Adopt centralized reusable workflow from waldronlab/.github

[Copilot]

Replaces the self-contained .github/workflows/pr_check.yml with a thin caller workflow that delegates to the centrally maintained reusable workflow in waldronlab/.github, enabling single-source-of-truth CI maintenance across all Waldron Lab R packages.

Changes

• Remove .github/workflows/pr_check.yml — all logic moved to the reusable workflow
• Add .github/workflows/ci.yml — caller workflow:
  • Triggers on pull_request and push to devel/RELEASE_* (paths: DESCRIPTION, **.yml)
  • Calls waldronlab/.github/.github/workflows/bioc-pr-cmdcheck-pkgdown.yml@devel
  • Passes secrets: inherit and grants contents: write, pages: write, id-token: write

jobs:
  ci:
    uses: waldronlab/.github/.github/workflows/bioc-pr-cmdcheck-pkgdown.yml@devel
    secrets: inherit
    permissions:
      contents: write
      pages: write
      id-token: write

Prerequisite: waldronlab/.github

The reusable workflow must exist at .github/workflows/bioc-pr-cmdcheck-pkgdown.yml on the devel branch of waldronlab/.github before this PR's CI will pass. Key behavior in that workflow:

• Matrix bioc_version from GITHUB_REF_NAME; container bioconductor/bioconductor_docker:${{ matrix.bioc_version }}
• Codecov upload: devel non-PR only
• pkgdown build + artifact upload: RELEASE_* non-PR only (startsWith(github.ref_name, 'RELEASE_'))
• Docker build/push: devel non-PR + inst/docker/pkg/Dockerfile exists
• Pages deploy job gated at job level to RELEASE_* non-PR pushes — no deploy on PRs

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh gh auth status (http block)
• https://api.github.com/repos/waldronlab/.github
  • Triggering command: /usr/bin/gh gh api repos/waldronlab/.github --jq .full_name,.default_branch,.permissions (http block)
  • Triggering command: /usr/bin/gh gh api repos/waldronlab/.github (http block)
• https://api.github.com/repos/waldronlab/.github/contents/.github/workflows/bioc-pr-cmdcheck-pkgdown.yml
  • Triggering command: /usr/bin/curl curl -s -X PUT -H Authorization: token ****** -H Accept: application/vnd.github+json -H X-GitHub-Api-Version: 2022-11-28 REDACTED -d { "message": "Add central reusable bioc workflow", "content": "bmFtZTogQmlvYyBQUiBDTUQgY2hlY2sgJiAob3B0aW9uYWwpIHBrZ2Rvd24gKyBkb2NrZXIKCm9uOgogIHdvcmtmbG93X2NhbGw6CiAgICBpbnB1dHM6CiAgICAgIGNyYW46CiAgICAgICAgZGVzY3JpcHRpb246ICdDUkFOLWxpa2UgcmVwbyBV (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

Create a PR in waldronlab/XeniumIO to test adopting a centralized reusable workflow stored in waldronlab/.github.

Goals

1. Add the central reusable workflow file in waldronlab/.github at path .github/workflows/bioc-pr-cmdcheck-pkgdown.yml (on the devel branch if it exists; otherwise use the default branch and note it).
2. In waldronlab/XeniumIO, replace or add a caller workflow at .github/workflows/ci.yml that calls:
   • uses: waldronlab/.github/.github/workflows/bioc-pr-cmdcheck-pkgdown.yml@devel
   • secrets: inherit
   • permissions: contents: write, pages: write, id-token: write
   • triggers:
     • pull_request:
     • push: on branches devel and RELEASE_*, with paths DESCRIPTION and **.yml
3. Ensure XeniumIO GitHub Pages deployment is only attempted on push events to RELEASE_* branches (this logic should live in the reusable workflow). The site should deploy to XeniumIO’s Pages site (one site per package repo).
4. Keep the workflow name bioc-pr-cmdcheck-pkgdown.yml.
5. Use the user-provided workflow as baseline, preserving behavior:
   • Matrix uses GITHUB_REF_NAME for bioc_version
   • Container uses bioconductor/bioconductor_docker:${{ matrix.bioc_version }}
   • Optional docker build on devel when inst/docker/pkg/Dockerfile exists
   • Codecov upload only on devel non-PR when token present
   • pkgdown build + Pages artifact upload on RELEASE_* branches (non-PR) when enabled

Acceptance criteria

• PR(s) exist that add the central reusable workflow in waldronlab/.github and update XeniumIO to call it.
• XeniumIO workflow runs successfully for PRs.
• No Pages deployment runs on PRs.
• Pages deployment job is gated to RELEASE_* pushes.

Notes

• The user intends to tag stable versions later (e.g., @v1), but for this test XeniumIO should reference @devel.

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: I have a github workflow that I use over several R packages. Is there a way to consolidate this workflow into central location where it is easier to maintain? Do I need to create a GitHub Application for this or is a GHA workflow just ok?

---

name: PR CMD check & build site

on:
pull_request:
push:
paths:
- 'DESCRIPTION'
- '**.yml'
branches:
- devel
- RELEASE_3_22

env:
R_REMOTES_NO_ERRORS_FROM_WARNINGS: true
GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
CRAN: https://p3m.dev/cran/__linux__/noble/latest
BIOC_RELEASE: RELEASE_3_21

jobs:
set-matrix:
runs-on: ubuntu-24.04
outputs:
matrix: ${{ steps.set.outputs.matrix }}
dockerfile_exists: ${{ steps.dockerfile.outputs.exists }}
steps:
- name: Set Matrix Bioconductor Version
id: set
run: |
MATRIX="{"include":[{"bioc_version":"$GITHUB_REF_NAME"}]}"
echo "matrix=$MATRIX" >> $GITHUB_OUTPUT
- name: Check for Dockerfile
id: dockerfile
run: |
echo "exists=$( [ -f ./inst/docker/pkg/Dockerfile ] && echo true || echo false )" >> $GITHUB_OUTPUT

check:
needs: set-matrix
runs-on: ubuntu-latest
strategy:
matrix: ${{ fromJson(needs.set-matrix.outputs.matrix) }}
container: bioconductor/bioconductor_docker:${{ matrix.bioc_version }}

steps:
  - name: Checkout Repository
    uses: actions/checkout@v4
    with:
      ref: ${{ matrix.bioc_version }}

  - name: Query dependencies
    run: |
      BiocManager::install(c("covr", "BiocCheck"))
      saveRDS(remotes::dev_package_deps(dependencies = TRUE), ".github/depends.Rds", version = 2)
    shell: Rscript {0}

  - name: Cache R packages
    uses: actions/cache@v4
    with:
      path: /usr/local/lib/R/site-library
      key: ${{ runner.os }}-r-${{ matrix.bioc_version }}-${{ hashFiles('.github/depends.Rds') }}
      restore-keys: ${{ runner.os }}-r-${{ matrix.bioc_version }}-

  - name: Install GPG
    if: ${{ github.ref == 'refs/heads/devel' && github.event_name != 'pull_request' }}
    run: sudo apt-get update && sudo apt-get install -y gpg

  - name: Install Dependencies
    run: |
      remotes::install_deps(dependencies = TRUE, repos = BiocManager::repositories())
      BiocManager::install(c("rcmdcheck", "BiocCheck"), ask = FALSE, update = TRUE)
    shell: Rscript {0}

  - name: Check Package
    env:
      _R_CHECK_CRAN_INCOMING_REMOTE_: false
    run: rcmdcheck::rcmdcheck(args = "--no-manual", error_on = "error", check_dir = "check")
    shell: Rscript {0}

  - name: Test coverage
    if: ${{ success() && github.ref == 'refs/heads/devel' && github.event_name != 'pull_request' }}
    run: |
      cov <- covr::package_coverage(
        quiet = FALSE,
        clean = FALSE,
        type = "all",
        install_path = file.path(
          normalizePath(Sys.getenv("RUNNER_TEM...

This pull request was created from Copilot chat.

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.