-
Notifications
You must be signed in to change notification settings - Fork 0
148 lines (137 loc) · 4.48 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: CI
on:
push:
branches:
- main
tags:
- "v*"
pull_request:
branches:
- main
schedule:
# <minute [0,59]> <hour [0,23]> <day of the month [1,31]>
# <month of the year [1,12]> <day of the week [0,6]>
# https://pubs.opengroup.org/onlinepubs/9699919799/utilities/crontab.html#tag_20_25_07
# Run every Monday at 10:24:00 PST
# (Since these CRONs are used by a lot of people -
# let's be nice to the servers and schedule it _not_ on the hour)
- cron: "24 18 * * 1"
workflow_dispatch:
jobs:
# Check that all files listed in manifest make it into build
check-manifest:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.x"
- run: pip install check-manifest && check-manifest
# Check tests pass on multiple Python and OS combinations
test:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
python-version: [3.9, "3.10", 3.11]
os: [ubuntu-latest, macOS-latest, windows-latest]
env:
BUCKET_NAME : "bioio-dev-test-resources"
AWS_REGION : "us-west-2"
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
steps:
- uses: actions/checkout@v4
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::978220035532:role/bioio_github
role-session-name: bioio-bioformats-${{ github.sha }}
aws-region: ${{ env.AWS_REGION }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- uses: extractions/setup-just@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Dependencies
run: |
python -m pip install --upgrade pip
pip install uv
uv pip install --system .[test]
- uses: actions/cache@v4
id: cache
with:
path: bioio_bioformats/tests/resources
key: ${{ hashFiles('scripts/TEST_RESOURCES_HASH.txt') }}
- name: Download Test Resources
if: steps.cache.outputs.cache-hit != 'true'
run: |
python scripts/download_test_resources.py --debug
- name: Run Tests
run: just test
- name: Upload Codecov
uses: codecov/codecov-action@v3
# Check linting, formating, types, etc.
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- uses: extractions/setup-just@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Dependencies
run: |
python -m pip install --upgrade pip
pip install .[lint]
- name: Lint
run: just lint
# Publish to PyPI if test, lint, and manifest checks passed
publish:
if: "success() && startsWith(github.ref, 'refs/tags/')"
needs: [check-manifest, test, lint]
runs-on: ubuntu-latest
environment: release
permissions:
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install Dependencies
run: |
python -m pip install --upgrade pip
pip install build wheel
- name: Build Package
run: |
python -m build
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
# GitHub does not provide a "all status checks must pass" option
# in branch protection settings. Instead, you have to specify exactly
# what status checks want to require to pass before merging. However,
# naming each individual check would be effectively impossible.
# Therefore, by creating this stage in every repo in the org we can
# require "Report Result" to pass before merging and this stage can
# represent the result of the other checks where it only passes if
# all the other checks pass.
results:
if: ${{ always() && github.event_name == 'pull_request' }}
needs: [check-manifest, test, lint]
runs-on: ubuntu-latest
name: Report Result
steps:
- run: exit 1
# see https://stackoverflow.com/a/67532120/4907315
if: >-
${{
contains(needs.*.result, 'failure')
|| contains(needs.*.result, 'cancelled')
}}