From ef8ef4dfbd48ddbf45fabc2390cc2aaf38bfecc3 Mon Sep 17 00:00:00 2001 From: ITensorBot <278814285+ITensorBot@users.noreply.github.com> Date: Fri, 1 May 2026 17:10:30 -0400 Subject: [PATCH 1/3] [PATCH] Apply workflow_security_rollout patch --- .github/workflows/CheckCompatBounds.yml | 2 +- .github/workflows/CompatHelper.yml | 2 +- .github/workflows/Documentation.yml | 2 +- .github/workflows/FormatCheck.yml | 8 ++---- .github/workflows/FormatCheckComment.yml | 16 ++++++++++++ .github/workflows/FormatPullRequest.yml | 2 +- .github/workflows/IntegrationTest.yml | 26 ++++++-------------- .github/workflows/IntegrationTestRequest.yml | 9 +++++-- .github/workflows/Registrator.yml | 2 +- .github/workflows/TagBot.yml | 2 +- .github/workflows/Tests.yml | 3 ++- .github/workflows/VersionCheck.yml | 2 +- 12 files changed, 41 insertions(+), 35 deletions(-) create mode 100644 .github/workflows/FormatCheckComment.yml diff --git a/.github/workflows/CheckCompatBounds.yml b/.github/workflows/CheckCompatBounds.yml index 237d11a..87c7428 100644 --- a/.github/workflows/CheckCompatBounds.yml +++ b/.github/workflows/CheckCompatBounds.yml @@ -4,6 +4,6 @@ on: jobs: check-compat-bounds: name: "Check Compat Bounds" - uses: "ITensor/ITensorActions/.github/workflows/CheckCompatBounds.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/CheckCompatBounds.yml@v1" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" diff --git a/.github/workflows/CompatHelper.yml b/.github/workflows/CompatHelper.yml index d7ced86..817a126 100644 --- a/.github/workflows/CompatHelper.yml +++ b/.github/workflows/CompatHelper.yml @@ -9,7 +9,7 @@ permissions: jobs: compat-helper: name: "CompatHelper" - uses: "ITensor/ITensorActions/.github/workflows/CompatHelper.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/CompatHelper.yml@v1" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" secrets: "inherit" diff --git a/.github/workflows/Documentation.yml b/.github/workflows/Documentation.yml index 6a41ccb..7442953 100644 --- a/.github/workflows/Documentation.yml +++ b/.github/workflows/Documentation.yml @@ -13,7 +13,7 @@ concurrency: jobs: build-and-deploy-docs: name: "Documentation" - uses: "ITensor/ITensorActions/.github/workflows/Documentation.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/Documentation.yml@v1" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" secrets: diff --git a/.github/workflows/FormatCheck.yml b/.github/workflows/FormatCheck.yml index 3c290ea..7bbbfee 100644 --- a/.github/workflows/FormatCheck.yml +++ b/.github/workflows/FormatCheck.yml @@ -1,16 +1,12 @@ name: "Format Check" on: - pull_request_target: + pull_request: types: - "opened" - "synchronize" - "reopened" - "ready_for_review" -permissions: - contents: "read" - actions: "write" - pull-requests: "write" jobs: format-check: name: "Format Check" - uses: "ITensor/ITensorActions/.github/workflows/FormatCheck.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/FormatCheck.yml@v1" diff --git a/.github/workflows/FormatCheckComment.yml b/.github/workflows/FormatCheckComment.yml new file mode 100644 index 0000000..b4b78b2 --- /dev/null +++ b/.github/workflows/FormatCheckComment.yml @@ -0,0 +1,16 @@ +name: "Format Check Comment" +on: + workflow_run: + workflows: + - "Format Check" + types: + - "completed" +jobs: + comment: + name: "Format Check Comment" + if: "github.event.workflow_run.event == 'pull_request'" + permissions: + pull-requests: "write" + actions: "read" + uses: "ITensor/ITensorActions/.github/workflows/FormatCheckComment.yml@v1" + secrets: "inherit" diff --git a/.github/workflows/FormatPullRequest.yml b/.github/workflows/FormatPullRequest.yml index 5a8b627..839f190 100644 --- a/.github/workflows/FormatPullRequest.yml +++ b/.github/workflows/FormatPullRequest.yml @@ -12,5 +12,5 @@ permissions: jobs: format-pull-request: name: "Format Pull Request" - uses: "ITensor/ITensorActions/.github/workflows/FormatPullRequest.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/FormatPullRequest.yml@v1" secrets: "inherit" diff --git a/.github/workflows/IntegrationTest.yml b/.github/workflows/IntegrationTest.yml index f07bf1a..567a946 100644 --- a/.github/workflows/IntegrationTest.yml +++ b/.github/workflows/IntegrationTest.yml @@ -3,7 +3,8 @@ on: push: branches: - "main" - pull_request_target: + tags: "*" + pull_request: types: - "opened" - "synchronize" @@ -13,24 +14,11 @@ on: jobs: integration-test: name: "IntegrationTest" - strategy: - fail-fast: false - matrix: - pkg: - - "ITensorNetworksNext" - uses: "ITensor/ITensorActions/.github/workflows/IntegrationTest.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/IntegrationTest.yml@v1" secrets: "inherit" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" - pkg: "${{ matrix.pkg }}" - integration-gate: - name: "IntegrationTest" - needs: "integration-test" - if: "${{ always() && needs.integration-test.result != 'skipped' }}" - runs-on: "ubuntu-latest" - steps: - - name: "Fail if any downstream integration test failed" - run: | - echo "integration-test.result = ${{ needs.integration-test.result }}" - test "${{ needs.integration-test.result }}" = "success" - + pkgs: |- + [ + "ITensorNetworksNext" + ] diff --git a/.github/workflows/IntegrationTestRequest.yml b/.github/workflows/IntegrationTestRequest.yml index 6f58e45..318ecac 100644 --- a/.github/workflows/IntegrationTestRequest.yml +++ b/.github/workflows/IntegrationTestRequest.yml @@ -3,12 +3,17 @@ on: issue_comment: types: - "created" +permissions: + actions: "read" + contents: "read" + checks: "write" + pull-requests: "write" jobs: integrationrequest: if: | github.event.issue.pull_request && contains(fromJSON('["OWNER", "COLLABORATOR", "MEMBER"]'), github.event.comment.author_association) - - uses: "ITensor/ITensorActions/.github/workflows/IntegrationTestRequest.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/IntegrationTestRequest.yml@v1" + secrets: "inherit" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" diff --git a/.github/workflows/Registrator.yml b/.github/workflows/Registrator.yml index 97dc033..a90c11a 100644 --- a/.github/workflows/Registrator.yml +++ b/.github/workflows/Registrator.yml @@ -16,7 +16,7 @@ permissions: issues: "write" jobs: Register: - uses: "ITensor/ITensorActions/.github/workflows/Registrator.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/Registrator.yml@v1" with: localregistry: "ITensor/ITensorRegistry" secrets: "inherit" diff --git a/.github/workflows/TagBot.yml b/.github/workflows/TagBot.yml index 9801567..d4da40e 100644 --- a/.github/workflows/TagBot.yml +++ b/.github/workflows/TagBot.yml @@ -9,5 +9,5 @@ env: jobs: TagBot: if: "github.event_name == 'workflow_dispatch' || github.actor == 'JuliaTagBot'" - uses: "ITensor/ITensorActions/.github/workflows/TagBot.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/TagBot.yml@v1" secrets: "inherit" diff --git a/.github/workflows/Tests.yml b/.github/workflows/Tests.yml index 5b47c10..244ca0e 100644 --- a/.github/workflows/Tests.yml +++ b/.github/workflows/Tests.yml @@ -5,6 +5,7 @@ on: - "master" - "main" - "release-" + tags: "*" paths-ignore: - "docs/**" pull_request: @@ -31,7 +32,7 @@ jobs: - "ubuntu-latest" - "macOS-latest" - "windows-latest" - uses: "ITensor/ITensorActions/.github/workflows/Tests.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/Tests.yml@v1" with: group: "${{ matrix.group }}" julia-version: "${{ matrix.version }}" diff --git a/.github/workflows/VersionCheck.yml b/.github/workflows/VersionCheck.yml index bb0df88..102898e 100644 --- a/.github/workflows/VersionCheck.yml +++ b/.github/workflows/VersionCheck.yml @@ -4,6 +4,6 @@ on: jobs: version-check: name: "Version Check" - uses: "ITensor/ITensorActions/.github/workflows/VersionCheck.yml@main" + uses: "ITensor/ITensorActions/.github/workflows/VersionCheck.yml@v1" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" From c114ffbda984e49d2f871f0674526ce0bb0d0361 Mon Sep 17 00:00:00 2001 From: Matthew Fishman Date: Fri, 1 May 2026 20:05:56 -0400 Subject: [PATCH 2/3] Normalize pkgs block scalar style to | --- .github/workflows/IntegrationTest.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/IntegrationTest.yml b/.github/workflows/IntegrationTest.yml index 567a946..1fea2a8 100644 --- a/.github/workflows/IntegrationTest.yml +++ b/.github/workflows/IntegrationTest.yml @@ -18,7 +18,7 @@ jobs: secrets: "inherit" with: localregistry: "https://github.com/ITensor/ITensorRegistry.git" - pkgs: |- + pkgs: | [ "ITensorNetworksNext" - ] + ] \ No newline at end of file From 1ed5b21b5d2d4d3c2006e69e26bfdb44f6abbb44 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Sat, 2 May 2026 00:06:14 +0000 Subject: [PATCH 3/3] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- .github/workflows/IntegrationTest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/IntegrationTest.yml b/.github/workflows/IntegrationTest.yml index 1fea2a8..e481b24 100644 --- a/.github/workflows/IntegrationTest.yml +++ b/.github/workflows/IntegrationTest.yml @@ -21,4 +21,4 @@ jobs: pkgs: | [ "ITensorNetworksNext" - ] \ No newline at end of file + ]