Pin python dependencies to hashes and cleanup/unify python setup steps in
various workflows.
We now have one dependency file containing all requirements for github
actions that is managed centrally with hashes. No direct pip installs
are needed in workflow files and everything shall go via the
requirements file.
Pinning to specific version and hashes helps with preventing supply
chain attacks.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Default to `permissions: read-all` in all workflows and then add
additional permissions as needed at the job level
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This commit follows up on e808ccfxy and completes the pinning of *all*
GitHub Actions to SHAs, including GitHub-owned `actions/*` actions.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Cleanup all pip commands in the various workflow
- drop the install/upgrade for setuptool pip and wheel, seems like this
was introduced few years back to work around some old bug and it's not
needed anymore
- use pip instead of pip3, that's probably been equivalent for quite a
long time in the CI image
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
Update Github actions to their latest versions to fix the following
warnings on runs:
```
Node.js 16 actions are deprecated. Please update the following actions
to use Node.js 20: actions/checkout@v3, actions/cache@v3,
actions/upload-artifact@v3. For more information see:
https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
```
`actions/checkout` and `actions/cache` are straight Node version
upgrades, `actions/upload-artifact` and `actions/download-artifact` have
breaking changes, but don't appear to affect our usage.
https://github.com/actions/upload-artifact
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
Get more reviewers added to make sure we have all relevant reviewers
looking at changes targeting collab branches.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Add a scheduled entry to run_assignee to run the module assignment
function periodically, as well as a target to run the issue code when
issue labels are changed.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
This commit updates the pull request assigner workflow to use the
Ubuntu 22.04 virtual environment.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit updates the CI workflows to use the latest "checkout"
action v3, which is based on Node.js 16.
Note that Node.js 12-based actions are now deprecated by GitHub and may
stop working in the near future.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit updates the pull request assigner workflow to skip the
reviewers, assignee and labels assignment for the pull requests that
are marked as draft.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit adds the "Pull Request Assigner" workflow that
automatically assigns the reviewers, assignee and labels for a pull
request.
Note that this workflow runs on the `pull_request_target` event in the
context of the base branch using the `MAINTAINERS.yml` from the base
branch.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
