Quantco
diff --git a/‎.github/CODEOWNERS‎
Lines changed: 1 addition & 0 deletions b/‎.github/CODEOWNERS‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/dependabot.yml‎
Lines changed: 10 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎.github/workflows/bump-versions.yml‎
Lines changed: 57 additions & 0 deletions b/‎.github/workflows/bump-versions.yml‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎.github/workflows/ci-copier.yml‎
Lines changed: 113 additions & 0 deletions b/‎.github/workflows/ci-copier.yml‎
Lines changed: 113 additions & 0 deletions
@@ -0,0 +1 @@
+* @pavelzw @0xbe7a @AdrianFreundQC
@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+    groups:
+      copier-actions:
+        patterns:
+          - "*"
@@ -0,0 +1,57 @@
+name: Autoupdate
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: 0 6 * * *
+
+jobs:
+  update:
+    name: Update ${{ matrix.name }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - script: update_actions
+            name: gh-actions
+    steps:
+      - name: Checkout branch
+        uses: actions/checkout@v4
+      - name: Set up Conda env
+        uses: mamba-org/setup-micromamba@f8b8a1e23a26f60a44c853292711bacfd3eac822
+        with:
+          environment-file: environment.yml
+      - name: Update ${{ matrix.name }}
+        run: python -m scripts.${{ matrix.script }}
+        shell: micromamba-shell {0}
+        env:
+          GH_TOKEN: ${{ github.token }}
+      - uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e
+        with:
+          commit-message: Auto-update ${{ matrix.name }}
+          title: Auto-update ${{ matrix.name }}
+          body: |
+            New versions of pinned dependencies in ${{ matrix.name }} were detected.
+            This PR updates them to the latest version.
+          branch: update-${{ matrix.name }}
+          delete-branch: true
+      - name: Create issue on failure
+        if: failure()
+        uses: actions/github-script@v7
+        with:
+          script: |
+            github.rest.issues.listForRepo({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              state: "open",
+              labels: "[bot] autoupdate"
+            }).then((issues) => {
+              if (issues.data.length === 0) {
+                github.rest.issues.create({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  title: "${{ matrix.name }} update failed",
+                  body: "See https://github.com/quantco/copier-template-python-open-source/actions/runs/${{ github.run_id }} for details.",
+                  labels: ["[bot] autoupdate"]
+                })
+              }
+            });
@@ -0,0 +1,113 @@
+name: CI Copier
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+# Automatically stop old builds on the same branch/PR
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  pre-commit-checks:
+    name: Pre-commit Checks
+    timeout-minutes: 30
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout branch
+        uses: actions/checkout@v4
+      - name: Set up pixi
+        uses: prefix-dev/setup-pixi@ba3bb36eb2066252b2363392b7739741bb777659
+        with:
+          environments: default lint
+      - name: pre-commit
+        run: pixi run pre-commit-run --color=always --show-diff-on-failure
+
+  pytest:
+    name: pytest
+    timeout-minutes: 30
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout branch
+        uses: actions/checkout@v4
+      - name: Set up pixi
+        uses: prefix-dev/setup-pixi@ba3bb36eb2066252b2363392b7739741bb777659
+      - name: Cache pre-commit envs
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cache/pre-commit
+          key: project-generation-pre-commit-${{ hashFiles('template/.pre-commit-config.yaml.jinja') }}
+      - name: Test
+        run: pixi run test
+
+  test-generated-package-ci:
+    name: Test CI of generated package (minimal-python = ${{ matrix.minimal-python-version }})
+    timeout-minutes: 30
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        minimal-python-version: [py38, py310]
+
+    steps:
+      - name: Checkout branch
+        uses: actions/checkout@v4
+        with:
+          ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
+      - name: Set up pixi
+        uses: prefix-dev/setup-pixi@ba3bb36eb2066252b2363392b7739741bb777659
+      - name: Test generated package CI
+        run: |
+          # Name of the generated package.
+          # Authentication for pushing to $REPO.
+          AUTH='authorization: Bearer ${{ secrets.GITHUB_TOKEN }}'
+          eval $(ssh-agent)
+          ssh-add - <<< "${{ secrets.SSH_PRIVATE_KEY }}"
+          # Set up local Git so that copier can run "git commit".
+          git config --global user.email "landocalrissian@example.com"
+          git config --global user.name "Lando Calrissian"
+          # Generate package with default settings + Windows CI.
+          copier copy \
+            --data project_name="Package" \
+            --data project_short_description="Example Package" \
+            --data github_user="LandoCalrissian" \
+            --data project_slug="package" \
+            --data minimal_python_version="${{ matrix.minimal-python-version }}" \
+            --defaults \
+            --trust \
+            . out
+          cd out
+          # Push the generated package's HEAD commit to a `ci/*` branch
+          cid=$(git rev-parse HEAD)
+          git push -f "${GITHUB_SERVER_URL/https:\/\//git@}:$GITHUB_REPOSITORY" $cid:refs/heads/ci/$GITHUB_SHA
+          # Use the GitHub API to wait for the generated package's CI to complete (success or failure).
+          # We look for a GitHub Actions run for the HEAD commit ID.
+          WORKFLOW_URL="$GITHUB_API_URL/repos/${GITHUB_REPOSITORY}/actions/runs?branch=ci/${GITHUB_SHA}&head_sha=${cid}"
+          echo "Waiting for inner CI to start"
+          while (( $(curl -Ls --header "$AUTH" "$WORKFLOW_URL" | jq -r ".workflow_runs | length") < 1 )); do
+            sleep 10
+          done
+          echo "Waiting for inner CI to complete"
+          while curl -Ls --header "$AUTH" "$WORKFLOW_URL" | jq -r ".workflow_runs | .[] | .status" | grep --invert-match completed > /dev/null; do
+            sleep 10
+          done
+          # Fail unless CI was successful.
+          if curl -Ls --header "$AUTH" "$WORKFLOW_URL" | jq -r ".workflow_runs | .[] | .conclusion" | grep --invert-match success > /dev/null; then
+            echo "CI pipeline failed"
+            exit 1
+          fi
+      - name: Clean up CI branch
+        if: always()
+        run: |
+          AUTH='authorization: Bearer ${{ secrets.GITHUB_TOKEN }}'
+          eval $(ssh-agent)
+          ssh-add - <<< "${{ secrets.SSH_PRIVATE_KEY }}"
+
+          git push -d "${GITHUB_SERVER_URL/https:\/\//git@}:$GITHUB_REPOSITORY" refs/heads/ci/$GITHUB_SHA
+
+          for line in $(curl -Ls --header "$AUTH" "$GITHUB_API_URL/repos/${GITHUB_REPOSITORY}/actions/runs?branch=ci/${GITHUB_SHA}&head_sha=${cid}" | jq -r ".workflow_runs | .[] | select(.status != \"completed\") | .id")
+          do
+            curl -Ls --header "$AUTH" --request POST "$GITHUB_API_URL/repos/${GITHUB_REPOSITORY}/actions/runs/$line/cancel" > /dev/null
+          done