Skip to content

Commit

Permalink
Build a documentation site with mkdocs to allow testing more reusable…
Browse files Browse the repository at this point in the history 
… workflows (#28)

* docs: Add all necessary files for building the documentation with mkdocs

* docs: Update ignore settings

* docs: Add numbered lists to main Readme to enable easier visibility into the total number of actions/workflows in the repo

* docs: Added documentation around the GitHub Actions Environments used by the various reusable workflows

* ci: Test on windows to try to catch failures

* ci: Convert all references to tags in Workflows to commit SHAs

* docs: Update changelog
  • Loading branch information
@nfelt14
nfelt14 authored Aug 30, 2024
1 parent b3a26c4 commit 4ad7e69
Show file tree
Hide file tree
Showing 48 changed files with 1,316 additions and 121 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/_reusable-check-api-for-breaking-changes.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,11 @@ jobs:
env:
PACKAGE_NAME: ${{ inputs.package-name }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v5
uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f
with:
python-version-file: pyproject.toml
- name: Install package to check
Expand All @@ -33,7 +33,7 @@ jobs:
griffe check --format=verbose --against="$(git rev-parse origin/main)" --search=src "$PACKAGE_NAME" 2>&1 | tee -a breaking_changes.md
- name: Finish writing summary file
run: echo "\`\`\`" >> breaking_changes.md
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a
with:
name: breaking_changes
path: breaking_changes.md
8 changes: 4 additions & 4 deletions .github/workflows/_reusable-codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,14 @@ jobs:
language: ${{ fromJSON(inputs.languages-array) }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@be8b74c09c1778bcdbea38e1a45efea2cb73e18c
with:
languages: ${{ matrix.language }}
queries: ${{ inputs.codeql-queries }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@be8b74c09c1778bcdbea38e1a45efea2cb73e18c
with:
category: /language:${{matrix.language}}
# Check that all jobs passed
Expand All @@ -42,6 +42,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@v1.2.2
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe
with:
jobs: ${{ toJSON(needs) }}
6 changes: 3 additions & 3 deletions .github/workflows/_reusable-enforce-community-standards.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,9 @@ jobs:
- .github/dependabot.@(yml|yaml)
- .github/workflows/codeql-analysis.@(yml|yaml)
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: Ensure ${{ matrix.filename }} exists
uses: andstor/file-existence-action@v3
uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6
with:
files: ${{ matrix.filename }}
ignore_case: false
Expand All @@ -36,6 +36,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@v1.2.2
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe
with:
jobs: ${{ toJSON(needs) }}
10 changes: 5 additions & 5 deletions .github/workflows/_reusable-package-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,10 @@ jobs:
id-token: write
attestations: write
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
fetch-depth: 0
- uses: hynek/build-and-inspect-python-package@v2.8.0
- uses: hynek/build-and-inspect-python-package@2dbbf2b252d3a3c7cec7a810e3ed5983bd17b13a
id: build-pkg
with:
attest-build-provenance-github: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }}
Expand All @@ -54,12 +54,12 @@ jobs:
python-version: ${{ fromJSON(inputs.python-versions-array) }}
steps:
- name: Download built packages
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: Packages
path: dist
- name: Set up Python
uses: actions/setup-python@v5
uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f
with:
python-version: ${{ matrix.python-version }}
check-latest: true
Expand All @@ -80,6 +80,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@v1.2.2
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe
with:
jobs: ${{ toJSON(needs) }}
28 changes: 14 additions & 14 deletions .github/workflows/_reusable-package-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ jobs:
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: python-versions-array input missing
if: ${{ inputs.build-and-publish-python-package == true && (inputs.python-versions-array == null || inputs.python-versions-array == '') }}
run: |
Expand Down Expand Up @@ -124,7 +124,7 @@ jobs:
id-token: write
contents: write
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
fetch-depth: 0
token: ${{ secrets.checkout-token }}
Expand All @@ -139,7 +139,7 @@ jobs:
previous-changelog-filepath: ${{ inputs.previous-changelog-filepath }}
previous-release-notes-filepath: ${{ inputs.previous-release-notes-filepath }}
- name: Python Semantic Release
uses: python-semantic-release/python-semantic-release@v9.8.7
uses: python-semantic-release/python-semantic-release@708671d0eb33bcbea78c5a3d81ae04c60deeddf3
id: release
with:
force: ${{ inputs.release-level }}
Expand All @@ -162,12 +162,12 @@ jobs:
id-token: write
attestations: write
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
ref: main # Make sure to check out the latest commit on main, not the original commit that triggered the workflow
fetch-depth: 0
- name: Build package
uses: hynek/build-and-inspect-python-package@v2.8.0
uses: hynek/build-and-inspect-python-package@2dbbf2b252d3a3c7cec7a810e3ed5983bd17b13a
with:
attest-build-provenance-github: 'true'
# Upload the official package version to TestPyPI
Expand All @@ -182,12 +182,12 @@ jobs:
id-token: write
steps:
- name: Download built packages
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: Packages
path: dist
- name: Upload package to Test PyPI
uses: pypa/gh-action-pypi-publish@v1.9.0
uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0
with:
password: ${{ secrets.test-pypi-api-token }}
repository-url: https://test.pypi.org/legacy/
Expand All @@ -203,12 +203,12 @@ jobs:
id-token: write
steps:
- name: Download built packages
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: Packages
path: dist
- name: Upload package to PyPI
uses: pypa/gh-action-pypi-publish@v1.9.0
uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0
with:
password: ${{ secrets.pypi-api-token }}
# Upload the official package binaries to the GitHub Release
Expand All @@ -222,17 +222,17 @@ jobs:
id-token: write
contents: write
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
ref: main # Make sure to check out the latest commit on main, not the original commit that triggered the workflow
fetch-depth: 0
- name: Download built packages
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: Packages
path: dist
- name: Publish package distributions to GitHub Releases
uses: python-semantic-release/upload-to-gh-release@v9.8.7
uses: python-semantic-release/upload-to-gh-release@17c75b706f81263690a0a0dc88d83415f783fc04
with:
root_options: -v --strict
github_token: ${{ secrets.GITHUB_TOKEN }}
Expand Down Expand Up @@ -260,13 +260,13 @@ jobs:
- ' --index-url=https://test.pypi.org/simple/ --extra-index-url=https://pypi.org/simple'
steps:
- name: Set up Python
uses: actions/setup-python@v5
uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f
with:
python-version: ${{ matrix.python-version }}
check-latest: true
- name: Test installing package
# A retry is used to allow for some downtime before the package is installable
uses: nick-fields/retry@v3
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e
with:
timeout_minutes: 10
max_attempts: 5
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/_reusable-package-testpypi.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,15 +28,15 @@ jobs:
id-token: write
attestations: write
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
fetch-depth: 0
- uses: tektronix/python-package-ci-cd/actions/[email protected]
id: create-version
with:
package-name: ${{ inputs.package-name }}
- name: Build package
uses: hynek/build-and-inspect-python-package@v2.8.0
uses: hynek/build-and-inspect-python-package@2dbbf2b252d3a3c7cec7a810e3ed5983bd17b13a
with:
attest-build-provenance-github: 'true'
outputs:
Expand All @@ -51,12 +51,12 @@ jobs:
id-token: write
steps:
- name: Download built packages
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: Packages
path: dist
- name: Upload package to Test PyPI
uses: pypa/gh-action-pypi-publish@v1.9.0
uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0
with:
password: ${{ secrets.test-pypi-api-token }}
repository-url: https://test.pypi.org/legacy/
Expand All @@ -68,14 +68,14 @@ jobs:
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: Set up Python
uses: actions/setup-python@v5
uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f
with:
python-version-file: pyproject.toml
- name: Test installing from test.pypi.org
# A retry is used to allow for some downtime before the package is installable
uses: nick-fields/retry@v3
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e
with:
timeout_minutes: 10
max_attempts: 5
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/_reusable-publish-api-comparison.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
if: ${{ github.event.workflow_run.event == 'pull_request' && !contains(fromJSON('["skipped", "cancelled", "failed"]'), github.event.workflow_run.conclusion) }}
steps:
- name: Download and Extract Artifacts
uses: dawidd6/action-download-artifact@v6
uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11
with:
run_id: ${{ github.event.workflow_run.id }}
name: breaking_changes
Expand All @@ -25,11 +25,11 @@ jobs:
fi
- name: Fetch PR number
id: pr
uses: 8BitJonny/gh-get-current-pr@3.0.0
uses: 8BitJonny/gh-get-current-pr@08e737c57a3a4eb24cec6487664b243b77eb5e36
with:
sha: ${{ github.event.workflow_run.head_sha }}
- name: Publish API Breaking Changes Check Results
uses: marocchino/sticky-pull-request-comment@v2
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31
if: ${{ env.BREAKING_CHANGES == 'true' }}
with:
header: breaking-api-changes
Expand All @@ -38,7 +38,7 @@ jobs:
path: artifacts/breaking_changes.md
- name: Add workflow link to comment
if: ${{ env.BREAKING_CHANGES == 'true' }}
uses: marocchino/sticky-pull-request-comment@v2
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31
with:
header: breaking-api-changes
number: ${{ steps.pr.outputs.number }}
Expand All @@ -47,7 +47,7 @@ jobs:
<p><a href="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.event.workflow_run.id }}">Link to workflow run</a></p>
- name: Delete comment if no breaking changes are found
if: ${{ env.BREAKING_CHANGES == 'false' }}
uses: marocchino/sticky-pull-request-comment@v2
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31
with:
header: breaking-api-changes
number: ${{ steps.pr.outputs.number }}
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/_reusable-publish-test-results.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,25 +22,25 @@ jobs:
os-name: ${{ fromJSON(inputs.operating-systems-array) }}
steps:
- name: Download and Extract Artifacts
uses: dawidd6/action-download-artifact@v6
uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11
with:
run_id: ${{ github.event.workflow_run.id }}
name: artifact_${{ matrix.os-name }}_tests
path: artifacts
- name: Fetch PR number
id: pr
uses: 8BitJonny/gh-get-current-pr@3.0.0
uses: 8BitJonny/gh-get-current-pr@08e737c57a3a4eb24cec6487664b243b77eb5e36
with:
sha: ${{ github.event.workflow_run.head_sha }}
- name: Publish Test Results
uses: marocchino/sticky-pull-request-comment@v2
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31
with:
header: test-results-${{ matrix.os-name }}
number: ${{ steps.pr.outputs.number }}
recreate: true
path: artifacts/.results_tests/github_report.md
- name: Add workflow link to comment
uses: marocchino/sticky-pull-request-comment@v2
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31
with:
header: test-results-${{ matrix.os-name }}
number: ${{ steps.pr.outputs.number }}
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/_reusable-sbom-scan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,38 +11,38 @@ jobs:
create-and-scan-sbom:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f
with:
python-version-file: pyproject.toml
- name: Create lockfile
run: |
pip install poetry
poetry lock
- name: Create SBOM
uses: anchore/sbom-action@v0
uses: anchore/sbom-action@61119d458adab75f756bc0b9e4bde25725f86a7a
with:
format: spdx-json
output-file: ${{ github.event.repository.name }}-sbom.spdx.json
- uses: actions/attest-build-provenance@v1
- uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1
if: ${{ !(github.event.pull_request.head.repo.fork || github.event.workflow_call.pull_request.head.repo.fork) && github.actor != 'dependabot[bot]' }}
with:
subject-path: ${{ github.event.repository.name }}-sbom.spdx.json
- name: Scan SBOM
uses: anchore/scan-action@v4
uses: anchore/scan-action@64a33b277ea7a1215a3c142735a1091341939ff5
id: scan
with:
sbom: ${{ github.event.repository.name }}-sbom.spdx.json
fail-build: true
severity-cutoff: low
- name: Upload SBOM scan SARIF report as a workflow artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a
with:
name: sarif_artifact
path: ${{ steps.scan.outputs.sarif }}
if-no-files-found: error
- name: Upload SBOM scan SARIF report to GitHub UI Security tab
if: ${{ github.event_name != 'pull_request' }}
uses: github/codeql-action/upload-sarif@v3
uses: github/codeql-action/upload-sarif@be8b74c09c1778bcdbea38e1a45efea2cb73e18c
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
Loading

0 comments on commit 4ad7e69

Please sign in to comment.