From 7974fed1e2d68ef7755b8b570dd359feff77ee07 Mon Sep 17 00:00:00 2001 From: thc1006 <84045975+thc1006@users.noreply.github.com> Date: Sat, 27 Jun 2026 22:19:14 +0800 Subject: [PATCH] ci: relocate Codecov config, pin actions, add concurrency - Move .github/workflows/codecov.yml -> .github/codecov.yml. It is a Codecov config file (no on:/jobs:), so Actions parsed it as an invalid workflow and marked a failed run on every commit. The reusable upload-to-codecov.yml stays under workflows/. - Pin third-party actions off moving @main/@master refs to current stable tags (checkout@v7, setup-python@v6, upload-artifact@v7, download-artifact@v8, codecov-action@v7, auto-assign@v3, gh-action-pypi-publish@v1.14.0). - Add concurrency cancel-in-progress to the PR-triggered Tests and Linters workflows (not the scheduled slow one). - Pin ruff (ruff==0.15.20) in the lint workflow for reproducible results. CI-config only; no source changes. --- .github/{workflows => }/codecov.yml | 0 .github/workflows/auto-assign.yml | 3 ++- .github/workflows/linters.yml | 13 ++++++++++--- .github/workflows/publish-to-pypi.yml | 7 ++++--- .github/workflows/test-pytest-slow.yaml | 5 +++-- .github/workflows/test_pytest.yaml | 18 ++++++++++++------ .github/workflows/upload-to-codecov.yml | 3 ++- 7 files changed, 33 insertions(+), 16 deletions(-) rename .github/{workflows => }/codecov.yml (100%) diff --git a/.github/workflows/codecov.yml b/.github/codecov.yml similarity index 100% rename from .github/workflows/codecov.yml rename to .github/codecov.yml diff --git a/.github/workflows/auto-assign.yml b/.github/workflows/auto-assign.yml index e056651e6..b6068ccc1 100644 --- a/.github/workflows/auto-assign.yml +++ b/.github/workflows/auto-assign.yml @@ -6,7 +6,8 @@ jobs: run: runs-on: ubuntu-latest steps: - - uses: bubkoo/auto-assign@master + # pin to current stable major tag instead of @master. + - uses: bubkoo/auto-assign@v3 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CONFIG_FILE: .github/auto-assign.yml diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index 3e5a3e81d..93c89caba 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -11,6 +11,11 @@ on: - "requirements*" - ".pylintrc" +# cancel superseded runs on the same PR/ref. +concurrency: + group: linters-${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: lint: runs-on: ubuntu-latest @@ -18,9 +23,10 @@ jobs: matrix: python-version: ["3.10"] steps: - - uses: actions/checkout@main + # pin to current stable major tags instead of @main. + - uses: actions/checkout@v7 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@main + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} - name: Install dependencies @@ -28,7 +34,8 @@ jobs: python -m pip install --upgrade pip pip install .[all] pip install .[tests] - pip install pylint ruff + # pin ruff for reproducible lint results (verified latest 2026-06-27). + pip install pylint "ruff==0.15.20" - name: Ruff (lint) run: ruff check --output-format=github . - name: Ruff (format) diff --git a/.github/workflows/publish-to-pypi.yml b/.github/workflows/publish-to-pypi.yml index ba2de7648..a24af002b 100644 --- a/.github/workflows/publish-to-pypi.yml +++ b/.github/workflows/publish-to-pypi.yml @@ -15,9 +15,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@main + # pin to current stable major tags instead of @main / @master. + - uses: actions/checkout@v7 - name: Set up Python - uses: actions/setup-python@main + uses: actions/setup-python@v6 with: python-version: "3.10" - name: Install dependencies @@ -27,7 +28,7 @@ jobs: - name: Build package run: python -m build - name: Publish package - uses: pypa/gh-action-pypi-publish@master + uses: pypa/gh-action-pypi-publish@v1.14.0 with: user: __token__ password: ${{ secrets.PYPI_API_TOKEN }} diff --git a/.github/workflows/test-pytest-slow.yaml b/.github/workflows/test-pytest-slow.yaml index fb58f62de..32a87e0c2 100644 --- a/.github/workflows/test-pytest-slow.yaml +++ b/.github/workflows/test-pytest-slow.yaml @@ -26,9 +26,10 @@ jobs: PYTHON: ${{ matrix.python-version }} MPLBACKEND: Agg steps: - - uses: actions/checkout@main + # pin to current stable major tags instead of @main. + - uses: actions/checkout@v7 - name: Set up Python - uses: actions/setup-python@main + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/test_pytest.yaml b/.github/workflows/test_pytest.yaml index f2a13fb13..7f5dff00b 100644 --- a/.github/workflows/test_pytest.yaml +++ b/.github/workflows/test_pytest.yaml @@ -9,6 +9,11 @@ on: - "pyproject.toml" - "requirements*" +# cancel superseded runs on the same PR/ref to save runner minutes. +concurrency: + group: tests-${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + defaults: run: shell: bash @@ -25,9 +30,10 @@ jobs: PYTHON: ${{ matrix.python-version }} MPLBACKEND: Agg steps: - - uses: actions/checkout@main + # pin to current stable major tags instead of @main. + - uses: actions/checkout@v7 - name: Set up Python - uses: actions/setup-python@main + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} cache: 'pip' @@ -62,7 +68,7 @@ jobs: run: pytest tests/acceptance --cov=rocketpy --cov-append --cov-report=xml - name: Upload coverage to artifacts - uses: actions/upload-artifact@main + uses: actions/upload-artifact@v7 with: name: coverage path: coverage.xml @@ -73,11 +79,11 @@ jobs: needs: Pytest runs-on: ubuntu-latest steps: - - uses: actions/checkout@main + - uses: actions/checkout@v7 - name: Download latest coverage report - uses: actions/download-artifact@main + uses: actions/download-artifact@v8 - name: Upload to Codecov - uses: codecov/codecov-action@main + uses: codecov/codecov-action@v7 with: token: ${{ secrets.CODECOV_TOKEN }} files: | diff --git a/.github/workflows/upload-to-codecov.yml b/.github/workflows/upload-to-codecov.yml index e83be8536..672f30373 100644 --- a/.github/workflows/upload-to-codecov.yml +++ b/.github/workflows/upload-to-codecov.yml @@ -18,7 +18,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Upload coverage report to Codecov - uses: codecov/codecov-action@main + # pin to current stable major tag instead of @main. + uses: codecov/codecov-action@v7 with: token: ${{ inputs.codecov_token }} directory: ./coverage/reports/