Update workflows and requirements (#239)

Co-authored-by: Ryan Ly <[email protected]>

.github/PULL_REQUEST_TEMPLATE/release.md

@@ -2,10 +2,8 @@ Prepare for release of HDMF-Zarr [version]
 
 ### Before merging:
 - [ ] Make sure all PRs to be included in this release have been merged to `dev`.
-- [ ] Major and minor releases: Update package versions in `requirements.txt`, `requirements-dev.txt`,
-  `requirements-doc.txt`, and `requirements-opt.txt` to the latest versions,
-  and update dependency ranges in `pyproject.toml` and minimums in `requirements-min.txt` as needed.
-  Run `pip install pur && pur -r requirements-dev.txt -r requirements.txt -r requirements-opt.txt`.
+- [ ] Major and minor releases: Update dependency ranges in `pyproject.toml` and minimums in 
+  `requirements-min.txt` as needed.
 - [ ] Check legal file dates and information in `Legal.txt`, `license.txt`, `README.rst`, `docs/source/conf.py`,
   and any other locations as needed
 - [ ] Update `pyproject.toml` as needed
@@ -27,5 +25,5 @@ Prepare for release of HDMF-Zarr [version]
 4. Either monitor [conda-forge/hdmf_zarr-feedstock](https://github.com/conda-forge/hdmf_zarr-feedstock) for the
    regro-cf-autotick-bot bot to create a PR updating the version of HDMF to the latest PyPI release, usually within
    24 hours of release, or manually create a PR updating `recipe/meta.yaml` with the latest version number
-   and SHA256 retrieved from PyPI > HDMF-Zarr > Download Files > View hashes for the `.tar.gz` file. Re-render and update
-   dependencies as needed.
+   and SHA256 retrieved from PyPI > HDMF-Zarr > Download Files > View hashes for the `.tar.gz` file. Re-render and 
+   update the dependencies as needed.

.github/dependabot.yml

@@ -0,0 +1,18 @@
+version: 2
+updates:
+  # disable checking python requirements files because there are too
+  # many updates and dependabot will not ignore requirements-min.txt
+  # until https://github.com/dependabot/dependabot-core/issues/2883 is resolved
+  # workaround is to continue updating these files manually
+
+  # - package-ecosystem: "pip"
+  #   directory: "/"
+  #   schedule:
+  #     # Check for updates to requirements files and pyproject.toml every week
+  #     interval: "weekly"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every week
+      interval: "weekly"

.github/workflows/HDMF_dev.yaml

@@ -5,28 +5,23 @@ on: [pull_request, workflow_dispatch]
 jobs:
   check_compatibility:
     runs-on: ubuntu-latest
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: true
     steps:
-      - name: Cancel non-latest runs
-        uses: styfle/[email protected]
-        with:
-          all_but_latest: true
-          access_token: ${{ github.token }}
-
-      - uses: actions/checkout@v4
-        with:
-            fetch-depth: 0  # tags are required for versioneer to determine the version
+      - name: Checkout repo
+        uses: actions/checkout@v4
 
-      - name: Set up Python 3.13
+      - name: Set up Python
         uses: actions/setup-python@v5
         with:
           python-version: "3.13"
 
       - name: Install HDMF_Zarr Requirements
         run: |
-          python -m pip install -r requirements-dev.txt -r requirements.txt
-          pip install .
+          python -m pip install ".[test]"
           
-      - name: Clone HDMF Dev Branch
+      - name: Clone and Install HDMF Dev Branch
         run: |
           git clone https://github.com/hdmf-dev/hdmf.git --recurse-submodules
           cd hdmf
@@ -36,7 +31,6 @@ jobs:
 
       - name: Run HDMF_Zarr Tests
         run:
+          # specify the tests directory so that we don't run the hdmf tests which are nested
+          # under the same base directory
           pytest -v tests
-
-
-

.github/workflows/check_external_links.yml

@@ -8,16 +8,12 @@ on:
 jobs:
   check-external-links:
     runs-on: ubuntu-latest
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: true
     steps:
-      - name: Cancel non-latest runs
-        uses: styfle/[email protected]
-        with:
-          all_but_latest: true
-          access_token: ${{ github.token }}
-
-      - uses: actions/checkout@v4
-        with:
-          submodules: 'recursive'
+      - name: Checkout repo
+        uses: actions/checkout@v4
 
       - name: Set up Python
         uses: actions/setup-python@v5
@@ -27,7 +23,7 @@ jobs:
       - name: Install Sphinx dependencies and package
         run: |
           python -m pip install --upgrade pip
-          python -m pip install -r requirements-doc.txt -r requirements.txt -r requirements-opt.txt
-          python -m pip install .
+          python -m pip install ".[test,docs,full]"
+
       - name: Check Sphinx external links
-        run: sphinx-build -b linkcheck ./docs/source ./test_build
+        run: sphinx-build -W -b linkcheck ./docs/source ./test_build

.github/workflows/deploy_release.yml

@@ -9,16 +9,13 @@ jobs:
     name: Deploy release from tag
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout repo with submodules
+      - name: Checkout repo
         uses: actions/checkout@v4
-        with:
-          submodules: 'recursive'
-          fetch-depth: 0  # tags are required for versioneer to determine the version
 
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.12'
+          python-version: '3.13'
 
       - name: Install build dependencies
         run: |
@@ -28,11 +25,11 @@ jobs:
 
       - name: Run tox tests
         run: |
-          tox -e py312-upgraded
+          tox -e py313
 
       - name: Build wheel and source distribution
         run: |
-          tox -e build-py312-upgraded
+          tox -e build
           ls -1 dist
 
       - name: Test installation from a wheel