-
Notifications
You must be signed in to change notification settings - Fork 1
168 lines (144 loc) · 4.78 KB
/
wipac-cicd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
name: wipac ci/cd
on: [push]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
# don't cancel on main/master/default
cancel-in-progress: ${{ format('refs/heads/{0}', github.event.repository.default_branch) != github.ref }}
jobs:
py-versions:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.versions.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: versions
uses: WIPACrepo/[email protected]
flake8:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
- uses: WIPACrepo/[email protected]
# mypy:
# needs: [py-versions]
# runs-on: ubuntu-latest
# strategy:
# fail-fast: false
# matrix:
# py3: ${{ fromJSON(needs.py-versions.outputs.matrix) }}
# steps:
# - uses: actions/checkout@v3
# - uses: actions/setup-python@v4
# with:
# python-version: ${{ matrix.py3 }}
# - uses: WIPACrepo/[email protected]
py-setup:
runs-on: ubuntu-latest
steps:
# dependabot can't access normal secrets
# & don't run non-branch triggers (like tags)
# & we don't want to trigger an update on PR's merge to main/master/default (which is a branch)
# IOW: only for non-dependabot branches
- if: |
github.actor != 'dependabot[bot]' &&
github.ref_type == 'branch' &&
format('refs/heads/{0}', github.event.repository.default_branch) != github.ref
name: checkout (only for non-dependabot non-default branches)
uses: actions/checkout@v3
with:
token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
- if: |
github.actor != 'dependabot[bot]' &&
github.ref_type == 'branch' &&
format('refs/heads/{0}', github.event.repository.default_branch) != github.ref
name: wipac-dev-py-setup-action (only for non-dependabot non-default branches)
uses: WIPACrepo/wipac-dev-py-setup-action@dockerfile-user-perm-fix
with:
base-keywords: "WIPAC IceCube"
unit-tests:
needs: [py-versions]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
py3: ${{ fromJSON(needs.py-versions.outputs.matrix) }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: ${{ matrix.py3 }}
- name: run
run: |
pip install --upgrade pip wheel setuptools
pip install .[tests]
cp resources/dummy_client_secrets.json client_secrets.json
pytest -vvv tests/unit
test-build-docker:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: docker/setup-buildx-action@v2
- uses: docker/build-push-action@v3
with:
context: .
cache-from: type=gha
cache-to: type=gha,mode=min
file: Dockerfile
tags: moudash:local
integration-tests:
needs: [test-build-docker]
runs-on: ubuntu-latest
services:
mongo:
image: mongo:3
ports:
- 27017:27017
steps:
- uses: actions/checkout@v3
- uses: docker/setup-buildx-action@v2
- uses: docker/build-push-action@v3
with:
context: .
cache-from: type=gha
# cache-to: type=gha,mode=min
file: Dockerfile
tags: moudash:local
load: true
- name: run
run: |
export CI_TEST_ENV=true
# rest server (background)
docker run --network="host" --rm -i --name rest \
--env CI_TEST_ENV=true \
moudash:local \
python -m rest_server --override-krs-insts ./resources/dummy-krs-data.json \
&
sleep 30
pip install pytest wipac-rest-tools
cp resources/dummy_client_secrets.json client_secrets.json
pytest -vvv tests/integration
- name: dump rest logs
if: always()
run: |
docker logs rest || true
- name: dump mongo logs
if: always()
run: |
docker logs "${{ job.services.mongo.id }}" || true
release:
# only run on main/master/default
if: format('refs/heads/{0}', github.event.repository.default_branch) == github.ref
needs: [flake8, py-setup, unit-tests, integration-tests] # mypy
runs-on: ubuntu-latest
concurrency: release
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
- name: Python Semantic Release
uses: python-semantic-release/[email protected]
with:
github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
# repository_username: __token__
# repository_password: ${{ secrets.PYPI_TOKEN }}