🔄 Synced file(s) with ottrproject/OTTR_Template_Website by jhudsl-robot · Pull Request #2 · ottrproject/ottrproject.github.io

jhudsl-robot · 2025-05-16T14:22:06Z

Synced local file(s) with ottrproject/OTTR_Template_Website.

Changed files

Synced local directory .github/workflows/ with remote directory .github/workflows/
Synced local config_automation.yml with remote config_automation.yml

This PR was created automatically by the repo-file-sync-action workflow run #15070655584

test-run

….yml' test-run

github-actions · 2025-05-16T14:22:25Z

OTTR Check Results

Summary

Spelling check: ✅ PASSED (0 errors found, threshold: 0)
URL check: ❌ FAILED (7 errors found, threshold: 0)

⚠️ Some Checks Failed Click here to download detailed error reports

Last Updated: 2025-05-16-15:01:08

.github/workflows/check-url.yml

+    name: Load user automation choices
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+        # Use the yaml-env-action action.
+      - name: Load environment from YAML
+        uses: doughepi/yaml-env-action@v1.0.0
+        with:
+            files: config_automation.yml # Pass a space-separated list of configuration files. Rightmost files take precedence.
+    outputs:
+      toggle_url_check_periodically: "${{ env.URL_CHECK_PERIODICALLY }}"
+
+  url-check:


To fix the issue, we need to add a permissions block to the workflow. This block should specify the minimal permissions required for the workflow to function correctly. Based on the workflow's actions, the following permissions are necessary:

contents: write for committing and pushing changes to the repository.

actions: read for interacting with GitHub Actions artifacts (if applicable).

Other permissions can be added as needed based on the specific steps in the workflow.

The permissions block can be added at the root level of the workflow to apply to all jobs or at the job level for more granular control. In this case, we will add it at the root level for simplicity.

.github/workflows/check-url.yml

+    name: Check URLs
+    needs: set-up
+    if: ${{needs.set-up.outputs.toggle_url_check_periodically == 'true'}}
+    runs-on: ubuntu-latest
+    container:
+      image: jhudsl/base_ottr:main
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    # Delete the branch if this has been run before
+    - name: Delete branch locally and remotely
+      run: git push origin --delete preview-spell-error || echo "No branch to delete"
+
+    # Make the branch fresh
+    - name: Make the branch fresh
+      run: |
+        git config --global --add safe.directory $GITHUB_WORKSPACE
+        git config --global user.name 'github-actions[bot]'
+        git config --global user.email 'github-actions[bot]@users.noreply.github.com'
+
+        echo branch doesnt exist
+        git checkout -b preview-spell-error || echo branch exists
+        git push --set-upstream origin preview-spell-error || echo echo branch exists remotely
+      shell: bash
+
+    - name: Run the check
+      uses: ottrproject/ottr-reports@main
+      id: check_results
+      continue-on-error: true
+      with:
+        check_type: urls
+        error_min: 1
+
+    - name: Declare file path and time
+      id: check-report
+      run: |
+        error_num=$(cat check_reports/url_checks.tsv | wc -l)
+        error_num="$((error_num-1))"
+        echo "error_num=$error_num" >> $GITHUB_OUTPUT
+        echo "error_url=https://github.com/${GITHUB_REPOSITORY}/blob/preview-spell-error/check_reports/url_checks.tsv" >> $GITHUB_OUTPUT
+      shell: bash
+
+    - name: Stop if failure
+      if: steps.check_results.outcome == 'failure'
+      run: exit 1
+
+    - name: Print out error variables
+      run: |
+        echo ${{ steps.check-report.outputs.error_url }}
+        echo ${{ steps.check-report.outputs.error_num }}
+
+      # Commit file
+    - name: Commit tocless bookdown files
+      if: ${{ steps.check-report.outputs.error_num >= 1 }}
+      env:
+        GH_PAT: ${{ secrets.GH_PAT }}
+      run: |
+        git add --force check_reports/url_checks.tsv
+        git commit -m 'Add spell check file' || echo "No changes to commit"
+        git push --set-upstream origin preview-spell-error || echo echo branch exists remotely
+
+    - name: Find issues
+      id: find-issue
+      env:
+        GH_PAT: ${{ secrets.GH_PAT }}
+      run: |
+        echo "$GITHUB_REPOSITORY"
+        curl -o find_issue.R https://raw.githubusercontent.com/ottrproject/ottr-reports/main/scripts/find_issue.R
+        issue_exists=$(Rscript --vanilla find_issue.R --repo $GITHUB_REPOSITORY --git_pat $GH_PAT)
+        echo URL issue exists: $issue_exists
+        echo "issue_existence=$issue_exists" >> $GITHUB_OUTPUT
+
+    - name: If too many URL errors, then make an issue
+      if: ${{ steps.check-report.outputs.error_num >= 1 && steps.find-issue.outputs.issue_existence == 0}}
+      uses: JasonEtco/create-an-issue@v2
+      with:
+        filename: .github/ISSUE_TEMPLATE/url-error.md
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        FILE_URL: ${{ steps.check-report.outputs.error_url }}
+        ERROR_NUM: ${{ steps.check-report.outputs.error_num }}
+
+    - name: If no URL errors than delete the branch we made
+      if: ${{ steps.check-report.outputs.error_num < 1 }}
+      run: |
+        git config --system --add safe.directory "$GITHUB_WORKSPACE"
+        git push origin --delete preview-spell-error || echo "No branch to delete"


To fix the issue, we will add a permissions block to the workflow. This block will specify the minimum permissions required for the workflow to function correctly. Based on the workflow's actions, the following permissions are needed:

contents: read for accessing repository contents.

contents: write for committing and pushing changes to the repository.

issues: write for creating issues when URL errors are detected.

The permissions block will be added at the root level of the workflow to apply to all jobs. If any job requires different permissions, a job-specific permissions block can be added.

.github/workflows/pull_request.yml

+    name: Style code
    needs: yaml-check
    runs-on: ubuntu-latest
+    if: ${{needs.yaml-check.outputs.toggle_style_code == 'true'}}
    container:
-      image: ${{needs.yaml-check.outputs.rendering_docker_image}}
-    if: ${{needs.yaml-check.outputs.toggle_render_preview == 'yes'}}
+      image: jhudsl/base_ottr:main

    steps:
      - name: Checkout files
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

-      # Set up git checkout
-      - name: Set up git checkout
-        run: |
-          git config --global --add safe.directory $GITHUB_WORKSPACE
-          git config --global user.name 'github-actions[bot]'
-          git config --global user.email 'github-actions[bot]@users.noreply.github.com'
-
-          branch_name='preview-${{ github.event.pull_request.number }}'
-          git fetch --all
-          git checkout $branch_name
-          git merge -s recursive --strategy-option=theirs origin/${{ github.head_ref }} --allow-unrelated-histories
-        shell: bash
-
-      # We want a fresh run of the renders each time - so first delete old html files
-      - name: Delete old *.html
-        run: Rscript -e "rmarkdown::clean_site(preview = FALSE)"
+      - name: Run styler
+        run: Rscript -e "styler::style_file(list.files(pattern = '(R|q)md$', recursive = FALSE, full.names = TRUE));warnings()"

-       # Now we want to render all the html files from the Rmd files
-      - name: Run render html
-        id: site
-        run: Rscript -e "rmarkdown::render_site()"
-
-      # This checks on the steps before it and makes sure that they completed.
-      # If the renders didn't complete we don't want to commit the file changes
-      - name: Check on render steps
-        if: steps.site.outcome != 'success'
+      - name: Commit styled files
        run: |
-          echo site status ${{steps.site.outcome}}
-          exit 1
+          git config --system --add safe.directory "$GITHUB_WORKSPACE"
+          git add \*md
+          git commit -m 'Style *mds' || echo "No changes to commit"
+          git push origin || echo "No changes to commit"

-      - name: Website preview for download
-        run: zip website-preview.zip docs/* -r
+############################# Readability Report ###################################

-      # Commit the website files
-      - name: Commit rendered website files
-        id: commit
-        run: |
-          branch_name='preview-${{ github.event.pull_request.number }}'
-          git diff origin/main -- docs >/dev/null && changes=true || changes=false
-          echo "changes=$changes" >> $GITHUB_OUTPUT
-          git add . --force
-          git commit -m 'Render preview' || echo "No changes to commit"
-          git pull --rebase --set-upstream origin $branch_name --allow-unrelated-histories --strategy-option=ours
-          git push --force || echo "No changes to commit"
-        shell: bash
+  readability-report:


To fix the issue, we will add a permissions block to the style-code job. This block will explicitly define the minimal permissions required for the job to function. Since the job involves committing styled files back to the repository, it requires contents: write. This ensures that the job has only the permissions it needs and no more.

The permissions block will be added immediately after the runs-on line in the style-code job definition.

.github/workflows/pull_request.yml

+    name: Readability report
+    needs: yaml-check
+    runs-on: ubuntu-latest
+    if: ${{needs.yaml-check.outputs.toggle_readability == 'true'}}

-      - name: Find Comment
-        uses: peter-evans/find-comment@v3
-        id: fc
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
        with:
-          issue-number: ${{ github.event.pull_request.number }}
-          comment-author: 'github-actions[bot]'
-          body-includes: latest commit
+          fetch-depth: 0

-      - name: Build components of the comment
-        id: build-components
-        run: |
-          course_name=$(head -n 1 _website.yml | cut -d'"' -f 2| tr " " "-")
-          website_link=$(echo "https://htmlpreview.github.io/?https://raw.githubusercontent.com/$GITHUB_REPOSITORY/preview-${{ github.event.pull_request.number }}/docs/index.html")
-          docs_link=$(echo "https://github.com/$GITHUB_REPOSITORY/raw/preview-${{ github.event.pull_request.number }}/website-preview.zip")
-          echo "zip_link=$docs_link" >> $GITHUB_OUTPUT
-          echo "website_link=$website_link" >> $GITHUB_OUTPUT
-          echo "time=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
-          echo "commit_id=$GITHUB_SHA" >> $GITHUB_OUTPUT
-          echo ${{steps.commit.outputs.changes}}
-
-      - name: Create or update comment
-        if: steps.commit.outputs.changes == 'true'
-        uses: peter-evans/create-or-update-comment@v3
+      - name: Readability report
+        uses: Rebilly/lexi@v2
        with:
-          comment-id: ${{ steps.fc.outputs.comment-id }}
-          issue-number: ${{ github.event.pull_request.number }}
-          body: |
-            :eyes: Quick [preview of website here](${{ steps.build-components.outputs.website_link }}) \*
-            :microscope: Comprehensive [download of the website here](${{ steps.build-components.outputs.zip_link }})
+          github-token: ${{ secrets.GH_PAT }}
+          glob: '**/*.md'

-            \* note not all html features will be properly displayed in the "quick preview" but it will give you a rough idea.
-
-            _Updated at ${{ steps.build-components.outputs.time }} with changes from the latest commit ${{ steps.build-components.outputs.commit_id }}_
-          edit-mode: replace
-
-      - name: No comment if no changes
-        if: steps.commit.outputs.changes == 'false'
-        uses: peter-evans/create-or-update-comment@v3
-        with:
-          comment-id: ${{ steps.fc.outputs.comment-id }}
-          issue-number: ${{ github.event.pull_request.number }}
-          body: |
-            The latest commit did not produce rendering changes.
+############################# Render Preview ###################################
+  render-preview:


To fix the issue, we will add a permissions block to the readability-report job. Based on the job's functionality, it only needs to read repository contents. Therefore, we will set contents: read as the permission. This change ensures that the job has the minimal permissions required to perform its tasks, reducing the risk of unintended actions.

.github/workflows/render-all.yml

+    name: Load user automation choices
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+        # Use the yaml-env-action action.
+      - name: Load environment from YAML
+        uses: doughepi/yaml-env-action@v1.0.0
+        with:
+            files: config_automation.yml # Pass a space-separated list of configuration files. Rightmost files take precedence.
+    outputs:
+      toggle_website: "${{ env.RENDER_WEBSITE }}"
+      rendering_docker_image: "${{ env.RENDERING_DOCKER_IMAGE }}"
+
+  render-website:


To fix the issue, we will add a permissions block at the root level of the workflow to define the minimal permissions required. Based on the workflow's operations, the following permissions are needed:

contents: read for accessing repository contents.

contents: write for the Render website job, as it uses a personal access token (GH_PAT) to push changes.

The permissions block will be added at the root level to apply to all jobs, and job-specific permissions will be defined where necessary.

.github/workflows/render-all.yml

+    name: Render website
+    needs: yaml-check
+    runs-on: ubuntu-latest
+    container:
+      image: ${{needs.yaml-check.outputs.rendering_docker_image}}
+
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GH_PAT }}
+
+      - name: Run render
+        id: render
+        uses: ottrproject/ottr-preview@main
+        with:
+          toggle_website: ${{needs.yaml-check.outputs.toggle_website}}
+          preview: false
+          token: ${{ secrets.GH_PAT }}


To fix the issue, we will add a permissions block at the root level of the workflow to restrict the GITHUB_TOKEN to the minimal required permissions. Based on the workflow's operations, it primarily interacts with repository contents (e.g., checking out code) and does not appear to require write access. Therefore, we will set contents: read as the minimal permission.

github-actions · 2025-05-16T14:23:20Z

Re-rendered previews from the latest commit:

👀 Quick preview of course website here *
🔬 Comprehensive download of the course website here
Download the .docx file

* note not all html features will be properly displayed in the "quick preview" but it will give you a rough idea.

Updated at 2025-05-16 with changes from the latest commit b47ab44

kweav

This looks non-breaking

avahoffman · 2025-05-16T14:46:25Z

.github/workflows/check-url.yml

+        GH_PAT: ${{ secrets.GH_PAT }}
+      run: |
+        echo "$GITHUB_REPOSITORY"
+        curl -o find_issue.R https://raw.githubusercontent.com/ottrproject/ottr-reports/main/scripts/find_issue.R


Does find_issue.R exist for ottrproject/ottr-reports?

Would be good to check that periodic url check workflow runs.

We'll fix this later in another PR or from a sync

kweav · 2025-05-16T15:00:11Z

PR #3 and PR #4 handled two broken links (will merge main to get these), and PR #1 is going to handle the rest by handling the jhudsl --> ottrproject conversion

kweav · 2025-05-16T15:04:51Z

The remaining flagged URL errors are handled in PR #1.

jhudsl-robot added 2 commits May 16, 2025 14:22

🔄 Synced local '.github/workflows/' with remote '.github/workflows/'

24f4f5e

test-run

🔄 Synced local 'config_automation.yml' with remote 'config_automation…

5e1d1e6

….yml' test-run

jhudsl-robot added the sync label May 16, 2025

github-advanced-security bot found potential problems May 16, 2025

View reviewed changes

kweav approved these changes May 16, 2025

View reviewed changes

avahoffman mentioned this pull request May 16, 2025

link updates #1

Merged

add some words to dictionary

f5a438c

avahoffman reviewed May 16, 2025

View reviewed changes

Merge branch 'main' into repo-sync/OTTR_Template_Website/default

b1c3558

kweav merged commit 1d914f8 into main May 16, 2025
6 of 7 checks passed

kweav deleted the repo-sync/OTTR_Template_Website/default branch May 16, 2025 15:06

@@ -7,2 +7,5 @@
+            permissions:
+              contents: write
             jobs:

Conversation

jhudsl-robot commented May 16, 2025

Uh oh!

github-actions bot commented May 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

OTTR Check Results

Summary

⚠️ Some Checks Failed Click here to download detailed error reports

Uh oh!

Check warning

Copilot Autofix

Check warning

Copilot Autofix

Check warning

Copilot Autofix

Check warning

Copilot Autofix

Check warning

Copilot Autofix

Check warning

Copilot Autofix

github-actions bot commented May 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

kweav left a comment

Choose a reason for hiding this comment

Uh oh!

avahoffman May 16, 2025

Choose a reason for hiding this comment

Uh oh!

avahoffman May 16, 2025

Choose a reason for hiding this comment

Uh oh!

kweav May 16, 2025

Choose a reason for hiding this comment

Uh oh!

kweav commented May 16, 2025

Uh oh!

kweav commented May 16, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

github-actions bot commented May 16, 2025 •

edited

Loading

github-actions bot commented May 16, 2025 •

edited

Loading