.github/workflows/main.yml

---
name: main

on:
  pull_request:
  release:
    types: [published]
  push:
    branches:
      - main
      - master

jobs:
  tests:
    name: Tests
    strategy:
      fail-fast: false
      matrix:
        include:
          - os: ubuntu-latest
            python: 3.8
            toxenv: py
          - os: ubuntu-latest
            python: 3.9
            toxenv: py
          - os: ubuntu-latest
            python: '3.10'
            toxenv: py
          - os: ubuntu-latest
            python: '3.11'
            toxenv: py
          - os: ubuntu-latest
            python: '3.12'
            toxenv: py
    runs-on: ${{ matrix.os }}
    outputs:
      version: ${{ steps.package-version.outputs.VALUE }}
    steps:
      - name: Checkout the code
        uses: actions/checkout@v3
        with:
          # Disable shallow clone for Sonar scanner, as it needs access to the
          # history
          fetch-depth: 0
      - name: Set Python up
        uses: actions/setup-python@v4
        with:
          python-version: ${{ matrix.python }}
      - name: Install testing tools
        run: >-
          python -m pip install --upgrade setuptools pip tox virtualenv coverage
      - name: Run the tests
        run: tox -e ${{ matrix.toxenv }}
      - name: Generage Coverage combined XML report
        run: coverage xml
      - name: Determine package version
        id: package-version
        run: |
          package_version=`cat version.txt`
          echo "VALUE=$package_version" >> $GITHUB_OUTPUT
      - name: SonarCloud scanning
        uses: sonarsource/sonarcloud-github-action@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        with:
          # yamllint disable rule:line-length
          args: >-
            -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
            -Dsonar.organization=${{ github.repository_owner }}
            -Dsonar.projectVersion=${{ steps.package-version.outputs.VALUE }}
          # yamllint enable rule:line-length

  pypi-publish:
    name: Publish to PyPi
    runs-on: ubuntu-latest
    # PyPi disallows to publish packages with direct dependencies (GitHub
    # sourced dependency in this case), so disable publishing for now
    if: false
    needs: [tests]
    steps:
      - name: Checkout the code
        uses: actions/checkout@v3
        with:
          fetch-depth: 0  # `setuptools_scm` needs tags
      - name: Set Python up
        uses: actions/setup-python@v4
        with:
          python-version: 3.9
      - name: Install the PEP517 package builder
        run: python -m pip install --upgrade build
      - name: Build the package
        run: python -m build
      - name: Publish the package to Test PyPi
        # Skip publishing to test PyPI if we're performing release, there might
        # be already the version of the package from the merge to master branch
        if: github.event_name != 'release'
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          password: ${{ secrets.TEST_PYPI_TOKEN }}
          repository_url: https://test.pypi.org/legacy/
      - name: Publish the release to PyPi
        # Publish to production PyPi only happens when a release published out
        # of the main branch
        if: >-
          github.event_name == 'release'
          && github.event.action == 'published'
          && (github.event.release.target_commitish == 'main'
             || github.event.release.target_commitish == 'master')
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          password: ${{ secrets.PYPI_TOKEN }}

  docker-publish:
    name: Build and publish Docker images
    runs-on: ubuntu-latest
    needs: [tests]
    permissions:
      contents: read
      packages: write
    steps:
      - name: Checkout the code
        uses: actions/checkout@v3

      - name: Set up QEMU for more platforms supported by Buildx
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Prepare Docker metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/${{ github.repository }}
          tags: |
            type=pep440,pattern={{raw}},value=${{ needs.tests.outputs.version }}
            type=raw,value=latest,enable=${{
              github.event_name == 'release'
              && github.event.action == 'published'
              && (github.event.release.target_commitish == 'main'
              || github.event.release.target_commitish == 'master')
            }}
            type=ref,event=pr
            type=edge

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push images
        uses: docker/build-push-action@v6
        with:
          platforms: linux/arm/v7,linux/arm/v6,linux/arm64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          annotations: ${{ steps.meta.outputs.annotations }}
          build-args: |
            VERSION=${{ needs.tests.outputs.version }}
          # Cache the buildx cache between builds using GitHub registry
          cache-from: |
            type=registry,ref=ghcr.io/${{ github.repository }}/buildcache:latest
          cache-to: |
            type=registry,ref=ghcr.io/${{ github.repository }}/buildcache:latest,mode=max