REL - 2024.11.1 (#968) #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Build and maybe upload PyPI package" | |
on: | |
release: | |
types: [published] | |
push: | |
branches: [main] | |
tags: ["*"] | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: | |
env: | |
FORCE_COLOR: "1" # Make tools pretty. | |
permissions: | |
contents: read # This is required for actions/checkout | |
jobs: | |
# Always build & verify package. | |
build-package: | |
name: "Build & verify package" | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
directory: | |
- "conda-store" | |
- "conda-store-server" | |
defaults: | |
run: | |
working-directory: ${{ matrix.directory }} | |
steps: | |
- name: "Checkout Repository 🛎" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- run: echo "Running on ${{ matrix.directory }}" | |
- name: "Build and check package - ${{ matrix.directory }} 📦" | |
uses: hynek/build-and-inspect-python-package@v2 | |
id: baipp | |
with: | |
path: ${{ matrix.directory }} | |
upload-name-suffix: "-${{ matrix.directory }}" | |
- run: echo Packages can be found at ${{ steps.baipp.outputs.dist }} and in artifact ${{ steps.baipp.outputs.artifact-name }} | |
# Upload to Test PyPI on every commit on main | |
release-test-pypi: | |
name: "Publish in-dev to test.pypi.org" | |
environment: release-test-pypi | |
runs-on: ubuntu-latest | |
needs: build-package | |
if: github.repository_owner == 'conda-incubator' && github.event_name == 'push' && github.ref == 'refs/heads/main' | |
permissions: | |
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
strategy: | |
matrix: | |
directory: | |
- "conda-store" | |
- "conda-store-server" | |
steps: | |
- name: "Download build artefacts 📥" | |
uses: actions/[email protected] | |
with: | |
name: Packages-${{ matrix.directory }} | |
path: dist | |
- run: ls -lR dist/ | |
- name: "Upload package to Test PyPI" | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
repository-url: https://test.pypi.org/legacy/ | |
print-hash: true | |
verbose: true | |
# Upload to PyPI on every tag/release | |
release-pypi: | |
name: "Publish released package to pypi.org" | |
environment: release-pypi | |
if: github.repository_owner == 'conda-incubator' && github.event_name == 'release' && startsWith(github.ref, 'refs/tags/') | |
runs-on: ubuntu-latest | |
needs: build-package | |
permissions: | |
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
strategy: | |
matrix: | |
directory: | |
- "conda-store" | |
- "conda-store-server" | |
defaults: | |
run: | |
working-directory: ${{ matrix.directory }} | |
steps: | |
- name: "Download build artefacts 📥" | |
uses: actions/[email protected] | |
with: | |
name: Packages-${{ matrix.directory }} | |
path: dist | |
- name: "Upload to PyPI 🚀" | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
print-hash: true | |
verbose: true | |
build_and_push_docker_image: | |
name: "Build Docker Images 🛠" | |
runs-on: ubuntu-latest | |
needs: release-pypi | |
permissions: | |
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
strategy: | |
matrix: | |
docker-image: | |
- conda-store | |
- conda-store-server | |
steps: | |
- name: "Checkout Repository 🛎" | |
uses: actions/checkout@v4 | |
- name: "Get project's default Python version 🏷️" | |
run: | | |
echo "PYTHON_VERSION_DEFAULT=$(cat .python-version-default)" >> $GITHUB_ENV | |
- name: "Copy .dockerignore" | |
run: | | |
cp .dockerignore ${{ matrix.docker-image }}/.dockerignore | |
shell: bash | |
- name: "Retrieve secret from Vault 🗝" | |
uses: hashicorp/vault-action@v2 | |
with: | |
method: jwt | |
url: "https://quansight-vault-public-vault-b2379fa7.d415e30e.z1.hashicorp.cloud:8200" | |
namespace: "admin/quansight" | |
role: "repository-conda-incubator-conda-store-role" | |
secrets: | | |
kv/data/repository/conda-incubator/conda-store/shared_secrets DOCKER_QUANSIGHT_USERNAME | DOCKER_USERNAME; | |
kv/data/repository/conda-incubator/conda-store/shared_secrets DOCKER_QUANSIGHT_PASSWORD | DOCKER_PASSWORD; | |
kv/data/repository/conda-incubator/conda-store/shared_secrets QUAY_QUANSIGHT_USERNAME | QUAY_USERNAME; | |
kv/data/repository/conda-incubator/conda-store/shared_secrets QUAY_QUANSIGHT_PASSWORD | QUAY_PASSWORD; | |
- name: "Set up Docker Buildx 🏗" | |
uses: docker/setup-buildx-action@v3 | |
- name: "Login to Docker Hub 🐳" | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: "Login to quay.io 🐳" | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ env.QUAY_USERNAME }} | |
password: ${{ env.QUAY_PASSWORD }} | |
- name: "Add Docker metadata 📝" | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
quansight/${{ matrix.docker-image }} | |
quay.io/quansight/${{ matrix.docker-image }} | |
tags: | | |
type=ref,event=tag | |
type=ref,event=branch | |
type=sha | |
- name: "Publish Docker image 🚀" | |
uses: docker/build-push-action@v5 | |
with: | |
context: "${{ matrix.docker-image }}" | |
target: "prod" | |
file: "${{ matrix.docker-image }}/Dockerfile" | |
build-args: | | |
RELEASE_VERSION=${{github.ref_name}} | |
python_version=${{ env.PYTHON_VERSION_DEFAULT }} | |
tags: | | |
${{ steps.meta.outputs.tags }} | |
push: true | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
if: github.event_name == 'release' && startsWith(github.ref, 'refs/tags/') |