Updated GHActions (#41) #143
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Checks and Tests | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| jobs: | |
| python-tests: | |
| runs-on: ubuntu-latest | |
| # Add "id-token" with the required permissions. | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # Authenticate with Google Cloud to acquire an access token | |
| - id: auth | |
| name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: 'access_token' | |
| workload_identity_provider: ${{ secrets.WIF_PROVIDER }} | |
| service_account: ${{ secrets.SERVICE_ACCOUNT }} | |
| # Authenticating with Dockerhub ensures image pulls are authenticated, so not as severely rate limited | |
| - name: Log in to Dockerhub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # Also log docker in to GCP artifact registry, to allow image pulls from our private registries | |
| - name: Log in to Google Docker Artifact Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: europe-west2-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.auth.outputs.access_token }} | |
| - name: Set up Python "3.11" | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Install Dependencies | |
| run: | | |
| python -m pip install --upgrade pip pipenv | |
| pipenv install --dev --deploy | |
| - name: Load Templates | |
| run: make load_templates | |
| - name: Run Tests and Checks | |
| run: make unit_test integration_test | |
| - name: Check Docker Build | |
| run: make docker_build | |
| - name: Run Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| # NB: fail_ci_if_error is enabled to make any teething issues with Codecov visible. | |
| # If Codecov has outage issues in the future, this can be toggled to false to allow the action to pass. | |
| fail_ci_if_error: true |