From fe8563e4e6a66ad7a522a98f52b5f9308ace6a3a Mon Sep 17 00:00:00 2001
From: Scott Henderson <scottyh@uw.edu>
Date: Thu, 6 Jan 2022 11:43:21 -0800
Subject: [PATCH 1/7] no default shell in composite actions

---
 .github/actions/buildbook/action.yml  | 4 +---
 .github/workflows/cron.yaml           | 5 +----
 .github/workflows/deploy.yaml         | 5 +----
 .github/workflows/manual.yaml         | 5 +----
 .github/workflows/netlifypreview.yaml | 5 +----
 .github/workflows/test.yaml           | 5 +----
 6 files changed, 6 insertions(+), 23 deletions(-)

diff --git a/.github/actions/buildbook/action.yml b/.github/actions/buildbook/action.yml
index 09c56529..ddeb6a0a 100644
--- a/.github/actions/buildbook/action.yml
+++ b/.github/actions/buildbook/action.yml
@@ -15,9 +15,6 @@ inputs:
 runs:
   using: "composite"
   steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
     - name: Setup JupyterBook Cache
       if: ${{inputs.jb-cache}} == true
       uses: actions/cache@v2
@@ -29,6 +26,7 @@ runs:
     - uses: ./.github/actions/setupconda
 
     - name: Build JupyterBook
+      shell: bash -l {0}
       run: |
         ./scripts/deploy_website.sh
 
diff --git a/.github/workflows/cron.yaml b/.github/workflows/cron.yaml
index d69b2fd4..92bda202 100644
--- a/.github/workflows/cron.yaml
+++ b/.github/workflows/cron.yaml
@@ -9,14 +9,11 @@ on:
 jobs:
   build-and-test:
     runs-on: ubuntu-20.04
-    defaults:
-      run:
-        shell: bash -l {0}
 
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2
-      
+
     - uses: ./.github/actions/buildbook
       with:
         jb-cache: true
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index 9e222406..a6dd2396 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -11,14 +11,11 @@ on:
 jobs:
   build-and-deploy:
     runs-on: ubuntu-20.04
-    defaults:
-      run:
-        shell: bash -l {0}
 
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2
-      
+
     - uses: ./.github/actions/buildbook
       with:
         jb-cache: true
diff --git a/.github/workflows/manual.yaml b/.github/workflows/manual.yaml
index 79a1ae87..89acc708 100644
--- a/.github/workflows/manual.yaml
+++ b/.github/workflows/manual.yaml
@@ -8,14 +8,11 @@ on:
 jobs:
   build-and-test:
     runs-on: ubuntu-20.04
-    defaults:
-      run:
-        shell: bash -l {0}
 
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2
-      
+
     - uses: ./.github/actions/buildbook
       with:
         jb-cache: false
diff --git a/.github/workflows/netlifypreview.yaml b/.github/workflows/netlifypreview.yaml
index 381072f6..a30240af 100644
--- a/.github/workflows/netlifypreview.yaml
+++ b/.github/workflows/netlifypreview.yaml
@@ -7,9 +7,6 @@ on:
 jobs:
   add-preview:
     runs-on: ubuntu-20.04
-    defaults:
-      run:
-        shell: bash -l {0}
     # This workflow accesses secrets and checks out a PR, so only run if labelled
     # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
     if: contains(github.event.pull_request.labels.*.name, 'preview')
@@ -17,7 +14,7 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2
-      
+
     - uses: ./.github/actions/buildbook
       with:
         jb-cache: true
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index d67d278f..2192f683 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -13,9 +13,6 @@ on:
 jobs:
   build-and-test:
     runs-on: ubuntu-20.04
-    defaults:
-      run:
-        shell: bash -l {0}
     # This workflow accesses secrets and checks out a PR, so only run if labelled
     # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
     if: contains(github.event.pull_request.labels.*.name, 'preview')
@@ -23,7 +20,7 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2
-      
+
     - uses: ./.github/actions/buildbook
       with:
         jb-cache: true

From d6559447f5731d3338ddc49116767ba3d528c59d Mon Sep 17 00:00:00 2001
From: Scott Henderson <scottyh@uw.edu>
Date: Thu, 6 Jan 2022 11:55:43 -0800
Subject: [PATCH 2/7] pass PAT for publishing to GH pages

---
 .github/actions/buildbook/action.yml | 5 ++++-
 .github/workflows/deploy.yaml        | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/actions/buildbook/action.yml b/.github/actions/buildbook/action.yml
index ddeb6a0a..4d6e6d73 100644
--- a/.github/actions/buildbook/action.yml
+++ b/.github/actions/buildbook/action.yml
@@ -11,6 +11,9 @@ inputs:
   jb-save:
     description: "Save the Jupyterbook Build (boolean)"
     required: true
+  token:
+    description: 'A GitHub Personal Access Token (for publishing)'
+    required: false
 
 runs:
   using: "composite"
@@ -34,7 +37,7 @@ runs:
       if: ${{inputs.publish-to-gh}} == true
       uses: peaceiris/actions-gh-pages@v3
       with:
-        personal_token: ${{ secrets.GH_PAT }}
+        personal_token: ${{inputs.token}}
         publish_dir: book/_build/html
         publish_branch: gh-pages
 
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index a6dd2396..df862ffc 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -21,3 +21,4 @@ jobs:
         jb-cache: true
         publish-to-gh: true
         jb-save: true
+        token:  ${{ secrets.GH_PAT }}

From fa988f51c7749647ec9dca5690b08aff64d1f04a Mon Sep 17 00:00:00 2001
From: Scott Henderson <scottyh@uw.edu>
Date: Thu, 6 Jan 2022 12:08:47 -0800
Subject: [PATCH 3/7] always build and test on PRs

---
 .github/workflows/test.yaml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 2192f683..16829c5e 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -13,9 +13,6 @@ on:
 jobs:
   build-and-test:
     runs-on: ubuntu-20.04
-    # This workflow accesses secrets and checks out a PR, so only run if labelled
-    # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
-    if: contains(github.event.pull_request.labels.*.name, 'preview')
 
     steps:
     - name: Checkout repository

From 831b7a666cf67fc3b611f834ff298a6b9ebbe453 Mon Sep 17 00:00:00 2001
From: Scott Henderson <scottyh@uw.edu>
Date: Thu, 6 Jan 2022 12:41:18 -0800
Subject: [PATCH 4/7] add more paths to workflows

---
 .github/workflows/deploy.yaml | 3 +++
 .github/workflows/qaqc.yaml   | 2 ++
 .github/workflows/test.yaml   | 2 ++
 3 files changed, 7 insertions(+)

diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index df862ffc..ee021865 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -4,7 +4,10 @@ on:
   push:
     paths:
       - 'book/**'
+      - '{{ cookiecutter.repo_directory }}/**'
+      - 'scripts/**'
       - '.github/workflows/deploy.yaml'
+
     branches:
       - main
 
diff --git a/.github/workflows/qaqc.yaml b/.github/workflows/qaqc.yaml
index b2b19638..b981ba68 100644
--- a/.github/workflows/qaqc.yaml
+++ b/.github/workflows/qaqc.yaml
@@ -4,6 +4,8 @@ on:
   pull_request:
     paths:
       - 'book/**'
+      - '{{ cookiecutter.repo_directory }}/**'
+      - 'scripts/**'
       - '.github/workflows/qaqc.yaml'
     branches:
       - main
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 16829c5e..ad84e274 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -6,6 +6,8 @@ on:
     paths:
       - 'book/**'
       - '.github/workflows/test.yaml'
+      - '{{ cookiecutter.repo_directory }}/**'
+      - 'scripts/**'
       - 'binder/**'
     branches:
       - main

From 7e9ed2accd46a32ec505815f11c1d588933fe86c Mon Sep 17 00:00:00 2001
From: Scott Henderson <scottyh@uw.edu>
Date: Thu, 6 Jan 2022 15:23:51 -0800
Subject: [PATCH 5/7] remove types

---
 .github/workflows/manual.yaml | 2 --
 .github/workflows/test.yaml   | 1 -
 2 files changed, 3 deletions(-)

diff --git a/.github/workflows/manual.yaml b/.github/workflows/manual.yaml
index 89acc708..e8f9a82d 100644
--- a/.github/workflows/manual.yaml
+++ b/.github/workflows/manual.yaml
@@ -2,8 +2,6 @@ name: Build Without Cache
 
 on:
   workflow_dispatch:
-    # can maybe specify PR branch ref here?
-    # https://docs.github.com/en/actions/reference/events-that-trigger-workflows#example-workflow-configuration
 
 jobs:
   build-and-test:
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index ad84e274..7e6c22ee 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -2,7 +2,6 @@ name: Test
 
 on:
   pull_request_target:
-    types: [labeled, synchronize]
     paths:
       - 'book/**'
       - '.github/workflows/test.yaml'

From 2fc2151413542e363fa62f4765b2390098275851 Mon Sep 17 00:00:00 2001
From: Scott Henderson <scottyh@uw.edu>
Date: Thu, 6 Jan 2022 15:46:04 -0800
Subject: [PATCH 6/7] ignore javascript files in spellcheck

---
 .github/workflows/qaqc.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/qaqc.yaml b/.github/workflows/qaqc.yaml
index b981ba68..1478405a 100644
--- a/.github/workflows/qaqc.yaml
+++ b/.github/workflows/qaqc.yaml
@@ -36,6 +36,7 @@ jobs:
         check_filenames: true
         check_hidden: true
         only_warn: false
+        skip: *.js
 
     # borrowed from https://github.com/ProjectPythia/pythia-foundations/blob/main/.github/workflows/link-checker.yaml
     - name: Disable Notebook Execution

From 0e39935dc8f08b3a67278252ce49285598275a0b Mon Sep 17 00:00:00 2001
From: Scott Henderson <scottyh@uw.edu>
Date: Thu, 6 Jan 2022 15:47:35 -0800
Subject: [PATCH 7/7] need quotes under codespell skip

---
 .github/workflows/qaqc.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/qaqc.yaml b/.github/workflows/qaqc.yaml
index 1478405a..481fd635 100644
--- a/.github/workflows/qaqc.yaml
+++ b/.github/workflows/qaqc.yaml
@@ -36,7 +36,7 @@ jobs:
         check_filenames: true
         check_hidden: true
         only_warn: false
-        skip: *.js
+        skip: '*.js'
 
     # borrowed from https://github.com/ProjectPythia/pythia-foundations/blob/main/.github/workflows/link-checker.yaml
     - name: Disable Notebook Execution