This repository has been archived by the owner on Jul 19, 2024. It is now read-only.
WAL-3320 update pypi source #1470
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: [master] | |
| pull_request: | |
| branches: [master] | |
| release: | |
| types: [published] | |
| jobs: | |
| tests: | |
| name: tests | |
| runs-on: ubuntu-latest | |
| env: | |
| LOG_FORMATTER: brief | |
| SQLALCHEMY_DATABASE_URI: "postgresql://[email protected]:5432/polaris" | |
| REDIS_URL: redis://127.0.0.1:6379/0 | |
| TESTING: "True" | |
| POLARIS_PUBLIC_URL: http://fake-polaris-public-url | |
| services: | |
| postgres: | |
| image: postgres:latest | |
| ports: | |
| - 5432:5432 | |
| env: | |
| POSTGRES_DB: polaris_test | |
| POSTGRES_HOST_AUTH_METHOD: trust | |
| redis: | |
| image: redis:latest | |
| ports: | |
| - 6379:6379 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: fs | |
| scan-ref: "." | |
| scanners: "vuln" | |
| vuln-type: library | |
| ignore-unfixed: true | |
| exit-code: 0 | |
| severity: UNKNOWN,LOW,MEDIUM | |
| - uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: fs | |
| scan-ref: "." | |
| scanners: "vuln" | |
| vuln-type: library | |
| ignore-unfixed: true | |
| exit-code: 1 | |
| severity: HIGH,CRITICAL | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.10" | |
| - run: pip install poetry | |
| - run: poetry config virtualenvs.create false | |
| - run: poetry config http-basic.azure jeff ${{ secrets.AZURE_DEVOPS_PAT }} | |
| - run: poetry install | |
| - run: alembic upgrade head | |
| - run: black --check . | |
| - run: isort --check . | |
| - run: xenon --no-assert --max-average A --max-modules B --max-absolute B . | |
| - run: ruff polaris tests asgi.py | |
| - run: mypy . | |
| - run: refurb polaris tests asgi.py | |
| - run: pytest --verbose --cov polaris --cov-report term-missing | |
| release_dev: | |
| if: github.event_name == 'push' | |
| name: release_dev | |
| environment: development | |
| runs-on: ubuntu-latest | |
| needs: [tests] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - run: echo "container_tag=$(date +'%FT%H%M%SZ')" >> $GITHUB_ENV | |
| - uses: docker/login-action@v2 | |
| with: | |
| registry: binkcore.azurecr.io | |
| username: binkcore | |
| password: ${{ secrets.ACR_BINKCORE_PASSWORD }} | |
| - uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| build-args: | | |
| PIP_INDEX_URL=${{ secrets.AZURE_DEVOPS_PAT_URL }} | |
| push: true | |
| tags: | | |
| binkcore.azurecr.io/${{ github.event.repository.name }}:${{ env.container_tag }} | |
| binkcore.azurecr.io/${{ github.event.repository.name }}:latest | |
| release_staging: | |
| if: github.event_name == 'release' && github.event.action == 'published' | |
| name: release_staging | |
| environment: staging | |
| runs-on: ubuntu-latest | |
| needs: [tests] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: tag_check | |
| run: | | |
| if ! [[ ${{ github.event.release.tag_name }} =~ [0-9]+.[0-9]+.[0-9]+ ]]; then | |
| exit 1; | |
| fi | |
| - uses: docker/login-action@v2 | |
| with: | |
| registry: binkcore.azurecr.io | |
| username: binkcore | |
| password: ${{ secrets.ACR_BINKCORE_PASSWORD }} | |
| - uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| build-args: | | |
| PIP_INDEX_URL=${{ secrets.AZURE_DEVOPS_PAT_URL }} | |
| push: true | |
| tags: | | |
| binkcore.azurecr.io/${{ github.event.repository.name }}:${{ github.event.release.tag_name }} | |
| binkcore.azurecr.io/${{ github.event.repository.name }}:staging-${{ github.event.release.tag_name }} | |
| binkcore.azurecr.io/${{ github.event.repository.name }}:staging | |
| release_production: | |
| if: github.event_name == 'release' && github.event.action == 'published' | |
| name: release_production | |
| environment: production | |
| needs: [release_staging] | |
| runs-on: ubuntu-latest | |
| container: ghcr.io/binkhq/tagbot:latest | |
| steps: | |
| - run: | | |
| tagbot \ | |
| --username binkcore \ | |
| --password ${{ secrets.ACR_BINKCORE_PASSWORD }} \ | |
| --source binkcore.azurecr.io/${{ github.event.repository.name }}:${{ github.event.release.tag_name }} \ | |
| --tag prod-${{ github.event.release.tag_name }} | |
| tagbot \ | |
| --username binkcore \ | |
| --password ${{ secrets.ACR_BINKCORE_PASSWORD }} \ | |
| --source binkcore.azurecr.io/${{ github.event.repository.name }}:${{ github.event.release.tag_name }} \ | |
| --tag prod |