CI #720
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: "CI" | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
schedule: | |
- cron: '47 5 * * 0' | |
env: | |
python_version: "3.12" | |
defaults: | |
run: | |
shell: 'bash --noprofile --norc -Eeuo pipefail {0}' | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v4 | |
- name: Run the goat | |
uses: seisollc/goat@main | |
with: | |
# Exclude anything that contains {{ and }} in the file name | |
exclude: .*\{\{.*\}\}.* | |
disable_mypy: true | |
test: | |
name: Test | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v4 | |
# Necessary for hooks to succeed during tests for commits/schedule | |
if: github.event_name != 'push_request' | |
with: | |
fetch-depth: 0 | |
submodules: 'true' | |
- name: Checkout the repository | |
uses: actions/checkout@v4 | |
# Necessary for hooks to succeed during tests for PRs | |
if: github.event_name == 'pull_request' | |
with: | |
ref: ${{ github.event.pull_request.head.ref }} | |
fetch-depth: 0 | |
submodules: 'true' | |
- name: Setup python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.python_version }} | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.local/share/virtualenvs | |
key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }} | |
- name: Install the dependencies | |
run: | | |
python -m pip install --upgrade pipenv | |
mkdir "${RUNNER_TEMP}/bin" | |
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b "${RUNNER_TEMP}/bin" | |
chmod +x "${RUNNER_TEMP}/bin/syft" | |
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b "${RUNNER_TEMP}/bin" | |
chmod +x "${RUNNER_TEMP}/bin/grype" | |
echo "${RUNNER_TEMP}/bin" >> "${GITHUB_PATH}" | |
- name: Install Task | |
uses: arduino/setup-task@v2 | |
- name: Initialize the repo | |
run: task -v init | |
- name: Validate the repo | |
run: task -v validate | |
- name: Run the tests | |
run: task -v test | |
bump-version: | |
name: Bump version | |
needs: [lint, test] | |
if: "${{ github.event_name == 'push' && !startsWith(github.event.head_commit.message, 'Bump version: 2') }}" | |
permissions: | |
contents: write | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.SEISO_AUTOMATION_PAT }} | |
fetch-depth: 0 | |
- name: Setup python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.python_version }} | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.local/share/virtualenvs | |
key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }} | |
- name: Install the dependencies | |
run: python -m pip install --upgrade pipenv | |
- name: Install Task | |
uses: arduino/setup-task@v2 | |
- name: Initialize the repo | |
run: task -v init | |
- name: Bump the version | |
id: bump-version | |
run: | | |
task -v release | |
TAG="$(git describe --tags)" | |
BRANCH="$(git branch --show-current)" | |
git push --atomic origin "${BRANCH}" "${TAG}" | |
echo "tag=${TAG}" >> "${GITHUB_OUTPUT}" | |
- name: Publish the release to GitHub | |
uses: softprops/action-gh-release@v2 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
name: ${{ steps.bump-version.outputs.tag }} | |
tag_name: ${{ steps.bump-version.outputs.tag }} | |
generate_release_notes: true | |
draft: false | |
prerelease: false |