GitHub repo—a single place for code—and a stack to be an instance of that code with a separate configuration. For instance, project foo may have multiple stacks for different deployment environments (dev, test, or prod), or perhaps for different cloud configurations (geographic region for example). See Organizing Projects and Stacks for some best practices on organizing your Pulumi projects and stacks. + +https://www.pulumi.com/docs/using-pulumi/organizing-projects-stacks/ + +##### Deployments + +Everytime you push to main in this repo a new deployment of the stack goes out. + +##### Resources + +These are individual pieces of infrastructure. An EC2 instance, a VPC, a GitHub repo, a GitHub team are some examples. + +### Environments + +This is Pulumi's hosted Secrete management. I'm thinking of these like, well "Environments". The nf-core AWS, the nf-core Azure, nf-core GCP, nf-core GitHub org, the nf-core-tf GitHub org. From 1db1ddb75ccd7e4bead31b42a4977c23cfff7c55 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Tue, 3 Jun 2025 17:32:49 -0500 Subject: [PATCH 41/45] build: Use uv --- .envrc | 1 - flake.lock | 25 --- flake.nix | 53 ------- pulumi/github/repos/.python-version | 1 + pulumi/github/repos/Pulumi.yaml | 3 +- pulumi/github/repos/pyproject.toml | 11 ++ pulumi/github/repos/requirements.txt | 3 - pulumi/github/repos/uv.lock | 217 +++++++++++++++++++++++++++ 8 files changed, 231 insertions(+), 83 deletions(-) delete mode 100644 .envrc delete mode 100644 flake.lock delete mode 100644 flake.nix create mode 100644 pulumi/github/repos/.python-version create mode 100644 pulumi/github/repos/pyproject.toml create mode 100644 pulumi/github/repos/uv.lock diff --git a/.envrc b/.envrc deleted file mode 100644 index 3550a30f..00000000 --- a/.envrc +++ /dev/null @@ -1 +0,0 @@ -use flake diff --git a/flake.lock b/flake.lock deleted file mode 100644 index 27f4b424..00000000 --- a/flake.lock +++ /dev/null @@ -1,25 +0,0 @@ -{ - "nodes": { - "nixpkgs": { - "locked": { - "lastModified": 1718714799, - "narHash": "sha256-FUZpz9rg3gL8NVPKbqU8ei1VkPLsTIfAJ2fdAf5qjak=", - "rev": "c00d587b1a1afbf200b1d8f0b0e4ba9deb1c7f0e", - "revCount": 640871, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.640871%2Brev-c00d587b1a1afbf200b1d8f0b0e4ba9deb1c7f0e/019036b8-c3f4-7c68-89d1-10b6f237eccb/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz" - } - }, - "root": { - "inputs": { - "nixpkgs": "nixpkgs" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/flake.nix b/flake.nix deleted file mode 100644 index f9ed069f..00000000 --- a/flake.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ - description = "A Nix-flake-based Pulumi development environment"; - - inputs.nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1.*.tar.gz"; - - outputs = { - self, - nixpkgs, - }: let - supportedSystems = ["x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin"]; - forEachSupportedSystem = f: - nixpkgs.lib.genAttrs supportedSystems (system: - f { - pkgs = import nixpkgs {inherit system;}; - }); - in { - devShells = forEachSupportedSystem ({pkgs}: { - default = pkgs.mkShell { - packages = with pkgs; [ - # Pulumi plus: - # pulumi-watch - # pulumi-analyzer-* utilities - # pulumi-language-* utilities - # pulumi-resource-* utilities - pulumi-bin - pulumi-esc - - # Python SDK - python311 - - # Go SDK - # go_1_22 - - # Node.js SDK - # nodejs - - # .NET SDK - # dotnet-sdk_6 - - # Java SDK - # jdk - # maven - - # Kubernetes - kubectl - - # Miscellaneous utilities - jq - ]; - }; - }); - }; -} diff --git a/pulumi/github/repos/.python-version b/pulumi/github/repos/.python-version new file mode 100644 index 00000000..e4fba218 --- /dev/null +++ b/pulumi/github/repos/.python-version @@ -0,0 +1 @@ +3.12 diff --git a/pulumi/github/repos/Pulumi.yaml b/pulumi/github/repos/Pulumi.yaml index ea143730..49efdf4c 100644 --- a/pulumi/github/repos/Pulumi.yaml +++ b/pulumi/github/repos/Pulumi.yaml @@ -2,5 +2,6 @@ name: github-repos runtime: name: python options: - virtualenv: venv + toolchain: uv + virtualenv: .venv description: Managing nf-core GitHub repos diff --git a/pulumi/github/repos/pyproject.toml b/pulumi/github/repos/pyproject.toml new file mode 100644 index 00000000..a1b1dffe --- /dev/null +++ b/pulumi/github/repos/pyproject.toml @@ -0,0 +1,11 @@ +[project] +name = "repos" +version = "0.1.0" +description = "Add your description here" +readme = "README.md" +requires-python = ">=3.12" +dependencies = [ + "pulumi>=3", + "pulumi_github>=5.20.0", + "ruff>=0.3.7" +] diff --git a/pulumi/github/repos/requirements.txt b/pulumi/github/repos/requirements.txt index d265c6c6..e69de29b 100644 --- a/pulumi/github/repos/requirements.txt +++ b/pulumi/github/repos/requirements.txt @@ -1,3 +0,0 @@ -pulumi>=3 -pulumi_github>=5.20.0 -ruff>=0.3.7 diff --git a/pulumi/github/repos/uv.lock b/pulumi/github/repos/uv.lock new file mode 100644 index 00000000..ba169c12 --- /dev/null +++ b/pulumi/github/repos/uv.lock @@ -0,0 +1,217 @@ +version = 1 +revision = 2 +requires-python = ">=3.12" + +[[package]] +name = "arpeggio" +version = "2.0.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/12/c4/516bb54456f85ad1947702ea4cef543a59de66d31a9887dbc3d9df36e3e1/Arpeggio-2.0.2.tar.gz", hash = "sha256:c790b2b06e226d2dd468e4fbfb5b7f506cec66416031fde1441cf1de2a0ba700", size = 766643, upload-time = "2023-07-09T12:30:04.737Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/f7/4f/d28bf30a19d4649b40b501d531b44e73afada99044df100380fd9567e92f/Arpeggio-2.0.2-py2.py3-none-any.whl", hash = "sha256:f7c8ae4f4056a89e020c24c7202ac8df3e2bc84e416746f20b0da35bb1de0250", size = 55287, upload-time = "2023-07-09T12:30:01.87Z" }, +] + +[[package]] +name = "attrs" +version = "25.3.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/5a/b0/1367933a8532ee6ff8d63537de4f1177af4bff9f3e829baf7331f595bb24/attrs-25.3.0.tar.gz", hash = "sha256:75d7cefc7fb576747b2c81b4442d4d4a1ce0900973527c011d1030fd3bf4af1b", size = 812032, upload-time = "2025-03-13T11:10:22.779Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/77/06/bb80f5f86020c4551da315d78b3ab75e8228f89f0162f2c3a819e407941a/attrs-25.3.0-py3-none-any.whl", hash = "sha256:427318ce031701fea540783410126f03899a97ffc6f61596ad581ac2e40e3bc3", size = 63815, upload-time = "2025-03-13T11:10:21.14Z" }, +] + +[[package]] +name = "debugpy" +version = "1.8.14" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/bd/75/087fe07d40f490a78782ff3b0a30e3968936854105487decdb33446d4b0e/debugpy-1.8.14.tar.gz", hash = "sha256:7cd287184318416850aa8b60ac90105837bb1e59531898c07569d197d2ed5322", size = 1641444, upload-time = "2025-04-10T19:46:10.981Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d9/2a/ac2df0eda4898f29c46eb6713a5148e6f8b2b389c8ec9e425a4a1d67bf07/debugpy-1.8.14-cp312-cp312-macosx_14_0_universal2.whl", hash = "sha256:8899c17920d089cfa23e6005ad9f22582fd86f144b23acb9feeda59e84405b84", size = 2501268, upload-time = "2025-04-10T19:46:26.044Z" }, + { url = "https://files.pythonhosted.org/packages/10/53/0a0cb5d79dd9f7039169f8bf94a144ad3efa52cc519940b3b7dde23bcb89/debugpy-1.8.14-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f6bb5c0dcf80ad5dbc7b7d6eac484e2af34bdacdf81df09b6a3e62792b722826", size = 4221077, upload-time = "2025-04-10T19:46:27.464Z" }, + { url = "https://files.pythonhosted.org/packages/f8/d5/84e01821f362327bf4828728aa31e907a2eca7c78cd7c6ec062780d249f8/debugpy-1.8.14-cp312-cp312-win32.whl", hash = "sha256:281d44d248a0e1791ad0eafdbbd2912ff0de9eec48022a5bfbc332957487ed3f", size = 5255127, upload-time = "2025-04-10T19:46:29.467Z" }, + { url = "https://files.pythonhosted.org/packages/33/16/1ed929d812c758295cac7f9cf3dab5c73439c83d9091f2d91871e648093e/debugpy-1.8.14-cp312-cp312-win_amd64.whl", hash = "sha256:5aa56ef8538893e4502a7d79047fe39b1dae08d9ae257074c6464a7b290b806f", size = 5297249, upload-time = "2025-04-10T19:46:31.538Z" }, + { url = "https://files.pythonhosted.org/packages/4d/e4/395c792b243f2367d84202dc33689aa3d910fb9826a7491ba20fc9e261f5/debugpy-1.8.14-cp313-cp313-macosx_14_0_universal2.whl", hash = "sha256:329a15d0660ee09fec6786acdb6e0443d595f64f5d096fc3e3ccf09a4259033f", size = 2485676, upload-time = "2025-04-10T19:46:32.96Z" }, + { url = "https://files.pythonhosted.org/packages/ba/f1/6f2ee3f991327ad9e4c2f8b82611a467052a0fb0e247390192580e89f7ff/debugpy-1.8.14-cp313-cp313-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0f920c7f9af409d90f5fd26e313e119d908b0dd2952c2393cd3247a462331f15", size = 4217514, upload-time = "2025-04-10T19:46:34.336Z" }, + { url = "https://files.pythonhosted.org/packages/79/28/b9d146f8f2dc535c236ee09ad3e5ac899adb39d7a19b49f03ac95d216beb/debugpy-1.8.14-cp313-cp313-win32.whl", hash = "sha256:3784ec6e8600c66cbdd4ca2726c72d8ca781e94bce2f396cc606d458146f8f4e", size = 5254756, upload-time = "2025-04-10T19:46:36.199Z" }, + { url = "https://files.pythonhosted.org/packages/e0/62/a7b4a57013eac4ccaef6977966e6bec5c63906dd25a86e35f155952e29a1/debugpy-1.8.14-cp313-cp313-win_amd64.whl", hash = "sha256:684eaf43c95a3ec39a96f1f5195a7ff3d4144e4a18d69bb66beeb1a6de605d6e", size = 5297119, upload-time = "2025-04-10T19:46:38.141Z" }, + { url = "https://files.pythonhosted.org/packages/97/1a/481f33c37ee3ac8040d3d51fc4c4e4e7e61cb08b8bc8971d6032acc2279f/debugpy-1.8.14-py2.py3-none-any.whl", hash = "sha256:5cd9a579d553b6cb9759a7908a41988ee6280b961f24f63336835d9418216a20", size = 5256230, upload-time = "2025-04-10T19:46:54.077Z" }, +] + +[[package]] +name = "dill" +version = "0.4.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/12/80/630b4b88364e9a8c8c5797f4602d0f76ef820909ee32f0bacb9f90654042/dill-0.4.0.tar.gz", hash = "sha256:0633f1d2df477324f53a895b02c901fb961bdbf65a17122586ea7019292cbcf0", size = 186976, upload-time = "2025-04-16T00:41:48.867Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/50/3d/9373ad9c56321fdab5b41197068e1d8c25883b3fea29dd361f9b55116869/dill-0.4.0-py3-none-any.whl", hash = "sha256:44f54bf6412c2c8464c14e8243eb163690a9800dbe2c367330883b19c7561049", size = 119668, upload-time = "2025-04-16T00:41:47.671Z" }, +] + +[[package]] +name = "grpcio" +version = "1.66.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/71/d1/49a96df4eb1d805cf546247df40636515416d2d5c66665e5129c8b4162a8/grpcio-1.66.2.tar.gz", hash = "sha256:563588c587b75c34b928bc428548e5b00ea38c46972181a4d8b75ba7e3f24231", size = 12489713, upload-time = "2024-09-28T12:44:01.429Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/6b/5c/c4da36b7a77dbb15c4bc72228dff7161874752b2c6bddf7bb046d9da1b90/grpcio-1.66.2-cp312-cp312-linux_armv7l.whl", hash = "sha256:802d84fd3d50614170649853d121baaaa305de7b65b3e01759247e768d691ddf", size = 5002933, upload-time = "2024-09-28T12:38:24.109Z" }, + { url = "https://files.pythonhosted.org/packages/a0/d5/b631445dff250a5301f51ff56c5fc917c7f955cd02fa55379f158a89abeb/grpcio-1.66.2-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:80fd702ba7e432994df208f27514280b4b5c6843e12a48759c9255679ad38db8", size = 10793953, upload-time = "2024-09-28T12:38:27.02Z" }, + { url = "https://files.pythonhosted.org/packages/c8/1c/2179ac112152e92c02990f98183edf645df14aa3c38b39f1a3a60358b6c6/grpcio-1.66.2-cp312-cp312-manylinux_2_17_aarch64.whl", hash = "sha256:12fda97ffae55e6526825daf25ad0fa37483685952b5d0f910d6405c87e3adb6", size = 5499791, upload-time = "2024-09-28T12:38:30.065Z" }, + { url = "https://files.pythonhosted.org/packages/0b/53/8d7ab865fbd983309c8242930f00b28a01047f70c2b2e4c79a5c92a46a08/grpcio-1.66.2-cp312-cp312-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:950da58d7d80abd0ea68757769c9db0a95b31163e53e5bb60438d263f4bed7b7", size = 6109606, upload-time = "2024-09-28T12:38:33.566Z" }, + { url = "https://files.pythonhosted.org/packages/86/e9/3dfb5a3ff540636d46b8b723345e923e8c553d9b3f6a8d1b09b0d915eb46/grpcio-1.66.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e636ce23273683b00410f1971d209bf3689238cf5538d960adc3cdfe80dd0dbd", size = 5762866, upload-time = "2024-09-28T12:38:36.023Z" }, + { url = "https://files.pythonhosted.org/packages/f1/cb/c07493ad5dd73d51e4e15b0d483ff212dfec136ee1e4f3b49d115bdc7a13/grpcio-1.66.2-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:a917d26e0fe980b0ac7bfcc1a3c4ad6a9a4612c911d33efb55ed7833c749b0ee", size = 6446819, upload-time = "2024-09-28T12:38:38.69Z" }, + { url = "https://files.pythonhosted.org/packages/ff/5f/142e19db367a34ea0ee8a8451e43215d0a1a5dbffcfdcae8801f22903301/grpcio-1.66.2-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:49f0ca7ae850f59f828a723a9064cadbed90f1ece179d375966546499b8a2c9c", size = 6040273, upload-time = "2024-09-28T12:38:41.348Z" }, + { url = "https://files.pythonhosted.org/packages/5c/3b/12fcd752c55002e4b0e0a7bd5faec101bc0a4e3890be3f95a43353142481/grpcio-1.66.2-cp312-cp312-win32.whl", hash = "sha256:31fd163105464797a72d901a06472860845ac157389e10f12631025b3e4d0453", size = 3537988, upload-time = "2024-09-28T12:38:44.544Z" }, + { url = "https://files.pythonhosted.org/packages/f1/70/76bfea3faa862bfceccba255792e780691ff25b8227180759c9d38769379/grpcio-1.66.2-cp312-cp312-win_amd64.whl", hash = "sha256:ff1f7882e56c40b0d33c4922c15dfa30612f05fb785074a012f7cda74d1c3679", size = 4275553, upload-time = "2024-09-28T12:38:47.734Z" }, + { url = "https://files.pythonhosted.org/packages/72/31/8708a8dfb3f1ac89926c27c5dd17412764157a2959dbc5a606eaf8ac71f6/grpcio-1.66.2-cp313-cp313-linux_armv7l.whl", hash = "sha256:3b00efc473b20d8bf83e0e1ae661b98951ca56111feb9b9611df8efc4fe5d55d", size = 5004245, upload-time = "2024-09-28T12:38:50.596Z" }, + { url = "https://files.pythonhosted.org/packages/8b/37/0b57c3769efb3cc9ec97fcaa9f7243046660e7ed58c0faebc4ef315df92c/grpcio-1.66.2-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:1caa38fb22a8578ab8393da99d4b8641e3a80abc8fd52646f1ecc92bcb8dee34", size = 10756749, upload-time = "2024-09-28T12:38:54.131Z" }, + { url = "https://files.pythonhosted.org/packages/bf/5a/425e995724a19a1b110340ed653bc7c5de8019d9fc84b3798a0f79c3eb31/grpcio-1.66.2-cp313-cp313-manylinux_2_17_aarch64.whl", hash = "sha256:c408f5ef75cfffa113cacd8b0c0e3611cbfd47701ca3cdc090594109b9fcbaed", size = 5499666, upload-time = "2024-09-28T12:38:57.145Z" }, + { url = "https://files.pythonhosted.org/packages/2e/e4/86a5c5ec40a6b683671a1d044ebca433812d99da8fcfc2889e9c43cecbd4/grpcio-1.66.2-cp313-cp313-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c806852deaedee9ce8280fe98955c9103f62912a5b2d5ee7e3eaa284a6d8d8e7", size = 6109578, upload-time = "2024-09-28T12:38:59.835Z" }, + { url = "https://files.pythonhosted.org/packages/2f/86/a86742f3deaa22385c3bff984c5947fc62d47d3fab26c508730037d027e5/grpcio-1.66.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f145cc21836c332c67baa6fc81099d1d27e266401565bf481948010d6ea32d46", size = 5763274, upload-time = "2024-09-28T12:39:02.287Z" }, + { url = "https://files.pythonhosted.org/packages/c3/61/b9a2a4345dea0a354c4ed8ac7aacbdd0ff986acbc8f92680213cf3d2faa3/grpcio-1.66.2-cp313-cp313-musllinux_1_1_i686.whl", hash = "sha256:73e3b425c1e155730273f73e419de3074aa5c5e936771ee0e4af0814631fb30a", size = 6450416, upload-time = "2024-09-28T12:39:05.06Z" }, + { url = "https://files.pythonhosted.org/packages/50/b9/ad303ce75d8cd71d855a661519aa160ce42f27498f589f1ae6d9f8c5e8ac/grpcio-1.66.2-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:9c509a4f78114cbc5f0740eb3d7a74985fd2eff022971bc9bc31f8bc93e66a3b", size = 6040045, upload-time = "2024-09-28T12:39:08.214Z" }, + { url = "https://files.pythonhosted.org/packages/ac/b3/8db1873e3240ef1672ba87b89e949ece367089e29e4d221377bfdd288bd3/grpcio-1.66.2-cp313-cp313-win32.whl", hash = "sha256:20657d6b8cfed7db5e11b62ff7dfe2e12064ea78e93f1434d61888834bc86d75", size = 3537126, upload-time = "2024-09-28T12:39:10.655Z" }, + { url = "https://files.pythonhosted.org/packages/a2/df/133216989fe7e17caeafd7ff5b17cc82c4e722025d0b8d5d2290c11fe2e6/grpcio-1.66.2-cp313-cp313-win_amd64.whl", hash = "sha256:fb70487c95786e345af5e854ffec8cb8cc781bcc5df7930c4fbb7feaa72e1cdf", size = 4278018, upload-time = "2024-09-28T12:39:13.196Z" }, +] + +[[package]] +name = "parver" +version = "0.5" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "arpeggio" }, + { name = "attrs" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/cc/e5/1c774688a90f0b76e872e30f6f1ba3f5e14056cd0d96a684047d4a986226/parver-0.5.tar.gz", hash = "sha256:b9fde1e6bb9ce9f07e08e9c4bea8d8825c5e78e18a0052d02e02bf9517eb4777", size = 26908, upload-time = "2023-10-03T21:06:54.506Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/0f/4c/f98024021bef4d44dce3613feebd702c7ad8883f777ff8488384c59e9774/parver-0.5-py3-none-any.whl", hash = "sha256:2281b187276c8e8e3c15634f62287b2fb6fe0efe3010f739a6bd1e45fa2bf2b2", size = 15172, upload-time = "2023-10-03T21:06:52.796Z" }, +] + +[[package]] +name = "pip" +version = "25.1.1" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/59/de/241caa0ca606f2ec5fe0c1f4261b0465df78d786a38da693864a116c37f4/pip-25.1.1.tar.gz", hash = "sha256:3de45d411d308d5054c2168185d8da7f9a2cd753dbac8acbfa88a8909ecd9077", size = 1940155, upload-time = "2025-05-02T15:14:02.057Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/29/a2/d40fb2460e883eca5199c62cfc2463fd261f760556ae6290f88488c362c0/pip-25.1.1-py3-none-any.whl", hash = "sha256:2913a38a2abf4ea6b64ab507bd9e967f3b53dc1ede74b01b0931e1ce548751af", size = 1825227, upload-time = "2025-05-02T15:13:59.102Z" }, +] + +[[package]] +name = "protobuf" +version = "4.25.8" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/df/01/34c8d2b6354906d728703cb9d546a0e534de479e25f1b581e4094c4a85cc/protobuf-4.25.8.tar.gz", hash = "sha256:6135cf8affe1fc6f76cced2641e4ea8d3e59518d1f24ae41ba97bcad82d397cd", size = 380920, upload-time = "2025-05-28T14:22:25.153Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/45/ff/05f34305fe6b85bbfbecbc559d423a5985605cad5eda4f47eae9e9c9c5c5/protobuf-4.25.8-cp310-abi3-win32.whl", hash = "sha256:504435d831565f7cfac9f0714440028907f1975e4bed228e58e72ecfff58a1e0", size = 392745, upload-time = "2025-05-28T14:22:10.524Z" }, + { url = "https://files.pythonhosted.org/packages/08/35/8b8a8405c564caf4ba835b1fdf554da869954712b26d8f2a98c0e434469b/protobuf-4.25.8-cp310-abi3-win_amd64.whl", hash = "sha256:bd551eb1fe1d7e92c1af1d75bdfa572eff1ab0e5bf1736716814cdccdb2360f9", size = 413736, upload-time = "2025-05-28T14:22:13.156Z" }, + { url = "https://files.pythonhosted.org/packages/28/d7/ab27049a035b258dab43445eb6ec84a26277b16105b277cbe0a7698bdc6c/protobuf-4.25.8-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:ca809b42f4444f144f2115c4c1a747b9a404d590f18f37e9402422033e464e0f", size = 394537, upload-time = "2025-05-28T14:22:14.768Z" }, + { url = "https://files.pythonhosted.org/packages/bd/6d/a4a198b61808dd3d1ee187082ccc21499bc949d639feb948961b48be9a7e/protobuf-4.25.8-cp37-abi3-manylinux2014_aarch64.whl", hash = "sha256:9ad7ef62d92baf5a8654fbb88dac7fa5594cfa70fd3440488a5ca3bfc6d795a7", size = 294005, upload-time = "2025-05-28T14:22:16.052Z" }, + { url = "https://files.pythonhosted.org/packages/d6/c6/c9deaa6e789b6fc41b88ccbdfe7a42d2b82663248b715f55aa77fbc00724/protobuf-4.25.8-cp37-abi3-manylinux2014_x86_64.whl", hash = "sha256:83e6e54e93d2b696a92cad6e6efc924f3850f82b52e1563778dfab8b355101b0", size = 294924, upload-time = "2025-05-28T14:22:17.105Z" }, + { url = "https://files.pythonhosted.org/packages/0c/c1/6aece0ab5209981a70cd186f164c133fdba2f51e124ff92b73de7fd24d78/protobuf-4.25.8-py3-none-any.whl", hash = "sha256:15a0af558aa3b13efef102ae6e4f3efac06f1eea11afb3a57db2901447d9fb59", size = 156757, upload-time = "2025-05-28T14:22:24.135Z" }, +] + +[[package]] +name = "pulumi" +version = "3.173.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "debugpy" }, + { name = "dill" }, + { name = "grpcio" }, + { name = "pip" }, + { name = "protobuf" }, + { name = "pyyaml" }, + { name = "semver" }, +] +wheels = [ + { url = "https://files.pythonhosted.org/packages/a2/80/b3b58366d599ab335efac166e420725c510f3f36aa383ca2ef68e473e216/pulumi-3.173.0-py3-none-any.whl", hash = "sha256:ef72fbfd602973132a2f68faaa6a713fa6447e3fe7bb1e071ed3d25de5b5983b", size = 353760, upload-time = "2025-05-30T00:21:35.86Z" }, +] + +[[package]] +name = "pulumi-github" +version = "6.7.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "parver" }, + { name = "pulumi" }, + { name = "semver" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/53/35/20c2a03d80a3b8ed39f93232f99eec48d676a9bb20897bdc7afa1a07f3ed/pulumi_github-6.7.2.tar.gz", hash = "sha256:2c48be297b551319fc5ce93564ae7ede6a46e60a95a8b4ce3a8944b284a57be7", size = 200992, upload-time = "2025-04-30T17:20:25.55Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d9/ea/55777086f498ee2c067231a424abe5e26a3b032e81c9107777a4b78b8a8f/pulumi_github-6.7.2-py3-none-any.whl", hash = "sha256:7d14574a2cf9579cc60670f26b898d38b303349c1b15b4ededba479506e84432", size = 370137, upload-time = "2025-04-30T17:20:23.449Z" }, +] + +[[package]] +name = "pyyaml" +version = "6.0.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/54/ed/79a089b6be93607fa5cdaedf301d7dfb23af5f25c398d5ead2525b063e17/pyyaml-6.0.2.tar.gz", hash = "sha256:d584d9ec91ad65861cc08d42e834324ef890a082e591037abe114850ff7bbc3e", size = 130631, upload-time = "2024-08-06T20:33:50.674Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/86/0c/c581167fc46d6d6d7ddcfb8c843a4de25bdd27e4466938109ca68492292c/PyYAML-6.0.2-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:c70c95198c015b85feafc136515252a261a84561b7b1d51e3384e0655ddf25ab", size = 183873, upload-time = "2024-08-06T20:32:25.131Z" }, + { url = "https://files.pythonhosted.org/packages/a8/0c/38374f5bb272c051e2a69281d71cba6fdb983413e6758b84482905e29a5d/PyYAML-6.0.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:ce826d6ef20b1bc864f0a68340c8b3287705cae2f8b4b1d932177dcc76721725", size = 173302, upload-time = "2024-08-06T20:32:26.511Z" }, + { url = "https://files.pythonhosted.org/packages/c3/93/9916574aa8c00aa06bbac729972eb1071d002b8e158bd0e83a3b9a20a1f7/PyYAML-6.0.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1f71ea527786de97d1a0cc0eacd1defc0985dcf6b3f17bb77dcfc8c34bec4dc5", size = 739154, upload-time = "2024-08-06T20:32:28.363Z" }, + { url = "https://files.pythonhosted.org/packages/95/0f/b8938f1cbd09739c6da569d172531567dbcc9789e0029aa070856f123984/PyYAML-6.0.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9b22676e8097e9e22e36d6b7bda33190d0d400f345f23d4065d48f4ca7ae0425", size = 766223, upload-time = "2024-08-06T20:32:30.058Z" }, + { url = "https://files.pythonhosted.org/packages/b9/2b/614b4752f2e127db5cc206abc23a8c19678e92b23c3db30fc86ab731d3bd/PyYAML-6.0.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:80bab7bfc629882493af4aa31a4cfa43a4c57c83813253626916b8c7ada83476", size = 767542, upload-time = "2024-08-06T20:32:31.881Z" }, + { url = "https://files.pythonhosted.org/packages/d4/00/dd137d5bcc7efea1836d6264f049359861cf548469d18da90cd8216cf05f/PyYAML-6.0.2-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:0833f8694549e586547b576dcfaba4a6b55b9e96098b36cdc7ebefe667dfed48", size = 731164, upload-time = "2024-08-06T20:32:37.083Z" }, + { url = "https://files.pythonhosted.org/packages/c9/1f/4f998c900485e5c0ef43838363ba4a9723ac0ad73a9dc42068b12aaba4e4/PyYAML-6.0.2-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:8b9c7197f7cb2738065c481a0461e50ad02f18c78cd75775628afb4d7137fb3b", size = 756611, upload-time = "2024-08-06T20:32:38.898Z" }, + { url = "https://files.pythonhosted.org/packages/df/d1/f5a275fdb252768b7a11ec63585bc38d0e87c9e05668a139fea92b80634c/PyYAML-6.0.2-cp312-cp312-win32.whl", hash = "sha256:ef6107725bd54b262d6dedcc2af448a266975032bc85ef0172c5f059da6325b4", size = 140591, upload-time = "2024-08-06T20:32:40.241Z" }, + { url = "https://files.pythonhosted.org/packages/0c/e8/4f648c598b17c3d06e8753d7d13d57542b30d56e6c2dedf9c331ae56312e/PyYAML-6.0.2-cp312-cp312-win_amd64.whl", hash = "sha256:7e7401d0de89a9a855c839bc697c079a4af81cf878373abd7dc625847d25cbd8", size = 156338, upload-time = "2024-08-06T20:32:41.93Z" }, + { url = "https://files.pythonhosted.org/packages/ef/e3/3af305b830494fa85d95f6d95ef7fa73f2ee1cc8ef5b495c7c3269fb835f/PyYAML-6.0.2-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:efdca5630322a10774e8e98e1af481aad470dd62c3170801852d752aa7a783ba", size = 181309, upload-time = "2024-08-06T20:32:43.4Z" }, + { url = "https://files.pythonhosted.org/packages/45/9f/3b1c20a0b7a3200524eb0076cc027a970d320bd3a6592873c85c92a08731/PyYAML-6.0.2-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:50187695423ffe49e2deacb8cd10510bc361faac997de9efef88badc3bb9e2d1", size = 171679, upload-time = "2024-08-06T20:32:44.801Z" }, + { url = "https://files.pythonhosted.org/packages/7c/9a/337322f27005c33bcb656c655fa78325b730324c78620e8328ae28b64d0c/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0ffe8360bab4910ef1b9e87fb812d8bc0a308b0d0eef8c8f44e0254ab3b07133", size = 733428, upload-time = "2024-08-06T20:32:46.432Z" }, + { url = "https://files.pythonhosted.org/packages/a3/69/864fbe19e6c18ea3cc196cbe5d392175b4cf3d5d0ac1403ec3f2d237ebb5/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:17e311b6c678207928d649faa7cb0d7b4c26a0ba73d41e99c4fff6b6c3276484", size = 763361, upload-time = "2024-08-06T20:32:51.188Z" }, + { url = "https://files.pythonhosted.org/packages/04/24/b7721e4845c2f162d26f50521b825fb061bc0a5afcf9a386840f23ea19fa/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:70b189594dbe54f75ab3a1acec5f1e3faa7e8cf2f1e08d9b561cb41b845f69d5", size = 759523, upload-time = "2024-08-06T20:32:53.019Z" }, + { url = "https://files.pythonhosted.org/packages/2b/b2/e3234f59ba06559c6ff63c4e10baea10e5e7df868092bf9ab40e5b9c56b6/PyYAML-6.0.2-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:41e4e3953a79407c794916fa277a82531dd93aad34e29c2a514c2c0c5fe971cc", size = 726660, upload-time = "2024-08-06T20:32:54.708Z" }, + { url = "https://files.pythonhosted.org/packages/fe/0f/25911a9f080464c59fab9027482f822b86bf0608957a5fcc6eaac85aa515/PyYAML-6.0.2-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:68ccc6023a3400877818152ad9a1033e3db8625d899c72eacb5a668902e4d652", size = 751597, upload-time = "2024-08-06T20:32:56.985Z" }, + { url = "https://files.pythonhosted.org/packages/14/0d/e2c3b43bbce3cf6bd97c840b46088a3031085179e596d4929729d8d68270/PyYAML-6.0.2-cp313-cp313-win32.whl", hash = "sha256:bc2fa7c6b47d6bc618dd7fb02ef6fdedb1090ec036abab80d4681424b84c1183", size = 140527, upload-time = "2024-08-06T20:33:03.001Z" }, + { url = "https://files.pythonhosted.org/packages/fa/de/02b54f42487e3d3c6efb3f89428677074ca7bf43aae402517bc7cca949f3/PyYAML-6.0.2-cp313-cp313-win_amd64.whl", hash = "sha256:8388ee1976c416731879ac16da0aff3f63b286ffdd57cdeb95f3f2e085687563", size = 156446, upload-time = "2024-08-06T20:33:04.33Z" }, +] + +[[package]] +name = "repos" +version = "0.1.0" +source = { virtual = "." } +dependencies = [ + { name = "pulumi" }, + { name = "pulumi-github" }, + { name = "ruff" }, +] + +[package.metadata] +requires-dist = [ + { name = "pulumi", specifier = ">=3" }, + { name = "pulumi-github", specifier = ">=5.20.0" }, + { name = "ruff", specifier = ">=0.3.7" }, +] + +[[package]] +name = "ruff" +version = "0.11.12" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/15/0a/92416b159ec00cdf11e5882a9d80d29bf84bba3dbebc51c4898bfbca1da6/ruff-0.11.12.tar.gz", hash = "sha256:43cf7f69c7d7c7d7513b9d59c5d8cafd704e05944f978614aa9faff6ac202603", size = 4202289, upload-time = "2025-05-29T13:31:40.037Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/60/cc/53eb79f012d15e136d40a8e8fc519ba8f55a057f60b29c2df34efd47c6e3/ruff-0.11.12-py3-none-linux_armv6l.whl", hash = "sha256:c7680aa2f0d4c4f43353d1e72123955c7a2159b8646cd43402de6d4a3a25d7cc", size = 10285597, upload-time = "2025-05-29T13:30:57.539Z" }, + { url = "https://files.pythonhosted.org/packages/e7/d7/73386e9fb0232b015a23f62fea7503f96e29c29e6c45461d4a73bac74df9/ruff-0.11.12-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:2cad64843da9f134565c20bcc430642de897b8ea02e2e79e6e02a76b8dcad7c3", size = 11053154, upload-time = "2025-05-29T13:31:00.865Z" }, + { url = "https://files.pythonhosted.org/packages/4e/eb/3eae144c5114e92deb65a0cb2c72326c8469e14991e9bc3ec0349da1331c/ruff-0.11.12-py3-none-macosx_11_0_arm64.whl", hash = "sha256:9b6886b524a1c659cee1758140138455d3c029783d1b9e643f3624a5ee0cb0aa", size = 10403048, upload-time = "2025-05-29T13:31:03.413Z" }, + { url = "https://files.pythonhosted.org/packages/29/64/20c54b20e58b1058db6689e94731f2a22e9f7abab74e1a758dfba058b6ca/ruff-0.11.12-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3cc3a3690aad6e86c1958d3ec3c38c4594b6ecec75c1f531e84160bd827b2012", size = 10597062, upload-time = "2025-05-29T13:31:05.539Z" }, + { url = "https://files.pythonhosted.org/packages/29/3a/79fa6a9a39422a400564ca7233a689a151f1039110f0bbbabcb38106883a/ruff-0.11.12-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:f97fdbc2549f456c65b3b0048560d44ddd540db1f27c778a938371424b49fe4a", size = 10155152, upload-time = "2025-05-29T13:31:07.986Z" }, + { url = "https://files.pythonhosted.org/packages/e5/a4/22c2c97b2340aa968af3a39bc38045e78d36abd4ed3fa2bde91c31e712e3/ruff-0.11.12-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:74adf84960236961090e2d1348c1a67d940fd12e811a33fb3d107df61eef8fc7", size = 11723067, upload-time = "2025-05-29T13:31:10.57Z" }, + { url = "https://files.pythonhosted.org/packages/bc/cf/3e452fbd9597bcd8058856ecd42b22751749d07935793a1856d988154151/ruff-0.11.12-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:b56697e5b8bcf1d61293ccfe63873aba08fdbcbbba839fc046ec5926bdb25a3a", size = 12460807, upload-time = "2025-05-29T13:31:12.88Z" }, + { url = "https://files.pythonhosted.org/packages/2f/ec/8f170381a15e1eb7d93cb4feef8d17334d5a1eb33fee273aee5d1f8241a3/ruff-0.11.12-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:4d47afa45e7b0eaf5e5969c6b39cbd108be83910b5c74626247e366fd7a36a13", size = 12063261, upload-time = "2025-05-29T13:31:15.236Z" }, + { url = "https://files.pythonhosted.org/packages/0d/bf/57208f8c0a8153a14652a85f4116c0002148e83770d7a41f2e90b52d2b4e/ruff-0.11.12-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:692bf9603fe1bf949de8b09a2da896f05c01ed7a187f4a386cdba6760e7f61be", size = 11329601, upload-time = "2025-05-29T13:31:18.68Z" }, + { url = "https://files.pythonhosted.org/packages/c3/56/edf942f7fdac5888094d9ffa303f12096f1a93eb46570bcf5f14c0c70880/ruff-0.11.12-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:08033320e979df3b20dba567c62f69c45e01df708b0f9c83912d7abd3e0801cd", size = 11522186, upload-time = "2025-05-29T13:31:21.216Z" }, + { url = "https://files.pythonhosted.org/packages/ed/63/79ffef65246911ed7e2290aeece48739d9603b3a35f9529fec0fc6c26400/ruff-0.11.12-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:929b7706584f5bfd61d67d5070f399057d07c70585fa8c4491d78ada452d3bef", size = 10449032, upload-time = "2025-05-29T13:31:23.417Z" }, + { url = "https://files.pythonhosted.org/packages/88/19/8c9d4d8a1c2a3f5a1ea45a64b42593d50e28b8e038f1aafd65d6b43647f3/ruff-0.11.12-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:7de4a73205dc5756b8e09ee3ed67c38312dce1aa28972b93150f5751199981b5", size = 10129370, upload-time = "2025-05-29T13:31:25.777Z" }, + { url = "https://files.pythonhosted.org/packages/bc/0f/2d15533eaa18f460530a857e1778900cd867ded67f16c85723569d54e410/ruff-0.11.12-py3-none-musllinux_1_2_i686.whl", hash = "sha256:2635c2a90ac1b8ca9e93b70af59dfd1dd2026a40e2d6eebaa3efb0465dd9cf02", size = 11123529, upload-time = "2025-05-29T13:31:28.396Z" }, + { url = "https://files.pythonhosted.org/packages/4f/e2/4c2ac669534bdded835356813f48ea33cfb3a947dc47f270038364587088/ruff-0.11.12-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:d05d6a78a89166f03f03a198ecc9d18779076ad0eec476819467acb401028c0c", size = 11577642, upload-time = "2025-05-29T13:31:30.647Z" }, + { url = "https://files.pythonhosted.org/packages/a7/9b/c9ddf7f924d5617a1c94a93ba595f4b24cb5bc50e98b94433ab3f7ad27e5/ruff-0.11.12-py3-none-win32.whl", hash = "sha256:f5a07f49767c4be4772d161bfc049c1f242db0cfe1bd976e0f0886732a4765d6", size = 10475511, upload-time = "2025-05-29T13:31:32.917Z" }, + { url = "https://files.pythonhosted.org/packages/fd/d6/74fb6d3470c1aada019ffff33c0f9210af746cca0a4de19a1f10ce54968a/ruff-0.11.12-py3-none-win_amd64.whl", hash = "sha256:5a4d9f8030d8c3a45df201d7fb3ed38d0219bccd7955268e863ee4a115fa0832", size = 11523573, upload-time = "2025-05-29T13:31:35.782Z" }, + { url = "https://files.pythonhosted.org/packages/44/42/d58086ec20f52d2b0140752ae54b355ea2be2ed46f914231136dd1effcc7/ruff-0.11.12-py3-none-win_arm64.whl", hash = "sha256:65194e37853158d368e333ba282217941029a28ea90913c67e558c611d04daa5", size = 10697770, upload-time = "2025-05-29T13:31:38.009Z" }, +] + +[[package]] +name = "semver" +version = "3.0.4" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/72/d1/d3159231aec234a59dd7d601e9dd9fe96f3afff15efd33c1070019b26132/semver-3.0.4.tar.gz", hash = "sha256:afc7d8c584a5ed0a11033af086e8af226a9c0b206f313e0301f8dd7b6b589602", size = 269730, upload-time = "2025-01-24T13:19:27.617Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/a6/24/4d91e05817e92e3a61c8a21e08fd0f390f5301f1c448b137c57c4bc6e543/semver-3.0.4-py3-none-any.whl", hash = "sha256:9c824d87ba7f7ab4a1890799cec8596f15c1241cb473404ea1cb0c55e4b04746", size = 17912, upload-time = "2025-01-24T13:19:24.949Z" }, +] From ea0511d180ea3a2f7d9aad79d6e7ddcce5678fec Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Tue, 3 Jun 2025 17:36:57 -0500 Subject: [PATCH 42/45] chore: Update pulumi-github dependency to version 6.7.2 and remove ruff --- pulumi/github/repos/pyproject.toml | 3 +-- pulumi/github/repos/uv.lock | 29 +---------------------------- 2 files changed, 2 insertions(+), 30 deletions(-) diff --git a/pulumi/github/repos/pyproject.toml b/pulumi/github/repos/pyproject.toml index a1b1dffe..edda5444 100644 --- a/pulumi/github/repos/pyproject.toml +++ b/pulumi/github/repos/pyproject.toml @@ -6,6 +6,5 @@ readme = "README.md" requires-python = ">=3.12" dependencies = [ "pulumi>=3", - "pulumi_github>=5.20.0", - "ruff>=0.3.7" + "pulumi-github>=6.7.2", ] diff --git a/pulumi/github/repos/uv.lock b/pulumi/github/repos/uv.lock index ba169c12..9c6cfe69 100644 --- a/pulumi/github/repos/uv.lock +++ b/pulumi/github/repos/uv.lock @@ -172,39 +172,12 @@ source = { virtual = "." } dependencies = [ { name = "pulumi" }, { name = "pulumi-github" }, - { name = "ruff" }, ] [package.metadata] requires-dist = [ { name = "pulumi", specifier = ">=3" }, - { name = "pulumi-github", specifier = ">=5.20.0" }, - { name = "ruff", specifier = ">=0.3.7" }, -] - -[[package]] -name = "ruff" -version = "0.11.12" -source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/15/0a/92416b159ec00cdf11e5882a9d80d29bf84bba3dbebc51c4898bfbca1da6/ruff-0.11.12.tar.gz", hash = "sha256:43cf7f69c7d7c7d7513b9d59c5d8cafd704e05944f978614aa9faff6ac202603", size = 4202289, upload-time = "2025-05-29T13:31:40.037Z" } -wheels = [ - { url = "https://files.pythonhosted.org/packages/60/cc/53eb79f012d15e136d40a8e8fc519ba8f55a057f60b29c2df34efd47c6e3/ruff-0.11.12-py3-none-linux_armv6l.whl", hash = "sha256:c7680aa2f0d4c4f43353d1e72123955c7a2159b8646cd43402de6d4a3a25d7cc", size = 10285597, upload-time = "2025-05-29T13:30:57.539Z" }, - { url = "https://files.pythonhosted.org/packages/e7/d7/73386e9fb0232b015a23f62fea7503f96e29c29e6c45461d4a73bac74df9/ruff-0.11.12-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:2cad64843da9f134565c20bcc430642de897b8ea02e2e79e6e02a76b8dcad7c3", size = 11053154, upload-time = "2025-05-29T13:31:00.865Z" }, - { url = "https://files.pythonhosted.org/packages/4e/eb/3eae144c5114e92deb65a0cb2c72326c8469e14991e9bc3ec0349da1331c/ruff-0.11.12-py3-none-macosx_11_0_arm64.whl", hash = "sha256:9b6886b524a1c659cee1758140138455d3c029783d1b9e643f3624a5ee0cb0aa", size = 10403048, upload-time = "2025-05-29T13:31:03.413Z" }, - { url = "https://files.pythonhosted.org/packages/29/64/20c54b20e58b1058db6689e94731f2a22e9f7abab74e1a758dfba058b6ca/ruff-0.11.12-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3cc3a3690aad6e86c1958d3ec3c38c4594b6ecec75c1f531e84160bd827b2012", size = 10597062, upload-time = "2025-05-29T13:31:05.539Z" }, - { url = "https://files.pythonhosted.org/packages/29/3a/79fa6a9a39422a400564ca7233a689a151f1039110f0bbbabcb38106883a/ruff-0.11.12-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:f97fdbc2549f456c65b3b0048560d44ddd540db1f27c778a938371424b49fe4a", size = 10155152, upload-time = "2025-05-29T13:31:07.986Z" }, - { url = "https://files.pythonhosted.org/packages/e5/a4/22c2c97b2340aa968af3a39bc38045e78d36abd4ed3fa2bde91c31e712e3/ruff-0.11.12-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:74adf84960236961090e2d1348c1a67d940fd12e811a33fb3d107df61eef8fc7", size = 11723067, upload-time = "2025-05-29T13:31:10.57Z" }, - { url = "https://files.pythonhosted.org/packages/bc/cf/3e452fbd9597bcd8058856ecd42b22751749d07935793a1856d988154151/ruff-0.11.12-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:b56697e5b8bcf1d61293ccfe63873aba08fdbcbbba839fc046ec5926bdb25a3a", size = 12460807, upload-time = "2025-05-29T13:31:12.88Z" }, - { url = "https://files.pythonhosted.org/packages/2f/ec/8f170381a15e1eb7d93cb4feef8d17334d5a1eb33fee273aee5d1f8241a3/ruff-0.11.12-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:4d47afa45e7b0eaf5e5969c6b39cbd108be83910b5c74626247e366fd7a36a13", size = 12063261, upload-time = "2025-05-29T13:31:15.236Z" }, - { url = "https://files.pythonhosted.org/packages/0d/bf/57208f8c0a8153a14652a85f4116c0002148e83770d7a41f2e90b52d2b4e/ruff-0.11.12-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:692bf9603fe1bf949de8b09a2da896f05c01ed7a187f4a386cdba6760e7f61be", size = 11329601, upload-time = "2025-05-29T13:31:18.68Z" }, - { url = "https://files.pythonhosted.org/packages/c3/56/edf942f7fdac5888094d9ffa303f12096f1a93eb46570bcf5f14c0c70880/ruff-0.11.12-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:08033320e979df3b20dba567c62f69c45e01df708b0f9c83912d7abd3e0801cd", size = 11522186, upload-time = "2025-05-29T13:31:21.216Z" }, - { url = "https://files.pythonhosted.org/packages/ed/63/79ffef65246911ed7e2290aeece48739d9603b3a35f9529fec0fc6c26400/ruff-0.11.12-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:929b7706584f5bfd61d67d5070f399057d07c70585fa8c4491d78ada452d3bef", size = 10449032, upload-time = "2025-05-29T13:31:23.417Z" }, - { url = "https://files.pythonhosted.org/packages/88/19/8c9d4d8a1c2a3f5a1ea45a64b42593d50e28b8e038f1aafd65d6b43647f3/ruff-0.11.12-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:7de4a73205dc5756b8e09ee3ed67c38312dce1aa28972b93150f5751199981b5", size = 10129370, upload-time = "2025-05-29T13:31:25.777Z" }, - { url = "https://files.pythonhosted.org/packages/bc/0f/2d15533eaa18f460530a857e1778900cd867ded67f16c85723569d54e410/ruff-0.11.12-py3-none-musllinux_1_2_i686.whl", hash = "sha256:2635c2a90ac1b8ca9e93b70af59dfd1dd2026a40e2d6eebaa3efb0465dd9cf02", size = 11123529, upload-time = "2025-05-29T13:31:28.396Z" }, - { url = "https://files.pythonhosted.org/packages/4f/e2/4c2ac669534bdded835356813f48ea33cfb3a947dc47f270038364587088/ruff-0.11.12-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:d05d6a78a89166f03f03a198ecc9d18779076ad0eec476819467acb401028c0c", size = 11577642, upload-time = "2025-05-29T13:31:30.647Z" }, - { url = "https://files.pythonhosted.org/packages/a7/9b/c9ddf7f924d5617a1c94a93ba595f4b24cb5bc50e98b94433ab3f7ad27e5/ruff-0.11.12-py3-none-win32.whl", hash = "sha256:f5a07f49767c4be4772d161bfc049c1f242db0cfe1bd976e0f0886732a4765d6", size = 10475511, upload-time = "2025-05-29T13:31:32.917Z" }, - { url = "https://files.pythonhosted.org/packages/fd/d6/74fb6d3470c1aada019ffff33c0f9210af746cca0a4de19a1f10ce54968a/ruff-0.11.12-py3-none-win_amd64.whl", hash = "sha256:5a4d9f8030d8c3a45df201d7fb3ed38d0219bccd7955268e863ee4a115fa0832", size = 11523573, upload-time = "2025-05-29T13:31:35.782Z" }, - { url = "https://files.pythonhosted.org/packages/44/42/d58086ec20f52d2b0140752ae54b355ea2be2ed46f914231136dd1effcc7/ruff-0.11.12-py3-none-win_arm64.whl", hash = "sha256:65194e37853158d368e333ba282217941029a28ea90913c67e558c611d04daa5", size = 10697770, upload-time = "2025-05-29T13:31:38.009Z" }, + { name = "pulumi-github", specifier = ">=6.7.2" }, ] [[package]] From df4352c3aeb0e84ff28906873ce80858ac4f94e5 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Tue, 3 Jun 2025 17:53:08 -0500 Subject: [PATCH 43/45] fix: Address PR Review comments Co-authored-by: mashehu Co-authored-by: mirpedrol --- .github/workflows/repos.yml | 6 +-- pulumi/github/repos/core/modules.py | 4 +- pulumi/github/repos/loop_example.py | 53 ------------------- pulumi/github/repos/pipelines/testpipeline.py | 26 ++++----- 4 files changed, 19 insertions(+), 70 deletions(-) delete mode 100644 pulumi/github/repos/loop_example.py diff --git a/.github/workflows/repos.yml b/.github/workflows/repos.yml index 74f7eca0..34e04e3d 100644 --- a/.github/workflows/repos.yml +++ b/.github/workflows/repos.yml @@ -5,6 +5,7 @@ on: - main paths: - "pulumi/github/repos/**/*" + workflow_dispatch: pull_request: branches: - main @@ -47,8 +48,7 @@ jobs: working-directory: ${{ env.PULUMI_WORKING_DIRECTORY }} - name: PR previews - if: ${{ github.event_name == 'pull_request' }} - uses: pulumi/actions@v3 + uses: pulumi/actions@v6 with: command: preview stack-name: ${{ env.PULUMI_STACK_NAME }} @@ -56,7 +56,7 @@ jobs: - name: Apply infrastructure update if: ${{ github.event_name == 'push' }} - uses: pulumi/actions@v3 + uses: pulumi/actions@v6 with: command: up stack-name: ${{ env.PULUMI_STACK_NAME }} diff --git a/pulumi/github/repos/core/modules.py b/pulumi/github/repos/core/modules.py index 0f9bf163..efd61ccc 100644 --- a/pulumi/github/repos/core/modules.py +++ b/pulumi/github/repos/core/modules.py @@ -9,11 +9,11 @@ allow_merge_commit=False, allow_rebase_merge=False, allow_squash_merge=False, - default_branch="master", + default_branch="main", description="Repository to host tool-specific module files for the Nextflow DSL2 community!", has_downloads=True, has_issues=True, - has_projects=True, + has_projects=False, homepage_url="https://nf-co.re", merge_commit_message="", merge_commit_title="", diff --git a/pulumi/github/repos/loop_example.py b/pulumi/github/repos/loop_example.py deleted file mode 100644 index 58be0c18..00000000 --- a/pulumi/github/repos/loop_example.py +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/env python - -import pulumi -import pulumi_github as github - -TOPICS = [ - "nextflow", - "pipelines", - "nf-test", - "modules", - "nf-core", - "dsl2", - "workflows", -] - -alpha_test_pipeline_repos = [ - "denovotranscript", - "meerpipe", - "pairgenomealign", - "phaseimpute", - "reportho", -] - -for pipeline in alpha_test_pipeline_repos: - github.Repository( - pipeline, - allow_merge_commit=True, - allow_rebase_merge=True, - allow_squash_merge=True, - default_branch="master", - description="Alpha test repository for nf-core", - has_downloads=True, - has_issues=True, - has_projects=True, - homepage_url=f"https://nf-co.re/{pipeline}", - merge_commit_message="", - merge_commit_title="", - name=pipeline, - security_and_analysis=github.RepositorySecurityAndAnalysisArgs( - secret_scanning=github.RepositorySecurityAndAnalysisSecretScanningArgs( - status="disabled", - ), - secret_scanning_push_protection=github.RepositorySecurityAndAnalysisSecretScanningPushProtectionArgs( - status="disabled", - ), - ), - squash_merge_commit_message="", - squash_merge_commit_title="", - topics=TOPICS, - visibility="public", - # NOTE Idk if this will work - opts=pulumi.ResourceOptions(protect=True), - ) diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index 38ad7bf3..3c02a003 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -39,7 +39,7 @@ description="A small example pipeline used to test new nf-core infrastructure and common code.", # 'repo_description' => 'Description must be set', has_downloads=True, has_issues=True, # 'repo_issues' => 'Enable issues', - has_projects=True, + has_projects=False, has_wiki=False, # 'repo_wikis' => 'Disable wikis', allow_merge_commit=True, # 'repo_merge_commits' => 'Allow merge commits', allow_rebase_merge=True, # 'repo_merge_rebase' => 'Allow rebase merging', @@ -57,16 +57,17 @@ ), visibility="public", topics=TOPICS, # 'repo_keywords' => 'Minimum keywords set', + # NOTE: @mirpedrol asked if we could add missing topics without deleting existing ones ) -# Make branches foreach (['master', 'dev', 'TEMPLATE'] as $branch) { -# 'repo_default_branch' => 'default branch master (released) or dev (no releases)', +# Make branches foreach (['main', 'dev', 'TEMPLATE'] as $branch) { +# 'repo_default_branch' => 'default branch main (released) or dev (no releases)', # TODO Toggle this on dev as default if there's not release? -# 'branch_master_exists' => 'master branch: branch must exist', +# 'branch_main_exists' => 'main branch: branch must exist', branch_default_testpipeline = github.BranchDefault( f"branch_default_{NAME}", - branch="master", + branch="main", repository=NAME, opts=pulumi.ResourceOptions(protect=True), ) @@ -86,11 +87,11 @@ ) # Add branch protections https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L296 # NOTE This uses the new Rulesets instead of classic branch protection rule -# TODO 'branch_master_strict_updates' => 'master branch: do not require branch to be up to date before merging', +# TODO 'branch_main_strict_updates' => 'main branch: do not require branch to be up to date before merging', ruleset_branch_default_testpipeline = github.RepositoryRuleset( f"ruleset_branch_default_{NAME}", bypass_actors=[ - # 'branch_master_enforce_admins' => 'master branch: do not enforce rules for admins', + # 'branch_main_enforce_admins' => 'main branch: do not enforce rules for admins', github.RepositoryRulesetBypassActorArgs( actor_id=CORE_TEAM_ID, actor_type="Team", @@ -104,17 +105,17 @@ ), ), enforcement="active", - name="master", + name="main", repository=NAME, rules=github.RepositoryRulesetRulesArgs( deletion=True, non_fast_forward=True, pull_request=github.RepositoryRulesetRulesPullRequestArgs( - required_approving_review_count=2, # 'branch_master_required_num_reviews' => 'master branch: 2 reviews required', - dismiss_stale_reviews_on_push=False, # 'branch_master_stale_reviews' => 'master branch: reviews not marked stale after new commits' - require_code_owner_review=False, # 'branch_master_code_owner_reviews' => 'master branch: code owner reviews not required', + required_approving_review_count=2, # 'branch_main_required_num_reviews' => 'main branch: 2 reviews required', + dismiss_stale_reviews_on_push=False, # 'branch_main_stale_reviews' => 'main branch: reviews not marked stale after new commits' + require_code_owner_review=False, # 'branch_main_code_owner_reviews' => 'main branch: code owner reviews not required', ), - # 'branch_master_required_ci' => 'master branch: minimum set of CI tests must pass', + # 'branch_main_required_ci' => 'main branch: minimum set of CI tests must pass', required_status_checks=github.RepositoryRulesetRulesRequiredStatusChecksArgs( required_checks=REQUIRED_CI_CHECKS, strict_required_status_checks_policy=True, @@ -178,6 +179,7 @@ bypass_mode="always", ) # TODO 'branch_template_restrict_push' => 'Restrict push to TEMPLATE to @nf-core-bot', + # NOTE: @mirpedrol suggested this may not be needed since everyone can run `nf-core sync` manually ], conditions=github.RepositoryRulesetConditionsArgs( ref_name=github.RepositoryRulesetConditionsRefNameArgs( From 13e7a61d804863cbaaee52e810ea580c5752fd55 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Tue, 3 Jun 2025 18:13:35 -0500 Subject: [PATCH 44/45] build: Integrate 1Password provider for GitHub token management - Added pulumi-onepassword dependency to manage GitHub tokens securely. - Updated Pulumi configuration to include 1Password account details. - Modified testpipeline.py to fetch GitHub token from 1Password and configure GitHub provider accordingly. --- pulumi/github/repos/Pulumi.dev.yaml | 4 +- pulumi/github/repos/Pulumi.prod.yaml | 5 +-- pulumi/github/repos/pipelines/testpipeline.py | 38 ++++++++++++++++--- pulumi/github/repos/pyproject.toml | 1 + pulumi/github/repos/uv.lock | 13 +++++++ 5 files changed, 51 insertions(+), 10 deletions(-) diff --git a/pulumi/github/repos/Pulumi.dev.yaml b/pulumi/github/repos/Pulumi.dev.yaml index 3a722fdd..b8de71dd 100644 --- a/pulumi/github/repos/Pulumi.dev.yaml +++ b/pulumi/github/repos/Pulumi.dev.yaml @@ -1,5 +1,7 @@ config: github:owner: nf-core-tf - # https://start.1password.com/open/i?a=O5GICFDKPNABLLVGMKBL5JWDWA&v=rdfcz6oy6qxxrc4clu467a7dmm&i=4ajrv44kc5lcbboa37fr5oydla&h=nf-core.1password.eu + # GitHub token stored in 1Password: https://start.1password.com/open/i?a=O5GICFDKPNABLLVGMKBL5JWDWA&v=rdfcz6oy6qxxrc4clu467a7dmm&i=4ajrv44kc5lcbboa37fr5oydla&h=nf-core.1password.eu + # 1Password provider configuration + pulumi-onepassword:account: nf-core.1password.eu environment: - github-nf-core-tf diff --git a/pulumi/github/repos/Pulumi.prod.yaml b/pulumi/github/repos/Pulumi.prod.yaml index d0ca5fcf..a50569b2 100644 --- a/pulumi/github/repos/Pulumi.prod.yaml +++ b/pulumi/github/repos/Pulumi.prod.yaml @@ -1,5 +1,4 @@ config: github:owner: nf-core -# https://start.1password.com/open/i?a=O5GICFDKPNABLLVGMKBL5JWDWA&v=rdfcz6oy6qxxrc4clu467a7dmm&i=ttqz63qvlr5qfwfde424nbl4re&h=nf-core.1password.eu -environment: - - github-prod + pulumi-onepassword:service_account_token: + secure: AAABAOVuHjkvr7WBtuxqrIv2W0MkvP9DkIoAqXc2YKGgbjDWCQWGKrXV0wZbmA+064gFec1V6fPVSphDWm9CPx1yq1WkVSnfX4gpNvQKDtJUFq8dqf5Z0XrNljAEr3Tegp3J6L08wj0zvN8R/HfveoOysKzmn6iUuwCEoizq4Yeaz8z20lWpWorE0ICHo6AXBTTH/qGC1HSW9qFfnGtUPvmnNHt2mLhFjnrOGP6My9m3x3tF9no+ptFdWN54lhCyARcBhn6JP2MhEJ09UPXw+uxwFfj8euwgU/pRsqdu22pJLMLA5mOn5gShYcRFT4eaWoRiu9eYaElItfgB8HSKiWrk26+eDz1VvdjdqfcUeLp7X2BGxD50q3s5Y6IRvHKhYZhJzNGq57qhk4M8sYXcl3sDDLZcKuidv4/NfFlLcop5i4KJ8lVBz1jP0v6QQHWjGXT6U1CvX5EwhqemEO862V/5RRYfy/qX85aVv/Xf01lIosGF2v5C5888F0mh8kelKwZGoqm6K+5o1Cy8V/nfCdmRXCEo7DY0iBYa0LfLmv++587rMs0kS84ocBIm/CjdgLoG+zlJRZGXcA0BlJwcWGYPaJ5J/FNDagMNikjwnHmHcTU0nflbzaArC4GJKMboKhl0OFxU3Z8KmhPIv0tUQBEwceDCi3fbEFdgvgnP0kjbFOgT5LMht44M+0B/r7KWZWwYDmZI5t7Bh5FC+qWg+GUiK5MtpOOy9MNi0gC7WrvTH3vhXpGzfx41EOdu3LF6SycigF0IMznl784PimFX1fMxH+9pX29dUP5LxXkS2INs6QQQOcOmlRKZqEsgZOPA34fzyNQliIj1thmS6GrC80UZcAPQ9HZtvKHX2/EZnzjTKcNvQrwsbRlD2de05xRjKCstAwQJVusN0+t8zMzeqgYUe1+Y9+fQ+5nZ3+uQvj9OvLjHFGuzYUwYAbSnAWgWZgUQ4gXNac7MCR4uc5ENJOByE72yL0SuJrGbhPACOE0rZTx35L88+XD7wGbM0iJ8D/2QU5XOgvXaXHQZk4xxsmDg9hY7klQ1atf05eRD+nO9htMgbuvlWeA478vZo2+BbOjn5ziHlDvs9+/NNi3VmP+10WtEkecL71luvmnMyoxI2oouQfcT9xEWW7Xj830BddVO3lr+C5Sdkp27ZENGEhZruZtpzH4x diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index 3c02a003..79d96a50 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -3,6 +3,29 @@ # https://github.com/pulumi/examples/blob/74db62a03d013c2854d2cf933c074ea0a3bbf69d/testing-unit-py/test_ec2.py import pulumi import pulumi_github as github +import pulumi_onepassword as onepassword + +# Configure 1Password provider with account details +onepassword_provider = onepassword.Provider( + "onepassword-provider", + account="nf-core.1password.eu" +) + +# Fetch GitHub token from 1Password +# Item ID from the 1Password URL: 4ajrv44kc5lcbboa37fr5oydla +# Vault ID from the 1Password URL: rdfcz6oy6qxxrc4clu467a7dmm +github_token_item = onepassword.get_item( + vault="rdfcz6oy6qxxrc4clu467a7dmm", # Vault ID from the 1Password URL + uuid="4ajrv44kc5lcbboa37fr5oydla", # Item ID from the 1Password URL + opts=pulumi.InvokeOptions(provider=onepassword_provider) +) + +# Configure GitHub provider with token from 1Password +github_provider = github.Provider( + "github-provider", + token=github_token_item.password, # The token is stored in the password field + owner="nf-core-tf" +) NAME = "testpipeline" @@ -58,6 +81,7 @@ visibility="public", topics=TOPICS, # 'repo_keywords' => 'Minimum keywords set', # NOTE: @mirpedrol asked if we could add missing topics without deleting existing ones + opts=pulumi.ResourceOptions(provider=github_provider) ) @@ -69,21 +93,21 @@ f"branch_default_{NAME}", branch="main", repository=NAME, - opts=pulumi.ResourceOptions(protect=True), + opts=pulumi.ResourceOptions(protect=True, provider=github_provider), ) # 'branch_dev_exists' => 'dev branch: branch must exist', branch_dev_testpipeline = github.Branch( f"branch_dev_{NAME}", branch="dev", repository=NAME, - opts=pulumi.ResourceOptions(protect=True), + opts=pulumi.ResourceOptions(protect=True, provider=github_provider), ) # 'branch_template_exists' => 'TEMPLATE branch: branch must exist', branch_template_testpipeline = github.Branch( f"branch_template_{NAME}", branch="TEMPLATE", repository=NAME, - opts=pulumi.ResourceOptions(protect=True), + opts=pulumi.ResourceOptions(protect=True, provider=github_provider), ) # Add branch protections https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L296 # NOTE This uses the new Rulesets instead of classic branch protection rule @@ -122,7 +146,7 @@ ), ), target="branch", - opts=pulumi.ResourceOptions(protect=True), + opts=pulumi.ResourceOptions(protect=True, provider=github_provider), ) # TODO 'branch_dev_strict_updates' => 'dev branch: do not require branch to be up to date before merging', ruleset_branch_dev_testpipeline = github.RepositoryRuleset( @@ -166,7 +190,7 @@ ), ), target="branch", - opts=pulumi.ResourceOptions(protect=True), + opts=pulumi.ResourceOptions(protect=True, provider=github_provider), ) # TODO Double check # Template branch protection https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L509 @@ -196,7 +220,7 @@ update=True, ), target="branch", - opts=pulumi.ResourceOptions(protect=True), + opts=pulumi.ResourceOptions(protect=True, provider=github_provider), ) # 'team_contributors' => 'Write access for nf-core/contributors', contributors_team_repo_testpipeline = github.TeamRepository( @@ -204,6 +228,7 @@ team_id="contributors", repository=NAME, permission="push", + opts=pulumi.ResourceOptions(provider=github_provider), ) # 'team_core' => 'Admin access for nf-core/core', core_team_repo_testpipeline = github.TeamRepository( @@ -211,4 +236,5 @@ team_id="core", repository=NAME, permission="admin", + opts=pulumi.ResourceOptions(provider=github_provider), ) diff --git a/pulumi/github/repos/pyproject.toml b/pulumi/github/repos/pyproject.toml index edda5444..91edaa02 100644 --- a/pulumi/github/repos/pyproject.toml +++ b/pulumi/github/repos/pyproject.toml @@ -7,4 +7,5 @@ requires-python = ">=3.12" dependencies = [ "pulumi>=3", "pulumi-github>=6.7.2", + "pulumi-onepassword>=1.1.3", ] diff --git a/pulumi/github/repos/uv.lock b/pulumi/github/repos/uv.lock index 9c6cfe69..312ebeff 100644 --- a/pulumi/github/repos/uv.lock +++ b/pulumi/github/repos/uv.lock @@ -139,6 +139,17 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/d9/ea/55777086f498ee2c067231a424abe5e26a3b032e81c9107777a4b78b8a8f/pulumi_github-6.7.2-py3-none-any.whl", hash = "sha256:7d14574a2cf9579cc60670f26b898d38b303349c1b15b4ededba479506e84432", size = 370137, upload-time = "2025-04-30T17:20:23.449Z" }, ] +[[package]] +name = "pulumi-onepassword" +version = "1.1.3" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "parver" }, + { name = "pulumi" }, + { name = "semver" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/2d/e3/15ba07147bf1ad602cd6234bb5ff09c29f9206d5ee0bf6845657c593264a/pulumi_onepassword-1.1.3.tar.gz", hash = "sha256:2ebbefa9463d8a9c6faf65491cad418c186d3a604360e78eaa319ef09c2478ba", size = 17968, upload-time = "2024-09-02T09:03:57.353Z" } + [[package]] name = "pyyaml" version = "6.0.2" @@ -172,12 +183,14 @@ source = { virtual = "." } dependencies = [ { name = "pulumi" }, { name = "pulumi-github" }, + { name = "pulumi-onepassword" }, ] [package.metadata] requires-dist = [ { name = "pulumi", specifier = ">=3" }, { name = "pulumi-github", specifier = ">=6.7.2" }, + { name = "pulumi-onepassword", specifier = ">=1.1.3" }, ] [[package]] From 8ec8496f9a1359bfc9a0981d3278851172c12d37 Mon Sep 17 00:00:00 2001 From: Edmund Miller Date: Wed, 4 Jun 2025 08:22:37 -0500 Subject: [PATCH 45/45] style: Run pre-commit --- .github/workflows/AWSMegatests.yml | 6 ++---- .github/workflows/repos.yml | 3 +-- docs/1password.md | 1 + pulumi/github/repos/__main__.py | 1 - pulumi/github/repos/core/modules.py | 2 -- pulumi/github/repos/import_by_hand.py | 11 ----------- pulumi/github/repos/pipelines/testpipeline.py | 11 +++++------ 7 files changed, 9 insertions(+), 26 deletions(-) diff --git a/.github/workflows/AWSMegatests.yml b/.github/workflows/AWSMegatests.yml index 31c3fdbf..1c49cd42 100644 --- a/.github/workflows/AWSMegatests.yml +++ b/.github/workflows/AWSMegatests.yml @@ -4,12 +4,12 @@ on: branches: - master paths: - - 'pulumi/test_datasets/**/*' + - "pulumi/test_datasets/**/*" pull_request: branches: - master paths: - - 'pulumi/test_datasets/**/*' + - "pulumi/test_datasets/**/*" # These are the environment variables that jobs in the workflow have access to. # By defining them here, all jobs/steps will have access to these variables. @@ -29,7 +29,6 @@ jobs: name: Pulumi runs-on: ubuntu-latest steps: - # Turnstyle is used to prevent multiple push jobs from running at the same time. We # limit it to push jobs to allow PR jobs to run concurrently. - name: Turnstyle @@ -64,7 +63,6 @@ jobs: stack-name: ${{ env.PULUMI_STACK_NAME }} work-dir: ${{ env.PULUMI_WORKING_DIRECTORY }} - # If you'd like to run your Pulumi application outside of the official GitHub Action #- name: Install Pulumi CLI diff --git a/.github/workflows/repos.yml b/.github/workflows/repos.yml index 34e04e3d..6138bbfb 100644 --- a/.github/workflows/repos.yml +++ b/.github/workflows/repos.yml @@ -42,7 +42,7 @@ jobs: - name: Install Python uses: actions/setup-python@v5 - cache: 'pip' + cache: "pip" - run: pip install -r requirements.txt working-directory: ${{ env.PULUMI_WORKING_DIRECTORY }} @@ -61,4 +61,3 @@ jobs: command: up stack-name: ${{ env.PULUMI_STACK_NAME }} work-dir: ${{ env.PULUMI_WORKING_DIRECTORY }} - diff --git a/docs/1password.md b/docs/1password.md index 6159912d..ce1e571e 100644 --- a/docs/1password.md +++ b/docs/1password.md @@ -15,6 +15,7 @@ op plugin init pulumi ``` This should result in: + ``` Pulumi CLI diff --git a/pulumi/github/repos/__main__.py b/pulumi/github/repos/__main__.py index a8bcc2d6..cf529d79 100644 --- a/pulumi/github/repos/__main__.py +++ b/pulumi/github/repos/__main__.py @@ -1,3 +1,2 @@ #!/usr/bin/env python -import pipelines.testpipeline diff --git a/pulumi/github/repos/core/modules.py b/pulumi/github/repos/core/modules.py index efd61ccc..6af91751 100644 --- a/pulumi/github/repos/core/modules.py +++ b/pulumi/github/repos/core/modules.py @@ -1,5 +1,3 @@ -import yaml - import pulumi import pulumi_github as github diff --git a/pulumi/github/repos/import_by_hand.py b/pulumi/github/repos/import_by_hand.py index 7a723a97..07e5cb8a 100644 --- a/pulumi/github/repos/import_by_hand.py +++ b/pulumi/github/repos/import_by_hand.py @@ -1,18 +1,7 @@ #!/usr/bin/env python -import pulumi -import pulumi_github as github - -import pipelines.denovotranscript -import pipelines.meerpipe -import pipelines.pairgenomealign -import pipelines.phaseimpute -import pipelines.reportho # ... -import core.github -import core.modules # ... -import core.website diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py index 79d96a50..15f8d5cb 100644 --- a/pulumi/github/repos/pipelines/testpipeline.py +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -7,8 +7,7 @@ # Configure 1Password provider with account details onepassword_provider = onepassword.Provider( - "onepassword-provider", - account="nf-core.1password.eu" + "onepassword-provider", account="nf-core.1password.eu" ) # Fetch GitHub token from 1Password @@ -16,15 +15,15 @@ # Vault ID from the 1Password URL: rdfcz6oy6qxxrc4clu467a7dmm github_token_item = onepassword.get_item( vault="rdfcz6oy6qxxrc4clu467a7dmm", # Vault ID from the 1Password URL - uuid="4ajrv44kc5lcbboa37fr5oydla", # Item ID from the 1Password URL - opts=pulumi.InvokeOptions(provider=onepassword_provider) + uuid="4ajrv44kc5lcbboa37fr5oydla", # Item ID from the 1Password URL + opts=pulumi.InvokeOptions(provider=onepassword_provider), ) # Configure GitHub provider with token from 1Password github_provider = github.Provider( "github-provider", token=github_token_item.password, # The token is stored in the password field - owner="nf-core-tf" + owner="nf-core-tf", ) NAME = "testpipeline" @@ -81,7 +80,7 @@ visibility="public", topics=TOPICS, # 'repo_keywords' => 'Minimum keywords set', # NOTE: @mirpedrol asked if we could add missing topics without deleting existing ones - opts=pulumi.ResourceOptions(provider=github_provider) + opts=pulumi.ResourceOptions(provider=github_provider), )