Merge pull request #148 from data-engineering-collective/dependabot/g… #700
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: [push, pull_request, workflow_dispatch] | |
| jobs: | |
| unittest: | |
| name: Unit tests - ${{ matrix.PYTHON_VERSION }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: "read" | |
| id-token: "write" | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| PYTHON_VERSION: ["3.8", "3.9", "3.10", "3.11", "3.12"] | |
| services: | |
| postgres: | |
| image: postgres:11 | |
| env: | |
| POSTGRES_DB: minimalkv_test | |
| POSTGRES_PASSWORD: minimalkv_test | |
| POSTGRES_USER: minimalkv_test | |
| env: | |
| SIMPLEKV_CI: 1 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Conda env | |
| uses: mamba-org/setup-micromamba@ab6bf8bf7403e8023a094abeec19d6753bdc143e | |
| with: | |
| environment-file: environment.yml | |
| cache-environment: true | |
| create-args: >- | |
| python=${{ matrix.PYTHON_VERSION }} | |
| # For some reason we can't check for $ACTIONS_ID_TOKEN_REQUEST_URL | |
| # from the `if` condition in the next step. | |
| # See this commit: https://github.com/simonbohnen/minimalkv/commit/775c74c1b1248245d66c2be69476e18acda9f2fe | |
| # and this run: https://github.com/simonbohnen/minimalkv/actions/runs/3444175584/jobs/5746499674 | |
| # It appears that the variable is not accessible from the env context. | |
| - name: Check if ID Token generation is enabled | |
| id: check-id-token | |
| run: | | |
| if [[ -z "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]]; then | |
| echo "ID Token generation is not enabled" | |
| exit 1 | |
| fi | |
| continue-on-error: true | |
| - id: google_auth | |
| if: steps.check-id-token.outcome == 'success' | |
| name: "Authenticate to Google Cloud" | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: "projects/498651197656/locations/global/workloadIdentityPools/qc-minimalkv-gh-actions-pool/providers/github-actions-provider" | |
| service_account: "[email protected]" | |
| token_format: "access_token" | |
| - name: Authenticate to AWS | |
| if: steps.check-id-token.outcome == 'success' | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::211125346859:role/github-poweruser | |
| aws-region: eu-central-1 | |
| # We set an env variable according to the result of the check | |
| # to only allow skipping of aws integration test when in fork. | |
| # When being run in the base repo, the aws integration test should always be executed. | |
| - name: Remap AWS Environment Variables | |
| if: steps.check-id-token.outcome == 'success' | |
| run: | | |
| echo "ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }}" >> $GITHUB_ENV | |
| echo "SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }}" >> $GITHUB_ENV | |
| echo "SESSION_TOKEN=${{ env.AWS_SESSION_TOKEN }}" >> $GITHUB_ENV | |
| # This is a work around as long as S3FSStore has the side effect of setting env variables | |
| # to provide authentication. This can savely be removed as soon as this side effect is gone | |
| - name: Check whether the workflow runs in a fork | |
| run: echo "CI_IN_FORK=${{ github.event.pull_request && github.repository != github.event.pull_request.head.repo.full_name }}" >> $GITHUB_ENV | |
| - name: "Run setup: install package & start docker container" | |
| shell: bash -x -l {0} | |
| run: | | |
| pip install --no-deps . | |
| docker-compose up -d | |
| while ! docker exec mysql mysqladmin status -h 127.0.0.1 -u minimalkv_test --password=minimalkv_test; \ | |
| do sleep 3; done | |
| - name: Run the unittests | |
| shell: bash -l {0} | |
| run: | | |
| pytest -n auto --dist loadfile -rs --cov=minimalkv --cov-report=xml | |
| - name: Build the package | |
| shell: bash -x -l {0} | |
| run: | | |
| python -m build | |
| - name: Typecheck the codebase | |
| shell: bash -x -l {0} | |
| run: mypy minimalkv | |
| - name: Publish package | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') && matrix.PYTHON_VERSION == '3.10' | |
| uses: pypa/[email protected] | |
| with: | |
| user: __token__ | |
| password: ${{ secrets.pypi_password }} | |
| - uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./coverage.xml | |
| pre-commit-checks: | |
| name: "Pre-commit checks" | |
| runs-on: ubuntu-latest | |
| env: | |
| PRE_COMMIT_USE_MICROMAMBA: 1 | |
| steps: | |
| - name: Checkout branch | |
| uses: actions/checkout@v4 | |
| - name: Set up micromamba | |
| uses: mamba-org/setup-micromamba@ab6bf8bf7403e8023a094abeec19d6753bdc143e | |
| - name: Add micromamba to GITHUB_PATH | |
| run: echo "${HOME}/micromamba-bin" >> "$GITHUB_PATH" | |
| - name: Install Python 3.10 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.10" | |
| - name: Run pre-commit checks | |
| uses: pre-commit/[email protected] |