-
Notifications
You must be signed in to change notification settings - Fork 234
269 lines (216 loc) · 9.08 KB
/
continuous-integration.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
name: Continuous Integration
on:
push:
branches:
- main
tags:
- "*"
pull_request:
env:
IS_TAG_BUILD: ${{ startsWith(github.event.ref, 'refs/tags') }}
DEV_REPOSITORY: 329710836760.dkr.ecr.us-east-1.amazonaws.com/rasa-sdk-dev
AWS_REGION: us-east-1
# This tag is used to build the image without dev dependencies
DEV_IMAGE_TAG: pr${{ github.event.number }}
# This tag is used to build the image with dev dependencies
DEV_IMAGE_WITH_DEV_DEPS_TAG: pr${{ github.event.number }}-with-dev-deps
# SECRETS
# - PYPI_TOKEN: publishing token for amn41 account, needs to be maintainer of
# RasaHQ/rasa-sdk on pypi (account credentials in 1password)
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
quality:
name: Code Quality
runs-on: ubuntu-24.04
steps:
- name: Checkout git repository 🕝
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
- name: Set up Python 3.10 🐍
uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435
with:
python-version: '3.10'
- name: Read Poetry Version 🔢
run: |
echo "POETRY_VERSION=$(scripts/poetry-version.sh)" >> $GITHUB_ENV
shell: bash
- name: Install poetry 🦄
uses: Gr1N/setup-poetry@15821dc8a61bc630db542ae4baf6a7c19a994844
with:
poetry-version: ${{ env.POETRY_VERSION }}
- name: Load Poetry Cached Libraries ⬇
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
with:
path: ~/.cache/pypoetry/virtualenvs
key: ${{ runner.os }}-poetry-3.10-${{ hashFiles('**/poetry.lock') }}
restore-keys: ${{ runner.os }}-poetry-
- name: Checkout target branch to be able to diff
if: github.event_name == 'pull_request'
run: |
git fetch origin "${{ github.base_ref }}"
echo "DOCSTRING_DIFF_BRANCH=origin/${{ github.base_ref }}" >> $GITHUB_ENV
# Fetch entire history for current branch so that `make lint-docstrings`
# can calculate the proper diff between the branches
git fetch --unshallow origin "${{ github.ref }}"
- name: Install Dependencies 📦
run: make install
- name: Listing Dependencies 📦
run: poetry show
- name: Lint Code 🎎
run: |
# If it's not a pull request, $DOCSTRING_DIFF_BRANCH is unset.
# This will result in an empty diff, which effictively means that
# make lint-docstrings will be skipped for other events than `pull_request`
make lint BRANCH=$DOCSTRING_DIFF_BRANCH
- name: Check Types 📚
run: make types
test:
name: Run Tests
runs-on: ubuntu-24.04
strategy:
matrix:
python-version: [3.9, '3.10', '3.11', '3.12']
steps:
- name: Checkout git repository 🕝
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
- name: Set up Python ${{ matrix.python-version }} 🐍
uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435
with:
python-version: ${{ matrix.python-version }}
- name: Read Poetry Version 🔢
run: |
echo "POETRY_VERSION=$(scripts/poetry-version.sh)" >> $GITHUB_ENV
shell: bash
- name: Install poetry 🦄
uses: Gr1N/setup-poetry@15821dc8a61bc630db542ae4baf6a7c19a994844
with:
poetry-version: ${{ env.POETRY_VERSION }}
- name: Load Poetry Cached Libraries ⬇
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
with:
path: ~/.cache/pypoetry/virtualenvs
key: ${{ runner.os }}-poetry-${{ matrix.python-version }}-${{ hashFiles('**/poetry.lock') }}
restore-keys: ${{ runner.os }}-poetry-
- name: Install Dependencies 📦
run: make install
- name: Test Code 🔍
run: make test
- name: Send Coverage Report 📊
if: matrix.python-version == '3.10'
env:
COVERALLS_REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COVERALLS_SERVICE_NAME: github
run: poetry run coveralls
docker_linter:
name: Lint Dockerfile
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
- name: Lint Dockerfile
uses: brpaz/hadolint-action@1623ba61710b974b55ba455930e6f2c8ef919778
with:
dockerfile: "Dockerfile"
rasa-sdk-dev-docker-image:
name: Build dev Docker image
if: "!startsWith(github.ref, 'refs/heads/prepare-release-')"
runs-on: ubuntu-24.04
steps:
- name: Check out code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Authenticate to AWS ECR
uses: ./.github/actions/auth-aws-ecr
with:
AWS_REGION: ${{ env.AWS_REGION }}
AWS_ARN_ROLE_TO_ASSUME: ${{ secrets.AWS_ASSUME_ROLE_SESSION_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0
- name: Build and push docker image to AWS
run: |
IMAGE_NAME=${{ env.DEV_REPOSITORY }} \
IMAGE_TAG=${{ env.DEV_IMAGE_TAG }} \
make build-and-push-multi-platform-docker
rasa-sdk-with-dev-deps-docker-image:
name: Build dev Docker image with dev dependencies
if: "!startsWith(github.ref, 'refs/heads/prepare-release-')"
runs-on: ubuntu-24.04
steps:
- name: Check out code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Authenticate to AWS ECR
uses: ./.github/actions/auth-aws-ecr
with:
AWS_REGION: ${{ env.AWS_REGION }}
AWS_ARN_ROLE_TO_ASSUME: ${{ secrets.AWS_ASSUME_ROLE_SESSION_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0
- name: Build and push docker image to AWS
run: |
IMAGE_WITH_DEV_DEPS=${{ env.DEV_REPOSITORY }} \
IMAGE_TAG=${{ env.DEV_IMAGE_WITH_DEV_DEPS_TAG }} \
make build-and-push-multi-platform-docker-with-dev-deps
grpc_standalone_integration_tests:
name: Run gRPC integration tests using standalone server
if: "!startsWith(github.ref, 'refs/heads/prepare-release-')"
runs-on: ubuntu-24.04
needs: [rasa-sdk-with-dev-deps-docker-image]
steps:
- name: Check out code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Authenticate to AWS ECR
uses: ./.github/actions/auth-aws-ecr
with:
AWS_REGION: ${{ env.AWS_REGION }}
AWS_ARN_ROLE_TO_ASSUME: ${{ secrets.AWS_ASSUME_ROLE_SESSION_TOKEN }}
- name: Docker version
run: docker --version && docker compose version
- name: gRPC Server Integration Testing - Run tests on gRPC server with and without TLS 🩺
run: |
make run-grpc-standalone-integration-tests
env:
IMAGE_WITH_DEV_DEPS: ${{ env.DEV_REPOSITORY }}
IMAGE_TAG: ${{ env.DEV_IMAGE_WITH_DEV_DEPS_TAG }}
grpc_docker_integration_tests:
name: Run gRPC integration tests using Docker containers
if: "!startsWith(github.ref, 'refs/heads/prepare-release-')"
runs-on: ubuntu-24.04
needs: [rasa-sdk-dev-docker-image, rasa-sdk-with-dev-deps-docker-image]
steps:
- name: Check out code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Authenticate to AWS ECR
uses: ./.github/actions/auth-aws-ecr
with:
AWS_REGION: ${{ env.AWS_REGION }}
AWS_ARN_ROLE_TO_ASSUME: ${{ secrets.AWS_ASSUME_ROLE_SESSION_TOKEN }}
- name: Docker version
run: docker --version && docker compose version
- name: gRPC Server Integration Testing - Run env docker containers
run: |
make start-grpc-integration-test-env
env:
IMAGE_NAME: ${{ env.DEV_REPOSITORY }}
IMAGE_TAG: ${{ env.DEV_IMAGE_TAG }}
- name: gRPC Server Integration Testing - Run tests on gRPC server with and without TLS 🩺
run: |
make run-grpc-integration-tests
env:
IMAGE_WITH_DEV_DEPS: ${{ env.DEV_REPOSITORY }}
IMAGE_TAG: ${{ env.DEV_IMAGE_WITH_DEV_DEPS_TAG }}
- name: gRPC Server Integration Testing - Stop env docker containers
run: |
make stop-grpc-integration-test-env
env:
IMAGE_NAME: ${{ env.DEV_REPOSITORY }}
IMAGE_TAG: ${{ env.DEV_IMAGE_TAG }}
- name: Show container logs
if: always()
uses: ./.github/actions/debug-grpc
with:
COMPOSE_FILE_PATH: integration_tests/grpc_server/setup/docker-compose.yml
RASA_SDK_REPOSITORY: ${{ env.DEV_REPOSITORY }}
RASA_SDK_IMAGE_TAG: ${{ env.DEV_IMAGE_TAG }}