Merge pull request #32 from aserto-dev/dependabot/pip/aiohttp-3.10.11 #84
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: ci | |
| on: | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| - v* | |
| # Publish `v1.2.3` tags as releases. | |
| tags: | |
| - v* | |
| # Run tests for PRs | |
| pull_request: | |
| env: | |
| VAULT_ADDR: https://vault.eng.aserto.com/ | |
| PYTHON_VERSION: "3.9" | |
| POETRY_VERSION: "1.8.3" | |
| TOPAZ_VERSION: "0.32.38" | |
| jobs: | |
| test: | |
| name: Run test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - | |
| name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| - | |
| name: Install topaz CLI | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| gh release download v${{ env.TOPAZ_VERSION }} --repo aserto-dev/topaz --pattern "topaz_linux_x86_64.zip" \ | |
| --output ./ext/topaz.zip --clobber | |
| unzip ./ext/topaz.zip -d bin | |
| chmod +x ./bin/topaz | |
| ./bin/topaz version | |
| echo "TOPAZ=$(realpath ./bin/topaz)" >> "$GITHUB_ENV" | |
| echo "TOPAZ_CERTS_DIR=$(./bin/topaz config info | jq '.config.topaz_certs_dir' -r)" >> "$GITHUB_ENV" | |
| echo "PATH=$PATH:$(realpath ./bin)" >> "$GITHUB_ENV" | |
| - | |
| name: Install topazd container | |
| run: | | |
| topaz install --container-tag=${{ env.TOPAZ_VERSION }} | |
| topaz version | |
| - | |
| name: Generate topaz certs | |
| run: topaz certs generate | |
| - | |
| name: Setup python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - | |
| name: Install and configure Poetry | |
| uses: snok/install-poetry@v1 | |
| with: | |
| version: ${{ env.POETRY_VERSION }} | |
| - | |
| name: Install dependencies | |
| run: poetry install | |
| - | |
| name: Lint | |
| run: poetry run pyright . | |
| - | |
| name: Test | |
| run: poetry run pytest -vv | |
| release: | |
| runs-on: ubuntu-latest | |
| needs: test | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
| name: Release to pypi | |
| steps: | |
| - | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.CODEGEN_APP_ID }} | |
| private-key: ${{ secrets.CODEGEN_APP_KEY }} | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ steps.app-token.outputs.token }} | |
| - | |
| name: Read Configuration | |
| uses: hashicorp/vault-action@v3 | |
| id: vault | |
| with: | |
| url: ${{ env.VAULT_ADDR }} | |
| token: ${{ secrets.VAULT_TOKEN }} | |
| secrets: | | |
| kv/data/pypi "API_TOKEN" | POETRY_HTTP_BASIC_PYPI_PASSWORD; | |
| - | |
| name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - | |
| name: Install Poetry | |
| uses: snok/install-poetry@v1 | |
| with: | |
| version: ${{ env.POETRY_VERSION }} | |
| - | |
| name: Build | |
| run: poetry build | |
| - | |
| name: Publish | |
| env: | |
| # When using a PYPI API token, the user name must be set to "__token__" | |
| POETRY_HTTP_BASIC_PYPI_USERNAME: __token__ | |
| run: | | |
| poetry publish | |
| - | |
| name: Bump version | |
| id: bump | |
| uses: callowayproject/bump-my-version@master | |
| with: | |
| args: patch | |
| - | |
| name: Commit changes | |
| uses: EndBug/add-and-commit@v9 | |
| with: | |
| default_author: github_actions | |
| message: 'Bump version: ${{ steps.bump.outputs.current-version }}' | |
| add: 'pyproject.toml' |