fix: Properly collect Python dependencies during image build. Next attempt at build cache #222
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: main | |
on: | |
pull_request: | |
release: | |
types: [published] | |
push: | |
branches: | |
- main | |
- master | |
jobs: | |
tests: | |
name: Tests | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- os: ubuntu-latest | |
python: 3.8 | |
toxenv: py | |
- os: ubuntu-latest | |
python: 3.9 | |
toxenv: py | |
- os: ubuntu-latest | |
python: '3.10' | |
toxenv: py | |
- os: ubuntu-latest | |
python: '3.11' | |
toxenv: py | |
- os: ubuntu-latest | |
python: '3.12' | |
toxenv: py | |
runs-on: ${{ matrix.os }} | |
outputs: | |
version: ${{ steps.package-version.outputs.VALUE }} | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v3 | |
with: | |
# Disable shallow clone for Sonar scanner, as it needs access to the | |
# history | |
fetch-depth: 0 | |
- name: Set Python up | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python }} | |
- name: Install testing tools | |
run: >- | |
python -m pip install --upgrade \ | |
setuptools setuptools_scm pip tox virtualenv coverage | |
- name: Run the tests | |
run: tox -e ${{ matrix.toxenv }} | |
- name: Generage Coverage combined XML report | |
run: coverage xml | |
- name: Determine package version | |
id: package-version | |
run: | | |
package_version=`python -m setuptools_scm --format plain` | |
echo "VALUE=$package_version" >> $GITHUB_OUTPUT | |
- name: SonarCloud scanning | |
uses: sonarsource/sonarcloud-github-action@master | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
with: | |
# yamllint disable rule:line-length | |
args: >- | |
-Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }} | |
-Dsonar.organization=${{ github.repository_owner }} | |
-Dsonar.projectVersion=${{ steps.package-version.outputs.VALUE }} | |
# yamllint enable rule:line-length | |
pypi-publish: | |
name: Publish to PyPi | |
runs-on: ubuntu-latest | |
# PyPi disallows to publish packages with direct dependencies (GitHub | |
# sourced dependency in this case), so disable publishing for now | |
if: false | |
needs: [tests] | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 # `setuptools_scm` needs tags | |
- name: Set Python up | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.9 | |
- name: Install the PEP517 package builder | |
run: python -m pip install --upgrade build | |
- name: Build the package | |
run: python -m build | |
- name: Publish the package to Test PyPi | |
# Skip publishing to test PyPI if we're performing release, there might | |
# be already the version of the package from the merge to master branch | |
if: github.event_name != 'release' | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.TEST_PYPI_TOKEN }} | |
repository_url: https://test.pypi.org/legacy/ | |
- name: Publish the release to PyPi | |
# Publish to production PyPi only happens when a release published out | |
# of the main branch | |
if: >- | |
github.event_name == 'release' | |
&& github.event.action == 'published' | |
&& (github.event.release.target_commitish == 'main' | |
|| github.event.release.target_commitish == 'master') | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.PYPI_TOKEN }} | |
docker-publish: | |
name: Build and publish Docker images | |
runs-on: ubuntu-latest | |
needs: [tests] | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v3 | |
- name: Set up QEMU for more platforms supported by Buildx | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Prepare Docker metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ghcr.io/${{ github.repository }} | |
tags: | | |
type=pep440,pattern={{raw}},value=${{ needs.tests.outputs.version }} | |
type=raw,value=latest,enable=${{ | |
github.event_name == 'release' | |
&& github.event.action == 'published' | |
&& (github.event.release.target_commitish == 'main' | |
|| github.event.release.target_commitish == 'master') | |
}} | |
type=ref,event=pr | |
type=edge | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push images | |
uses: docker/build-push-action@v6 | |
with: | |
# No explicit context used, since that makes cache misses most of the | |
# time. | |
# See https://github.com/docker/build-push-action/issues/286 for more | |
# details | |
platforms: linux/arm/v7,linux/arm/v6,linux/arm64,linux/amd64 | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
annotations: ${{ steps.meta.outputs.annotations }} | |
# Implicit context points to working copy, not Git respository, so | |
# `setuptools_scm` needs to receive the version explicitly | |
build-args: | | |
VERSION=${{ needs.tests.outputs.version }} | |
# Cache the buildx cache between builds using GitHub registry. `gha` | |
# cache has been mentioned to introduce cache misses for | |
# multi-platform builds, see https://github.com/docker/buildx/discussions/1382 | |
# for potential hints | |
cache-from: | | |
type=registry,ref=ghcr.io/${{ github.repository }}/buildcache:latest | |
cache-to: | | |
type=registry,ref=ghcr.io/${{ github.repository }}/buildcache:latest,mode=max |