tox #1769
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: tox | |
on: | |
push: | |
branches: | |
- "main" | |
pull_request: | |
branches: | |
- "main" | |
release: | |
types: [published] | |
schedule: | |
- cron: "0 0 * * *" | |
workflow_call: | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${ github.event_name }-${{ github.event.pull_request.number || github.sha }} | |
cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }} | |
permissions: | |
checks: read | |
packages: write # tox/devspaces, tox/ee, publish-* jobs | |
pull-requests: write # tox/check jobs | |
contents: write # push job to update release notes | |
id-token: write # tox/check job | |
jobs: | |
tox: | |
uses: ansible/team-devtools/.github/workflows/tox.yml@main | |
with: | |
run_pre: ./tools/test-setup.sh | |
max_python: "3.13" | |
default_python: "3.10" # min version, for 'lint' in particular | |
jobs_producing_coverage: 8 | |
other_names_also: | | |
devspaces | |
ee-amd64:tox -e ee:runner=devtools-multiarch-builder | |
ee-arm64:tox -e ee:runner=ubuntu-24.04-arm64-2core | |
secrets: inherit # needed for logging to the ghcr.io registry | |
codeql: | |
name: codeql | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
strategy: | |
fail-fast: false | |
matrix: | |
language: ["python"] | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Initializes the CodeQL tools for scanning. | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: ${{ matrix.language }} | |
# If you wish to specify custom queries, you can do so here or in a config file. | |
# By default, queries listed here will override any specified in a config file. | |
# Prefix the list here with "+" to use these queries and those in the config file. | |
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs | |
# queries: security-extended,security-and-quality | |
- name: Autobuild | |
uses: github/codeql-action/autobuild@v3 | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
with: | |
category: "/language:${{matrix.language}}" | |
publish-ee: | |
# environment: release # approval | |
runs-on: ubuntu-24.04 | |
needs: | |
- tox | |
# if: github.ref == 'refs/heads/main' | |
# github.event_name == 'release' && github.event.action == 'published' | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
- name: pull-merge-push for the the two arch images under a single manifest | |
env: | |
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
run: ./tools/ee.sh --publish "${{ github.event.release.tag_name || github.sha }}" "${{ (github.event_name == 'release' && github.event.action == 'published') || '--dry' }}" | |
publish-devspaces: | |
runs-on: ubuntu-24.04 | |
needs: | |
- codeql | |
- tox | |
if: github.ref == 'refs/heads/main' || (github.event_name == 'release' && github.event.action == 'published') | |
steps: | |
- name: Push image to ghcr.io as ansible-devspaces-tmp:${GITHUB_SHA} | |
run: | | |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "$GITHUB_ACTOR" --password-stdin | |
docker pull "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}" | |
docker tag "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}" "ghcr.io/ansible/ansible-devspaces:${GITHUB_SHA}" | |
- name: Push image to ghcr.io as ${{ github.event.release.tag_name }} | |
if: github.event_name == 'release' && github.event.action == 'published' | |
run: | | |
docker tag "ghcr.io/ansible/ansible-devspaces:${GITHUB_SHA}" "ghcr.io/ansible/ansible-devspaces:${{ github.event.release.tag_name }}" | |
docker tag "ghcr.io/ansible/ansible-devspaces:${GITHUB_SHA}" "ghcr.io/ansible/ansible-devspaces:latest" | |
docker push "ghcr.io/ansible/ansible-devspaces:${{ github.event.release.tag_name }}" | |
docker push "ghcr.io/ansible/ansible-devspaces:latest" | |
publish-wheel: | |
needs: | |
- codeql | |
- tox | |
if: github.event_name == 'release' && github.event.action == 'published' | |
environment: release # approval | |
runs-on: ubuntu-24.04 | |
env: | |
FORCE_COLOR: 1 | |
PY_COLORS: 1 | |
TOXENV: pkg | |
TOX_EXTRA_BINDEP: 0 | |
steps: | |
- name: Switch to using Python 3.10 by default | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.10" | |
- name: Install tox | |
run: python3 -m pip install --user "tox>=4.0.0" | |
- name: Check out src from Git | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # needed by setuptools-scm | |
submodules: true | |
- name: Build dists | |
run: python3 -m tox | |
- name: Publish to pypi.org | |
if: >- # "create" workflows run separately from "push" & "pull_request" | |
github.event_name == 'release' | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
forum-post: | |
if: github.event_name == 'release' && github.event.action == 'published' | |
needs: | |
- publish-wheel | |
- publish-ee | |
- publish-devspaces | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Retreive the forum post script from team-devtools | |
run: curl -O https://raw.githubusercontent.com/ansible/team-devtools/main/.github/workflows/forum_post.py | |
- name: Run the forum post script | |
run: python3 forum_post.py ${{ github.event.repository.full_name }} ${{ github.event.release.tag_name }} ${{ secrets.FORUM_KEY }} ${{ secrets.FORUM_USER }} | |
push: | |
if: > | |
github.event_name == 'push' && contains( | |
fromJSON('["refs/heads/main", "refs/heads/releases", "refs/heads/stable"]'), | |
github.ref) | |
uses: ansible/team-devtools/.github/workflows/push.yml@main |