Refactoring (#12) #44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI\CD | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- '*' | |
pull_request: | |
workflow_dispatch: | |
# Update docker hub retention policy | |
schedule: | |
- cron: "21 7 8 * *" | |
env: | |
PIP_NO_CACHE_DIR: "off" | |
POETRY_VIRTUALENVS_IN_PROJECT: "true" | |
POETRY_NO_INTERACTION: "1" | |
DOCKER_BUILDKIT: "1" | |
COMPOSE_DOCKER_CLI_BUILD: "1" | |
PROJECT_NAME: "picodi" | |
REGISTRY: "docker.io" | |
REGISTRY_USERNAME: "yakimka" | |
REGISTRY_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
CACHE_REGISTRY: "ghcr.io" | |
CACHE_REGISTRY_USERNAME: "yakimka" | |
CACHE_REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
DOCKER_COMPOSE_SERVICE_NAME: "app" | |
MAIN_PY_VERSION: "3.11" | |
POETRY_DOCKER_IMAGE: "yakimka/poetry:1.8.2-py3.11-slim" | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
permissions: read-all | |
jobs: | |
check-code: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
strategy: | |
matrix: | |
python-version: ['3.10', '3.11', '3.12'] | |
steps: | |
- uses: actions/checkout@v4 | |
- run: echo "DEV_IMAGE_FULL_NAME=$(echo ${CACHE_REGISTRY}/${CACHE_REGISTRY_USERNAME}/${PROJECT_NAME})" >> $GITHUB_ENV | |
- run: echo "DEV_VERSION=`(cat Dockerfile-dev; cat .github/workflows/workflow-ci.yml)|sha1sum |cut -c 1-8`" >> $GITHUB_ENV | |
- run: echo "DEV_IMAGE=${DEV_IMAGE_FULL_NAME}:dev-${{ matrix.python-version }}-${DEV_VERSION}" >> $GITHUB_ENV | |
- run: echo "VERSION=$(echo ${GITHUB_REF:10})" >> $GITHUB_ENV | |
- run: echo "SHORT_VERSION=$(echo ${VERSION%.*})" >> $GITHUB_ENV | |
- name: Prepare Docker | |
run: | | |
docker login "$CACHE_REGISTRY" -u "$CACHE_REGISTRY_USERNAME" --password="${CACHE_REGISTRY_TOKEN}" | |
docker buildx create --use --driver=docker-container | |
docker --version && docker compose --version | |
- name: Load cached venv and cache | |
id: cached-venv-and-cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
.venv | |
.cache | |
key: py${{ matrix.python-version }}-${{ hashFiles('./poetry.lock') }} | |
- name: Build docker dev image | |
run: | | |
docker pull ${DEV_IMAGE} || ( | |
PYTHON_VERSION=${{ matrix.python-version }} docker compose build ${DOCKER_COMPOSE_SERVICE_NAME} ; | |
docker tag ${PROJECT_NAME}:dev ${DEV_IMAGE} ; | |
docker push ${DEV_IMAGE} | |
) | |
docker tag ${DEV_IMAGE} ${PROJECT_NAME}:dev | |
- name: Run checks | |
run: docker compose run -e CI=1 --user=$(id -u) --rm devtools ./ci.sh | |
- name: Upload coverage reports to Codecov | |
uses: codecov/[email protected] | |
with: | |
file: ./coverage.xml | |
token: ${{ secrets.CODECOV_TOKEN }} | |
slug: yakimka/picodi | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: built-package-py${{ matrix.python-version }} | |
path: dist/ | |
release-package: | |
runs-on: ubuntu-latest | |
needs: [ check-code ] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: built-package-py${{ env.MAIN_PY_VERSION }} | |
path: dist/ | |
- name: Prepare Docker | |
run: | | |
docker login "$REGISTRY" -u "$REGISTRY_USERNAME" --password="${REGISTRY_TOKEN}" || true | |
- name: Pull and spin dev container | |
run: | | |
docker run -v $(pwd):/code -w /code --rm -d --name=poetry ${POETRY_DOCKER_IMAGE} sleep infinity | |
- run: echo "PROJECT_VERSION=$(docker exec poetry poetry version --short)" >> $GITHUB_ENV | |
- name: Login to PyPI | |
env: | |
PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }} | |
run: | | |
echo "Login" | |
docker exec poetry poetry config pypi-token.pypi $PYPI_TOKEN || true | |
- name: Check if tag version matches project version | |
if: startsWith(github.ref, 'refs/tags/') | |
run: | | |
TAG=${GITHUB_REF:10} | |
echo $TAG | |
echo $PROJECT_VERSION | |
if [[ "$TAG" != "$PROJECT_VERSION" ]]; then exit 1; fi | |
- name: Build and publish (dry-run) | |
if: github.actor != 'dependabot[bot]' | |
run: docker exec poetry poetry publish --dry-run | |
- name: Build and publish | |
if: startsWith(github.ref, 'refs/tags/') | |
run: docker exec poetry poetry publish |