Skip to content

CI

CI #110

Workflow file for this run

name: CI
on:
push:
branches:
- main
tags:
- "v*"
pull_request:
branches:
- main
schedule:
# <minute [0,59]> <hour [0,23]> <day of the month [1,31]>
# <month of the year [1,12]> <day of the week [0,6]>
# https://pubs.opengroup.org/onlinepubs/9699919799/utilities/crontab.html#tag_20_25_07
# Run every Monday at 10:24:00 PST
# (Since these CRONs are used by a lot of people -
# let's be nice to the servers and schedule it _not_ on the hour)
- cron: "24 18 * * 1"
workflow_dispatch:
jobs:
# Check that all files listed in manifest make it into build
check-manifest:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: "recursive"
- uses: actions/setup-python@v5
with:
python-version: "3.x"
- run: pip install check-manifest && check-manifest
# Check tests pass on multiple Python and OS combinations
test:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
python-version: [3.9, "3.10", 3.11]
os: [ubuntu-latest, macOS-latest, windows-latest]
env:
BUCKET_NAME : "bioio-dev-test-resources"
AWS_REGION : "us-west-2"
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
steps:
- uses: actions/checkout@v4
with:
submodules: "recursive"
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::978220035532:role/bioio_github
role-session-name: bioio-czi-${{ github.sha }}
aws-region: ${{ env.AWS_REGION }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- uses: extractions/setup-just@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Dependencies
run: |
python -m pip install --upgrade pip
pip install .[test]
- uses: actions/cache@v4
id: cache
with:
path: bioio_czi/tests/resources
key: ${{ hashFiles('scripts/TEST_RESOURCES_HASH.txt') }}
- name: Download Test Resources
if: steps.cache.outputs.cache-hit != 'true'
run: |
python scripts/download_test_resources.py --debug
- name: Run Tests
run: just test
- name: Upload Codecov
uses: codecov/codecov-action@v5
# Check linting, formating, types, etc.
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: "recursive"
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- uses: extractions/setup-just@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Dependencies
run: |
python -m pip install --upgrade pip
pip install .[lint]
- name: Lint
run: just lint
# Publish to PyPI if test, lint, and manifest checks passed
publish:
if: "success() && startsWith(github.ref, 'refs/tags/')"
needs: [check-manifest, test, lint]
runs-on: ubuntu-latest
environment: release
permissions:
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
steps:
- uses: actions/checkout@v4
with:
submodules: "recursive"
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install Dependencies
run: |
python -m pip install --upgrade pip
pip install build wheel
- name: Build Package
run: |
python -m build
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
# GitHub does not provide a "all status checks must pass" option
# in branch protection settings. Instead, you have to specify exactly
# what status checks want to require to pass before merging. However,
# naming each individual check would be effectively impossible.
# Therefore, by creating this stage in every repo in the org we can
# require "Report Result" to pass before merging and this stage can
# represent the result of the other checks where it only passes if
# all the other checks pass.
results:
if: ${{ always() && github.event_name == 'pull_request' }}
needs: [check-manifest, test, lint]
runs-on: ubuntu-latest
name: Report Result
steps:
- run: exit 1
# see https://stackoverflow.com/a/67532120/4907315
if: >-
${{
contains(needs.*.result, 'failure')
|| contains(needs.*.result, 'cancelled')
}}