From 096a694b330d49ab98c75b0dcaf5edc245982d15 Mon Sep 17 00:00:00 2001 From: Olivia Banks Date: Tue, 31 Mar 2026 14:16:23 -0600 Subject: [PATCH 1/7] [gha] fix ghcr permissions --- .github/workflows/copilot.yml | 21 +++++++++++++++++++-- .github/workflows/on_pr.yml | 4 ++++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/.github/workflows/copilot.yml b/.github/workflows/copilot.yml index 563f016..e0a3771 100644 --- a/.github/workflows/copilot.yml +++ b/.github/workflows/copilot.yml @@ -3,6 +3,10 @@ name: GitHub Copilot Dev Environment on: workflow_dispatch: +permissions: + contents: read + packages: read + jobs: copilot: runs-on: ubuntu-latest @@ -16,10 +20,23 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - - name: Sync dependencies + - name: Sync dependencies (frozen) run: uv sync --frozen - - name: Setup Copilot environment + - name: Install development dependencies and tools + run: | + # Install development group dependencies + uv sync --frozen --group dev --no-install-project + + # Install development tools + sudo apt-get update && sudo apt-get install -y \ + git \ + vim \ + nano \ + curl \ + wget + + - name: Verify development environment run: | echo "Development environment ready for GitHub Copilot" echo "Python version: $(python --version)" diff --git a/.github/workflows/on_pr.yml b/.github/workflows/on_pr.yml index e1a0496..873f864 100644 --- a/.github/workflows/on_pr.yml +++ b/.github/workflows/on_pr.yml @@ -8,6 +8,10 @@ env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} +permissions: + contents: read + packages: read + jobs: test: runs-on: ubuntu-latest From 79384eaafbb581f1de49b0755888b7f2c75f4374 Mon Sep 17 00:00:00 2001 From: Olivia Banks Date: Tue, 31 Mar 2026 14:31:01 -0600 Subject: [PATCH 2/7] [gha] set copilot workflow checkout fetch depth --- .github/workflows/copilot.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/copilot.yml b/.github/workflows/copilot.yml index e0a3771..fa17b34 100644 --- a/.github/workflows/copilot.yml +++ b/.github/workflows/copilot.yml @@ -19,6 +19,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + fetch-depth: 0 - name: Sync dependencies (frozen) run: uv sync --frozen From 40cfde9703fea4f7ca07a81eed007e874bee5726 Mon Sep 17 00:00:00 2001 From: Olivia Banks Date: Tue, 31 Mar 2026 14:31:41 -0600 Subject: [PATCH 3/7] [gha] remove dual sync --- .github/workflows/copilot.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/copilot.yml b/.github/workflows/copilot.yml index fa17b34..80d79f2 100644 --- a/.github/workflows/copilot.yml +++ b/.github/workflows/copilot.yml @@ -22,15 +22,11 @@ jobs: with: fetch-depth: 0 - - name: Sync dependencies (frozen) - run: uv sync --frozen + - name: Sync dependencies + run: uv sync --frozen --group dev - name: Install development dependencies and tools run: | - # Install development group dependencies - uv sync --frozen --group dev --no-install-project - - # Install development tools sudo apt-get update && sudo apt-get install -y \ git \ vim \ From bc17198e15398c35797cb6c951455edd644e81ce Mon Sep 17 00:00:00 2001 From: Olivia Banks Date: Tue, 31 Mar 2026 14:40:18 -0600 Subject: [PATCH 4/7] [gha] fix ghcr image names --- .github/workflows/containerfile.yml | 4 ++-- .github/workflows/copilot.yml | 6 +++++- .github/workflows/on_pr.yml | 4 ++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/containerfile.yml b/.github/workflows/containerfile.yml index 3be4e03..cfb5e4b 100644 --- a/.github/workflows/containerfile.yml +++ b/.github/workflows/containerfile.yml @@ -12,7 +12,7 @@ on: env: REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} + IMAGE_NAME: epiforesite/epiworldpythonstreamlit jobs: build-and-push: @@ -39,7 +39,7 @@ jobs: id: meta uses: docker/metadata-action@v5 with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest tags: | type=raw,value=latest,enable={{is_default_branch}} type=sha,prefix= diff --git a/.github/workflows/copilot.yml b/.github/workflows/copilot.yml index 80d79f2..2a8cb2b 100644 --- a/.github/workflows/copilot.yml +++ b/.github/workflows/copilot.yml @@ -7,11 +7,15 @@ permissions: contents: read packages: read +env: + REGISTRY: ghcr.io + IMAGE_NAME: epiforesite/epiworldpythonstreamlit + jobs: copilot: runs-on: ubuntu-latest container: - image: ghcr.io/${{ github.repository }}:latest + image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/on_pr.yml b/.github/workflows/on_pr.yml index 873f864..6117f98 100644 --- a/.github/workflows/on_pr.yml +++ b/.github/workflows/on_pr.yml @@ -6,7 +6,7 @@ on: env: REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} + IMAGE_NAME: epiforesite/epiworldpythonstreamlit permissions: contents: read @@ -16,7 +16,7 @@ jobs: test: runs-on: ubuntu-latest container: - image: ghcr.io/${{ github.repository }}:latest + image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} From 63c686f5d5f0e250faf1b55b189117121bf44e7b Mon Sep 17 00:00:00 2001 From: Olivia Banks Date: Tue, 31 Mar 2026 14:43:08 -0600 Subject: [PATCH 5/7] [gha] fix ghcr image names --- .github/workflows/copilot.yml | 6 +----- .github/workflows/on_pr.yml | 6 +----- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/.github/workflows/copilot.yml b/.github/workflows/copilot.yml index 2a8cb2b..e10c8e1 100644 --- a/.github/workflows/copilot.yml +++ b/.github/workflows/copilot.yml @@ -7,15 +7,11 @@ permissions: contents: read packages: read -env: - REGISTRY: ghcr.io - IMAGE_NAME: epiforesite/epiworldpythonstreamlit - jobs: copilot: runs-on: ubuntu-latest container: - image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + image: ghcr.io/epiforesite/epiworldpythonstreamlit:latest credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/on_pr.yml b/.github/workflows/on_pr.yml index 6117f98..8ecd874 100644 --- a/.github/workflows/on_pr.yml +++ b/.github/workflows/on_pr.yml @@ -4,10 +4,6 @@ on: pull_request: branches: [main] -env: - REGISTRY: ghcr.io - IMAGE_NAME: epiforesite/epiworldpythonstreamlit - permissions: contents: read packages: read @@ -16,7 +12,7 @@ jobs: test: runs-on: ubuntu-latest container: - image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + image: ghcr.io/epiforesite/epiworldpythonstreamlit:latest credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} From 1a3d499d22e6169f8d93a65d2210103a0468c177 Mon Sep 17 00:00:00 2001 From: Olivia Banks Date: Tue, 31 Mar 2026 14:45:11 -0600 Subject: [PATCH 6/7] [gha] remove latest tag on publication --- .github/workflows/containerfile.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/containerfile.yml b/.github/workflows/containerfile.yml index cfb5e4b..ba89204 100644 --- a/.github/workflows/containerfile.yml +++ b/.github/workflows/containerfile.yml @@ -39,7 +39,7 @@ jobs: id: meta uses: docker/metadata-action@v5 with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=raw,value=latest,enable={{is_default_branch}} type=sha,prefix= From 6345678337c4d973ec609851562467f47dcde3aa Mon Sep 17 00:00:00 2001 From: Olivia Banks Date: Tue, 31 Mar 2026 14:45:49 -0600 Subject: [PATCH 7/7] [gha] add `--no-install-project` --- .github/workflows/copilot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/copilot.yml b/.github/workflows/copilot.yml index e10c8e1..f04d875 100644 --- a/.github/workflows/copilot.yml +++ b/.github/workflows/copilot.yml @@ -23,7 +23,7 @@ jobs: fetch-depth: 0 - name: Sync dependencies - run: uv sync --frozen --group dev + run: uv sync --frozen --group dev --no-install-project - name: Install development dependencies and tools run: |