Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat!: add lockfile generation support #318

Merged
merged 5 commits into from
Sep 29, 2023
Merged

feat!: add lockfile generation support #318

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
fa8c795
feat!: add lockfile generation support
maxrake Sep 28, 2023
fe503e0
test: add basic docker tests
maxrake Sep 28, 2023
a29d28d
ci: update workflow files
maxrake Sep 28, 2023
34ba4b2
test: move 'docker_tests.sh' script to be outside the python package
maxrake Sep 29, 2023
a6a563b
docs: update documentation
maxrake Sep 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/auto_updates.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ jobs:
# NOTE: The git user name and email used for commits is already configured,
# by the crazy-max/ghaction-import-gpg action.
run: |
git commit -a -m "build: bump `poetry.lock` dependencies and `pre-commit` hooks"
git commit -a -m "build: bump \`poetry.lock\` dependencies and \`pre-commit\` hooks"
git push --force origin HEAD:workflow-auto-updates

- name: Create Pull Request
Expand Down
54 changes: 36 additions & 18 deletions .github/workflows/docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,10 +60,10 @@ jobs:
--exit-status \
.tag_name \
)
REL_VER_WITHOUT_v=$(echo $REL_VER_WITH_v | sed 's/v//')
echo $REL_VER_WITH_v $REL_VER_WITHOUT_v
echo "REL_VER_WITH_v=$REL_VER_WITH_v" >> $GITHUB_ENV
echo "REL_VER_WITHOUT_v=$REL_VER_WITHOUT_v" >> $GITHUB_ENV
REL_VER_WITHOUT_v="${REL_VER_WITH_v//v/}"
echo "${REL_VER_WITH_v}" "${REL_VER_WITHOUT_v}"
echo "REL_VER_WITH_v=${REL_VER_WITH_v}" >> "${GITHUB_ENV}"
echo "REL_VER_WITHOUT_v=${REL_VER_WITHOUT_v}" >> "${GITHUB_ENV}"

- name: Checkout the repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
Expand All @@ -76,7 +76,7 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh release download ${{ env.REL_VER_WITH_v }} --pattern '*.whl'

- name: Build docker image with latest phylum wheel
- name: Build default docker image with latest phylum wheel
run: |
docker build \
--tag phylum-ci \
Expand All @@ -87,38 +87,56 @@ jobs:
--build-arg GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
.

- name: Test docker image with latest phylum wheel
- name: Test default docker image with latest phylum wheel
run: scripts/docker_tests.sh --image phylum-ci

- name: Build slim docker image with latest phylum wheel
run: |
docker run --rm phylum-ci git --version
docker run --rm phylum-ci phylum-ci --version
docker run --rm phylum-ci phylum-ci --help
docker run --rm phylum-ci phylum-init --help
docker run --rm phylum-ci phylum --help
docker build \
--tag phylum-ci-slim \
--build-arg PKG_SRC=phylum-*.whl \
--build-arg PKG_NAME=phylum-*.whl \
--build-arg CLI_VER=${{ github.event.client_payload.CLI_version }} \
--build-arg BUILDKIT_INLINE_CACHE=1 \
--build-arg GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
--file Dockerfile.slim \
.

- name: Test slim docker image with latest phylum wheel
run: scripts/docker_tests.sh --image phylum-ci-slim --slim

- name: Login to Docker Hub
run: docker login --username ${{ secrets.DOCKER_HUB_USERNAME }} --password ${{ secrets.DOCKER_HUB_TOKEN }}

- name: Login to GitHub Container Registry
run: docker login --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} ghcr.io

- name: Tag and push unique docker image
- name: Create specific docker tags and push them
run: |
export CLI_REL_VER=$(docker run --rm phylum-ci phylum --version | sed 's/phylum //')
docker tag phylum-ci phylumio/phylum-ci:${{ env.REL_VER_WITHOUT_v }}-CLI$CLI_REL_VER
docker tag phylum-ci ghcr.io/phylum-dev/phylum-ci:${{ env.REL_VER_WITHOUT_v }}-CLI$CLI_REL_VER
docker push phylumio/phylum-ci:${{ env.REL_VER_WITHOUT_v }}-CLI$CLI_REL_VER
docker push ghcr.io/phylum-dev/phylum-ci:${{ env.REL_VER_WITHOUT_v }}-CLI$CLI_REL_VER
CLI_REL_VER=$(docker run --rm phylum-ci phylum --version | sed 's/phylum //')
docker tag phylum-ci "phylumio/phylum-ci:${{ env.REL_VER_WITHOUT_v }}-CLI${CLI_REL_VER}"
docker tag phylum-ci-slim "phylumio/phylum-ci:${{ env.REL_VER_WITHOUT_v }}-CLI${CLI_REL_VER}-slim"
docker tag phylum-ci "ghcr.io/phylum-dev/phylum-ci:${{ env.REL_VER_WITHOUT_v }}-CLI${CLI_REL_VER}"
docker tag phylum-ci-slim "ghcr.io/phylum-dev/phylum-ci:${{ env.REL_VER_WITHOUT_v }}-CLI${CLI_REL_VER}-slim"
docker push "phylumio/phylum-ci:${{ env.REL_VER_WITHOUT_v }}-CLI${CLI_REL_VER}"
docker push "phylumio/phylum-ci:${{ env.REL_VER_WITHOUT_v }}-CLI${CLI_REL_VER}-slim"
docker push "ghcr.io/phylum-dev/phylum-ci:${{ env.REL_VER_WITHOUT_v }}-CLI${CLI_REL_VER}"
docker push "ghcr.io/phylum-dev/phylum-ci:${{ env.REL_VER_WITHOUT_v }}-CLI${CLI_REL_VER}-slim"

- name: Tag and push latest docker image
- name: Tag and push latest docker images
# Only tag and push `latest` when it's not a CLI pre-release
# NOTE: This is an instance where the expression syntax (`${{ }}`) is required for the `if` conditional,
# contrary to the GitHub workflow syntax documentation. Do not remove the expression syntax.
if: ${{ !contains(github.event.client_payload.CLI_version, 'rc') }}
run: |
docker tag phylum-ci phylumio/phylum-ci:latest
docker tag phylum-ci-slim phylumio/phylum-ci:slim
docker tag phylum-ci ghcr.io/phylum-dev/phylum-ci:latest
docker tag phylum-ci-slim ghcr.io/phylum-dev/phylum-ci:slim
docker push phylumio/phylum-ci:latest
docker push phylumio/phylum-ci:slim
docker push ghcr.io/phylum-dev/phylum-ci:latest
docker push ghcr.io/phylum-dev/phylum-ci:slim

- name: Logout of Docker Hub
if: always()
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/preview.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,8 +61,8 @@ jobs:
# poetry version rules do not provide for developmental releases as specified in PEP440.
# It can be pieced together with these commands.
run: |
poetry version $(poetry run semantic-release print-version --next)
poetry version $(poetry version --short).dev$GITHUB_RUN_NUMBER
poetry version "$(poetry run semantic-release print-version --next)"
poetry version "$(poetry version --short).dev${GITHUB_RUN_NUMBER}"

- name: Run tox via poetry
run: poetry run tox
Expand Down
57 changes: 37 additions & 20 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,18 +86,18 @@ jobs:
poetry install --verbose --sync --with test,ci

- name: Set PHYLUM_ORIGINAL_VER value
run: echo "PHYLUM_ORIGINAL_VER=$(poetry version --short)" >> $GITHUB_ENV
run: echo "PHYLUM_ORIGINAL_VER=$(poetry version --short)" >> "${GITHUB_ENV}"

- name: Set to next version for build
run: |
if [ "${{ inputs.prerelease }}" = "true" ]; then
poetry version $(poetry run semantic-release print-version --next --prerelease)
poetry version "$(poetry run semantic-release print-version --next --prerelease)"
else
poetry version $(poetry run semantic-release print-version --next)
poetry version "$(poetry run semantic-release print-version --next)"
fi

- name: Set PHYLUM_REL_VER value
run: echo "PHYLUM_REL_VER=$(poetry version --short)" >> $GITHUB_ENV
run: echo "PHYLUM_REL_VER=$(poetry version --short)" >> "${GITHUB_ENV}"

# NOTE: Run the tests for the current active Python version, as a sanity check.
- name: Run tox via poetry
Expand Down Expand Up @@ -150,9 +150,9 @@ jobs:
else
poetry run semantic-release publish -v DEBUG
fi
echo "url=https://pypi.org/project/phylum/${{ env.PHYLUM_REL_VER }}/" >> $GITHUB_OUTPUT
echo "url=https://pypi.org/project/phylum/${{ env.PHYLUM_REL_VER }}/" >> "${GITHUB_OUTPUT}"

- name: Build docker image
- name: Build default docker image
run: |
docker build \
--tag phylum-ci \
Expand All @@ -162,38 +162,55 @@ jobs:
--build-arg GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
.

- name: Test docker image with pre-built distributions
- name: Test default docker image with pre-built distributions
run: scripts/docker_tests.sh --image phylum-ci

- name: Build slim docker image
run: |
docker run --rm phylum-ci git --version
docker run --rm phylum-ci phylum-ci --version
docker run --rm phylum-ci phylum-ci --help
docker run --rm phylum-ci phylum-init --help
docker run --rm phylum-ci phylum --help
docker build \
--tag phylum-ci-slim \
--build-arg PKG_SRC=dist/phylum-*.whl \
--build-arg PKG_NAME=phylum-*.whl \
--build-arg BUILDKIT_INLINE_CACHE=1 \
--build-arg GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
--file Dockerfile.slim \
.

- name: Test slim docker image with pre-built distributions
run: scripts/docker_tests.sh --image phylum-ci-slim --slim

- name: Login to Docker Hub
run: docker login --username ${{ secrets.DOCKER_HUB_USERNAME }} --password ${{ secrets.DOCKER_HUB_TOKEN }}

- name: Login to GitHub Container Registry
run: docker login --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} ghcr.io

- name: Tag and push unique docker image
- name: Create specific docker tags and push them
run: |
export CLI_REL_VER=$(docker run --rm phylum-ci phylum --version | sed 's/phylum //')
docker tag phylum-ci phylumio/phylum-ci:${{ env.PHYLUM_REL_VER }}-CLI$CLI_REL_VER
docker tag phylum-ci ghcr.io/phylum-dev/phylum-ci:${{ env.PHYLUM_REL_VER }}-CLI$CLI_REL_VER
docker push phylumio/phylum-ci:${{ env.PHYLUM_REL_VER }}-CLI$CLI_REL_VER
docker push ghcr.io/phylum-dev/phylum-ci:${{ env.PHYLUM_REL_VER }}-CLI$CLI_REL_VER

- name: Tag and push latest docker image
CLI_REL_VER=$(docker run --rm phylum-ci phylum --version | sed 's/phylum //')
docker tag phylum-ci "phylumio/phylum-ci:${{ env.PHYLUM_REL_VER }}-CLI${CLI_REL_VER}"
docker tag phylum-ci-slim "phylumio/phylum-ci:${{ env.PHYLUM_REL_VER }}-CLI${CLI_REL_VER}-slim"
docker tag phylum-ci "ghcr.io/phylum-dev/phylum-ci:${{ env.PHYLUM_REL_VER }}-CLI${CLI_REL_VER}"
docker tag phylum-ci-slim "ghcr.io/phylum-dev/phylum-ci:${{ env.PHYLUM_REL_VER }}-CLI${CLI_REL_VER}-slim"
docker push "phylumio/phylum-ci:${{ env.PHYLUM_REL_VER }}-CLI${CLI_REL_VER}"
docker push "phylumio/phylum-ci:${{ env.PHYLUM_REL_VER }}-CLI${CLI_REL_VER}-slim"
docker push "ghcr.io/phylum-dev/phylum-ci:${{ env.PHYLUM_REL_VER }}-CLI${CLI_REL_VER}"
docker push "ghcr.io/phylum-dev/phylum-ci:${{ env.PHYLUM_REL_VER }}-CLI${CLI_REL_VER}-slim"

- name: Tag and push latest docker images
# Only tag and push `latest` when it's not a phylum-ci pre-release
# NOTE: This is an instance where the expression syntax (`${{ }}`) is required for the `if` conditional,
# contrary to the GitHub workflow syntax documentation. Do not remove the expression syntax.
if: ${{ !inputs.prerelease }}
run: |
docker tag phylum-ci phylumio/phylum-ci:latest
docker tag phylum-ci-slim phylumio/phylum-ci:slim
docker tag phylum-ci ghcr.io/phylum-dev/phylum-ci:latest
docker tag phylum-ci-slim ghcr.io/phylum-dev/phylum-ci:slim
docker push phylumio/phylum-ci:latest
docker push phylumio/phylum-ci:slim
docker push ghcr.io/phylum-dev/phylum-ci:latest
docker push ghcr.io/phylum-dev/phylum-ci:slim

- name: Logout of Docker Hub
if: always()
Expand Down
77 changes: 35 additions & 42 deletions .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,97 +91,90 @@ jobs:
- name: Run tox via poetry
run: poetry run tox

# This job is meant to be a sanity check on the Docker image...that it can be created and
# This job is meant to be a sanity check on the Docker image...that it can be
# created with various Dockerfiles, from source or a built distribution, and
# have the script entry points called without error.
docker:
name: Docker smoke test
docker-matrix:
name: ${{ matrix.dockerfile }} ${{ matrix.build }} smoke test
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# It's only one Python version specified in a "matrix", but on purpose to stay DRY
python-version: ["3.11"]
dockerfile: ["Dockerfile", "Dockerfile.slim"]
build: ["wheel", "source"]
env:
DOCKER_BUILDKIT: 1
steps:
- name: Checkout the repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Install poetry
if: ${{ matrix.build == 'wheel' }}
run: pipx install poetry==1.6.1

- name: Configure poetry
if: ${{ matrix.build == 'wheel' }}
run: poetry config virtualenvs.in-project true

- name: Set up Python
if: ${{ matrix.build == 'wheel' }}
uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
with:
python-version: ${{ matrix.python-version }}
cache: 'poetry'

- name: Install the project with poetry
if: ${{ matrix.build == 'wheel' }}
run: |
poetry env use python${{ matrix.python-version }}
poetry check --lock
poetry lock --no-update --no-cache
poetry install --verbose --no-root --sync

- name: Build docker image from source
run: |
docker build \
--tag phylum-ci:from-src \
--cache-from phylumio/phylum-ci:latest \
--build-arg GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
.

- name: Test docker image built from source
run: |
docker run --rm phylum-ci:from-src git --version
docker run --rm phylum-ci:from-src phylum-ci --version
docker run --rm phylum-ci:from-src phylum-ci --help
docker run --rm phylum-ci:from-src phylum-init --help
docker run --rm phylum-ci:from-src phylum --help

- name: Build wheel and source distribution
if: ${{ matrix.build == 'wheel' }}
run: poetry build -vvv

- name: Build docker image with pre-built distributions
if: ${{ matrix.build == 'wheel' }}
run: |
docker build \
--tag phylum-ci:from-dist \
--tag phylum-ci \
--cache-from phylumio/phylum-ci:latest \
--build-arg PKG_SRC=dist/phylum-*.whl \
--build-arg PKG_NAME=phylum-*.whl \
--build-arg GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
--file ${{ matrix.dockerfile }} \
.

- name: Test docker image built from dist
- name: Build docker image from source
if: ${{ matrix.build == 'source' }}
run: |
docker run --rm phylum-ci:from-dist git --version
docker run --rm phylum-ci:from-dist phylum-ci --version
docker run --rm phylum-ci:from-dist phylum-ci --help
docker run --rm phylum-ci:from-dist phylum-init --help
docker run --rm phylum-ci:from-dist phylum --help
docker build \
--tag phylum-ci \
--cache-from phylumio/phylum-ci:latest \
--build-arg GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
--file ${{ matrix.dockerfile }} \
.

- name: Test slim docker image built from ${{ matrix.build }}
if: ${{ matrix.dockerfile == 'Dockerfile.slim' }}
run: scripts/docker_tests.sh --image phylum-ci --slim

- name: Test full docker image built from ${{ matrix.build }}
if: ${{ matrix.dockerfile == 'Dockerfile' }}
run: scripts/docker_tests.sh --image phylum-ci

# This job reports the results of the test jobs above and is used to enforce status checks in
# the repo settings without needing to update those settings everytime the test jobs are updated.
test-rollup:
name: Test rollup
runs-on: ubuntu-latest
if: always()
needs: [QA, test-matrix, docker]
needs: [QA, test-matrix, docker-matrix]
steps:
- name: Check for test jobs failure
if: >
(needs.QA.result != 'success')
|| (needs.test-matrix.result != 'success')
|| (needs.docker.result != 'success')
run: |
echo "At least one test job was not successful"
exit 1

- name: Confirm test jobs success
if: >
(needs.QA.result == 'success')
&& (needs.test-matrix.result == 'success')
&& (needs.docker.result == 'success')
run: echo "All test jobs were successful"
- name: Check for test jobs failure or cancellation
if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
run: exit 1
Loading