TL;DR: Merge PRs that create a file called .github/workflows/TagBot.yml or create it yourself with these contents in all of your Julia package repositories:
The Julia TagBot GitHub App (the friendly robot first announced here who creates your releases and then comments on registry PRs like so) is being deprecated and will eventually cease to exist.
To ease this transition, pull requests will appear in your repositories adding the default configuration for you, if you had the App installed previously (you may have noticed a bunch of your repositories being forked, this is why).
The GitHub App will add a deprecation notice to all of its comments, but continue to function normally for the time being, except it will ignore repositories that have the GitHub Action installed. I anticipate it’ll still be some months before I shut it down for good.
What do I need to do?
Merge the pull request that the JuliaTagBot user creates on your repository, or follow the instructions here to add the file yourself. There are a number of options that you can set, but the default minimal configuration is sufficient for most packages. You can also install the default configuration on all repositories in your user account or organization with MassInstallAction.jl.
Why move away from the GitHub App?
Moving to GitHub Actions has a few benefits:
The new setup has more features and is more customizable by you.
I no longer have to maintain any infrastructure.
I no longer have access to your repositories through the GitHub App’s private key.
You can now verify that the TagBot code running on your repositories is the same as what’s in the TagBot repository.
Anyways, let me know if you have any questions about this process. I expect PRs to start going up in a couple hours.
Such wonderful support of your users! And until I checked the docs I didn’t realize this would support local registries. I’m excited to stop pushing those tags manually.
If I understand correctly this means it will be checking to see if new tag(s) are needed once per hour, right? And this doesn’t cost us (meaning any Julia organization) anything for compute time/internet bandwidth?
As long as the packages are public, it’s free. For private repos, you get a certain number of minutes per month so I’d recommend reducing the frequency.
If you’re using GitHub Actions for your documentation deploys (or any other on-tag event): You need to add a different access token or SSH key to make those builds trigger to give you per-version hosted docs (a bit more info here).
Well, I can’t speak for GitHub but IMO it’d be really dumb for them to do that after Actions has reached general availability. Although they did change from HCL to YML during beta… I’m still doubtful that they’ll pull something like that again.
For sure. But if I understand correctly, the caching layer that GiHub Actions will hit when it downloads Julia means that we don’t actually pay every time a GitHub Action downloads Julia. At least, I think that’s correct. @viralbshah and @staticfloat explained this on Slack a while back, so they can correct me if I am mistaken.
Uh, I just merged several dozen PRs by hand, and now I’m getting approximately one email every 30 minutes for each of several dozen packages. It looks like TagBot fails and sends an email every half hour for every Julia project that doesn’t have a Project.toml?? How do I make this stop?
Ok, well, I’ve turned off all of my GitHub Actions notifications globally, so hopefully that will stop the flood. But that doesn’t seem like a great solution.
, and comments in support of that issue.