Hi all, remember when I said that you’d never have to do any maintenance on your TagBot.yml files?
I lied, I’m sorry.

GitHub has started automatically disabling Actions workflows that run on a schedule for repositories that have not seen any activity for 60 days.

To quote the docs:

Warning: To prevent unnecessary workflow runs, scheduled workflows may be disabled automatically. When a public repository is forked, scheduled workflows are disabled by default. In a public repository, scheduled workflows are automatically disabled when no repository activity has occurred in 60 days.

That means that if you don’t touch a repo for 2 months, the scheduled workflows such as TagBot or CompatHelper will no longer run even after you come back to it, unless you re-enable them manually.
To avoid this problem for TagBot, we are switching to a new method that does not rely on scheduled workflows, and instead triggers TagBot on demand. This means that TagBot remain enabled on inactive repos, and also that your tags will come much sooner after registration!

What Do I Need To Do?

Probably within the next few days, merged pull requests in the General registry will start to be accompanied by issue comments made on package repositories that have a TagBot workflow file in .github/workflows. The idea is that TagBot will react to these issue comments, so you need to update your workflow file accordingly.

Your TagBot.yml probably looks something like this:

name: TagBot
on:
  schedule:
    - cron: 0 0 * * *
  workflow_dispatch:
jobs:
  TagBot:
    runs-on: ubuntu-latest
    steps:
      - uses: JuliaRegistries/TagBot@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          ssh: ${{ secrets.DOCUMENTER_KEY }}

There are two changes to make: one is the on block, and the second is an if condition in the TagBot job. Here are the new contents that will work:

name: TagBot
on:
  issue_comment:  # THIS BIT IS NEW
    types:
      - created
  workflow_dispatch:
jobs:
  TagBot:
    # THIS 'if' LINE IS NEW
    if: github.event_name == 'workflow_dispatch' || github.actor == 'JuliaTagBot'
    # NOTHING BELOW HAS CHANGED
    runs-on: ubuntu-latest
    steps:
      - uses: JuliaRegistries/TagBot@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          ssh: ${{ secrets.DOCUMENTER_KEY }}

As you can see, the schedule trigger has been replaced with the issue_comment trigger, and the TagBot job now only runs when triggered under certain conditions.

TagBot will open an issue and instantly close it, and will add a new comment on that issue for each new version. You can safely unsubscribe from and ignore that issue.

This looks tedious… and for what benefit?

I won’t be rolling out any automated PRs this time around, since that annoyed a lot of people last time (for good reason), and this change is also not strictly necessary. If your repository stays active, the scheduled workflow will never be disabled. But there are two advantages to adopting the new trigger: your tags will be created almost instantly after your registry PRs are merged, and you’ll no longer have hourly/daily TagBot runs that don’t do anything.
If you want to apply this change to a bunch of repos at once, MassInstallAction.jl can help you out.

For custom registry maintainers

If you run a custom registry, you’ll need to add a new Actions workflow to the registry: see here for an example. This workflow is responsible for notifying package repositories about new versions. You’ll need to create a TAGBOT_TOKEN secret on your registry, and it must contain a user’s personal access token, so that it can create issues and comments on repositories other than your registry. Feel free to contact me if you need a hand getting things set up. I also don’t think it works on self-hosted GitHub currently, so definitely let me know if you maintain one of those so I can figure out what’s necessary.

For custom registry users

If you have packages registered in a registry other than General, you’ll need to change one small detail in the if condition. JuliaTagBot will not be the user creating issue comments, so you need to change that username to whatever your registry is using. Your registry maintainers will know what username to use.

What about CompatHelper?

CompatHelper is another scheduled workflow that will soon be disabled on many inactive repos. There’s not really a good fix for that one, so I’ll soon be implementing Dependabot support for Julia. More on that later!

That is all. If you have questions about this whole thing, or if you just want to tell me that I’ve ruined your week, don’t hesitate!

I just want to say thank you — for all your work on TagBot and CompatHelper, and the user-friendly upgrade paths.

I recognize that these services constantly have to adapt to changes outside the control of the Julia community to keep going, and how difficult this is.

One must thank @dilumaluthge for CompatHelper!

Thanks! I will take the opportunity to thank @dilumaluthge too.

This link might be broken. I discovered it only because I struggle to get TagBot creating new GitHub tags…

Thanks,
Felix

Thank you all! These bots are really amazing and of great value to the Julia community!

Sorry, I meant to update that link but forgot. What problems are you having?

No problems anymore. Works now!

GitHub has started automatically disabling Actions workflows that run on a schedule for repositories that have not seen any activity for 60 days.

Will it re-enable them if there is activity? For something like Tagbot, wouldn’t it start working again if a new tag was made?

I think you need to manually re-enable them from the Actions tab of the repository

GitHub is giving me this linter warning:

image1370×972 113 KB

The if should be within the TagBot job, not outside of it. Just copy the yaml file in the first message

Aha! Programming inside config files why didn’t they make this a drag & drop situation like Scratch

Do I need this line if I’m not using Documenter in my package?

That’s needed to trigger other actions when TagBot creates the tag, for example other CI jobs on tags (CI jobs which may or may not include building and deploying documentation). If you don’t care about triggering this other jobs on tags, then no, you don’t need to add that line (or any other SSH key, not necessarily the documenter key).

Ok, but then I should define a DOCUMENTER_KEY ssh key in my repo and give it write permissions?

It doesn’t have to be called DOCUMENTER_KEY, but it must be an ssh key (not sure whether it needs write permissions in order to trigger other jobs) and your TagBot configuration must match that name. The usual recommendation is to reuse the Documenter key because most users have it already anyway. You don’t build documentation for your package?

No, for this particular one I don’t.

What happens when I accidentally modify a commit that was supposed to be a tagged registered release?

I have this issue here:

https://github.com/cossio/RestrictedBoltzmannMachines.jl/issues/1

I registered v0.14.0, but then accidentally modified git commit history and lost the commit corresponding to this version, and this happened right before the registration PR got merged into General and before TagBot got a chance to create the tag. Since then, TagBot has been failing to create tags for new versions.

Anything I can do to fix this situation?

Update: There is a lookback setting (https://github.com/JuliaRegistries/TagBot#lookback-period). So TagBot checks for previous releases within a lookback time window and tries to tag them, and complains if there is a commit that doesn’t match. So the issue will auto-resolve itself after lookback days have passed. Otherwise, one can just temporarily set lookback to a small amount like 1 day to exclude the offending commit, and later on reset lookback.

Hello, what about it ? Which is now the solution (if any) for CompatHelper ?