-
Notifications
You must be signed in to change notification settings - Fork 0
139 lines (116 loc) · 4.25 KB
/
workflow-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: CI\CD
on:
push:
branches:
- main
tags:
- '*'
pull_request:
workflow_dispatch:
# Update docker hub retention policy
schedule:
- cron: "21 7 8 * *"
env:
PIP_NO_CACHE_DIR: "off"
POETRY_VIRTUALENVS_IN_PROJECT: "true"
POETRY_NO_INTERACTION: "1"
DOCKER_BUILDKIT: "1"
COMPOSE_DOCKER_CLI_BUILD: "1"
PROJECT_NAME: "picodi"
REGISTRY: "docker.io"
REGISTRY_USERNAME: "yakimka"
REGISTRY_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
CACHE_REGISTRY: "ghcr.io"
CACHE_REGISTRY_USERNAME: "yakimka"
CACHE_REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DOCKER_COMPOSE_SERVICE_NAME: "app"
MAIN_PY_VERSION: "3.11"
POETRY_DOCKER_IMAGE: "yakimka/poetry:1.8.2-py3.11-slim"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: read-all
jobs:
check-code:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
strategy:
matrix:
python-version: ['3.10', '3.11', '3.12']
steps:
- uses: actions/checkout@v4
- run: echo "DEV_IMAGE_FULL_NAME=$(echo ${CACHE_REGISTRY}/${CACHE_REGISTRY_USERNAME}/${PROJECT_NAME})" >> $GITHUB_ENV
- run: echo "DEV_VERSION=`(cat Dockerfile-dev; cat .github/workflows/workflow-ci.yml)|sha1sum |cut -c 1-8`" >> $GITHUB_ENV
- run: echo "DEV_IMAGE=${DEV_IMAGE_FULL_NAME}:dev-${{ matrix.python-version }}-${DEV_VERSION}" >> $GITHUB_ENV
- run: echo "VERSION=$(echo ${GITHUB_REF:10})" >> $GITHUB_ENV
- run: echo "SHORT_VERSION=$(echo ${VERSION%.*})" >> $GITHUB_ENV
- name: Prepare Docker
run: |
cp .env.template .env
docker login "$CACHE_REGISTRY" -u "$CACHE_REGISTRY_USERNAME" --password="${CACHE_REGISTRY_TOKEN}"
docker buildx create --use --driver=docker-container
docker --version && docker compose --version
- name: Load cached venv and cache
id: cached-venv-and-cache
uses: actions/cache@v3
with:
path: |
.venv
.cache
key: py${{ matrix.python-version }}-${{ hashFiles('./poetry.lock') }}
- name: Build docker dev image
run: |
docker pull ${DEV_IMAGE} || (
PYTHON_VERSION=${{ matrix.python-version }} docker compose build ${DOCKER_COMPOSE_SERVICE_NAME} ;
docker tag ${PROJECT_NAME}:dev ${DEV_IMAGE} ;
docker push ${DEV_IMAGE}
)
docker tag ${DEV_IMAGE} ${PROJECT_NAME}:dev
- name: Run checks
run: docker compose run -e CI=1 --user=$(id -u) --rm devtools ./ci.sh
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
file: ./coverage.xml
# token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
- uses: actions/upload-artifact@v3
with:
name: built-package-py${{ matrix.python-version }}
path: dist/
release-package:
runs-on: ubuntu-latest
needs: [ check-code ]
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v3
with:
name: built-package-py${{ env.MAIN_PY_VERSION }}
path: dist/
- name: Prepare Docker
run: |
docker login "$REGISTRY" -u "$REGISTRY_USERNAME" --password="${REGISTRY_TOKEN}" || true
- name: Pull and spin dev container
run: |
docker run -v $(pwd):/code -w /code --rm -d --name=poetry ${POETRY_DOCKER_IMAGE} sleep infinity
- run: echo "PROJECT_VERSION=$(docker exec poetry poetry version --short)" >> $GITHUB_ENV
- name: Login to PyPI
env:
PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
run: |
echo "Login"
docker exec poetry poetry config pypi-token.pypi $PYPI_TOKEN || true
- name: Check if tag version matches project version
if: startsWith(github.ref, 'refs/tags/')
run: |
TAG=${GITHUB_REF:10}
echo $TAG
echo $PROJECT_VERSION
if [[ "$TAG" != "$PROJECT_VERSION" ]]; then exit 1; fi
- name: Build and publish (dry-run)
if: github.actor != 'dependabot[bot]'
run: docker exec poetry poetry publish --dry-run
- name: Build and publish
if: startsWith(github.ref, 'refs/tags/')
run: docker exec poetry poetry publish