MAINT - Bump actions versions #640
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Build and maybe upload PyPI package" | |
on: | |
release: | |
types: [published] | |
push: | |
branches: [main] | |
tags: ["*"] | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: | |
env: | |
FORCE_COLOR: "1" # Make tools pretty. | |
permissions: | |
contents: read # This is required for actions/checkout | |
jobs: | |
# Always build & verify package. | |
build-package: | |
name: Build & verify package | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
directory: | |
- "conda-store" | |
- "conda-store-server" | |
defaults: | |
run: | |
working-directory: ${{ matrix.directory }} | |
steps: | |
- name: "Checkout Repository 🛎" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- run: echo "Running on ${{ matrix.directory }}" | |
- name: "Check package build - ${{ matrix.directory }} 📦" | |
uses: hynek/build-and-inspect-python-package@main | |
with: | |
path: ${{ matrix.directory }} | |
upload-name-suffix: "-${{ matrix.directory }}" | |
# Adding a separate upload for publishing | |
- name: "Upload build artefacts 📤" | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ matrix.directory }}-package | |
path: | | |
/tmp/baipp/dist/*.whl | |
/tmp/baipp/dist/*.tar.gz | |
# Upload to Test PyPI on every commit on main | |
release-test-pypi: | |
name: Publish in-dev to test.pypi.org | |
environment: release-test-pypi | |
if: github.repository_owner == 'conda-incubator' && github.event_name == 'push' && github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
needs: build-package | |
permissions: | |
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
strategy: | |
matrix: | |
directory: | |
- "conda-store" | |
- "conda-store-server" | |
steps: | |
- name: "Download build artefacts 📥" | |
uses: actions/download-artifact@v3 | |
with: | |
name: ${{ matrix.directory }}-package | |
path: dist | |
- name: "Upload package to Test PyPI" | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
repository-url: https://test.pypi.org/legacy/ | |
print-hash: true | |
verbose: true | |
release-pypi: | |
name: Publish released package to pypi.org | |
environment: release-pypi | |
if: github.repository_owner == 'conda-incubator' && github.event_name == 'release' && startsWith(github.ref, 'refs/tags/') | |
runs-on: ubuntu-latest | |
needs: build-package | |
permissions: | |
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
strategy: | |
matrix: | |
directory: | |
- "conda-store" | |
- "conda-store-server" | |
defaults: | |
run: | |
working-directory: ${{ matrix.directory }} | |
steps: | |
- name: "Download build artefacts 📥" | |
uses: actions/download-artifact@v3 | |
with: | |
name: ${{ matrix.directory }}-package | |
path: dist | |
- name: "Upload to PyPI 🚀" | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
print-hash: true | |
verbose: true | |
build_and_push_docker_image: | |
name: "Build Docker Images 🛠" | |
runs-on: ubuntu-latest | |
needs: release-pypi | |
permissions: | |
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
strategy: | |
matrix: | |
docker-image: | |
- conda-store | |
- conda-store-server | |
steps: | |
- name: "Checkout Repository 🛎" | |
uses: actions/checkout@v4 | |
- name: "Retrieve secret from Vault 🗝" | |
uses: hashicorp/vault-action@v2 | |
with: | |
method: jwt | |
url: "https://quansight-vault-public-vault-b2379fa7.d415e30e.z1.hashicorp.cloud:8200" | |
namespace: "admin/quansight" | |
role: "repository-conda-incubator-conda-store-role" | |
secrets: | | |
kv/data/repository/conda-incubator/conda-store/shared_secrets DOCKER_QUANSIGHT_USERNAME | DOCKER_USERNAME; | |
kv/data/repository/conda-incubator/conda-store/shared_secrets DOCKER_QUANSIGHT_PASSWORD | DOCKER_PASSWORD; | |
kv/data/repository/conda-incubator/conda-store/shared_secrets QUAY_QUANSIGHT_USERNAME | QUAY_USERNAME; | |
kv/data/repository/conda-incubator/conda-store/shared_secrets QUAY_QUANSIGHT_PASSWORD | QUAY_PASSWORD; | |
- name: "Set up Docker Buildx 🏗" | |
uses: docker/setup-buildx-action@v3 | |
- name: "Login to Docker Hub 🐳" | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: "Login to quay.io 🐳" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ env.QUAY_USERNAME }} | |
password: ${{ env.QUAY_PASSWORD }} | |
- name: "Add Docker metadata 📝" | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
quansight/${{ matrix.docker-image }} | |
quay.io/quansight/${{ matrix.docker-image }} | |
tags: | | |
type=ref,event=tag | |
type=ref,event=branch | |
type=sha | |
- name: "Publish Docker image 🚀" | |
uses: docker/build-push-action@v5 | |
with: | |
context: "${{ matrix.docker-image }}" | |
target: "prod" | |
file: "${{ matrix.docker-image }}/Dockerfile" | |
build-args: | | |
RELEASE_VERSION=${{github.ref_name}} | |
tags: | | |
${{ steps.meta.outputs.tags }} | |
push: true | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
if: github.event_name == 'release' && startsWith(github.ref, 'refs/tags/') |