Code CI #1712
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Code CI | |
on: | |
push: | |
pull_request: | |
schedule: | |
# Run weekly to check latest versions of dependencies | |
- cron: "0 8 * * WED" | |
env: | |
# The target python version, which must match the Dockerfile version | |
CONTAINER_PYTHON: "3.10" | |
jobs: | |
lint: | |
# pull requests are a duplicate of a branch push if within the same repo. | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install python packages | |
uses: ./.github/actions/install_requirements | |
with: | |
requirements_file: requirements-dev-3.x.txt | |
install_options: -e .[dev] | |
- name: Lint | |
run: tox -e pre-commit,pyright | |
test: | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository | |
strategy: | |
fail-fast: false | |
matrix: | |
os: ["ubuntu-latest"] # can add windows-latest, macos-latest | |
python: ["3.9", "3.10"] | |
install: [".[dev]", "-e .[dev]"] | |
runs-on: ${{ matrix.os }} | |
env: | |
# https://github.com/pytest-dev/pytest/issues/2042 | |
PY_IGNORE_IMPORTMISMATCH: "1" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
# Need this to get version number from last tag | |
fetch-depth: 0 | |
- name: Install python packages | |
uses: ./.github/actions/install_requirements | |
with: | |
python_version: ${{ matrix.python }} | |
requirements_file: requirements-test-${{ matrix.os }}-${{ matrix.python }}.txt | |
install_options: ${{ matrix.install }} | |
- name: List dependency tree | |
run: pipdeptree | |
- name: Run tests | |
run: pytest | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
name: ${{ matrix.python }}/${{ matrix.os }} | |
files: cov.xml | |
dist: | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository | |
runs-on: "ubuntu-latest" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
# Need this to get version number from last tag | |
fetch-depth: 0 | |
- name: Build sdist and wheel | |
run: | | |
export SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) && \ | |
pipx run build | |
- name: Upload sdist and wheel as artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: dist | |
path: dist | |
- name: Check for packaging errors | |
run: pipx run twine check --strict dist/* | |
- name: Install python packages | |
uses: ./.github/actions/install_requirements | |
with: | |
python_version: ${{env.CONTAINER_PYTHON}} | |
requirements_file: requirements.txt | |
install_options: dist/*.whl | |
- name: Test module --version works using the installed wheel | |
# If more than one module in src/ replace with module name to test | |
run: python -m $(ls src | head -1) --version | |
container: | |
needs: [lint, dist, test] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
# image names must be all lower case | |
- name: Generate image repo name | |
run: echo IMAGE_REPOSITORY=ghcr.io/$(tr '[:upper:]' '[:lower:]' <<< "${{ github.repository }}") >> $GITHUB_ENV | |
- name: Download wheel and lockfiles | |
uses: actions/download-artifact@v3 | |
with: | |
path: artifacts/ | |
- name: Log in to GitHub Docker Registry | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.IMAGE_REPOSITORY }} | |
tags: | | |
type=ref,event=tag | |
type=raw,value=latest | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build runtime image | |
uses: docker/build-push-action@v5 | |
with: | |
build-args: | | |
PIP_OPTIONS=-r lockfiles/requirements.txt dist/*.whl | |
push: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags') }} | |
load: ${{ ! (github.event_name == 'push' && startsWith(github.ref, 'refs/tags')) }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
context: artifacts/ | |
file: ./Dockerfile | |
# If you have a long docker build, uncomment the following to turn on caching | |
# For short build times this makes it a little slower | |
#cache-from: type=gha | |
#cache-to: type=gha,mode=max | |
- name: Test cli works in runtime image | |
run: docker run ${{ env.IMAGE_REPOSITORY }} --version | |
release: | |
# upload to PyPI and make a release on every tag | |
needs: [lint, dist, test] | |
if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags') }} | |
runs-on: ubuntu-latest | |
env: | |
HAS_PYPI_TOKEN: ${{ secrets.PYPI_TOKEN != '' }} | |
steps: | |
- uses: actions/download-artifact@v3 | |
- name: Fixup blank lockfiles | |
# Github release artifacts can't be blank | |
run: for f in lockfiles/*; do [ -s $f ] || echo '# No requirements' >> $f; done | |
- name: Github Release | |
# We pin to the SHA, not the tag, for security reasons. | |
# https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions | |
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 | |
with: | |
prerelease: ${{ contains(github.ref_name, 'a') || contains(github.ref_name, 'b') || contains(github.ref_name, 'rc') }} | |
files: | | |
dist/* | |
lockfiles/* | |
generate_release_notes: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Publish to PyPI | |
if: ${{ env.HAS_PYPI_TOKEN }} | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.PYPI_TOKEN }} |