[ANN] The TagBot GitHub App is deprecated in favour of the TagBot GitHub Action

TL;DR: Merge PRs that create a file called .github/workflows/TagBot.yml or create it yourself with these contents in all of your Julia package repositories:

name: TagBot
on:
  schedule:
    - cron: 0 * * * *
jobs:
  TagBot:
    runs-on: ubuntu-latest
    steps:
      - uses: JuliaRegistries/TagBot@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

What’s happening

  • The Julia TagBot GitHub App (the friendly robot first announced here who creates your releases and then comments on registry PRs like so) is being deprecated and will eventually cease to exist.
  • Its successor is TagBot as a GitHub Action, which requires you to add a file to your repositories.
  • To ease this transition, pull requests will appear in your repositories adding the default configuration for you, if you had the App installed previously (you may have noticed a bunch of your repositories being forked, this is why).
  • The GitHub App will add a deprecation notice to all of its comments, but continue to function normally for the time being, except it will ignore repositories that have the GitHub Action installed. I anticipate it’ll still be some months before I shut it down for good.

What do I need to do?

Merge the pull request that the JuliaTagBot user creates on your repository, or follow the instructions here to add the file yourself. There are a number of options that you can set, but the default minimal configuration is sufficient for most packages. You can also install the default configuration on all repositories in your user account or organization with MassInstallAction.jl.

Why move away from the GitHub App?

Moving to GitHub Actions has a few benefits:

  • The new setup has more features and is more customizable by you.
  • I no longer have to maintain any infrastructure.
  • I no longer have access to your repositories through the GitHub App’s private key.
  • You can now verify that the TagBot code running on your repositories is the same as what’s in the TagBot repository.

Anyways, let me know if you have any questions about this process. I expect PRs to start going up in a couple hours.

52 Likes

Thanks for making and supporting an incredibly useful tool, and thanks for making this incredibly seamless!

10 Likes

Such wonderful support of your users! And until I checked the docs I didn’t realize this would support local registries. I’m excited to stop pushing those tags manually.

If I understand correctly this means it will be checking to see if new tag(s) are needed once per hour, right? And this doesn’t cost us (meaning any Julia organization) anything for compute time/internet bandwidth?

3 Likes

Correct.

As long as the packages are public, it’s free. For private repos, you get a certain number of minutes per month so I’d recommend reducing the frequency.

2 Likes

What amount of maintenance do you expect package developers will need to do on the TagBot.yml file?

Zero, except for one exception that I know of:

  • If you’re using GitHub Actions for your documentation deploys (or any other on-tag event): You need to add a different access token or SSH key to make those builds trigger to give you per-version hosted docs (a bit more info here).
2 Likes

Do we have high confidence that Github won’t change the spec of the actions yml file?

Well, I can’t speak for GitHub but IMO it’d be really dumb for them to do that after Actions has reached general availability. Although they did change from HCL to YML during beta… I’m still doubtful that they’ll pull something like that again.

1 Like

And presumably we could do maintenance via the MassInstallAction.jl you linked above?

(Speaking as someone who currently has 114 TagBot-related emails in my inbox…)

3 Likes

Out of curiosity, does this trigger a download of Julia every hour?

I believe it does, although it should go through a cache and thus not coar us money. @staticfloat

Thanks for all the work!

1 Like

TagBot is implemented in Python.

Ah. Well I guess that renders the “Julia downloads” point moot.

It does seem like a missed opportunity to eat our own dog food.

1 Like

…but not getting charged for downloads has its virtues…

1 Like

For sure. But if I understand correctly, the caching layer that GiHub Actions will hit when it downloads Julia means that we don’t actually pay every time a GitHub Action downloads Julia. At least, I think that’s correct. @viralbshah and @staticfloat explained this on Slack a while back, so they can correct me if I am mistaken.

1 Like

The best solution will be for us to get Julia installed into the default virtual environment for GitHub Actions.

Here is the issue to track:

It would be great to get more + 1s, thumbs up :+1:, and comments in support of that issue.

4 Likes

Uh, I just merged several dozen PRs by hand, and now I’m getting approximately one email every 30 minutes for each of several dozen packages. It looks like TagBot fails and sends an email every half hour for every Julia project that doesn’t have a Project.toml?? How do I make this stop?

6 Likes

I am also getting many notifications about failures.

Ok, well, I’ve turned off all of my GitHub Actions notifications globally, so hopefully that will stop the flood. But that doesn’t seem like a great solution.