-
-
Notifications
You must be signed in to change notification settings - Fork 9
177 lines (155 loc) · 6.55 KB
/
lint_test_build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
# Github Action Workflow enforcing our code style and running tests.
# misnomer, but not worth changing it
# still not worth changing imo
name: Lint, Test, Build
# Trigger the workflow on both push (to the main repository)
# and pull requests (against the main repository, but from any repo).
on:
push:
branches:
- main
pull_request:
# Brand new concurrency setting! This ensures that not more than one run can be triggered for the same commit.
# It is useful for pull requests coming from the main repository since both triggers will match.
concurrency:
group: ${{ github.workflow }}-${{ github.repository }}-${{ github.ref }}
cancel-in-progress: false
permissions:
read-all
env:
# Configure pip to cache dependencies and do a user install
PIP_NO_CACHE_DIR: false
PIP_USER: 1
PYTHON_VERSION: '3.10'
# Specify explicit paths for python dependencies and the pre-commit
# environment so we know which directories to cache
POETRY_CACHE_DIR: ${{ github.workspace }}/.cache/py-user-base
PYTHONUSERBASE: ${{ github.workspace }}/.cache/py-user-base
PRE_COMMIT_HOME: ${{ github.workspace }}/.cache/pre-commit-cache
jobs:
lint:
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- name: Add custom PYTHONUSERBASE to PATH
run: echo '${{ env.PYTHONUSERBASE }}/bin/' >> $GITHUB_PATH
# Checks out the repository in the current folder.
- name: Checks out repository
uses: actions/checkout@v4
# Set up the right version of Python
- name: Set up Python ${{ env.PYTHON_VERSION }}
id: python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
# This step caches our Python dependencies. To make sure we
# only restore a cache when the dependencies, the python version,
# the runner operating system, and the dependency location haven't
# changed, we create a cache key that is a composite of those states.
#
# Only when the context is exactly the same, we will restore the cache.
- name: Python Dependency Caching
uses: actions/cache@v4
id: python_cache
with:
path: ${{ env.PYTHONUSERBASE }}
key: "python-0-${{ runner.os }}-${{ env.PYTHONUSERBASE }}-\
${{ steps.python.outputs.python-version }}-\
${{ hashFiles('./pyproject.toml', './poetry.lock') }}"
# Install our dependencies if we did not restore a dependency cache
- name: Install dependencies using poetry
# if: steps.python_cache.outputs.cache-hit != 'true'
run: |
pip install poetry==1.7.1 poetry-plugin-export==1.6.0
poetry install --no-interaction --no-ansi
# This step caches our pre-commit environment. To make sure we
# do create a new environment when our pre-commit setup changes,
# we create a cache key based on relevant factors.
- name: Pre-commit Environment Caching
uses: actions/cache@v4
with:
path: ${{ env.PRE_COMMIT_HOME }}
key: "precommit-0-${{ runner.os }}-${{ env.PRE_COMMIT_HOME }}-\
${{ steps.python.outputs.python-version }}-\
${{ hashFiles('./.pre-commit-config.yaml') }}"
# We will not run `black` here, as we will use a seperate
# black action. As pre-commit does not support user installs,
# we set PIP_USER=0 to not do a user install.
- name: Run pre-commit hooks
id: pre-commit
run: export PIP_USER=0; SKIP="no-commit-to-branch,black" poetry run pre-commit run --all-files
# Run black seperately as we don't want to reformat the files
# just error if something isn't formatted correctly.
- name: Check files with black
id: black
if: always() && (steps.pre-commit.outcome == 'success' || steps.pre-commit.outcome == 'failure')
run: poetry run black . --check --diff --color
build:
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
name: Build & Push
needs: [lint]
runs-on: ubuntu-latest
permissions:
packages: write
steps:
# Create a commit SHA-based tag for the container repositories
- name: Create SHA Container Tag
id: sha_tag
run: |
tag=$(cut -c 1-7 <<< $GITHUB_SHA)
echo "tag=$tag" >> $GITHUB_OUTPUT
# Check out the current repository in the `monty` subdirectory
- name: Checkout code
uses: actions/checkout@v4
with:
path: monty
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Github Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
# Build and push the container to the GitHub Container
# Repository. The container will be tagged as "latest"
# and with the short SHA of the commit.
- name: Build and push
uses: docker/build-push-action@v6
with:
context: monty/
file: monty/Dockerfile
push: true
cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/monty-python:latest
cache-to: type=inline
tags: |
ghcr.io/${{ github.repository_owner }}/monty-python:latest
ghcr.io/${{ github.repository_owner }}/monty-python:${{ steps.sha_tag.outputs.tag }}
build-args: |
git_sha=${{ github.sha }}
artifact:
name: Generate Artifact
if: always()
runs-on: ubuntu-latest
steps:
# Prepare the Pull Request Payload artifact. If this fails, we
# we fail silently using the `continue-on-error` option. It's
# nice if this succeeds, but if it fails for any reason, it
# does not mean that our lint-test checks failed.
- name: Prepare Pull Request Payload artifact
id: prepare-artifact
if: always() && github.event_name == 'pull_request'
continue-on-error: true
run: cat $GITHUB_EVENT_PATH | jq '.pull_request' > pull_request_payload.json
# This only makes sense if the previous step succeeded. To
# get the original outcome of the previous step before the
# `continue-on-error` conclusion is applied, we use the
# `.outcome` value. This step also fails silently.
- name: Upload a Build Artifact
if: always() && steps.prepare-artifact.outcome == 'success'
continue-on-error: true
uses: actions/upload-artifact@v4
with:
name: pull-request-payload
path: pull_request_payload.json