Merge pull request #645 from DeepRank/release_3.1.0_gcroci2

release: v3.1.0

.bumpversion.toml

@@ -0,0 +1,17 @@
+[tool.bumpversion]
+current_version = "3.1.0"
+
+[[tool.bumpversion.files]]
+filename = "pyproject.toml"
+search = 'version = "{current_version}"'
+replace = 'version = "{new_version}"'
+
+[[tool.bumpversion.files]]
+filename = "CITATION.cff"
+search = 'version: "{current_version}"'
+replace = 'version: "{new_version}"'
+
+[[tool.bumpversion.files]]
+filename = "deeprank2/__init__.py"
+search = '__version__ = "{current_version}"'
+replace = '__version__ = "{new_version}"'

.github/workflows/_ghcr.yml

@@ -0,0 +1,70 @@
+# SPDX-FileCopyrightText: 2022 Dusan Mijatovic (dv4all)
+# SPDX-FileCopyrightText: 2022 dv4all
+# SPDX-FileCopyrightText: 2024 Ewan Cahen (Netherlands eScience Center) <e.cahen@esciencecenter.nl>
+# SPDX-FileCopyrightText: 2024 Netherlands eScience Center
+#
+# SPDX-License-Identifier: Apache-2.0
+
+name: reusable ghcr.io module
+
+on:
+  workflow_call:
+    inputs:
+      ghcr_user:
+        required: true
+        description: User for logging to ghcr.io (use github.actor)
+        type: string
+      base_image_name:
+        required: true
+        description: Base image name incl. ghcr.io
+        type: string
+      image_tag:
+        required: true
+        description: Image tag (version)
+        type: string
+      dockerfile:
+        required: true
+        description: Location and name of docker file
+        type: string
+      docker_context:
+        required: true
+        description: Docker context for the build command
+        type: string
+    secrets:
+      token:
+        required: true
+    outputs:
+      image_created:
+        description: Full image name after upload to ghcr.io
+        value: ${{jobs.build_and_push.outputs.image_build}}
+      image_uploaded:
+        description: Confirmation that image is uploaded to ghcr.io
+        value: ${{jobs.build_and_push.outputs.image_pushed}}
+
+jobs:
+  build_and_push:
+    name: build and push image
+    runs-on: ubuntu-22.04
+    outputs:
+      image_build: ${{steps.build_image.outputs.image_build}}
+      image_pushed: ${{steps.build_image.outputs.image_pushed}}
+    steps:
+      - name: checkout
+        # https://github.com/actions/checkout
+        uses: actions/checkout@v4
+      - name: build
+        id: build_image
+        run: |
+          IMAGE_TAG_VERSION=${{inputs.base_image_name}}:${{inputs.image_tag}}
+          IMAGE_TAG_LASTEST=${{inputs.base_image_name}}:latest
+          echo image_tag_version $IMAGE_TAG_VERSION
+          docker build -t $IMAGE_TAG_VERSION -t $IMAGE_TAG_LASTEST -f ${{inputs.dockerfile}} ${{inputs.docker_context}}
+          echo "{image_build}={$IMAGE_TAG_VERSIONvalue}" >> $GITHUB_OUTPUT
+      - name: push to ghcr.io
+        id: push_image
+        run: |
+          echo login
+          echo "${{secrets.token}}" | docker login https://ghcr.io -u ${{inputs.ghcr_user}} --password-stdin
+          echo push auth image with all tags
+          docker push ${{inputs.base_image_name}} --all-tags
+          echo "{image_build}={$IMAGE_TAG_VERSIONvalue}" >> $GITHUB_OUTPUT

.github/workflows/build-latest-release.yml

@@ -3,7 +3,7 @@ name: build (latest release)
 # Only trigger, when the release workflow succeeded
 on:
   workflow_run:
-    workflows: ["Build and upload to PyPI"]
+    workflows: ["Build and upload to PyPI and ghcr.io"]
     types:
       - completed
 
@@ -15,7 +15,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: ["ubuntu-latest"]
+        os: ["ubuntu-22.04"]
         python-version: ["3.10"] # ["3.10", "3.11"]
 
     # https://github.com/marketplace/actions/setup-miniconda#use-a-default-shell

.github/workflows/build-repo-frozen-env.yml

@@ -36,7 +36,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: ["ubuntu-latest"]
+        os: ["ubuntu-22.04"]
         python-version: ["3.10"] # ["3.10", "3.11"]
 
     # https://github.com/marketplace/actions/setup-miniconda#use-a-default-shell

.github/workflows/build-repo.yml

@@ -36,7 +36,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: ["ubuntu-latest"]
+        os: ["ubuntu-22.04"]
         python-version: ["3.10"] # ["3.10", "3.11"]
 
     # https://github.com/marketplace/actions/setup-miniconda#use-a-default-shell

.github/workflows/cffconvert.yml

@@ -8,7 +8,7 @@ on:
 jobs:
   validate:
     name: "validate"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Check out a copy of the repository
         uses: actions/checkout@v3

.github/workflows/coveralls.yml

@@ -36,7 +36,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: ["ubuntu-latest"]
+        os: ["ubuntu-22.04"]
         python-version: ["3.10"]
 
     # https://github.com/marketplace/actions/setup-miniconda#use-a-default-shell

.github/workflows/draft-pdf.yml

@@ -5,7 +5,7 @@ on:
 
 jobs:
   paper:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     name: Paper Draft
     steps:
       - name: Checkout

.github/workflows/fair-software.yml

@@ -11,7 +11,7 @@ jobs:
   verify:
     if: github.event.pull_request.draft == false
     name: "fair-software"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - uses: fair-software/howfairis-github-action@0.2.1
         name: Measure compliance with fair-software.eu recommendations

.github/workflows/linting.yml

@@ -36,7 +36,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: ["ubuntu-latest"]
+        os: ["ubuntu-22.04"]
         python-version: ["3.10"]
 
     # https://github.com/marketplace/actions/setup-miniconda#use-a-default-shell
@@ -57,6 +57,6 @@ jobs:
           python3 --version
       - name: Check linting and formatting using ruff
         run: |
-          python3 -m pip install ruff
+          python3 -m pip install ruff==0.5.1
           ruff check || (echo "Please ensure you have the latest version of ruff (`ruff -V`) installed locally." && (exit 1))
           ruff format --check || (echo "Please ensure you have the latest version of ruff (`ruff -V`) installed locally." && (exit 1))

.github/workflows/markdown-link-check.yml

@@ -23,7 +23,7 @@ jobs:
   markdown-link-check:
     if: github.event.pull_request.draft == false
     name: Check markdown links
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v3
       - uses: gaurav-nelson/github-action-markdown-link-check@v1

.github/workflows/notebooks.yml

@@ -34,7 +34,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: ["ubuntu-latest"]
+        os: ["ubuntu-22.04"]
         python-version: ["3.10"] # ["3.10", "3.11"]
 
     # https://github.com/marketplace/actions/setup-miniconda#use-a-default-shell
@@ -54,9 +54,11 @@ jobs:
       - name: Download the data for the tutorials
         shell: bash -l {0}
         run: |
-          wget https://zenodo.org/records/8349335/files/data_raw.zip
+          wget https://zenodo.org/records/13709906/files/data_raw.zip
           unzip data_raw.zip -d data_raw
           mv data_raw tutorials
+          echo listing files in data_raw:
+          ls tutorials/data_raw
 
       - name: Run tutorial notebooks
         run: pytest --nbmake tutorials

.github/workflows/release_github.yml

@@ -0,0 +1,139 @@
+name: Draft GitHub Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      version_level:
+        description: "Semantic version level increase."
+        required: true
+        type: choice
+        options:
+          - patch
+          - minor
+          - major
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  draft_release:
+    runs-on: "ubuntu-latest"
+    defaults:
+      run:
+        shell: bash -l {0}
+    strategy:
+      fail-fast: true
+
+    steps:
+      - name: Display selection
+        run: |
+          echo "Branch selected: '${{ github.ref_name }}'"
+          echo "Release level selected: '${{ github.event.inputs.version_level }}'"
+
+      - name: Ensure that permitted release branch was selected
+        if: ${{ github.ref_name == 'main' || github.ref_name == 'dev' }}
+        run: |
+          echo "Branch selected: '${{ github.ref_name }}'"
+          echo "Releasing from main or dev branch is not permitted, please select a different release branch."
+          exit 1
+
+      - name: Check GitHub Token Validity
+        run: |
+          echo "-- Validating GitHub Token"
+          status_code=$(curl -o /dev/null -s -w "%{http_code}" -H "Authorization: token ${{ secrets.GH_RELEASE }}" https://api.github.com/user)
+          if [ "$status_code" -ne 200 ]; then
+            echo "Error: GitHub token is invalid or expired. Please update your token in secrets."
+            echo "Instructions can be found at: https://github.com/DeepRank/deeprank2/blob/main/README.dev.md#updating-the-token"
+            exit 1
+          else
+            echo "GitHub token is valid."
+          fi
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          # token with admin priviliges to override brach protection on main and dev
+          token: ${{ secrets.GH_RELEASE }}
+          ref: main
+          fetch-depth: 0
+
+      - name: Configure git
+        run: |
+          git config user.email "actions@github.com"
+          git config user.name "GitHub Actions"
+          git pull
+
+      - name: Merge changes into main
+        run: |
+          git switch main
+          git merge origin/${{ github.ref_name }} --no-ff --no-commit
+          git commit --no-edit
+
+      - name: Bump version
+        id: bump
+        run: |
+          echo "-- install bump-my-version"
+          python3 -m pip install bump-my-version
+          echo "-- bump the version"
+          bump-my-version bump ${{ github.event.inputs.version_level }} --commit --tag
+          echo "-- push bumped version"
+          echo "RELEASE_TAG=$(git describe --tags --abbrev=0)" >> $GITHUB_OUTPUT
+          git push --tags -f
+          git push
+
+      - name: Create GitHub Release
+        id: create_release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release create ${{ steps.bump.outputs.RELEASE_TAG }} \
+              --title="Release ${{ steps.bump.outputs.RELEASE_TAG }}" \
+              --generate-notes \
+              --draft
+
+  tidy_workspace:
+    # only run if action above succeeds
+    needs: draft_release
+    runs-on: "ubuntu-latest"
+    defaults:
+      run:
+        shell: bash -l {0}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          # token with admin priviliges to override brach protection on main and dev
+          token: ${{ secrets.GH_RELEASE }}
+          fetch-depth: 0
+
+      - name: Configure git
+        run: |
+          git config user.email "actions@github.com"
+          git config user.name "GitHub Actions"
+          git pull
+
+      - name: Close PR
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          echo "-- searching for associated PR"
+          pr_number=$(gh pr list --head ${{ github.ref_name }} --json number --jq '.[0].number')
+          if [ -n "$pr_number" ]; then
+            echo "-- closing PR #$pr_number"
+            gh pr close $pr_number
+          else
+            echo "-- no open pull request found for branch $branch_name"
+          fi
+
+      - name: Merge updates into dev
+        run: |
+          git switch dev
+          git merge origin/main
+          git push
+
+      - name: Delete release branch other than main or dev
+        run: |
+          echo "-- deleting branch '${{ github.ref_name }}'"
+          git push origin -d ${{ github.ref_name }}