Skip to content

UBC-MOAD/gha-workflows

BranchesTags

Repository files navigation

gha-workflows
CI CodeQL analysis
Python Python Version
Issue Tracker Issue Tracker
Meta Licensed under the Apache License, Version 2.0 Git on GitHub pre-commit The uncompromising Python code formatter Pixi Badge

Reusable GitHub Actions workflows for MOAD repositories and workflow management tools

Changes

31-Dec-2025

Added Pixi versions of pytest-with-coverage and sphinx-linkcheck workflows.

17-Dec-2025

Changed to use Pixi for project and environment management.

22-Mar-2024

Added Codecov token to pytest-with-coverage workflow to re-enable coverage report comments in pull requests. Tokens became required for that functionality with Codecov's change to v4.0.0 of its GitHub action.

ref: https://about.codecov.io/blog/january-product-update-updating-the-codecov-ci-uploaders-to-the-codecov-cli/

2-Feb-2024

Added auto-milestone-issue-pr.yaml workflow to automatically add current milestone to new issues and PRs.

19-Jan-2023

Added gha_workflows_checker.py utility script from https://github.com/UBC-MOAD/gha-workflows-checker.

2-Dec-2022

Changed to rely on the Slack github app workflows subscription feature to send workflow status notifications to Slack instead of the 8398a7/action-slack action.

Enable that feature with:

/github subscribe org/repo workflows:{event:"pull_request","push" branch:"main"}

ref: https://github.com/integrations/slack#actions-workflow-notifications

How to Use the Workflows

YAML blobs to use the reusable workflows in other repositories.

auto-assign

name: Assign Issue/PR

on:
  issues:
    types:
      - reopened
      - opened
  pull_request:
    types:
      - reopened
      - opened

jobs:
  auto_assign:
    permissions:
      issues: write
      pull-requests: write
    uses: UBC-MOAD/gha-workflows/.github/workflows/auto-assign.yaml@main

auto-milestone-issue-pr

name: Add Milestone to Issue/PR

on:
  issues:
    types:
      - opened
  pull_request:
    types:
      - opened
    branches:
      - main

jobs:
  add_milestone:
    permissions:
      issues: write
      pull-requests: write
    uses: UBC-MOAD/gha-workflows/.github/workflows/auto-milestone-issue-pr.yaml@main

codeql-analysis

Note: Each repo should have a different cron schedule.

name: "CodeQL"

on:
  push:
    branches: [ '*' ]
  schedule:
    - cron: '20 17 * * 1'

jobs:
  analyze:
    name: Analyze
    permissions:
      actions: read
      contents: read
      security-events: write
    strategy:
      fail-fast: false
      matrix:
        language: [ 'python' ]
    uses: UBC-MOAD/gha-workflows/.github/workflows/codeql-analysis.yaml@SHA
    with:
      language: ${{ matrix.language }}

pytest-with-coverage

Notes:

  • A Codecov token is required for coverage results to be uploaded to Codecov and coverage report comments to appear in pull requests. Codecov tokens are generated as global upload tokens for organizations on Codecov and stored as organization secrets named CODECOV_TOKEN on GitHub.
  • Be sure to set the conda-env-name: value correctly.
name: pytest-with-coverage

on:
  push:
    branches: [ '*' ]

jobs:
  pytest-with-coverage:
    permissions:
      contents: read
      pull-requests: write
    strategy:
      fail-fast: false
      matrix:
        python-version: [ '3.10', '3.11' ]
    uses: UBC-MOAD/gha-workflows/.github/workflows/pytest-with-coverage.yaml@main
    with:
      python-version: ${{ matrix.python-version }}
      conda-env-file: envs/environment-test.yaml
      conda-env-name: <test-env-name>
    secrets:
      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

sphinx-linkcheck

Notes:

name: sphinx-linkcheck

on:
  push:
    branches: [ '*' ]
  schedule:
    - cron: 43 10 13 * *  # 10:43 UTC on the 4th day of each month

jobs:
  sphinx-linkcheck:
    permissions:
      contents: read
    strategy:
      fail-fast: false
      matrix:
        # Need to specify Python version here because we use test env which gets its
        # Python version via matrix
        python-version: [ '3.11' ]
    uses: UBC-MOAD/gha-workflows/.github/workflows/sphinx-linkcheck.yaml@main
    with:
      python-version: ${{ matrix.python-version }}
      conda-env-file: envs/environment-test.yaml
      conda-env-name: <test-env-name>

gha_workflows_checker.py Script

Use the GitHub CLI tool to list GitHub Actions workflows in repositories with their enabled/disabled status.

The Initial impetus for this script was to provide an easy way to check for GitHub's automatic disabling of scheduled sphinx-linkcheck workflows in repos that haven't had activity for >60d.

Run in a terminal via:

pixi run check

Disabled workflows can be re-enabled with commands like:

pixi run gh -R UBC-MOAD/moad_tools workflow enable CodeQL

Repository Maintenance

In Dec-2025, when project and environment management was changed to use pixi, dependabot does not support providing security update notifications and PRs based on the pixi.lock file. We continue to obtain that service from GitHub by retaining the requirements.txt file. To update it, delete the packages list from the file, then use the command:

pixi run update-reqs

About

Reusable GitHub Actions workflows for MOAD repositories and workflow management tools

Topics

github workflow ubc-moad

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Contributors

Languages