DEV - Add build check and test release workflow #89
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Build and maybe upload PyPI package" | |
on: | |
release: | |
types: [published] | |
push: | |
branches: [main] | |
tags: ["*"] | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: | |
env: | |
FORCE_COLOR: "1" # Make tools pretty. | |
permissions: | |
contents: read # This is required for actions/checkout | |
jobs: | |
# Always build & verify package. | |
build-package: | |
name: Build & verify package | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
directory: | |
- "conda-store" | |
- "conda-store-server" | |
defaults: | |
run: | |
working-directory: ${{ matrix.directory }} | |
steps: | |
- name: "Checkout Repository 🛎" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- run: echo "Running on ${{ matrix.directory }}" | |
- name: "Check package build - ${{ matrix.directory }} 📦" | |
uses: hynek/build-and-inspect-python-package@v1 | |
with: | |
path: ${{ matrix.directory }} | |
# Upload to Test PyPI on every commit on main | |
release-test-pypi: | |
name: Publish in-dev to test.pypi.org | |
environment: release-test-pypi | |
if: github.repository_owner == 'conda-incubator' && github.event_name == 'push' && github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
needs: build-package | |
steps: | |
- name: "Download build artefacts 📥" | |
uses: actions/download-artifact@v3 | |
with: | |
name: built-package | |
path: dist | |
- name: "Upload package to Test PyPI" | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
repository-url: https://test.pypi.org/legacy/ | |
pypi-release: | |
runs-on: ubuntu-latest | |
if: github.repository_owner == 'conda-incubator' && github.event_name == 'release' && startsWith(github.ref, 'refs/tags/') | |
needs: build-package | |
permissions: | |
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
strategy: | |
matrix: | |
directory: | |
- "conda-store" | |
- "conda-store-server" | |
defaults: | |
run: | |
working-directory: ${{ matrix.directory }} | |
steps: | |
- name: "Checkout Repository 🛎" | |
uses: actions/checkout@v4 | |
- name: "Set up Python 🐍" | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.8 | |
- name: "Install dependencies 📦" | |
run: | | |
pip install hatch twine | |
- name: "Build Package 📦" | |
run: | | |
hatch build | |
twine check dist/* | |
- name: "Upload to PyPI 🚀" | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
print-hash: true | |
packages-dir: dist/* | |
verbose: true | |
build_and_push_docker_image: | |
name: "Build Docker Images 🛠" | |
runs-on: ubuntu-latest | |
needs: pypi-release | |
permissions: | |
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
strategy: | |
matrix: | |
docker-image: | |
- conda-store | |
- conda-store-server | |
steps: | |
- name: "Checkout Repository 🛎" | |
uses: actions/checkout@v4 | |
- name: "Retrieve secret from Vault 🗝" | |
uses: hashicorp/vault-action@v2 | |
with: | |
method: jwt | |
url: "https://quansight-vault-public-vault-b2379fa7.d415e30e.z1.hashicorp.cloud:8200" | |
namespace: "admin/quansight" | |
role: "repository-conda-incubator-conda-store-role" | |
secrets: | | |
kv/data/repository/conda-incubator/conda-store/shared_secrets DOCKER_QUANSIGHT_USERNAME | DOCKER_USERNAME; | |
kv/data/repository/conda-incubator/conda-store/shared_secrets DOCKER_QUANSIGHT_PASSWORD | DOCKER_PASSWORD; | |
kv/data/repository/conda-incubator/conda-store/shared_secrets QUAY_QUANSIGHT_USERNAME | QUAY_USERNAME; | |
kv/data/repository/conda-incubator/conda-store/shared_secrets QUAY_QUANSIGHT_PASSWORD | QUAY_PASSWORD; | |
- name: "Set up Docker Buildx 🏗" | |
uses: docker/setup-buildx-action@v3 | |
- name: "Login to Docker Hub 🐳" | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: "Login to quay.io 🐳" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ env.QUAY_USERNAME }} | |
password: ${{ env.QUAY_PASSWORD }} | |
- name: "Add Docker metadata 📝" | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
quansight/${{ matrix.docker-image }} | |
quay.io/quansight/${{ matrix.docker-image }} | |
tags: | | |
type=ref,event=tag | |
type=ref,event=branch | |
type=sha | |
- name: "Publish Docker image 🚀" | |
uses: docker/build-push-action@v5 | |
with: | |
context: "${{ matrix.docker-image }}" | |
target: "prod" | |
file: "${{ matrix.docker-image }}/Dockerfile" | |
build-args: | | |
RELEASE_VERSION=${{github.ref_name}} | |
tags: | | |
${{ steps.meta.outputs.tags }} | |
push: true | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
if: github.event_name == 'release' && startsWith(github.ref, 'refs/tags/') |