Code CI #291
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Code CI | |
on: | |
push: | |
pull_request: | |
workflow_dispatch: | |
env: | |
# The target python version, which must match the Dockerfile version | |
CONTAINER_PYTHON: "3.10" | |
jobs: | |
lint: | |
# pull requests are a duplicate of a branch push if within the same repo. | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install python packages | |
uses: ./.github/actions/install_requirements | |
with: | |
requirements_file: requirements-dev-3.x.txt | |
install_options: -e .[dev] | |
python_version: "3.11" # Pinned to 3.11 https://github.com/DiamondLightSource/coniql/issues/101 | |
- name: Lint | |
run: tox -e pre-commit,mypy | |
test: | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository | |
strategy: | |
fail-fast: false | |
matrix: | |
os: ["ubuntu-latest"] # can add windows-latest, macos-latest | |
python: ["3.9", "3.10", "3.11"] | |
install: ["-e .[dev]"] | |
# Make one version be non-editable to test both paths of version code | |
include: | |
- os: "ubuntu-latest" | |
python: "3.8" | |
install: ".[dev]" | |
runs-on: ${{ matrix.os }} | |
env: | |
# https://github.com/pytest-dev/pytest/issues/2042 | |
PY_IGNORE_IMPORTMISMATCH: "1" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
# Need this to get version number from last tag | |
fetch-depth: 0 | |
- name: Install python packages | |
uses: ./.github/actions/install_requirements | |
with: | |
python_version: ${{ matrix.python }} | |
requirements_file: requirements-test-${{ matrix.os }}-${{ matrix.python }}.txt | |
install_options: ${{ matrix.install }} | |
- name: List dependency tree | |
run: pipdeptree | |
- name: Run tests | |
run: pytest | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
name: ${{ matrix.python }}/${{ matrix.os }} | |
files: cov.xml | |
dist: | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository | |
runs-on: "ubuntu-latest" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
# Need this to get version number from last tag | |
fetch-depth: 0 | |
- name: Build sdist and wheel | |
run: | | |
export SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) && \ | |
pipx run build | |
- name: Upload sdist and wheel as artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: dist | |
path: dist | |
- name: Check for packaging errors | |
run: pipx run twine check --strict dist/* | |
- name: Install python packages | |
uses: ./.github/actions/install_requirements | |
with: | |
python_version: ${{env.CONTAINER_PYTHON}} | |
requirements_file: requirements.txt | |
install_options: dist/*.whl | |
- name: Test module --version works using the installed wheel | |
# If more than one module in src/ replace with module name to test | |
run: python -m $(ls src | head -1) --version | |
container: | |
needs: [lint, dist, test] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
env: | |
TEST_TAG: "testing" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
# image names must be all lower case | |
- name: Generate image repo name | |
run: echo IMAGE_REPOSITORY=ghcr.io/$(tr '[:upper:]' '[:lower:]' <<< "${{ github.repository }}") >> $GITHUB_ENV | |
# Fetch latest tag on this branch if manually triggered | |
- name: Fetch latest tag | |
if: github.event_name == 'workflow_dispatch' | |
run: echo "LATEST_TAG=$(git tag | sort --version-sort | tail -n1)" >> $GITHUB_ENV | |
- name: Download wheel and lockfiles | |
uses: actions/download-artifact@v3 | |
with: | |
path: artifacts/ | |
- name: Log in to GitHub Docker Registry | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build and export to Docker local cache | |
uses: docker/build-push-action@v4 | |
with: | |
# Note build-args, context, file, and target must all match between this | |
# step and the later build-push-action, otherwise the second build-push-action | |
# will attempt to build the image again | |
build-args: | | |
PIP_OPTIONS=-r lockfiles/requirements.txt dist/*.whl | |
context: artifacts/ | |
file: ./Dockerfile | |
target: runtime | |
load: true | |
tags: ${{ env.TEST_TAG }} | |
# If you have a long docker build (2+ minutes), uncomment the | |
# following to turn on caching. For short build times this | |
# makes it a little slower | |
#cache-from: type=gha | |
#cache-to: type=gha,mode=max | |
- name: Test cli works in cached runtime image | |
run: docker run docker.io/library/${{ env.TEST_TAG }} --version | |
- name: Create tags for publishing image | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ${{ env.IMAGE_REPOSITORY }} | |
# Add the "edge" tag on all commits to the "integration" branch. | |
# Add the "latest" tag to repository tags only | |
# Add a version tag if workflow is manually triggered | |
tags: | | |
type=edge,branch=integration | |
type=ref,event=tag | |
type=raw,value=latest, enable=${{ github.ref_type == 'tag' }} | |
type=semver,pattern={{version}},value=${{ env.LATEST_TAG }},enable=${{github.event_name == 'workflow_dispatch'}} | |
- name: Push cached image to container registry | |
if: github.ref_type == 'tag' || github.ref_name == 'integration' || github.event_name == 'workflow_dispatch' | |
uses: docker/build-push-action@v3 | |
# This does not build the image again, it will find the image in the | |
# Docker cache and publish it | |
with: | |
# Note build-args, context, file, and target must all match between this | |
# step and the previous build-push-action, otherwise this step will | |
# attempt to build the image again | |
build-args: | | |
PIP_OPTIONS=-r lockfiles/requirements.txt dist/*.whl | |
context: artifacts/ | |
file: ./Dockerfile | |
target: runtime | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
release: | |
# upload to PyPI and make a release on every tag | |
needs: [lint, dist, test] | |
if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }} | |
runs-on: ubuntu-latest | |
env: | |
HAS_PYPI_TOKEN: ${{ secrets.PYPI_TOKEN != '' }} | |
steps: | |
- uses: actions/download-artifact@v3 | |
- name: Fixup blank lockfiles | |
# Github release artifacts can't be blank | |
run: for f in lockfiles/*; do [ -s $f ] || echo '# No requirements' >> $f; done | |
- name: Github Release | |
# We pin to the SHA, not the tag, for security reasons. | |
# https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions | |
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 | |
with: | |
prerelease: ${{ contains(github.ref_name, 'a') || contains(github.ref_name, 'b') || contains(github.ref_name, 'rc') }} | |
files: | | |
dist/* | |
lockfiles/* | |
generate_release_notes: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Publish to PyPI | |
if: ${{ env.HAS_PYPI_TOKEN }} | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.PYPI_TOKEN }} |