-
Notifications
You must be signed in to change notification settings - Fork 1
132 lines (127 loc) · 3.49 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
---
name: ci
on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
push:
branches:
- main
- v*
# Publish `v1.2.3` tags as releases.
tags:
- v*
# Run tests for PRs
pull_request:
env:
VAULT_ADDR: https://vault.eng.aserto.com/
PYTHON_VERSION: "3.9"
POETRY_VERSION: "1.8.3"
TOPAZ_VERSION: "0.32.38"
jobs:
test:
name: Run test
runs-on: ubuntu-latest
steps:
-
name: Checkout Repo
uses: actions/checkout@v4
-
name: Install topaz CLI
env:
GH_TOKEN: ${{ github.token }}
run: |
gh release download v${{ env.TOPAZ_VERSION }} --repo aserto-dev/topaz --pattern "topaz_linux_x86_64.zip" \
--output ./ext/topaz.zip --clobber
unzip ./ext/topaz.zip -d bin
chmod +x ./bin/topaz
./bin/topaz version
echo "TOPAZ=$(realpath ./bin/topaz)" >> "$GITHUB_ENV"
echo "TOPAZ_CERTS_DIR=$(./bin/topaz config info | jq '.config.topaz_certs_dir' -r)" >> "$GITHUB_ENV"
echo "PATH=$PATH:$(realpath ./bin)" >> "$GITHUB_ENV"
-
name: Install topazd container
run: |
topaz install --container-tag=${{ env.TOPAZ_VERSION }}
topaz version
-
name: Generate topaz certs
run: topaz certs generate
-
name: Setup python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
-
name: Install and configure Poetry
uses: snok/install-poetry@v1
with:
version: ${{ env.POETRY_VERSION }}
-
name: Install dependencies
run: poetry install
-
name: Lint
run: poetry run pyright .
-
name: Test
run: poetry run pytest -vv
release:
runs-on: ubuntu-latest
needs: test
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
name: Release to pypi
steps:
-
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.CODEGEN_APP_ID }}
private-key: ${{ secrets.CODEGEN_APP_KEY }}
-
name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ steps.app-token.outputs.token }}
-
name: Read Configuration
uses: hashicorp/vault-action@v3
id: vault
with:
url: ${{ env.VAULT_ADDR }}
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
kv/data/pypi "API_TOKEN" | POETRY_HTTP_BASIC_PYPI_PASSWORD;
-
name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
-
name: Install Poetry
uses: snok/install-poetry@v1
with:
version: ${{ env.POETRY_VERSION }}
-
name: Build
run: poetry build
-
name: Publish
env:
# When using a PYPI API token, the user name must be set to "__token__"
POETRY_HTTP_BASIC_PYPI_USERNAME: __token__
run: |
poetry publish
-
name: Bump version
id: bump
uses: callowayproject/bump-my-version@master
with:
args: patch
-
name: Commit changes
uses: EndBug/add-and-commit@v9
with:
default_author: github_actions
message: 'Bump version: ${{ steps.bump.outputs.current-version }}'
add: 'pyproject.toml'