-
Notifications
You must be signed in to change notification settings - Fork 2
122 lines (118 loc) · 3.83 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
---
name: "CI"
on:
push:
branches:
- main
pull_request:
branches:
- main
schedule:
- cron: '47 5 * * 0'
env:
python_version: "3.12"
defaults:
run:
shell: 'bash --noprofile --norc -Eeuo pipefail {0}'
jobs:
lint:
name: Lint
runs-on: ubuntu-22.04
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Run the goat
uses: seisollc/goat@main
with:
# Exclude anything that contains {{ and }} in the file name
exclude: .*\{\{.*\}\}.*
disable_mypy: true
test:
name: Test
runs-on: ubuntu-22.04
steps:
- name: Checkout the repository
uses: actions/checkout@v4
# Necessary for hooks to succeed during tests for commits/schedule
if: github.event_name != 'push_request'
with:
fetch-depth: 0
submodules: 'true'
- name: Checkout the repository
uses: actions/checkout@v4
# Necessary for hooks to succeed during tests for PRs
if: github.event_name == 'pull_request'
with:
ref: ${{ github.event.pull_request.head.ref }}
fetch-depth: 0
submodules: 'true'
- name: Setup python
uses: actions/setup-python@v5
with:
python-version: ${{ env.python_version }}
- uses: actions/cache@v4
with:
path: ~/.local/share/virtualenvs
key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }}
- name: Install the dependencies
run: |
python -m pip install --upgrade pipenv
mkdir "${RUNNER_TEMP}/bin"
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b "${RUNNER_TEMP}/bin"
chmod +x "${RUNNER_TEMP}/bin/syft"
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b "${RUNNER_TEMP}/bin"
chmod +x "${RUNNER_TEMP}/bin/grype"
echo "${RUNNER_TEMP}/bin" >> "${GITHUB_PATH}"
- name: Install Task
uses: arduino/setup-task@v2
- name: Initialize the repo
run: task -v init
- name: Validate the repo
run: task -v validate
- name: Run the tests
run: task -v test
bump-version:
name: Bump version
needs: [lint, test]
if: "${{ github.event_name == 'push' && !startsWith(github.event.head_commit.message, 'Bump version: 2') }}"
permissions:
contents: write
runs-on: ubuntu-22.04
steps:
- name: Checkout the repository
uses: actions/checkout@v4
with:
token: ${{ secrets.SEISO_AUTOMATION_PAT }}
fetch-depth: 0
- name: Setup python
uses: actions/setup-python@v5
with:
python-version: ${{ env.python_version }}
- uses: actions/cache@v4
with:
path: ~/.local/share/virtualenvs
key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }}
- name: Install the dependencies
run: python -m pip install --upgrade pipenv
- name: Install Task
uses: arduino/setup-task@v2
- name: Initialize the repo
run: task -v init
- name: Bump the version
id: bump-version
run: |
task -v release
TAG="$(git describe --tags)"
BRANCH="$(git branch --show-current)"
git push --atomic origin "${BRANCH}" "${TAG}"
echo "tag=${TAG}" >> "${GITHUB_OUTPUT}"
- name: Publish the release to GitHub
uses: softprops/action-gh-release@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
name: ${{ steps.bump-version.outputs.tag }}
tag_name: ${{ steps.bump-version.outputs.tag }}
generate_release_notes: true
draft: false
prerelease: false