A curated list of GH actions that improve the quality of your package

I recently looked at the new SolarPosition.jl package and was impressed by the GH Actions that helped improve its quality. This got me wondering if there’s a maintained, opinionated, and complete list of quality-improvement tools and practices for Julia packages.

By “tools and practices” I mean things like:

• Documentation (e.g. Documenter.jl)
• Testing (e.g. Supposition.jl)
• Coverage reporting
• ExplicitImports.jl, Aqua.jl, JET.jl, Runic.jl, etc.
• Linting and formatting
• AI agent checks
• Julia Security Working Group certification
• Thread safety verification
• Memory leak detection
• Benchmarking (e.g. BenchmarkTools.jl)
• Auto-merge eligibility for General registry
• Style guide conformance

These quality standards are a moving target with new tools and practices emerging regularly.

It would be valuable to consolidate these into PkgTemplates.jl and/or Aqua.jl (with opt-in/opt-out configuration), but I’m curious: Do people have opinions on this? What other quality-improvement steps should be included?

I was wondering about best practices with GitHub Actions lately.

A couple of questions:

1. dependabot.yml and CompatHelper.yml overlap? What is the way forward?
2. FormatPR.yml with .JuliaFormatter.toml is still the “best” approach to enforce formatting?
3. What is the recommended action to check test coverage? Is CodeCov the recommended tool?

https://modernjuliaworkflows.org/sharing/ has some nice docs along these lines

Julia Security Working Group certification

what is this?

dependabot.yml and CompatHelper.yml overlap? What is the way forward?

dependabot is newer and integrated into GitHub; I don’t think it can be used from gitlab for example. However if you’re on github it seems more configurable & ergonomic than CompatHelper. It is also quite new so there may be bugs to shake out.

Nothing that exists yet, but I’m referring to Launching the Julia Security Working Group and maybe some future tooling that could help us quantify how secure a certain package is.

Most of the actions used in SolarPosition.jl come from BestieTemplate.jl, which I used to generate the project. If you find / create other useful actions, perhaps they can be added to BestieTemplate. The advantage of that is that the actions are part of a real project so they are tested and kept up to date.

Love the BestieTemplate.jl features!

The fact that we can reapply the template to “update” to the latest best practices is amazing!

How is BestieTemplate different from PkgTemplates?

it can be applied to existing packages
it invites to follow some (opinionated) best practices
it can be reapplied to acquire updates made to the template
it is automatically reapplied through Pull Requests made by the Copier.yml workflow (Work in progress)

It is really hard to keep up with these GitHub Actions updates, and a tool that facilitates these updates is super welcome

Wow, that is awesome and truly amazing! It is a headache to check whether an action is outdated and update it.

They would definitely need some updating given the evolutions of the ecosystem and the rise of BestieTemplate.jl. @langestefan and others are more than welcome to pitch in!

See also the discussion in PkgTemplates.jl on transitioning to BestieTemplate.jl:

Wow, Beastie seems to be the very thing I was looking for. With the list in Complete features from PkgTemplates · Issue #353 · JuliaBesties/BestieTemplate.jl · GitHub it feels like things are under control. Very cool.

I’m gonna start calling it Beastie now. This is seriously cool work, thanks all for these awesome tools!