From 5ca5eaf602aacaf49ec4ce82715a231407119059 Mon Sep 17 00:00:00 2001 From: Matthew Fishman Date: Sun, 3 May 2026 21:58:02 -0400 Subject: [PATCH] Migrate workflow callers to ITensorActions v2 + filename-derived names Same shape as the ecosystem-wide v2 sweep, applied manually here so the existing repo-specific xvfb / OpenGL inputs in Tests.yml and Documentation.yml are preserved (the standard sweep patch overwrites caller files entirely and would clobber them). Changes: - Workflow `name:` / job display `name:` match filename basename (e.g. `IntegrationTest.yml` -> `name: "IntegrationTest"`). - Job keys kebab-case lowercase; brand names like `tagbot`, `compathelper` treated as single words. - `uses: ITensorActions/.../X.yml@v1` -> `@v2`. - `FormatCheckComment.yml` workflow_run trigger from `["Format Check"]` to `["FormatCheck"]`. - Explicit `permissions:` blocks added to every caller workflow that was missing one (matching the ITensorPkgSkeleton template shape). - Repo-specific `apt-packages`, `test-prefix`, `doc-prefix`, `extra-env`, `upload-artifacts-path`, and the `os: ubuntu-22.04` Documentation pin are preserved. --- .github/workflows/CheckCompatBounds.yml | 8 +++++--- .github/workflows/CompatHelper.yml | 4 ++-- .github/workflows/Documentation.yml | 6 ++++-- .github/workflows/FormatCheck.yml | 8 +++++--- .github/workflows/FormatCheckComment.yml | 13 ++++++++----- .github/workflows/FormatPullRequest.yml | 6 +++--- .github/workflows/IntegrationTest.yml | 5 ++++- .github/workflows/IntegrationTestRequest.yml | 7 ++++--- .github/workflows/Registrator.yml | 7 ++++--- .github/workflows/TagBot.yml | 8 ++++++-- .github/workflows/Tests.yml | 4 +++- .github/workflows/VersionCheck.yml | 9 ++++++--- 12 files changed, 54 insertions(+), 31 deletions(-) diff --git a/.github/workflows/CheckCompatBounds.yml b/.github/workflows/CheckCompatBounds.yml index 87c7428..f5277d6 100644 --- a/.github/workflows/CheckCompatBounds.yml +++ b/.github/workflows/CheckCompatBounds.yml @@ -1,9 +1,11 @@ -name: "Check Compat Bounds" +name: "CheckCompatBounds" on: pull_request: ~ +permissions: + contents: "read" jobs: check-compat-bounds: - name: "Check Compat Bounds" - uses: "ITensor/ITensorActions/.github/workflows/CheckCompatBounds.yml@v1" + name: "CheckCompatBounds" + uses: "ITensor/ITensorActions/.github/workflows/CheckCompatBounds.yml@v2" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" diff --git a/.github/workflows/CompatHelper.yml b/.github/workflows/CompatHelper.yml index 817a126..305496d 100644 --- a/.github/workflows/CompatHelper.yml +++ b/.github/workflows/CompatHelper.yml @@ -7,9 +7,9 @@ permissions: contents: "write" pull-requests: "write" jobs: - compat-helper: + compathelper: name: "CompatHelper" - uses: "ITensor/ITensorActions/.github/workflows/CompatHelper.yml@v1" + uses: "ITensor/ITensorActions/.github/workflows/CompatHelper.yml@v2" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" secrets: "inherit" diff --git a/.github/workflows/Documentation.yml b/.github/workflows/Documentation.yml index c608a91..9dd7947 100644 --- a/.github/workflows/Documentation.yml +++ b/.github/workflows/Documentation.yml @@ -10,10 +10,12 @@ on: concurrency: group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: "${{ github.ref_name != github.event.repository.default_branch || github.ref != 'refs/tags/v*' }}" +permissions: + contents: "write" jobs: - build-and-deploy-docs: + documentation: name: "Documentation" - uses: "ITensor/ITensorActions/.github/workflows/Documentation.yml@v1" + uses: "ITensor/ITensorActions/.github/workflows/Documentation.yml@v2" with: os: "ubuntu-22.04" localregistry: "https://github.com/ITensor/ITensorRegistry.git" diff --git a/.github/workflows/FormatCheck.yml b/.github/workflows/FormatCheck.yml index 7bbbfee..1783b51 100644 --- a/.github/workflows/FormatCheck.yml +++ b/.github/workflows/FormatCheck.yml @@ -1,4 +1,4 @@ -name: "Format Check" +name: "FormatCheck" on: pull_request: types: @@ -6,7 +6,9 @@ on: - "synchronize" - "reopened" - "ready_for_review" +permissions: + contents: "read" jobs: format-check: - name: "Format Check" - uses: "ITensor/ITensorActions/.github/workflows/FormatCheck.yml@v1" + name: "FormatCheck" + uses: "ITensor/ITensorActions/.github/workflows/FormatCheck.yml@v2" diff --git a/.github/workflows/FormatCheckComment.yml b/.github/workflows/FormatCheckComment.yml index b4b78b2..315023d 100644 --- a/.github/workflows/FormatCheckComment.yml +++ b/.github/workflows/FormatCheckComment.yml @@ -1,16 +1,19 @@ -name: "Format Check Comment" +name: "FormatCheckComment" on: workflow_run: workflows: - - "Format Check" + - "FormatCheck" types: - "completed" +permissions: + pull-requests: "write" + actions: "read" jobs: - comment: - name: "Format Check Comment" + format-check-comment: + name: "FormatCheckComment" if: "github.event.workflow_run.event == 'pull_request'" permissions: pull-requests: "write" actions: "read" - uses: "ITensor/ITensorActions/.github/workflows/FormatCheckComment.yml@v1" + uses: "ITensor/ITensorActions/.github/workflows/FormatCheckComment.yml@v2" secrets: "inherit" diff --git a/.github/workflows/FormatPullRequest.yml b/.github/workflows/FormatPullRequest.yml index 839f190..b0c2b61 100644 --- a/.github/workflows/FormatPullRequest.yml +++ b/.github/workflows/FormatPullRequest.yml @@ -1,4 +1,4 @@ -name: "Format Pull Request" +name: "FormatPullRequest" on: schedule: - cron: "0 0 * * *" @@ -11,6 +11,6 @@ permissions: pull-requests: "write" jobs: format-pull-request: - name: "Format Pull Request" - uses: "ITensor/ITensorActions/.github/workflows/FormatPullRequest.yml@v1" + name: "FormatPullRequest" + uses: "ITensor/ITensorActions/.github/workflows/FormatPullRequest.yml@v2" secrets: "inherit" diff --git a/.github/workflows/IntegrationTest.yml b/.github/workflows/IntegrationTest.yml index 3e6635e..329116b 100644 --- a/.github/workflows/IntegrationTest.yml +++ b/.github/workflows/IntegrationTest.yml @@ -11,10 +11,13 @@ on: - "reopened" - "ready_for_review" - "converted_to_draft" +permissions: + actions: "read" + contents: "read" jobs: integration-test: name: "IntegrationTest" - uses: "ITensor/ITensorActions/.github/workflows/IntegrationTest.yml@v1" + uses: "ITensor/ITensorActions/.github/workflows/IntegrationTest.yml@v2" secrets: "inherit" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" diff --git a/.github/workflows/IntegrationTestRequest.yml b/.github/workflows/IntegrationTestRequest.yml index 318ecac..7f7aee2 100644 --- a/.github/workflows/IntegrationTestRequest.yml +++ b/.github/workflows/IntegrationTestRequest.yml @@ -1,4 +1,4 @@ -name: "Integration Test Request" +name: "IntegrationTestRequest" on: issue_comment: types: @@ -9,11 +9,12 @@ permissions: checks: "write" pull-requests: "write" jobs: - integrationrequest: + integration-test-request: + name: "IntegrationTestRequest" if: | github.event.issue.pull_request && contains(fromJSON('["OWNER", "COLLABORATOR", "MEMBER"]'), github.event.comment.author_association) - uses: "ITensor/ITensorActions/.github/workflows/IntegrationTestRequest.yml@v1" + uses: "ITensor/ITensorActions/.github/workflows/IntegrationTestRequest.yml@v2" secrets: "inherit" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" diff --git a/.github/workflows/Registrator.yml b/.github/workflows/Registrator.yml index a90c11a..82d0a03 100644 --- a/.github/workflows/Registrator.yml +++ b/.github/workflows/Registrator.yml @@ -1,4 +1,4 @@ -name: "Register Package" +name: "Registrator" on: workflow_dispatch: ~ push: @@ -15,8 +15,9 @@ permissions: pull-requests: "write" issues: "write" jobs: - Register: - uses: "ITensor/ITensorActions/.github/workflows/Registrator.yml@v1" + registrator: + name: "Registrator" + uses: "ITensor/ITensorActions/.github/workflows/Registrator.yml@v2" with: localregistry: "ITensor/ITensorRegistry" secrets: "inherit" diff --git a/.github/workflows/TagBot.yml b/.github/workflows/TagBot.yml index d4da40e..1dd7bed 100644 --- a/.github/workflows/TagBot.yml +++ b/.github/workflows/TagBot.yml @@ -6,8 +6,12 @@ on: workflow_dispatch: ~ env: REGISTRY_TAGBOT_ACTION: "JuliaRegistries/TagBot" +permissions: + contents: "write" + issues: "read" jobs: - TagBot: + tagbot: + name: "TagBot" if: "github.event_name == 'workflow_dispatch' || github.actor == 'JuliaTagBot'" - uses: "ITensor/ITensorActions/.github/workflows/TagBot.yml@v1" + uses: "ITensor/ITensorActions/.github/workflows/TagBot.yml@v2" secrets: "inherit" diff --git a/.github/workflows/Tests.yml b/.github/workflows/Tests.yml index aef04ff..fb9ad18 100644 --- a/.github/workflows/Tests.yml +++ b/.github/workflows/Tests.yml @@ -19,6 +19,8 @@ on: concurrency: group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: "${{ startsWith(github.ref, 'refs/pull/') }}" +permissions: + contents: "read" jobs: tests: name: "Tests" @@ -30,7 +32,7 @@ jobs: - "1" os: - "ubuntu-latest" - uses: "ITensor/ITensorActions/.github/workflows/Tests.yml@v1" + uses: "ITensor/ITensorActions/.github/workflows/Tests.yml@v2" with: group: "${{ matrix.group }}" julia-version: "${{ matrix.version }}" diff --git a/.github/workflows/VersionCheck.yml b/.github/workflows/VersionCheck.yml index 102898e..7d6d202 100644 --- a/.github/workflows/VersionCheck.yml +++ b/.github/workflows/VersionCheck.yml @@ -1,9 +1,12 @@ -name: "Version Check" +name: "VersionCheck" on: pull_request: ~ +permissions: + contents: "read" + pull-requests: "read" jobs: version-check: - name: "Version Check" - uses: "ITensor/ITensorActions/.github/workflows/VersionCheck.yml@v1" + name: "VersionCheck" + uses: "ITensor/ITensorActions/.github/workflows/VersionCheck.yml@v2" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git"