From ae5ded987cf80903df3f925be9a53201f65e21d1 Mon Sep 17 00:00:00 2001 From: ITensorBot <278814285+ITensorBot@users.noreply.github.com> Date: Fri, 1 May 2026 17:11:41 -0400 Subject: [PATCH 1/3] [PATCH] Apply workflow_security_rollout patch --- .github/workflows/CheckCompatBounds.yml | 2 +- .github/workflows/CompatHelper.yml | 2 +- .github/workflows/Documentation.yml | 2 +- .github/workflows/FormatCheck.yml | 8 ++---- .github/workflows/FormatCheckComment.yml | 16 +++++++++++ .github/workflows/FormatPullRequest.yml | 2 +- .github/workflows/IntegrationTest.yml | 30 ++++++-------------- .github/workflows/IntegrationTestRequest.yml | 9 ++++-- .github/workflows/Registrator.yml | 2 +- .github/workflows/TagBot.yml | 2 +- .github/workflows/Tests.yml | 3 +- .github/workflows/VersionCheck.yml | 2 +- 12 files changed, 43 insertions(+), 37 deletions(-) create mode 100644 .github/workflows/FormatCheckComment.yml diff --git a/.github/workflows/CheckCompatBounds.yml b/.github/workflows/CheckCompatBounds.yml index 237d11ac..87c7428b 100644 --- a/.github/workflows/CheckCompatBounds.yml +++ b/.github/workflows/CheckCompatBounds.yml @@ -4,6 +4,6 @@ on: jobs: check-compat-bounds: name: "Check Compat Bounds" - uses: "ITensor/ITensorActions/.github/workflows/CheckCompatBounds.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/CheckCompatBounds.yml@v1" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" diff --git a/.github/workflows/CompatHelper.yml b/.github/workflows/CompatHelper.yml index d7ced86e..817a1268 100644 --- a/.github/workflows/CompatHelper.yml +++ b/.github/workflows/CompatHelper.yml @@ -9,7 +9,7 @@ permissions: jobs: compat-helper: name: "CompatHelper" - uses: "ITensor/ITensorActions/.github/workflows/CompatHelper.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/CompatHelper.yml@v1" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" secrets: "inherit" diff --git a/.github/workflows/Documentation.yml b/.github/workflows/Documentation.yml index 6a41ccb6..74429533 100644 --- a/.github/workflows/Documentation.yml +++ b/.github/workflows/Documentation.yml @@ -13,7 +13,7 @@ concurrency: jobs: build-and-deploy-docs: name: "Documentation" - uses: "ITensor/ITensorActions/.github/workflows/Documentation.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/Documentation.yml@v1" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" secrets: diff --git a/.github/workflows/FormatCheck.yml b/.github/workflows/FormatCheck.yml index 3c290ead..7bbbfee5 100644 --- a/.github/workflows/FormatCheck.yml +++ b/.github/workflows/FormatCheck.yml @@ -1,16 +1,12 @@ name: "Format Check" on: - pull_request_target: + pull_request: types: - "opened" - "synchronize" - "reopened" - "ready_for_review" -permissions: - contents: "read" - actions: "write" - pull-requests: "write" jobs: format-check: name: "Format Check" - uses: "ITensor/ITensorActions/.github/workflows/FormatCheck.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/FormatCheck.yml@v1" diff --git a/.github/workflows/FormatCheckComment.yml b/.github/workflows/FormatCheckComment.yml new file mode 100644 index 00000000..b4b78b2c --- /dev/null +++ b/.github/workflows/FormatCheckComment.yml @@ -0,0 +1,16 @@ +name: "Format Check Comment" +on: + workflow_run: + workflows: + - "Format Check" + types: + - "completed" +jobs: + comment: + name: "Format Check Comment" + if: "github.event.workflow_run.event == 'pull_request'" + permissions: + pull-requests: "write" + actions: "read" + uses: "ITensor/ITensorActions/.github/workflows/FormatCheckComment.yml@v1" + secrets: "inherit" diff --git a/.github/workflows/FormatPullRequest.yml b/.github/workflows/FormatPullRequest.yml index 5a8b6276..839f190f 100644 --- a/.github/workflows/FormatPullRequest.yml +++ b/.github/workflows/FormatPullRequest.yml @@ -12,5 +12,5 @@ permissions: jobs: format-pull-request: name: "Format Pull Request" - uses: "ITensor/ITensorActions/.github/workflows/FormatPullRequest.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/FormatPullRequest.yml@v1" secrets: "inherit" diff --git a/.github/workflows/IntegrationTest.yml b/.github/workflows/IntegrationTest.yml index 2fbc4781..4a728847 100644 --- a/.github/workflows/IntegrationTest.yml +++ b/.github/workflows/IntegrationTest.yml @@ -3,7 +3,8 @@ on: push: branches: - "main" - pull_request_target: + tags: "*" + pull_request: types: - "opened" - "synchronize" @@ -13,26 +14,13 @@ on: jobs: integration-test: name: "IntegrationTest" - strategy: - fail-fast: false - matrix: - pkg: - - "DataGraphs" - - "ITensorNetworks" - - "ITensorNetworksNext" - uses: "ITensor/ITensorActions/.github/workflows/IntegrationTest.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/IntegrationTest.yml@v1" secrets: "inherit" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" - pkg: "${{ matrix.pkg }}" - integration-gate: - name: "IntegrationTest" - needs: "integration-test" - if: "${{ always() && needs.integration-test.result != 'skipped' }}" - runs-on: "ubuntu-latest" - steps: - - name: "Fail if any downstream integration test failed" - run: | - echo "integration-test.result = ${{ needs.integration-test.result }}" - test "${{ needs.integration-test.result }}" = "success" - + pkgs: |- + [ + "DataGraphs", + "ITensorNetworks", + "ITensorNetworksNext" + ] diff --git a/.github/workflows/IntegrationTestRequest.yml b/.github/workflows/IntegrationTestRequest.yml index 6f58e45b..318ecacc 100644 --- a/.github/workflows/IntegrationTestRequest.yml +++ b/.github/workflows/IntegrationTestRequest.yml @@ -3,12 +3,17 @@ on: issue_comment: types: - "created" +permissions: + actions: "read" + contents: "read" + checks: "write" + pull-requests: "write" jobs: integrationrequest: if: | github.event.issue.pull_request && contains(fromJSON('["OWNER", "COLLABORATOR", "MEMBER"]'), github.event.comment.author_association) - - uses: "ITensor/ITensorActions/.github/workflows/IntegrationTestRequest.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/IntegrationTestRequest.yml@v1" + secrets: "inherit" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" diff --git a/.github/workflows/Registrator.yml b/.github/workflows/Registrator.yml index 97dc033f..a90c11a7 100644 --- a/.github/workflows/Registrator.yml +++ b/.github/workflows/Registrator.yml @@ -16,7 +16,7 @@ permissions: issues: "write" jobs: Register: - uses: "ITensor/ITensorActions/.github/workflows/Registrator.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/Registrator.yml@v1" with: localregistry: "ITensor/ITensorRegistry" secrets: "inherit" diff --git a/.github/workflows/TagBot.yml b/.github/workflows/TagBot.yml index 98015672..d4da40e7 100644 --- a/.github/workflows/TagBot.yml +++ b/.github/workflows/TagBot.yml @@ -9,5 +9,5 @@ env: jobs: TagBot: if: "github.event_name == 'workflow_dispatch' || github.actor == 'JuliaTagBot'" - uses: "ITensor/ITensorActions/.github/workflows/TagBot.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/TagBot.yml@v1" secrets: "inherit" diff --git a/.github/workflows/Tests.yml b/.github/workflows/Tests.yml index 5b47c107..244ca0e9 100644 --- a/.github/workflows/Tests.yml +++ b/.github/workflows/Tests.yml @@ -5,6 +5,7 @@ on: - "master" - "main" - "release-" + tags: "*" paths-ignore: - "docs/**" pull_request: @@ -31,7 +32,7 @@ jobs: - "ubuntu-latest" - "macOS-latest" - "windows-latest" - uses: "ITensor/ITensorActions/.github/workflows/Tests.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/Tests.yml@v1" with: group: "${{ matrix.group }}" julia-version: "${{ matrix.version }}" diff --git a/.github/workflows/VersionCheck.yml b/.github/workflows/VersionCheck.yml index bb0df888..102898e7 100644 --- a/.github/workflows/VersionCheck.yml +++ b/.github/workflows/VersionCheck.yml @@ -4,6 +4,6 @@ on: jobs: version-check: name: "Version Check" - uses: "ITensor/ITensorActions/.github/workflows/VersionCheck.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/VersionCheck.yml@v1" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" From ada31f2491c59dde45b3117724f6b74f1b55ab72 Mon Sep 17 00:00:00 2001 From: Matthew Fishman Date: Fri, 1 May 2026 20:06:12 -0400 Subject: [PATCH 2/3] Normalize pkgs block scalar style to | --- .github/workflows/IntegrationTest.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/IntegrationTest.yml b/.github/workflows/IntegrationTest.yml index 4a728847..e251cd42 100644 --- a/.github/workflows/IntegrationTest.yml +++ b/.github/workflows/IntegrationTest.yml @@ -18,9 +18,9 @@ jobs: secrets: "inherit" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" - pkgs: |- + pkgs: | [ "DataGraphs", "ITensorNetworks", "ITensorNetworksNext" - ] + ] \ No newline at end of file From a32985ec2eb73ffc124eccb8b9220ae097658ebc Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Sat, 2 May 2026 00:06:56 +0000 Subject: [PATCH 3/3] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- .github/workflows/IntegrationTest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/IntegrationTest.yml b/.github/workflows/IntegrationTest.yml index e251cd42..85df09a0 100644 --- a/.github/workflows/IntegrationTest.yml +++ b/.github/workflows/IntegrationTest.yml @@ -23,4 +23,4 @@ jobs: "DataGraphs", "ITensorNetworks", "ITensorNetworksNext" - ] \ No newline at end of file + ]