augurlabs · sgoggins · Jul 26, 2025 · Jun 25, 2025 · Jun 25, 2025 · Jun 25, 2025
diff --git a/.github/workflows/auto_merge.yml b/.github/workflows/auto_merge.yml
diff --git a/.github/workflows/build_docker.yml b/.github/workflows/build_docker.yml
@@ -3,7 +3,7 @@ on:
   push:
     branches:
       - main
-      - dev
+      - release
   pull_request:
   release:
     types:
@@ -13,8 +13,46 @@ on:
 permissions: {}
 
 jobs:
+  test-macos:
+    name: Test on macOS
+    runs-on: macos-latest
+    env:
+      UV_LOCKED: true  # Assert that uv.lock is up-to-date
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version-file: ".python-version"
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "stable"
+
+      # We don't use `make install` because it requires user input
+      # Instead, we manually sync and run a subset of commands
+      - name: Install dependencies
+        run: uv sync --all-groups
+
+      - name: Install workers
+        run: uv run scripts/install/workers.sh dev
+
+      - name: Install nltk
+        run: |
+          uv run python -m nltk.downloader stopwords
+          uv run python -m nltk.downloader punkt
+          uv run python -m nltk.downloader popular
+          uv run python -m nltk.downloader universal_tagset
+
+
   test-e2e:
-    name: End-to-end test
+    name: End-to-end test (Docker)
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
@@ -130,6 +168,121 @@ jobs:
         # We use tail so that we can see the name of each file as it's printed
         run: "docker run -t --rm -v augur_logs:/logs bash -c 'find /logs -type f | xargs tail -n +0'"
 
+  test-e2e-podman:
+    name: End-to-end test (Podman)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Remove unnecessary files from the base image
+        run: |
+          sudo rm -rf /usr/share/dotnet
+          sudo rm -rf "$AGENT_TOOLSDIRECTORY"
+
+      - name: Start Podman socket
+        run: systemctl --user start podman.socket
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Build database container
+        uses: redhat-actions/buildah-build@v2
+        with:
+          context: .
+          containerfiles: |
+            ./docker/database/Dockerfile
+          platforms: linux/amd64
+          tags: ghcr.io/${{ github.repository_owner }}/augur_database:test
+          layers: true
+
+      - name: Build keyman container
+        uses: redhat-actions/buildah-build@v2
+        with:
+          context: .
+          containerfiles: |
+            ./docker/keyman/Dockerfile
+          platforms: linux/amd64
+          tags: ghcr.io/${{ github.repository_owner }}/augur_keyman:test
+          layers: true
+
+      - name: Build rabbitmq container
+        uses: redhat-actions/buildah-build@v2
+        with:
+          context: .
+          containerfiles: |
+            ./docker/rabbitmq/Dockerfile
+          platforms: linux/amd64
+          tags: ghcr.io/${{ github.repository_owner }}/augur_rabbitmq:test
+          layers: true
+
+      - name: Build backend container
+        uses: redhat-actions/buildah-build@v2
+        with:
+          context: .
+          containerfiles: |
+            ./docker/backend/Dockerfile
+          platforms: linux/amd64
+          tags: ghcr.io/${{ github.repository_owner }}/augur_backend:test
+          layers: true
+
+      - name: Prepare compose file
+        run: |
+          yq eval -i '.services.augur.image = "ghcr.io/${{ github.repository_owner }}/augur_backend:test"' docker-compose.yml
+          yq eval -i '.services.augur.pull_policy = "never"' docker-compose.yml
+          yq eval -i '.services.augur.restart = "no"' docker-compose.yml
+
+          yq eval -i '.services.augur-db.image = "ghcr.io/${{ github.repository_owner }}/augur_database:test"' docker-compose.yml
+          yq eval -i '.services.augur-db.pull_policy = "never"' docker-compose.yml
+          yq eval -i '.services.augur-db.restart = "no"' docker-compose.yml
+
+          yq eval -i '.services.augur-keyman.image = "ghcr.io/${{ github.repository_owner }}/augur_keyman:test"' docker-compose.yml
+          yq eval -i '.services.augur-keyman.pull_policy = "never"' docker-compose.yml
+          yq eval -i '.services.augur-keyman.restart = "no"' docker-compose.yml
+
+          yq eval -i '.services.rabbitmq.image = "ghcr.io/${{ github.repository_owner }}/augur_rabbitmq:test"' docker-compose.yml
+          yq eval -i '.services.rabbitmq.pull_policy = "never"' docker-compose.yml
+          yq eval -i '.services.rabbitmq.restart = "no"' docker-compose.yml
+
+      - name: Setup Podman Compose
+        uses: webgtx/setup-podman-compose@v1
+
+      - name: Set up list of log lines to match
+        run: |
+          cat <<EOF > /tmp/regex_matches.txt
+          Gunicorn webserver started
+          Starting core worker processes
+          Starting secondary worker processes
+          Starting facade worker processes
+          Retrieved \\d+ github api keys for use
+          Fetching new repos \\(complete\\)
+          Inserting \\d+ contributors
+          Inserting \\d+ issues
+          Inserting prs of length: \\d+
+          Querying committers count
+          Done generating scc data for repo
+          Sending due task
+          EOF
+
+      - name: Start services & wait for output
+        # This starts the system and sends the output to "await_all.py" which
+        # scans for the regex matches from above. Once all matches are seen at
+        # least once, the `compose down` will run to shut down the system. If
+        # this all doesn't happen before the timeout, the job will fail.
+        run: |
+          podman compose -f docker-compose.yml up --no-build 2>&1 \
+            | (./scripts/ci/await_all.py /tmp/regex_matches.txt \
+                && podman compose -f docker-compose.yml down)
+        timeout-minutes: 3
+        env:
+          AUGUR_GITHUB_API_KEY: ${{ secrets.GITHUB_TOKEN }}
+          AUGUR_GITHUB_USERNAME: ${{ github.repository_owner }}
+          AUGUR_GITLAB_API_KEY: dummy
+          AUGUR_GITLAB_USERNAME: dummy
+
+      - name: Dump logs
+        # Always run this step to get logs, even if the previous step fails
+        if: always()
+        # We use tail so that we can see the name of each file as it's printed
+        run: "podman run -t --rm -v augur_logs:/logs bash -c 'find /logs -type f | xargs tail -n +0'"
+
 
 
   push-image:
@@ -145,6 +298,7 @@ jobs:
         image:
           - backend
           - database
+          - keyman
           - rabbitmq
     runs-on: ubuntu-latest
     steps:
@@ -157,7 +311,6 @@ jobs:
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
-        if: github.event_name != 'pull_request'
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -174,11 +327,10 @@ jobs:
           labels: |
             org.opencontainers.image.title=augur_${{ matrix.image}}
           images: ghcr.io/${{ github.repository_owner }}/augur_${{ matrix.image }}
-          # Pushes to the dev branch update the *:devel-latest tag
+          # Pushes to the main branch update the *:devel-latest tag
           # Releases update the *:latest tag and the *:<version> tag
-          # Main does not update any tags
           tags: |
-            type=raw,value=devel-latest,enable=${{ github.ref == 'refs/heads/dev' }}
+            type=raw,value=devel-latest,enable=${{ github.ref == 'refs/heads/main' }}
             type=raw,value=latest,enable=${{ github.event_name == 'release' }}
             type=raw,value=${{ github.event.release.tag_name }},enable=${{ github.event_name == 'release' }}
 

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -1,10 +1,21 @@
 name: "run-linting-checks"
 on:
   pull_request:
-    branches: [main, dev]
+    branches: [main, release]
 
 jobs:
+  check-docs:
+    name: runner / check docs
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
+      - name: Ensure docs build cleanly
+        # Setting `O` to pass extra options to the sphinx-build command.
+        run: O="-a -E -n -W --keep-going" make docs
+
   run-pylint:
     name: runner / pylint
     permissions: write-all
    runs-on: ubuntu-latest
@@ -28,4 +39,15 @@
         uses: reviewdog/action-misspell@v1
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          locale: "US"
+          locale: "US"
+
+  uv-lock:
+    name: runner / uv-lock
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
+      - name: Ensure uv lockfile is up to date
+        run: uv lock --check
diff --git a/.gitignore b/.gitignore
@@ -106,10 +106,6 @@ target/
 profile_default/
 ipython_config.py
 
-# pyenv
-.python-version
-.python-version-hash
-
 # pipenv
 #   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
 #   However, in case of collaboration, if having platform-specific dependencies or dependencies

diff --git a/.python-version b/.python-version
@@ -0,0 +1 @@
+3.11
diff --git a/.readthedocs.yml b/.readthedocs.yml
@@ -5,10 +5,15 @@
 
 # Required
 version: 2
-build: 
+build:
   os: ubuntu-22.04  # <- add this line
   tools:
     python: "3.10"
+  jobs:
+    post_create_environment:
+      # Use uv to create a requirements file that RTD can install
+      - pip install uv
+      - uv export --format requirements.txt --only-group docs -o requirements.txt
 
 # Build documentation in the docs/ directory with Sphinx
 sphinx:
@@ -24,12 +29,8 @@ formats: all
 # Optionally set the version of Python and requirements required to build your docs
 python:
    install:
-      - method: pip
-        path: .
-        extra_requirements:
-            - dev
-      - method: setuptools
-        path: .
+      # Install the requirements file created during the post_create_environment job
+      - requirements: requirements.txt
 
 #   build: 
 #     os: ubuntu-22.04

@@ -90,8 +90,8 @@ git push origin master
 ## Community Resources
 
 ### Augur
-- [Stable documentation (`main` branch)](https://oss-augur.readthedocs.io/en/main/)
-- [Nightly/developer build documentation (`dev` branch)](https://oss-augur.readthedocs.io/en/dev/) (warning: this is should be considered an unstable branch and should not be used for production)
+- [Stable documentation (`release` branch)](https://oss-augur.readthedocs.io/en/release/)
+- [Nightly/developer build documentation (`main` branch)](https://oss-augur.readthedocs.io/en/main/) (warning: this is should be considered an unstable branch and should not be used for production)
 - [Live Augur demo](https://ai.chaoss.io)
 
 ### CHAOSS

@@ -32,8 +32,8 @@ default:
 .PHONY: install
 .PHONY: install-spdx install-spdx-sudo install-augur-sbom
 .PHONY: clean rebuild
-install:
-	@ ./scripts/install/install.sh dev
+install: uv
+	@ uv run ./scripts/install/install.sh dev
 
 wizard:
 	@ ./scripts/install/install.sh graphical
@@ -50,8 +50,8 @@ install-augur-sbom:
 clean:
 	@ scripts/control/clean.sh
 
-rebuild:
-	@ scripts/control/rebuild.sh dev
+rebuild: uv
+	@ uv run scripts/control/rebuild.sh dev
 
 #
 #  Development
@@ -124,12 +124,20 @@ test-api:
 # 	@ bash -c 'tox -e ALL'
 
 
+#
+# UV installation
+#
+.PHONY: uv
+uv:
+	@ command -v uv >/dev/null 2>&1 || { echo "Installing uv..."; pip install --user uv; }
+
 #
 # Documentation
 #
 .PHONY: docs docs-view
-docs:
-	@ bash -c 'cd docs/ && rm -rf build/ && make html;'
+docs: uv
+	-rm -rf docs/build
+	uv run --only-group docs make -C docs html
 
 docs-view: docs
 	@ bash -c 'open docs/build/html/index.html'
@@ -184,4 +192,4 @@ docker-run-database:
 docker-run-rabbitmq:
 	@ - docker stop augur_rabbitmq
 	@ - docker rm augur_rabbitmq
-	docker run -p 5434:5432 --name augur_rabbitmq augurlabs/augur:rabbitmq
+	docker run -p 5434:5432 --name augur_rabbitmq augurlabs/augur:rabbitmq