Skip to content

fix: Properly collect Python dependencies during image build. Next attempt at build cache #222

fix: Properly collect Python dependencies during image build. Next attempt at build cache

fix: Properly collect Python dependencies during image build. Next attempt at build cache #222

Workflow file for this run

---
name: main
on:
pull_request:
release:
types: [published]
push:
branches:
- main
- master
jobs:
tests:
name: Tests
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
python: 3.8
toxenv: py
- os: ubuntu-latest
python: 3.9
toxenv: py
- os: ubuntu-latest
python: '3.10'
toxenv: py
- os: ubuntu-latest
python: '3.11'
toxenv: py
- os: ubuntu-latest
python: '3.12'
toxenv: py
runs-on: ${{ matrix.os }}
outputs:
version: ${{ steps.package-version.outputs.VALUE }}
steps:
- name: Checkout the code
uses: actions/checkout@v3
with:
# Disable shallow clone for Sonar scanner, as it needs access to the
# history
fetch-depth: 0
- name: Set Python up
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python }}
- name: Install testing tools
run: >-
python -m pip install --upgrade \
setuptools setuptools_scm pip tox virtualenv coverage
- name: Run the tests
run: tox -e ${{ matrix.toxenv }}
- name: Generage Coverage combined XML report
run: coverage xml
- name: Determine package version
id: package-version
run: |
package_version=`python -m setuptools_scm --format plain`
echo "VALUE=$package_version" >> $GITHUB_OUTPUT
- name: SonarCloud scanning
uses: sonarsource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
# yamllint disable rule:line-length
args: >-
-Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
-Dsonar.organization=${{ github.repository_owner }}
-Dsonar.projectVersion=${{ steps.package-version.outputs.VALUE }}
# yamllint enable rule:line-length
pypi-publish:
name: Publish to PyPi
runs-on: ubuntu-latest
# PyPi disallows to publish packages with direct dependencies (GitHub
# sourced dependency in this case), so disable publishing for now
if: false
needs: [tests]
steps:
- name: Checkout the code
uses: actions/checkout@v3
with:
fetch-depth: 0 # `setuptools_scm` needs tags
- name: Set Python up
uses: actions/setup-python@v4
with:
python-version: 3.9
- name: Install the PEP517 package builder
run: python -m pip install --upgrade build
- name: Build the package
run: python -m build
- name: Publish the package to Test PyPi
# Skip publishing to test PyPI if we're performing release, there might
# be already the version of the package from the merge to master branch
if: github.event_name != 'release'
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.TEST_PYPI_TOKEN }}
repository_url: https://test.pypi.org/legacy/
- name: Publish the release to PyPi
# Publish to production PyPi only happens when a release published out
# of the main branch
if: >-
github.event_name == 'release'
&& github.event.action == 'published'
&& (github.event.release.target_commitish == 'main'
|| github.event.release.target_commitish == 'master')
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_TOKEN }}
docker-publish:
name: Build and publish Docker images
runs-on: ubuntu-latest
needs: [tests]
permissions:
contents: read
packages: write
steps:
- name: Checkout the code
uses: actions/checkout@v3
- name: Set up QEMU for more platforms supported by Buildx
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Prepare Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}
tags: |
type=pep440,pattern={{raw}},value=${{ needs.tests.outputs.version }}
type=raw,value=latest,enable=${{
github.event_name == 'release'
&& github.event.action == 'published'
&& (github.event.release.target_commitish == 'main'
|| github.event.release.target_commitish == 'master')
}}
type=ref,event=pr
type=edge
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push images
uses: docker/build-push-action@v6
with:
# No explicit context used, since that makes cache misses most of the
# time.
# See https://github.com/docker/build-push-action/issues/286 for more
# details
platforms: linux/arm/v7,linux/arm/v6,linux/arm64,linux/amd64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
annotations: ${{ steps.meta.outputs.annotations }}
# Implicit context points to working copy, not Git respository, so
# `setuptools_scm` needs to receive the version explicitly
build-args: |
VERSION=${{ needs.tests.outputs.version }}
# Cache the buildx cache between builds using GitHub registry. `gha`
# cache has been mentioned to introduce cache misses for
# multi-platform builds, see https://github.com/docker/buildx/discussions/1382
# for potential hints
cache-from: |
type=registry,ref=ghcr.io/${{ github.repository }}/buildcache:latest
cache-to: |
type=registry,ref=ghcr.io/${{ github.repository }}/buildcache:latest,mode=max