-
Notifications
You must be signed in to change notification settings - Fork 3
/
.gitlab-ci.yml
156 lines (144 loc) · 6.06 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
variables:
COVERAGE_FAIL_BELOW: 80
# The IMAGE_TAG is derived from the branch name so that if a branch modifies
# the CI images, it builds and runs using the new images without conflicting
# with main.
IMAGE_TAG: "$CI_COMMIT_REF_SLUG"
stages:
- build-images
- check-format
- test
- export
default:
image: python:3.7-slim
tags: ['shared']
.build-ci-image: &build-ci-image
stage: build-images
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
script:
# Configure authentication credentials for GitLab
- >-
echo "{\"auths\":{
\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"},
\"https://index.docker.io/v1/\":{\"username\":\"$DOCKERHUB_USERNAME\",\"password\":\"$DOCKERHUB_PASSWORD\"}
}}" > /kaniko/.docker/config.json
# Run the kaniko executor, which will build our image (using a cache if available)
# Push to our internal registry
# If we're on the main branch, also push the latest tag.
- >-
if [ "$CI_COMMIT_BRANCH" = "$CI_DEFAULT_BRANCH" ]; then
export EXTRA_DEST="--destination=${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:latest"
fi
- >-
/kaniko/executor
--cache=true
--cache-copy-layers=true
--context=$CI_PROJECT_DIR
--dockerfile=$CI_PROJECT_DIR/$DOCKERFILE_PATH
--destination=${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:$IMAGE_TAG
$EXTRA_DEST
build-image-ubuntu20:
<<: *build-ci-image
variables:
DOCKERFILE_PATH: Dockerfile.ci
IMAGE_NAME: ci-ubuntu20
check-format:
stage: check-format
script:
- apt update -y && apt install -y git
- pip3 install pre-commit
- |+
pre-commit run --all-files --show-diff-on-failure || ( (cat <<EOF
================================================================================
If this stage fails, the formatting of your changes may be incorrect.
To automatically format your files, install pre-commit:
pip3 install pre-commit
pre-commit install
pre-commit will now automatically format any files before commit.
To fix any misformatted files, run:
pre-commit run --all-files
And then commit any changes.
More information regarding pre-commit can be found at https://pre-commit.com.
================================================================================
EOF
) && exit 1)
.test-template: &test
stage: test
script:
- $PIP_WRAPPER pip install -r requirements-dev.txt -e . $EXTRA_PIP_ARGS
- pytest --cov=gtirb_rewriting --cov-fail-under=$COVERAGE_FAIL_BELOW --cov-report=xml:coverage.xml --cov-report=term --junitxml=report.xml
- pyright
coverage: /TOTAL.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/
artifacts:
when: always
reports:
junit: report.xml
coverage_report:
coverage_format: cobertura
path: coverage.xml
test-stable-20:
image: $CI_REGISTRY/rewriting/gtirb-rewriting/ci-ubuntu20:$IMAGE_TAG
<<: *test
test-minver-20:
image: $CI_REGISTRY/rewriting/gtirb-rewriting/ci-ubuntu20:$IMAGE_TAG
before_script:
- pip install uv
variables:
PIP_WRAPPER: uv
EXTRA_PIP_ARGS: --resolution=lowest-direct --system
<<: *test
test-unstable-20:
image: $CI_REGISTRY/rewriting/gtirb-rewriting/ci-ubuntu20:$IMAGE_TAG
before_script:
- pip install --upgrade pip
variables:
EXTRA_PIP_ARGS: --pre --index-url $EXTRA_INDEX_URL
<<: *test
# This job ensures that:
# - Release branches never publish -dev packages, and packages
# on release branches are never overwritten. This behavior coincides
# with that of the external export job, where on the public pypi, packages
# cannot be overwritten.
# - main therefore only ever publishes '-dev' packages
# - The -dev package on main is always the newest version in the repository
export_internal:
stage: export
script:
- pip install -r requirements-dev.txt
- python3 setup.py bdist_wheel --dist-dir=$CI_PROJECT_DIR/dist
- VERSION=$(python3 -c "from imp import load_source; pkginfo = load_source('pkginfo.version', 'gtirb_rewriting/version.py'); print(pkginfo.__version__)")
- PKGNAME=$(python3 -c "from imp import load_source; pkginfo = load_source('pkginfo.version', 'gtirb_rewriting/version.py'); print(pkginfo.__packagename__)")
- if [[ "$VERSION" =~ \.dev[[:digit:]]*.*$ && "$CI_COMMIT_REF_NAME" =~ ^release-.* ]]; then exit 1; fi
# this job is not using $CI_JOB_TOKEN because it only has read access
# https://gitlab.com/gitlab-org/gitlab/-/issues/35067
# this job is also not using $CI_DEPLOY_USER and $CI_DEPLOY_PASSWORD because it only has write access
- if [[ "$CI_COMMIT_BRANCH" == "main" ]]; then
if [[ ! "$VERSION" =~ \.dev[[:digit:]]*$ ]]; then
echo "[ERROR] On the main branch, we must be exporting a -dev version."
exit 1;
fi;
if pip3 install --extra-index-url=$EXTRA_INDEX_URL "$PKGNAME>$VERSION" 2>/dev/null; then
echo "[ERROR] The package version being published on main should always be >= the version in the repository.";
exit 1;
fi;
ls $CI_PROJECT_DIR/dist/*.whl | xargs python3 $CI_PROJECT_DIR/delete_remote_packages.py $GL_PKG_API_TOKEN;
fi
- sed "s/password = <access token>/password = $GL_PKG_API_TOKEN/" $CI_PROJECT_DIR/.pypirc > ~/.pypirc
- python3 -m twine upload --verbose --repository repypi $CI_PROJECT_DIR/dist/*.whl
rules:
- if: '$CI_COMMIT_BRANCH == "main"'
- if: '$CI_COMMIT_REF_NAME =~ /^release-.*/'
export_external:
stage: export
image: python:3.7-slim
script:
- pip install -r requirements-dev.txt
- python3 setup.py bdist_wheel --dist-dir=$CI_PROJECT_DIR/dist
- VERSION=$(python3 -c "from imp import load_source; pkginfo = load_source('pkginfo.version', 'gtirb_rewriting/version.py'); print(pkginfo.__version__)")
# Do not publish .dev versions on the public pypi
- if [[ "$VERSION" =~ \.dev[[:digit:]]*.*$ ]]; then exit 1; fi
- python3 -m twine upload --verbose $CI_PROJECT_DIR/dist/*.whl -u __token__ -p $PYPI_API_KEY
rules:
- if: '$CI_COMMIT_REF_NAME =~ /^release-.*/'