Set up automated Library Manager submission system #1
Conversation
This is the full list of repositories for the libraries of the Arduino Library Manager index.
Submissions of libraries to the Arduino Library Manager index can be done by submitting a pull request adding repositor URLs to the list. The submissions are checked for compliance wih the requirements for addition to the index and as soon as they are passing the pull request is merged and the entries are pushed to the index source file.
|
It is now in a finished state. If you would like to try it out in more of a "sandboxed" manner, you can submit pull requests to the |
.github/workflows/manage-prs.yml
Outdated
| - name: Add entry to index source file | ||
| run: | | ||
| INDEX_SOURCE_FILE_PATH="${{ github.workspace }}/repositories.txt" | ||
| echo "${{ needs.parse.outputs.index-entry }}" >> "$INDEX_SOURCE_FILE_PATH" | ||
| git config --global user.email "bot@arduino.cc" | ||
| git config --global user.name "ArduinoBot" | ||
| git add --update "$INDEX_SOURCE_FILE_PATH" | ||
| echo -e "Add submission # ${{ github.event.pull_request.number }}${{ github.event.issue.number }}\n\n${{ github.event.repository.html_url }}/pull/${{ github.event.pull_request.number }}${{ github.event.issue.number }}" | git commit --file - | ||
| git push |
There was a problem hiding this comment.
This kinda scares me, it's certainly fine since we don't have lots of submissions but in case we get a big influx of libraries it might fail in the future.
Not blocking for now though.
|
Please please please, be more atomic with PRs. |
|
Re-requested review myself because I'll try your personal repo deployment @per1234 |
It's possible to accomplish the same thing in a more simple and secure manner by using the submission list.
With the current submission system, it's common for people to provide the tag/release URL rather than the repository URL. I think it likely the same sort of thing will occur with the new system. Previously, a very naive check was done for the path component of the URL to have two levels. It turns out that the Gitlab repository URLs have more levels than that. The superior approach is to use `git ls-remote` to verify that the URL is a Git repository.
Rather that committing directly to the index source file repository, save the index entry to a workflow artifact, which will be consumed by the system that updates the index source file.
This isolates the PR branch checkout from the request parsing process.
I had intended to test these out but didn't get around to it. The workflow_dispatch might be convenient, but it's not at all essential since the same thing can be accomplished by commenting on the PR.
The index source file contains the normalized URL and the metadata that can't be derived from the library releases
("types" data and locked name) for each of the libraries in the Library Manager index. It's most appropriate to store it
in the same repository as the submission list.
This avoids the need to checkout the PR head ref.
This approach allows the diff to be written directly to a file, rather than needing to sanitize the contents of the output from the octokit/request-action before writing it to the file via the shell.
Although it is convenient and best practices to have this file in place, it is not absolutely necessary, so it must go bye-bye.
Now that the parser tool is moved out of the repository, it makes less sense to use the taskfile-based approach for the CI infrastructure. In order to make the repository more contributor-friendly, the spell checking system is now reduced to a single workflow file.
Now that the parser tool is moved out of the repository, it makes less sense to use the taskfile-based approach for the CI infrastructure. In order to make the repository more contributor-friendly, the documentation and configuration checking system is now confined to the .github subfolder.
Now that the parser tool is moved out of the repository, it makes less sense to use the taskfile-based approach for the CI infrastructure. In order to make the repository more contributor-friendly, the license checking system is now confined to a single workflow file.
Now that the parser tool code has been removed from the repository, the previous license is no longer appropriate.
|
Thanks so much for your feedback @silvanocerza and @rsora. I have made a couple significant changes to this PR in response to feedback received via other channels: Removal of parser toolPreviously, in addition to the list, this repository hosted the Golang tool used for parsing the PR diff to determine the request type, validating for thing not covered by Arduino Lint, and gathering the information needed for the Library Manager index source list entry on acceptance. That has now been moved to a dedicated repo. So the workflow now only needs to download the tool binary from the release asset in that repo. Sparse root folder contentsAll possible files have been moved out of the root of the repository. The root now only contains the Library Manager list, readme, and license files. License changeWith the Golang code removed from the repository and the primary item of interest being a list of URLs, it seemed like the previous GPLv3 license was no longer appropriate. I have changed it to CC0, but am happy to use whatever license is deemed best. |
Update URL of "DirectCurrent Motor Module"
Remove YH-Choi-001/Kojay library
Update repositories.txt
No description provided.